CWE-288— Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.— MITRE CWE catalog
581 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-288page 9 of 12
- CVE-2025-55338MEDIUMCVSS 6.1EG 6.12025-10-14
Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- CVE-2025-55623MEDIUMCVSS 5.4EG 5.42025-08-22
An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge).
- CVE-2025-57819CRITICALCVSS 9.8EG 9.8⚠ KEV2025-08-28
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary …
- CVE-2025-58133MEDIUMCVSS 5.3EG 5.32025-10-15
Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access.
- CVE-2025-5820HIGHCVSS 8.8EG 6.32025-06-21
Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this v…
- CVE-2025-5821CRITICALCVSS 9.8EG 9.82025-08-23
The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging in a user with the data that was previously verified through the fa…
- CVE-2025-59367CRITICALCVSS 9.8EG 9.82025-11-13
An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the …
- CVE-2025-59392MEDIUMCVSS 6.8EG 6.82025-11-06
On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive (containing a publicly documented reset string) into a USB port.
- CVE-2025-5955HIGHCVSS 8.1EG 8.12025-09-19
The Service Finder SMS System plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.0. This is due to the plugin not verifying a user's phone number before logging them in. This makes it poss…
- CVE-2025-60041HIGHCVSS 8.8EG 8.82025-10-22
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iulia Cazan Emails Catch All emails-catch-all allows Password Recovery Exploitation.This issue affects Emails Catch All: from n/a through <= 3.5.3.
- CVE-2025-61673HIGHCVSS 8.6EG 8.62025-10-03
Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without…
- CVE-2025-61733HIGHCVSS 7.5EG 7.52025-10-02
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.
- CVE-2025-62064CRITICALCVSS 9.8EG 9.82025-11-06
Authentication Bypass Using an Alternate Path or Channel vulnerability in Elated-Themes Search & Go search-and-go allows Password Recovery Exploitation.This issue affects Search & Go: from n/a through <= 2.7.
- CVE-2025-63217CRITICALCVSS 9.8EG 9.82025-11-18
The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to …
- CVE-2025-6388CRITICALCVSS 9.8EG 9.82025-10-03
The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the custom_actions() function not properly validating a user's identity prior to authenticating t…
- CVE-2025-64121CRITICALCVSS 9.8EG 9.82026-01-02
Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Authentication Bypass.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1.
- CVE-2025-64173HIGHCVSS 7.5EG 7.52025-11-06
Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated …
- CVE-2025-64236CRITICALCVSS 9.8EG 9.82025-12-18
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6.
- CVE-2025-64281CRITICALCVSS 9.8EG 9.82025-11-12
An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials.
- CVE-2025-64530HIGHCVSS 7.5EG 7.52025-11-13
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Rout…
- CVE-2025-6556MEDIUMCVSS 5.4EG 6.52025-06-24
Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-66200MEDIUMCVSS 5.4EG 5.42025-12-05
mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Ap…
- CVE-2025-66238HIGHCVSS 7.2EG 7.22025-12-04
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted servi…
- CVE-2025-6675MEDIUMCVSS 4.8EG 4.82025-06-26
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.…
- CVE-2025-6688CRITICALCVSS 9.8EG 9.82025-06-27
The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the create_user() function. This…
- CVE-2025-67039CRITICALCVSS 9.1EG 9.12026-03-11
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username.
- CVE-2025-67041CRITICALCVSS 9.8EG 9.82026-03-11
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary on…
- CVE-2025-67070HIGHCVSS 8.2EG 8.22026-01-09
A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication (MFA) mechanism during the password recovery process. This results in the abi…
- CVE-2025-67282MEDIUMCVSS 5.4EG 5.42026-01-09
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workfl…
- CVE-2025-67507HIGHCVSS 8.1EG 8.12025-12-10
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code…
- CVE-2025-67915HIGHCVSS 8.8EG 9.82026-01-08
Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through <= 1.0.46.
- CVE-2025-67998HIGHCVSS 8.8EG 8.82026-02-20
Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a through <= 2.0.7.
- CVE-2025-68620CRITICALCVSS 9.1EG 9.12026-01-01
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combine…
- CVE-2025-68707HIGHCVSS 8.8EG 8.82026-01-13
An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid a…
- CVE-2025-68708LOWCVSS 2.4EG 2.42026-05-26
SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigatin…
- CVE-2025-68710LOWCVSS 2.4EG 2.42026-05-26
Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure au…
- CVE-2025-68711LOWCVSS 2.4EG 2.42026-05-26
AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secu…
- CVE-2025-68860CRITICALCVSS 9.8EG 9.82025-12-29
Authentication Bypass Using an Alternate Path or Channel vulnerability in Mobile Builder Mobile builder mobile-builder allows Authentication Abuse.This issue affects Mobile builder: from n/a through <= 1.4.2.
- CVE-2025-68895MEDIUMCVSS 6.5EG 6.52026-02-20
Authentication Bypass Using an Alternate Path or Channel vulnerability in ahachat AhaChat Messenger Marketing ahachat-messenger-marketing allows Password Recovery Exploitation.This issue affects AhaChat Messenger Marketing: from n/a throug…
- CVE-2025-6895CRITICALCVSS 9.8EG 9.82025-07-26
The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticate…
- CVE-2025-69101CRITICALCVSS 9.8EG 9.82026-01-22
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Workreap Core workreap_core allows Authentication Abuse.This issue affects Workreap Core: from n/a through <= 3.4.1.
- CVE-2025-70082CRITICALCVSS 9.8EG 9.82026-03-11
An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component
- CVE-2025-7038HIGHCVSS 8.2EG 8.22025-09-30
The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the steps__load_step route of the latepoint_route_call AJAX endpoint in all versions up to, and including, 5.1.94. T…
- CVE-2025-7444CRITICALCVSS 9.8EG 9.82025-07-18
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possib…
- CVE-2025-7642CRITICALCVSS 9.8EG 9.82025-08-23
The Simpler Checkout plugin for WordPress is vulnerable to Authentication Bypass in versions 0.7.0 to 1.1.9. This is due to the plugin not properly verifying a user's identity prior to logging them in as an admin through the simplerwc_wooc…
- CVE-2025-7692HIGHCVSS 8.1EG 8.12025-07-22
The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the olws_handle_verify_phone() function not utilizing a strong enough OTP value, exposing the …
- CVE-2025-7710CRITICALCVSS 9.8EG 9.82025-08-02
The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. This is due to the plugin not properly restricting a claimed identity while authenticating with Face…
- CVE-2025-7742HIGHCVSS 8.3EG 8.32025-07-25
An authentication vulnerability exists in the LG Innotek camera model LNV5110R firmware that allows a malicious actor to upload an HTTP POST request to the devices non-volatile storage. This action may result in remote code execution that …
- CVE-2025-8093HIGHCVSS 8.8EG 8.82025-10-10
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8.
- CVE-2025-8359CRITICALCVSS 9.8EG 9.82025-09-06
The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible fo…
Map vulnerabilities like CWE-288 to your infrastructure
EchelonGraph correlates every CVE — across CWE-288 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →