Cyber Posture

CVE-2024-8273

High

Published: 11 December 2025

Published
11 December 2025
Modified
19 February 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0005 16.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-8273 is a high-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Hypr Hypr Server. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-2 (Identification and Authentication (Organizational Users)) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the CVE by identifying, reporting, and correcting the specific authentication bypass by spoofing flaw in HYPR Server prior to version 10.1 through timely patching or upgrades.

IA-2 Identification and Authentication (Organizational Users) good match
prevent

Requires robust identification and authentication for users and processes, directly preventing authentication bypass and identity spoofing vulnerabilities like CVE-2024-8273.

IA-4 Identifier Management partial match
prevent

Manages system identifiers to ensure uniqueness and proper handling, reducing the risk of identity spoofing in authentication bypass scenarios.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1684.001 Impersonation Stealth
Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf.
attack.mitre.org →
Why these techniques?

CVE-2024-8273 is an authentication bypass by spoofing vulnerability in a network-accessible server (T1190: Exploit Public-Facing Application), directly enabling identity spoofing/impersonation (T1656).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1.

Deeper analysisAI

CVE-2024-8273 is an Authentication Bypass by Spoofing vulnerability in HYPR Server that enables identity spoofing. The issue affects HYPR Server versions prior to 10.1. It has been assigned a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-290.

Remote attackers require no privileges and can exploit this vulnerability over the network with low attack complexity, though it necessitates user interaction. Successful exploitation allows attackers to spoof identities, potentially resulting in high impacts to confidentiality, integrity, and availability.

Mitigation details are available in the HYPR security advisory at https://www.hypr.com/trust-center/security-advisories. The vulnerability was published on 2025-12-11T17:15:54.240.

Details

CWE(s)
CWE-290

Affected Products

hypr
hypr server
≤ 10.1.0

CVEs Like This One

CVE-2026-2414Same vendor: Hypr
CVE-2026-33661Shared CWE-290
CVE-2026-34457Shared CWE-290
CVE-2026-35622Shared CWE-290
CVE-2026-3902Shared CWE-290
CVE-2026-30975Shared CWE-290
CVE-2026-21862Shared CWE-290
CVE-2026-0834Shared CWE-290
CVE-2025-11250Shared CWE-290
CVE-2025-59385Shared CWE-290

References