How severe is CVE-2025-24353?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5 out of 10.

What type of vulnerability is CVE-2025-24353?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2025-24353

MEDIUM Year: 2025

CVSS v3 Score

5.0

Medium

Weakness Type

CWE-269

View all →

Vulnerability Description

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Instances that are impacted are those that use the share feature and have specific roles hierarchy and fields that are not visible for certain roles. Version 11.2.0 contains a patch the issue.

CVE-2022-29614

MEDIUM

CVSS:5.0(Medium)

SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC ...

CWE-2692022

CVE-2024-3388

MEDIUM

CVSS:5.0(Medium)

A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, t...

CWE-2692024

CVE-2017-15052

MEDIUM

CVSS:4.9(Medium)

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or mo...

CWE-2692017

CVE-2017-15053

MEDIUM

CVSS:4.9(Medium)

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application...

CWE-2692017

CVE-2018-15321

MEDIUM

CVSS:4.9(Medium)

When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2....

CWE-2692018

CVE-2020-23128

MEDIUM

CVSS:4.9(Medium)

Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to a...

CWE-2692020

CVE-2025-24353

Vulnerability Description

Related Vulnerabilities

CVE-2022-29614

CVE-2024-3388

CVE-2017-15052

CVE-2017-15053

CVE-2018-15321

CVE-2020-23128