BaseDraft

CWE-305Authentication Bypass by Primary Weakness

Category: auth

Description

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism

References

  1. https://cwe.mitre.org/data/definitions/305.html

(incoming)27

TypeTargetConfidenceTier
VulnerabilityCVE-2025-13915cve-2025-139150%live
VulnerabilityCVE-2025-24522cve-2025-245220%live
VulnerabilityCrushFTP Authentication Bypass Vulnerabilitycve-2025-311610%live
VulnerabilityCVE-2025-31965cve-2025-319650%live
VulnerabilityCVE-2025-32011cve-2025-320110%live
VulnerabilityCVE-2025-36386cve-2025-363860%live
VulnerabilityCVE-2025-3757cve-2025-37570%live
VulnerabilityCVE-2025-41450cve-2025-414500%live
VulnerabilityCVE-2025-41733cve-2025-417330%live
VulnerabilityCVE-2025-4320cve-2025-43200%live
VulnerabilityCVE-2025-4658cve-2025-46580%live
VulnerabilityCVE-2025-46801cve-2025-468010%live
VulnerabilityCVE-2025-47776cve-2025-477760%live
VulnerabilityCVE-2025-53826cve-2025-538260%live
VulnerabilityCVE-2025-68435cve-2025-684350%live
VulnerabilityCVE-2026-0869cve-2026-08690%live
VulnerabilityCVE-2026-22153cve-2026-221530%live
VulnerabilityCVE-2026-2652cve-2026-26520%live
VulnerabilityCVE-2026-28536cve-2026-285360%live
VulnerabilityCVE-2026-3047cve-2026-30470%live
VulnerabilityCVE-2026-30849cve-2026-308490%live
VulnerabilityCVE-2026-32730cve-2026-327300%live
VulnerabilityCVE-2026-33496cve-2026-334960%live
VulnerabilityCVE-2026-4670cve-2026-46700%live
VulnerabilityCVE-2026-6266cve-2026-62660%live
KEVEntryVMware ESXi Authentication Bypass Vulnerabilitykev-cve-2024-370850%live
KEVEntryCrushFTP Authentication Bypass Vulnerabilitykev-cve-2025-311610%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Incorrect Implementation of Authentication Algorithm
CWE
Authentication Bypass by Spoofing
CWE
Authentication Bypass by Assumed-Immutable Data
CWE
Missing Critical Step in Authentication
CWE
Improper Authentication
CWE
Use of a Cryptographic Primitive with a Risky Implementation
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.