{"id":"CVE-2022-25319","details":"An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.","modified":"2026-03-14T11:38:24.467665Z","published":"2022-02-18T06:15:10.507Z","references":[{"type":"ADVISORY","url":"https://zigrin.com/advisories/cerebrate-endpoints-could-be-open-when-not-enabled/"},{"type":"FIX","url":"https://github.com/cerebrate-project/cerebrate/commit/a2632349175e574cd6305fa459cd7610ea09ab61"},{"type":"EVIDENCE","url":"https://zigrin.com/cakephp-application-cybersecurity-research-forgotten-endpoint-authentication-bypass-with-open-prefix/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cerebrate-project/cerebrate","events":[{"introduced":"0"},{"last_affected":"4563a397bb7f198ac2d08da0246bc862d7011645"},{"fixed":"a2632349175e574cd6305fa459cd7610ea09ab61"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4"}]}}],"versions":["v0.1","v0.2","v0.3","v1.0","v1.1","v1.1.1","v1.2","v1.3","v1.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25319.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}