What the vulnerability does
01Description
An unauthorized user could possibly delete any file on the system.
CVSS base score
7.5/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Key dates
02Disclosure timeline
January 17, 2023
CVE published
January 16, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-27093 Sliver does not restricted traffic between Wireguard clients.
CVE-2025-2996 Tenda FH1202 Web Management Interface SysToolDDNS access control
CVE-2019-25157 Ethex Contracts Monthly Jackpot EthexJackpot.sol access control
CVE-2020-7253 Improper access control vulnerability in McAfee Agent
CVE-2026-33393 Discourse fixes loose hostname matching in spam host allowlist
