{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15586", "assignerOrgId": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "state": "PUBLISHED", "assignerShortName": "PRJBLK", "dateReserved": "2026-02-19T03:35:19.335Z", "datePublished": "2026-02-19T03:41:04.720Z", "dateUpdated": "2026-02-24T01:41:49.966Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OGP-Website", "repo": "https://github.com/OpenGamePanel/OGP-Website", "vendor": "OpenGamePanel", "versions": [{"lessThanOrEqual": "52f865a4fba763594453068acf8fa9e3fc38d663", "status": "affected", "version": "0", "versionType": "git"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "OGP-Website installs prior git commit 52f865a4fba763594453068acf8fa9e3fc38d663 are affected by a type juggling flaw which if exploited can result in authentication bypass without knowledge of the victim account's password."}], "value": "OGP-Website installs prior git commit 52f865a4fba763594453068acf8fa9e3fc38d663 are affected by a type juggling flaw which if exploited can result in authentication bypass without knowledge of the victim account's password."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 10, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "shortName": "PRJBLK", "dateUpdated": "2026-02-19T03:41:04.720Z"}, "references": [{"url": "https://github.com/OpenGamePanel/OGP-Website/commit/52f865a4fba763594453068acf8fa9e3fc38d663"}, {"url": "https://github.com/OpenGamePanel/OGP-Website/pull/644"}, {"url": "https://projectblack.io/blog/vibe-hacking-open-game-panel-rce/#vul-01-type-juggling-authentication-bypass"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T01:41:27.999596Z", "id": "CVE-2025-15586", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T01:41:49.966Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15586", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-24T01:41:27.999596Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T01:41:46.044Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/OpenGamePanel/OGP-Website", "vendor": "OpenGamePanel", "product": "OGP-Website", "versions": [{"status": "affected", "version": "0", "versionType": "git", "lessThanOrEqual": "52f865a4fba763594453068acf8fa9e3fc38d663"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/OpenGamePanel/OGP-Website/commit/52f865a4fba763594453068acf8fa9e3fc38d663"}, {"url": "https://github.com/OpenGamePanel/OGP-Website/pull/644"}, {"url": "https://projectblack.io/blog/vibe-hacking-open-game-panel-rce/#vul-01-type-juggling-authentication-bypass"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "OGP-Website installs prior git commit 52f865a4fba763594453068acf8fa9e3fc38d663 are affected by a type juggling flaw which if exploited can result in authentication bypass without knowledge of the victim account's password.", "supportingMedia": [{"type": "text/html", "value": "OGP-Website installs prior git commit 52f865a4fba763594453068acf8fa9e3fc38d663 are affected by a type juggling flaw which if exploited can result in authentication bypass without knowledge of the victim account's password.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "shortName": "PRJBLK", "dateUpdated": "2026-02-19T03:41:04.720Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15586", "state": "PUBLISHED", "dateUpdated": "2026-02-24T01:41:49.966Z", "dateReserved": "2026-02-19T03:35:19.335Z", "assignerOrgId": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "datePublished": "2026-02-19T03:41:04.720Z", "assignerShortName": "PRJBLK"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "OGP-Website installs prior git commit 52f865a4fba763594453068acf8fa9e3fc38d663 are affected by a type juggling flaw which if exploited can result in authentication bypass without knowledge of the victim account's password."}, {"lang": "es", "value": "Las instalaciones de OGP-Website anteriores al commit de git 52f865a4fba763594453068acf8fa9e3fc38d663 se ven afectadas por una falla de manipulaci\u00f3n de tipos que, si se explota, puede resultar en una omisi\u00f3n de autenticaci\u00f3n sin conocimiento de la contrase\u00f1a de la cuenta de la v\u00edctima."}], "id": "CVE-2025-15586", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "type": "Secondary"}]}, "published": "2026-02-19T07:17:36.540", "references": [{"source": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "url": "https://github.com/OpenGamePanel/OGP-Website/commit/52f865a4fba763594453068acf8fa9e3fc38d663"}, {"source": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "url": "https://github.com/OpenGamePanel/OGP-Website/pull/644"}, {"source": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "url": "https://projectblack.io/blog/vibe-hacking-open-game-panel-rce/#vul-01-type-juggling-authentication-bypass"}], "sourceIdentifier": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a", "type": "Secondary"}]}

{}

{"created": "2026-02-19T10:07:28.524989+00:00", "updated": "2026-02-19T10:07:28.525083+00:00", "vendors": ["opengamepanel", "opengamepanel$PRODUCT$ogp-website"]}