Cyber Resilience

CVE-2024-8273

High

Published: 11 December 2025

Published
11 December 2025
Modified
19 February 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:H/SI:N/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:I/V:D/RE:L/U:Amber
EPSS Score 0.0006 18.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-8273 is a high-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Hypr Hypr Server. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-2 (Identification and Authentication (Organizational Users)) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-8273 is an Authentication Bypass by Spoofing vulnerability in HYPR Server that enables identity spoofing. The issue affects HYPR Server versions prior to 10.1. It has been assigned a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-290.

Remote attackers require no privileges and can exploit this vulnerability over the network with low attack complexity, though it necessitates user interaction. Successful exploitation allows attackers to spoof identities, potentially resulting in high impacts to confidentiality, integrity, and availability.

Mitigation details are available in the HYPR security advisory at https://www.hypr.com/trust-center/security-advisories. The vulnerability was published on 2025-12-11T17:15:54.240.

EU & UK References

Vulnerability details

Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1684.001 Impersonation Stealth
Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf.
Why these techniques?

CVE-2024-8273 is an authentication bypass by spoofing vulnerability in a network-accessible server (T1190: Exploit Public-Facing Application), directly enabling identity spoofing/impersonation (T1656).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-2414Same vendor: Hypr
CVE-2024-55925Shared CWE-290
CVE-2026-0834Shared CWE-290
CVE-2026-33131Shared CWE-290
CVE-2026-24372Shared CWE-290
CVE-2025-27671Shared CWE-290
CVE-2026-24853Shared CWE-290
CVE-2026-30975Shared CWE-290
CVE-2026-31889Shared CWE-290
CVE-2026-40575Shared CWE-290

Affected Assets

hypr
hypr server
≤ 10.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by identifying, reporting, and correcting the specific authentication bypass by spoofing flaw in HYPR Server prior to version 10.1 through timely patching or upgrades.

prevent

Requires robust identification and authentication for users and processes, directly preventing authentication bypass and identity spoofing vulnerabilities like CVE-2024-8273.

prevent

Manages system identifiers to ensure uniqueness and proper handling, reducing the risk of identity spoofing in authentication bypass scenarios.

References