CVE-2025-9315
Description
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON payload to the device's registration endpoint /api/v1/devices/register, allowing the attacker to register unauthorized devices without authentication. Although exploiting this vulnerability has limited modification of data, there is no impact to the confidentiality and availability of the affected device, as well as no loss of confidentiality, integrity, and availability within any subsequent systems.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-9315? +
How do I check if I'm vulnerable to CVE-2025-9315? +
Related Vulnerabilities
Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. …
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the …
The create and edit flows do not restrict which user properties may be submitted and do not enforce access control …
DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable …
Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller …
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to …