CVE-2025-25060

HIGH Year: 2025
CVSS v3 Score
8.2
High
Weakness Type
CWE-306
View all →

Vulnerability Description

Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker.

Related Vulnerabilities

CVE-2019-12105

HIGH
CVSS:8.2(High)

In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default bu...

CWE-3062019

CVE-2019-17353

HIGH
CVSS:8.2(High)

An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN,...

CWE-3062019

CVE-2019-6820

HIGH
CVSS:8.2(High)

A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specif...

CWE-3062019

CVE-2021-27963

HIGH
CVSS:8.2(High)

SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or sess...

CWE-3062021

CVE-2022-34321

HIGH
CVSS:8.2(High)

Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics abou...

CWE-3062022

CVE-2023-23444

HIGH
CVSS:8.2(High)

Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 11...

CWE-3062023