CWE-285 (授权机制不恰当) — Vulnerability Class 972

972 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-59271	Redis Enterprise Elevation of Privilege Vulnerability — Azure Cache for Redis Enterprise	8.7	High	2025-10-09
CVE-2025-49594	XWiki OIDC Authenticator vulnerable to creation of token for any user with just `view` right — oidc	8.8^AI	High^AI	2025-10-06
CVE-2025-11272	SeriaWei ZKEACMS POST Request UrlRedirectionController.cs Delete improper authorization — ZKEACMS	5.4	Medium	2025-10-04
CVE-2025-11227	GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms and Campaigns Disclosure — GiveWP – Donation Plugin and Fundraising Platform	6.5	Medium	2025-10-04
CVE-2025-11080	zhuimengshaonian wisdom-education ExamInfoController.java selectStudentExamInfoList improper authorization — wisdom-education	4.3	Medium	2025-09-27
CVE-2025-11050	Portabilis i-Educar periodo-lancamento improper authorization — i-Educar	6.3	Medium	2025-09-27
CVE-2025-11049	Portabilis i-Educar unificacao-aluno improper authorization — i-Educar	6.3	Medium	2025-09-27
CVE-2025-11048	Portabilis i-Educar consulta-dispensas improper authorization — i-Educar	6.3	Medium	2025-09-26
CVE-2025-11047	Portabilis i-Educar aluno improper authorization — i-Educar	6.3	Medium	2025-09-26
CVE-2025-11030	Tutorials-Website Employee Management System HTTP Request all-applied-leave.php improper authorization — Employee Management System	7.3	High	2025-09-26
CVE-2025-10992	roncoo roncoo-pay lookupList improper authorization — roncoo-pay	5.3	Medium	2025-09-26
CVE-2025-10989	yangzongzhuan RuoYi selectAll improper authorization — RuoYi	6.3	Medium	2025-09-26
CVE-2025-10988	YunaiV ruoyi-vue-pro transfer improper authorization — ruoyi-vue-pro	6.3	Medium	2025-09-26
CVE-2025-10987	YunaiV yudao-cloud HTTP Request transfer improper authorization — yudao-cloud	6.3	Medium	2025-09-26
CVE-2025-10981	JeecgBoot exportXls improper authorization — JeecgBoot	4.3	Medium	2025-09-26
CVE-2025-10980	JeecgBoot exportXls improper authorization — JeecgBoot	4.3	Medium	2025-09-25
CVE-2025-10979	JeecgBoot exportXls improper authorization — JeecgBoot	4.3	Medium	2025-09-25
CVE-2025-10978	JeecgBoot Filter exportXls improper authorization — JeecgBoot	4.3	Medium	2025-09-25
CVE-2025-10977	JeecgBoot deleteBatch improper authorization — JeecgBoot	3.1	Low	2025-09-25
CVE-2025-10976	JeecgBoot getDepartUserList improper authorization — JeecgBoot	3.1	Low	2025-09-25
CVE-2025-10822	fuyang_lipengjun platform queryAll SysSmsLogController improper authorization — platform	4.3	Medium	2025-09-22
CVE-2025-10821	fuyang_lipengjun platform queryAll TopicCategoryController improper authorization — platform	4.3	Medium	2025-09-22
CVE-2025-10820	fuyang_lipengjun platform queryAll TopicController improper authorization — platform	4.3	Medium	2025-09-22
CVE-2025-10819	fuyang_lipengjun platform queryAll UserCouponController improper authorization — platform	4.3	Medium	2025-09-22
CVE-2025-10707	JeecgBoot sendMsg improper authorization — JeecgBoot	6.3	Medium	2025-09-19
CVE-2025-10676	fuyang_lipengjun platform queryAll BrandController improper authorization — platform	4.3	Medium	2025-09-18
CVE-2025-10675	fuyang_lipengjun platform queryAll AttributeController improper authorization — platform	4.3	Medium	2025-09-18
CVE-2025-10674	fuyang_lipengjun platform queryAll AttributeCategoryController improper authorization — platform	4.3	Medium	2025-09-18
CVE-2025-10422	newbee-mall Order Status paySuccess improper authorization — newbee-mall	4.3	Medium	2025-09-15
CVE-2025-10390	CRMEB UserAddressServices.php editAddress improper authorization — CRMEB	5.4	Medium	2025-09-14

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 972 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-285 (授权机制不恰当) — Vulnerability Class 972