Brave Browser <0.8.3 Missing Auth in brave-popup-builder
CVE-2025-68508 Published on December 24, 2025
WordPress Brave plugin <= 0.8.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through <= 0.8.3.
Vulnerability Analysis
CVE-2025-68508 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2025-68508 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2025-68508
stack.watch emails you whenever new vulnerabilities are published in Brave or Brave Browser. Just hit a watch button to start following.
Affected Versions
Brave (WordPress Plugin brave-popup-builder):- Before and including 0.8.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.