CVE-2025-28131

MEDIUM Year: 2025
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-285
View all →

Vulnerability Description

A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enabling unauthorized modifications that compromise system integrity and availability.

Related Vulnerabilities

CVE-2016-8776

MEDIUM
CVSS:4.6(Medium)

Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some f...

CWE-2852016

CVE-2020-1908

MEDIUM
CVSS:4.6(Medium)

Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the...

CWE-2852020

CVE-2022-30730

MEDIUM
CVSS:4.6(Medium)

Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.

CWE-2852022

CVE-2022-36838

MEDIUM
CVSS:4.6(Medium)

Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information.

CWE-2852022

CVE-2022-39873

MEDIUM
CVSS:4.6(Medium)

Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication.

CWE-2852022

CVE-2022-46752

MEDIUM
CVSS:4.6(Medium)

Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.

CWE-2852022