CVE-2025-2395

CRITICAL Year: 2025
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-565
View all →

Vulnerability Description

The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator.

Related Vulnerabilities

CVE-2008-5784

CRITICAL
CVSS:9.8(Critical)

V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.

CWE-5652008

CVE-2017-7279

CRITICAL
CVSS:9.8(Critical)

An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login.

CWE-5652017

CVE-2018-20512

CRITICAL
CVSS:9.8(Critical)

EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies.

CWE-5652018

CVE-2018-5190

CRITICAL
CVSS:9.8(Critical)

PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pc_head.php, pc_login.php, and pc_login_page...

CWE-5652018

CVE-2018-5455

CRITICAL
CVSS:9.8(Critical)

A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to...

CWE-5652018

CVE-2019-7266

CRITICAL
CVSS:9.8(Critical)

Linear eMerge 50P/5000P devices allow Authentication Bypass.

CWE-5652019