CVE-2024-8273
Published: 11 December 2025
Description
Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1.
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by identifying, reporting, and correcting the specific authentication bypass by spoofing flaw in HYPR Server prior to version 10.1 through timely patching or upgrades.
Requires robust identification and authentication for users and processes, directly preventing authentication bypass and identity spoofing vulnerabilities like CVE-2024-8273.
Manages system identifiers to ensure uniqueness and proper handling, reducing the risk of identity spoofing in authentication bypass scenarios.
Security SummaryAI
CVE-2024-8273 is an Authentication Bypass by Spoofing vulnerability in HYPR Server that enables identity spoofing. The issue affects HYPR Server versions prior to 10.1. It has been assigned a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-290.
Remote attackers require no privileges and can exploit this vulnerability over the network with low attack complexity, though it necessitates user interaction. Successful exploitation allows attackers to spoof identities, potentially resulting in high impacts to confidentiality, integrity, and availability.
Mitigation details are available in the HYPR security advisory at https://www.hypr.com/trust-center/security-advisories. The vulnerability was published on 2025-12-11T17:15:54.240.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2024-8273 is an authentication bypass by spoofing vulnerability in a network-accessible server (T1190: Exploit Public-Facing Application), directly enabling identity spoofing/impersonation (T1656).