CVE-2025-41231

HIGH Year: 2025
CVSS v3 Score
7.3
High
Weakness Type
CWE-862
View all →

Vulnerability Description

VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.

Related Vulnerabilities

CVE-2019-25215

HIGH
CVSS:7.3(High)

The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes...

CWE-8622019

CVE-2020-36716

HIGH
CVSS:7.3(High)

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. This makes it possi...

CWE-8622020

CVE-2021-4444

HIGH
CVSS:7.3(High)

The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it...

CWE-8622021

CVE-2022-20126

HIGH
CVSS:7.3(High)

In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of pri...

CWE-8622022

CVE-2022-20137

HIGH
CVSS:7.3(High)

In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of pr...

CWE-8622022

CVE-2022-36228

HIGH
CVSS:7.3(High)

Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app.

CWE-8622022