## Updated at UTC 2025-07-18T23:00:50.340070

Access data as JSON

CVE CVSS EPSS Posts Repos Nuclei Updated Description
CVE-2025-54309 9.0 0.00% 2 0 2025-07-18T19:15:25.353000 CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is
CVE-2025-32463 9.4 0.25% 1 40 2025-07-18T18:31:28 Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswi
CVE-2025-7783 0 0.00% 2 1 2025-07-18T17:15:44.747000 Use of Insufficiently Random Values vulnerability in form-data allows HTTP Param
CVE-2025-53762 8.7 0.00% 4 0 2025-07-18T17:15:44.400000 Permissive list of allowed inputs in Microsoft Purview allows an authorized atta
CVE-2025-49747 9.9 0.00% 2 0 2025-07-18T17:15:43.503000 Missing authorization in Azure Machine Learning allows an authorized attacker to
CVE-2025-49746 9.9 0.00% 4 0 2025-07-18T17:15:43.300000 Improper authorization in Azure Machine Learning allows an authorized attacker t
CVE-2025-47995 6.5 0.00% 2 0 2025-07-18T17:15:33.497000 Weak authentication in Azure Machine Learning allows an authorized attacker to e
CVE-2025-47158 9.0 0.00% 4 0 2025-07-18T17:15:31.363000 Authentication bypass by assumed-immutable data in Azure DevOps allows an unauth
CVE-2025-37104 7.1 0.02% 1 0 2025-07-18T15:15:26.397000 A security vulnerability has been identified in HPE Telco Service Orchestrator s
CVE-2025-6023 7.6 0.01% 2 0 2025-07-18T09:30:42 An open redirect vulnerability has been identified in Grafana OSS that can be ex
CVE-2025-6197 4.2 0.01% 2 0 2025-07-18T09:30:42 An open redirect vulnerability has been identified in Grafana OSS organization s
CVE-2025-7444 9.8 0.14% 1 0 2025-07-18T09:30:42 The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass i
CVE-2025-23266 9.1 0.02% 9 0 2025-07-17T21:32:27 NVIDIA Container Toolkit for all platforms contains a vulnerability in some hook
CVE-2025-4657 6.7 0.01% 1 0 2025-07-17T21:32:27 A buffer overflow vulnerability was reported in the Lenovo Protection Driver, pr
CVE-2025-3753 7.8 0.02% 1 0 2025-07-17T21:32:27 A code execution vulnerability has been identified in the Robot Operating System
CVE-2025-7433 8.8 0.01% 1 0 2025-07-17T21:32:27 A local privilege escalation vulnerability in Sophos Intercept X for Windows wit
CVE-2025-23269 4.7 0.01% 1 0 2025-07-17T21:32:27 NVIDIA Jetson Linux contains a vulnerability in the kernel where an attacker may
CVE-2024-41921 7.8 0.02% 1 0 2025-07-17T21:32:22 A code injection vulnerability has been discovered in the Robot Operating System
CVE-2024-41148 7.8 0.02% 1 0 2025-07-17T21:32:22 A code injection vulnerability has been discovered in the Robot Operating System
CVE-2025-7472 7.6 0.01% 1 0 2025-07-17T21:32:14 A local privilege escalation vulnerability in the Intercept X for Windows instal
CVE-2025-25257 9.8 0.13% 17 8 2025-07-17T21:15:50.197000 An improper neutralization of special elements used in an SQL command ('SQL Inje
CVE-2025-23267 8.5 0.04% 3 0 2025-07-17T21:15:50.197000 NVIDIA Container Toolkit for all platforms contains a vulnerability in the updat
CVE-2024-39289 7.8 0.02% 1 0 2025-07-17T21:15:50.197000 A code execution vulnerability has been discovered in the Robot Operating System
CVE-2024-13972 8.8 0.01% 1 0 2025-07-17T21:15:50.197000 A vulnerability related to registry permissions in the Intercept X for Windows u
CVE-2025-54068 0 0.25% 1 0 2025-07-17T21:15:50.197000 Livewire is a full-stack framework for Laravel. In Livewire v3 up to and includi
CVE-2025-20284 6.5 0.07% 1 0 2025-07-17T21:15:50.197000 A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an
CVE-2025-20285 4.1 0.03% 1 0 2025-07-17T21:15:50.197000 A vulnerability in the IP Access Restriction feature of Cisco ISE and Cisco ISE-
CVE-2025-40777 7.5 0.02% 1 0 2025-07-17T21:15:50.197000 If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and
CVE-2025-23270 7.1 0.02% 1 0 2025-07-17T21:15:50.197000 NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an u
CVE-2025-20337 10.0 0.16% 12 0 2025-07-17T20:42:07.780000 A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an
CVE-2025-23263 7.6 0.02% 1 0 2025-07-17T18:31:24 NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature,
CVE-2025-20274 6.3 0.20% 1 0 2025-07-16T18:32:46 A vulnerability in the web-based management interface of Cisco Unified Intellige
CVE-2025-20288 5.8 0.02% 1 0 2025-07-16T18:32:46 A vulnerability in the web-based management interface of Cisco Unified Intellige
CVE-2025-20283 6.5 0.07% 1 0 2025-07-16T18:32:38 A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an
CVE-2025-20272 4.3 0.03% 1 0 2025-07-16T18:32:38 A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco
CVE-2025-49706 6.3 0.03% 1 0 2025-07-16T17:41:44.517000 Improper authentication in Microsoft Office SharePoint allows an authorized atta
CVE-2025-5994 None 0.02% 1 0 2025-07-16T15:32:40 A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been
CVE-2025-40776 8.6 0.01% 1 0 2025-07-16T15:32:33 A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) o
CVE-2025-3871 5.3 0.06% 1 0 2025-07-16T15:32:32 Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows an attack
CVE-2025-52689 9.8 0.08% 1 1 2025-07-16T15:32:27 Successful exploitation of the vulnerability could allow an unauthenticated atta
CVE-2025-52690 8.1 0.06% 1 0 2025-07-16T15:15:32.133000 Successful exploitation of the vulnerability could allow an attacker to execute
CVE-2025-34300 0 2.73% 1 0 template 2025-07-16T15:15:26.410000 A template injection vulnerability exists in Sawtooth Software’s Lighthouse Stud
CVE-2025-49828 0 0.34% 1 0 2025-07-16T14:59:23.707000 Conjur provides secrets management and application identity for infrastructure.
CVE-2025-6058 9.8 0.09% 1 2 2025-07-16T14:57:37.827000 The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to
CVE-2025-7657 8.8 0.18% 1 0 2025-07-16T14:27:43.883000 Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remo
CVE-2025-6043 8.1 0.21% 1 0 2025-07-16T09:31:15 The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin fo
CVE-2025-24294 5.3 0.02% 1 0 2025-07-15T22:56:20 A denial of service vulnerability has been discovered in the resolv gem bundled
CVE-2025-52377 5.4 0.82% 1 0 2025-07-15T21:32:49 Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router version
CVE-2025-6558 8.8 0.14% 11 1 2025-07-15T21:32:48 Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome pri
CVE-2025-7656 8.8 0.10% 1 0 2025-07-15T21:32:47 Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote
CVE-2025-52379 5.4 0.18% 1 0 2025-07-15T21:32:47 Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an aut
CVE-2025-41237 9.4 0.02% 4 0 2025-07-15T21:31:43 VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtu
CVE-2025-41236 9.4 0.02% 4 0 2025-07-15T21:31:43 VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability i
CVE-2025-41238 9.4 0.02% 2 0 2025-07-15T21:31:43 VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in th
CVE-2025-53020 7.5 0.05% 2 0 2025-07-15T21:31:27 Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Ser
CVE-2025-53825 9.4 0.24% 1 0 2025-07-15T20:15:50.550000 Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version
CVE-2025-41239 7.1 0.01% 2 0 2025-07-15T20:07:28.023000 VMware ESXi, Workstation, Fusion, and VMware Tools contains an information discl
CVE-2025-6971 7.8 0.01% 1 0 2025-07-15T20:07:28.023000 Use After Free vulnerability exists in the CATPRODUCT file reading procedure in
CVE-2025-52378 5.4 0.03% 1 0 2025-07-15T20:07:28.023000 Cross-Site Scripting (XSS) vulnerability in Nexxt Solutions NCM-X1800 Mesh Route
CVE-2025-53890 9.8 0.26% 1 0 2025-07-15T15:38:13 #### Summary An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA p
CVE-2025-6965 None 0.04% 3 0 2025-07-15T15:31:07 There exists a vulnerability in SQLite versions before 3.50.2 where the number o
CVE-2025-6973 7.8 0.01% 1 0 2025-07-15T15:31:07 Use After Free vulnerability exists in the JT file reading procedure in SOLIDWOR
CVE-2025-7042 7.8 0.01% 1 0 2025-07-15T15:31:07 Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWO
CVE-2025-6974 7.8 0.01% 1 0 2025-07-15T15:31:07 Use of Uninitialized Variable vulnerability exists in the JT file reading proced
CVE-2025-6972 7.8 0.01% 1 0 2025-07-15T15:31:07 Use After Free vulnerability exists in the CATPRODUCT file reading procedure in
CVE-2025-0831 7.8 0.01% 1 0 2025-07-15T15:31:07 Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLI
CVE-2025-52376 9.8 0.09% 1 0 2025-07-15T15:31:06 An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint i
CVE-2025-50121 0 0.92% 1 0 2025-07-15T13:14:49.980000 A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS
CVE-2025-30402 8.1 0.05% 1 0 2025-07-15T13:14:49.980000 A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can ca
CVE-2025-7574 9.8 0.10% 1 0 2025-07-15T13:14:24.053000 A vulnerability, which was classified as critical, was found in LB-LINK BL-AC190
CVE-2025-7012 0 0.02% 1 0 2025-07-15T13:14:24.053000 An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a lo
CVE-2025-6265 7.2 0.08% 1 0 2025-07-15T03:30:37 A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50
CVE-2025-53833 10.0 11.92% 1 1 template 2025-07-15T00:34:45 ### Impact Attackers could: 1. Execute arbitrary commands on the server 2. Acces
CVE-2025-5777 7.5 19.05% 13 14 template 2025-07-14T21:09:06.773000 Insufficient input validation leading to memory overread when the NetScaler is c
CVE-2025-47812 10.0 83.38% 10 8 template 2025-07-14T18:31:44 In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0
CVE-2024-26293 None 0.04% 1 0 2025-07-14T12:30:28 The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented vulnerabil
CVE-2024-58258 7.2 0.99% 1 0 2025-07-14T00:31:13 SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module beca
CVE-2025-38001 None 0.02% 2 1 2025-07-13T21:30:32 In the Linux kernel, the following vulnerability has been resolved: net_sched:
CVE-2025-30403 8.1 0.04% 1 0 2025-07-11T21:31:11 A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafte
CVE-2025-6691 8.1 0.34% 1 0 2025-07-11T21:31:04 The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is
CVE-2025-6019 7.0 0.02% 1 4 2025-07-10T15:32:17 A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Gener
CVE-2025-48384 8.0 0.02% 1 18 2025-07-10T13:18:53.830000 Git is a fast, scalable, distributed revision control system with an unusually r
CVE-2025-32462 2.8 0.16% 1 9 2025-07-09T18:30:40 Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that i
CVE-2025-48976 None 0.06% 1 2 2025-07-09T18:15:39 Allocation of resources for multipart headers with insufficient limits enabled a
CVE-2025-6514 9.7 0.05% 4 1 2025-07-09T18:08:46 mcp-remote is exposed to OS command injection when connecting to untrusted MCP s
CVE-2019-5418 7.5 94.31% 1 12 template 2025-07-09T15:23:23.357000 There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6
CVE-2025-49704 8.8 0.19% 1 0 2025-07-08T18:31:58 Improper control of generation of code ('code injection') in Microsoft Office Sh
CVE-2025-47981 9.8 0.10% 1 0 2025-07-08T18:31:51 Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unau
CVE-2025-3648 None 0.04% 2 0 2025-07-08T18:31:49 A vulnerability has been identified in the Now Platform that could result in dat
CVE-2025-5333 0 0.43% 1 0 2025-07-08T16:18:34.923000 Remote attackers can execute arbitrary code in the context of the vulnerable ser
CVE-2025-6543 9.8 3.54% 1 3 2025-07-01T18:30:34 Memory overflow vulnerability leading to unintended control flow and Denial of S
CVE-2025-6554 8.1 0.52% 4 5 2025-07-01T15:32:11 Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote at
CVE-2025-20281 9.8 0.06% 3 4 2025-06-26T21:31:20 A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an
CVE-2025-20282 10.0 0.14% 2 0 2025-06-26T21:31:13 A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an
CVE-2023-48795 5.9 61.27% 1 4 template 2025-06-24T17:47:50 ### Summary Terrapin is a prefix truncation attack targeting the SSH protocol.
CVE-2025-49132 10.0 33.56% 2 7 template 2025-06-23T20:16:21.633000 Pterodactyl is a free, open-source game server management panel. Prior to versio
CVE-2023-4969 6.5 1.98% 2 0 2025-06-20T18:15:22.740000 A GPU kernel can read sensitive data from another GPU kernel (even from another
CVE-2025-6192 8.8 0.11% 1 0 2025-06-18T21:30:30 Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a rem
CVE-2025-2884 6.6 0.01% 2 0 2025-06-13T18:15:21.710000 TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerabl
CVE-2025-49127 0 0.17% 1 0 2025-06-09T16:15:44.833000 Kafbat UI is a web user interface for managing Apache Kafka clusters. An unsafe
CVE-2025-5068 8.8 0.13% 1 0 2025-06-05T14:11:10.430000 Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote
CVE-2025-2500 7.4 0.05% 1 0 2025-05-30T15:30:39 A vulnerability exists in the SOAP Web services of the Asset Suite versions lis
CVE-2025-48927 5.3 11.39% 3 0 2025-05-28T18:33:28 The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with
CVE-2025-5281 5.4 0.07% 1 0 2025-05-28T15:35:30 Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55
CVE-2025-4919 8.8 0.04% 3 0 2025-05-28T14:08:29.293000 An attacker was able to perform an out-of-bounds read or write on a JavaScript o
CVE-2025-42999 9.1 18.14% 1 1 2025-05-13T18:31:57 SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged
CVE-2025-22457 9.0 35.17% 3 5 2025-05-03T01:00:02.097000 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6,
CVE-2025-31324 10.0 63.77% 1 18 template 2025-05-02T15:31:16 SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper a
CVE-2025-24016 9.9 91.65% 1 8 template 2025-04-22T16:53:42 ### Summary An unsafe deserialization vulnerability allows for remote code execu
CVE-2012-0217 None 88.86% 1 0 2025-04-11T03:59:22 The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in
CVE-2025-32461 10.0 0.11% 1 0 2025-04-09T04:18:30 wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki befo
CVE-2024-4577 9.8 94.41% 1 66 template 2025-03-28T15:12:44.513000 In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, wh
CVE-2019-9082 8.8 94.14% 1 0 2025-02-07T18:31:59 ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, all
CVE-2025-0282 9.1 93.24% 3 11 2025-01-28T18:32:27 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5,
CVE-2024-57727 7.5 94.05% 1 1 template 2025-01-16T21:32:03 SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple p
CVE-2024-20439 9.8 88.88% 2 0 template 2024-09-13T21:31:22 A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated,
CVE-2024-39385 5.5 0.06% 1 0 2024-09-13T09:31:32 Premiere Pro versions 24.5, 23.6.8 and earlier are affected by a Use After Free
CVE-2024-42009 9.3 88.04% 1 4 2024-09-07T00:32:35 A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x throug
CVE-2024-22122 3.0 0.35% 1 0 2024-08-12T15:30:49 Zabbix allows to configure SMS notifications. AT command injection occurs on "Za
CVE-2024-22120 9.1 93.88% 1 4 template 2024-05-17T12:30:59 Zabbix server can perform command execution for configured scripts. After comman
CVE-2024-3721 6.3 61.78% 1 0 2024-04-13T12:30:30 A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classi
CVE-2017-18370 8.8 75.83% 2 0 2024-04-11T21:16:45 The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline ha
CVE-2023-34634 9.8 26.00% 1 1 2024-04-04T06:28:11 Greenshot 1.2.10 and below allows arbitrary code execution because .NET content
CVE-2023-2868 9.4 90.10% 1 4 2024-04-04T05:46:09 A remote command injection vulnerability exists in the Barracuda Email Security
CVE-2025-27212 0 0.00% 2 0 N/A
CVE-2024-21969 0 0.00% 2 0 N/A
CVE-2025-53816 0 0.02% 1 0 N/A
CVE-2025-53906 0 0.01% 1 0 N/A
CVE-2025-27210 0 0.00% 1 2 N/A
CVE-2025-53895 0 0.04% 1 0 N/A
CVE-2024-47065 0 0.06% 1 0 N/A

CVE-2025-54309
(9.0 CRITICAL)

EPSS: 0.00%

updated 2025-07-18T19:15:25.353000

2 posts

CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.

DarkWebInformer at 2025-07-18T22:33:25.150Z ##

🚨CrushFTP has an active 0-Day with a CVSS score of 9.0

CVE-2025-54309: CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.

crushftp.com/crush11wiki/Wiki.

##

DarkWebInformer@infosec.exchange at 2025-07-18T22:33:25.000Z ##

🚨CrushFTP has an active 0-Day with a CVSS score of 9.0

CVE-2025-54309: CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.

crushftp.com/crush11wiki/Wiki.

##

CVE-2025-32463
(9.4 CRITICAL)

EPSS: 0.25%

updated 2025-07-18T18:31:28

1 posts

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

40 repos

https://github.com/FreeDurok/CVE-2025-32463-PoC

https://github.com/junxian428/CVE-2025-32463

https://github.com/9Insomnie/CVE-2025-32463

https://github.com/CIA911/sudo_patch_CVE-2025-32463

https://github.com/zinzloun/CVE-2025-32463

https://github.com/lowercasenumbers/CVE-2025-32463_sudo_chroot

https://github.com/abrewer251/CVE-2025-32463_Sudo_PoC

https://github.com/san8383/CVE-2025-32463

https://github.com/mirchr/CVE-2025-32463-sudo-chwoot

https://github.com/B1ack4sh/Blackash-CVE-2025-32463

https://github.com/SysMancer/CVE-2025-32463

https://github.com/SpongeBob-369/cve-2025-32463

https://github.com/Chocapikk/CVE-2025-32463-lab

https://github.com/morgenm/sudo-chroot-CVE-2025-32463

https://github.com/Mikivirus0/sudoinjection

https://github.com/krypton-0x00/CVE-2025-32463-Chwoot-POC

https://github.com/pr0v3rbs/CVE-2025-32463_chwoot

https://github.com/MohamedKarrab/CVE-2025-32463

https://github.com/SkylerMC/CVE-2025-32463

https://github.com/dbarquero/cve-2025-32463-lab

https://github.com/Adonijah01/cve-2025-32463-lab

https://github.com/ill-deed/CVE-2025-32463_illdeed

https://github.com/cyberpoul/CVE-2025-32463-POC

https://github.com/robbert1978/CVE-2025-32463_POC

https://github.com/K3ysTr0K3R/CVE-2025-32463-EXPLOIT

https://github.com/0xb0rn3/CVE-2025-32463-EXPLOIT

https://github.com/MGunturG/CVE-2025-32463

https://github.com/toohau/CVE-2025-32462-32463-Detection-Script-

https://github.com/K1tt3h/CVE-2025-32463-POC

https://github.com/nflatrea/CVE-2025-32463

https://github.com/pevinkumar10/CVE-2025-32463

https://github.com/Rajneeshkarya/CVE-2025-32463

https://github.com/zhaduchanhzz/CVE-2025-32463_POC

https://github.com/0xAkarii/CVE-2025-32463

https://github.com/yeremeu/CVE-2025-32463_chwoot

https://github.com/neko205-mx/CVE-2025-32463_Exploit

https://github.com/MAAYTHM/CVE-2025-32462_32463-Lab

https://github.com/Floodnut/CVE-2025-32463

https://github.com/kh4sh3i/CVE-2025-32463

https://github.com/4f-kira/CVE-2025-32463

linux@activitypub.awakari.com at 2025-07-14T14:21:20.000Z ## Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) If you haven’t recently updated the Sudo utility on your Linux box(es), you should do so now, to patch two l...

#Blog #Linux #box #sudo

Origin | Interest | Match ##

CVE-2025-7783
(0 None)

EPSS: 0.00%

updated 2025-07-18T17:15:44.747000

2 posts

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.

1 repos

https://github.com/benweissmann/CVE-2025-7783-poc

cR0w at 2025-07-18T16:45:48.759Z ##

HTTP Parameter Pollution in form-data with PoC.

github.com/form-data/form-data

sev:CRIT 9.4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.

cve.org/CVERecord?id=CVE-2025-

##

cR0w@infosec.exchange at 2025-07-18T16:45:48.000Z ##

HTTP Parameter Pollution in form-data with PoC.

github.com/form-data/form-data

sev:CRIT 9.4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.

cve.org/CVERecord?id=CVE-2025-

##

CVE-2025-53762
(8.7 HIGH)

EPSS: 0.00%

updated 2025-07-18T17:15:44.400000

4 posts

Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network.

AAKL at 2025-07-18T18:23:20.430Z ##

Microsoft security updates listing four maximum severity vulnerabilities, as in 'we're competing with Cisco'.

- CVE-2025-53762: Microsoft Purview Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

- CVE-2025-47158: Azure DevOps Server Elevation of Privilege Vulnerability New msrc.microsoft.com/update-guid

- CVE-2025-47995: Azure Machine Learning Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

- CVE-2025-49746: Azure Machine Learning Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

##

cR0w at 2025-07-18T17:21:11.766Z ##

There was also an EoP in Purview. Also not exploited, no action required.

msrc.microsoft.com/update-guid

##

AAKL@infosec.exchange at 2025-07-18T18:23:20.000Z ##

Microsoft security updates listing four maximum severity vulnerabilities, as in 'we're competing with Cisco'.

- CVE-2025-53762: Microsoft Purview Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

- CVE-2025-47158: Azure DevOps Server Elevation of Privilege Vulnerability New msrc.microsoft.com/update-guid

- CVE-2025-47995: Azure Machine Learning Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

- CVE-2025-49746: Azure Machine Learning Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid #Microsoft #cybersecurity #infosec #AI #Azure

##

cR0w@infosec.exchange at 2025-07-18T17:21:11.000Z ##

There was also an EoP in Purview. Also not exploited, no action required.

msrc.microsoft.com/update-guid

##

CVE-2025-49747
(9.9 CRITICAL)

EPSS: 0.00%

updated 2025-07-18T17:15:43.503000

2 posts

Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.

cR0w at 2025-07-18T17:17:50.840Z ##

Microsoft published two sev:CRIT CVEs in Azure Machine Learning and one sev:CRIT in ADO.

msrc.microsoft.com/update-guid

msrc.microsoft.com/update-guid

msrc.microsoft.com/update-guid

All of them are listed as not publicly disclosed and not exploited.

The vulnerability documented by this CVE requires no customer action to resolve

##

cR0w@infosec.exchange at 2025-07-18T17:17:50.000Z ##

Microsoft published two sev:CRIT CVEs in Azure Machine Learning and one sev:CRIT in ADO.

msrc.microsoft.com/update-guid

msrc.microsoft.com/update-guid

msrc.microsoft.com/update-guid

All of them are listed as not publicly disclosed and not exploited.

The vulnerability documented by this CVE requires no customer action to resolve

##

CVE-2025-49746
(9.9 CRITICAL)

EPSS: 0.00%

updated 2025-07-18T17:15:43.300000

4 posts

Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.

AAKL at 2025-07-18T18:23:20.430Z ##

Microsoft security updates listing four maximum severity vulnerabilities, as in 'we're competing with Cisco'.

- CVE-2025-53762: Microsoft Purview Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

- CVE-2025-47158: Azure DevOps Server Elevation of Privilege Vulnerability New msrc.microsoft.com/update-guid

- CVE-2025-47995: Azure Machine Learning Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

- CVE-2025-49746: Azure Machine Learning Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

##

cR0w at 2025-07-18T17:17:50.840Z ##

Microsoft published two sev:CRIT CVEs in Azure Machine Learning and one sev:CRIT in ADO.

msrc.microsoft.com/update-guid

msrc.microsoft.com/update-guid

msrc.microsoft.com/update-guid

All of them are listed as not publicly disclosed and not exploited.

The vulnerability documented by this CVE requires no customer action to resolve

##

AAKL@infosec.exchange at 2025-07-18T18:23:20.000Z ##

Microsoft security updates listing four maximum severity vulnerabilities, as in 'we're competing with Cisco'.

- CVE-2025-53762: Microsoft Purview Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

- CVE-2025-47158: Azure DevOps Server Elevation of Privilege Vulnerability New msrc.microsoft.com/update-guid

- CVE-2025-47995: Azure Machine Learning Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

- CVE-2025-49746: Azure Machine Learning Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid #Microsoft #cybersecurity #infosec #AI #Azure

##

cR0w@infosec.exchange at 2025-07-18T17:17:50.000Z ##

Microsoft published two sev:CRIT CVEs in Azure Machine Learning and one sev:CRIT in ADO.

msrc.microsoft.com/update-guid

msrc.microsoft.com/update-guid

msrc.microsoft.com/update-guid

All of them are listed as not publicly disclosed and not exploited.

The vulnerability documented by this CVE requires no customer action to resolve

##

CVE-2025-47995
(6.5 MEDIUM)

EPSS: 0.00%

updated 2025-07-18T17:15:33.497000

2 posts

Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.

AAKL at 2025-07-18T18:23:20.430Z ##

Microsoft security updates listing four maximum severity vulnerabilities, as in 'we're competing with Cisco'.

- CVE-2025-53762: Microsoft Purview Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

- CVE-2025-47158: Azure DevOps Server Elevation of Privilege Vulnerability New msrc.microsoft.com/update-guid

- CVE-2025-47995: Azure Machine Learning Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

- CVE-2025-49746: Azure Machine Learning Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

##

AAKL@infosec.exchange at 2025-07-18T18:23:20.000Z ##

Microsoft security updates listing four maximum severity vulnerabilities, as in 'we're competing with Cisco'.

- CVE-2025-53762: Microsoft Purview Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

- CVE-2025-47158: Azure DevOps Server Elevation of Privilege Vulnerability New msrc.microsoft.com/update-guid

- CVE-2025-47995: Azure Machine Learning Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

- CVE-2025-49746: Azure Machine Learning Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid #Microsoft #cybersecurity #infosec #AI #Azure

##

CVE-2025-47158
(9.0 CRITICAL)

EPSS: 0.00%

updated 2025-07-18T17:15:31.363000

4 posts

Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.

AAKL at 2025-07-18T18:23:20.430Z ##

Microsoft security updates listing four maximum severity vulnerabilities, as in 'we're competing with Cisco'.

- CVE-2025-53762: Microsoft Purview Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

- CVE-2025-47158: Azure DevOps Server Elevation of Privilege Vulnerability New msrc.microsoft.com/update-guid

- CVE-2025-47995: Azure Machine Learning Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

- CVE-2025-49746: Azure Machine Learning Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

##

cR0w at 2025-07-18T17:17:50.840Z ##

Microsoft published two sev:CRIT CVEs in Azure Machine Learning and one sev:CRIT in ADO.

msrc.microsoft.com/update-guid

msrc.microsoft.com/update-guid

msrc.microsoft.com/update-guid

All of them are listed as not publicly disclosed and not exploited.

The vulnerability documented by this CVE requires no customer action to resolve

##

AAKL@infosec.exchange at 2025-07-18T18:23:20.000Z ##

Microsoft security updates listing four maximum severity vulnerabilities, as in 'we're competing with Cisco'.

- CVE-2025-53762: Microsoft Purview Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

- CVE-2025-47158: Azure DevOps Server Elevation of Privilege Vulnerability New msrc.microsoft.com/update-guid

- CVE-2025-47995: Azure Machine Learning Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid

- CVE-2025-49746: Azure Machine Learning Elevation of Privilege Vulnerability msrc.microsoft.com/update-guid #Microsoft #cybersecurity #infosec #AI #Azure

##

cR0w@infosec.exchange at 2025-07-18T17:17:50.000Z ##

Microsoft published two sev:CRIT CVEs in Azure Machine Learning and one sev:CRIT in ADO.

msrc.microsoft.com/update-guid

msrc.microsoft.com/update-guid

msrc.microsoft.com/update-guid

All of them are listed as not publicly disclosed and not exploited.

The vulnerability documented by this CVE requires no customer action to resolve

##

CVE-2025-37104
(7.1 HIGH)

EPSS: 0.02%

updated 2025-07-18T15:15:26.397000

1 posts

A security vulnerability has been identified in HPE Telco Service Orchestrator software. The vulnerability could allow authenticated clients to to perform a SQL Injection attack when sending a service request, and potentially exfiltrate the database's vendor name to unauthorized authenticated clients.

CVE-2025-6023
(7.6 HIGH)

EPSS: 0.01%

updated 2025-07-18T09:30:42

2 posts

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01

CVE-2025-6197
(4.2 MEDIUM)

EPSS: 0.01%

updated 2025-07-18T09:30:42

2 posts

An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL

CVE-2025-7444
(9.8 CRITICAL)

EPSS: 0.14%

updated 2025-07-18T09:30:42

1 posts

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not hav

offseq at 2025-07-18T09:01:10.660Z ##

🔥 CRITICAL vuln: LoginPress Pro (all versions ≤5.0.1) lets attackers bypass auth with social login token, gaining admin access (CVE-2025-7444, CVSS 9.8). No fix yet—monitor for suspicious logins! radar.offseq.com/threat/cve-20

##

CVE-2025-23266
(9.1 CRITICAL)

EPSS: 0.02%

updated 2025-07-17T21:32:27

9 posts

NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.

AAKL at 2025-07-18T15:21:42.357Z ##

WIZ, from yesterday: NVIDIAScape - Critical NVIDIA AI Vulnerability: A Three-Line Container Escape in NVIDIA Container Toolkit (CVE-2025-23266)

More:

The Hacker News: Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services thehackernews.com/2025/07/crit @thehackernews

##

jbhall56 at 2025-07-18T12:26:07.262Z ##

The vulnerability, tracked as CVE-2025-23266, carries a CVSS score of 9.0 out of 10.0. It has been codenamed NVIDIAScape by Google-owned cloud security company Wiz. thehackernews.com/2025/07/crit

##

beyondmachines1 at 2025-07-18T09:01:08.181Z ##

NVIDIA reports container escape vulnerabilities in Container Toolkit

NVIDIA has disclosed two critical vulnerabilities in its Container Toolkit and GPU Operator (CVE-2025-23266, CVE-2025-23267) that enable container escape attacks against AI infrastructure used by major cloud providers. The most severe flaw is dubbed "NVIDIAScape" and is exploitable through a simple three-line Dockerfile.

**If you're running NVIDIA Container Toolkit or GPU Operator for AI workloads, either upgrade to Container Toolkit version 1.17.8 and GPU Operator version 25.3.1 or disable the vulnerable enable-cuda-compat hook by setting the disable-cuda-compat-lib-hook flag to true in your configuration files. The exploit is trivial, and attackers will find your systems, one way or another.**

beyondmachines.net/event_detai

##

AAKL@infosec.exchange at 2025-07-18T15:21:42.000Z ##

WIZ, from yesterday: NVIDIAScape - Critical NVIDIA AI Vulnerability: A Three-Line Container Escape in NVIDIA Container Toolkit (CVE-2025-23266)

More:

The Hacker News: Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services thehackernews.com/2025/07/crit @thehackernews #Nvidia #cybersecurity #infosec #AI

##

jbhall56@infosec.exchange at 2025-07-18T12:26:07.000Z ##

The vulnerability, tracked as CVE-2025-23266, carries a CVSS score of 9.0 out of 10.0. It has been codenamed NVIDIAScape by Google-owned cloud security company Wiz. thehackernews.com/2025/07/crit

##

beyondmachines1@infosec.exchange at 2025-07-18T09:01:08.000Z ##

NVIDIA reports container escape vulnerabilities in Container Toolkit

NVIDIA has disclosed two critical vulnerabilities in its Container Toolkit and GPU Operator (CVE-2025-23266, CVE-2025-23267) that enable container escape attacks against AI infrastructure used by major cloud providers. The most severe flaw is dubbed "NVIDIAScape" and is exploitable through a simple three-line Dockerfile.

**If you're running NVIDIA Container Toolkit or GPU Operator for AI workloads, either upgrade to Container Toolkit version 1.17.8 and GPU Operator version 25.3.1 or disable the vulnerable enable-cuda-compat hook by setting the disable-cuda-compat-lib-hook flag to true in your configuration files. The exploit is trivial, and attackers will find your systems, one way or another.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

cR0w@infosec.exchange at 2025-07-17T19:23:48.000Z ##

Go hack the robots!

ros.org/blog/noetic-eol/

After May 31st, 2025 ROS 1 Noetic users may find themselves exposed to un-patched security vulnerabilities and bugs, with few avenues of support short of fixing these issues themselves and recompiling Noetic from source.

cve.org/CVERecord?id=CVE-2024-

cve.org/CVERecord?id=CVE-2024-

cve.org/CVERecord?id=CVE-2024-

cve.org/CVERecord?id=CVE-2024-

Edit to add a couple more.

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

##

cR0w@infosec.exchange at 2025-07-17T15:45:16.000Z ##

Go hack more AI shit please. Now.

wiz.io/blog/nvidia-ai-vulnerab

##

AAKL@infosec.exchange at 2025-07-15T15:03:47.000Z ##

New.

Nvidia product advisories:

- NVIDIA Jetson Orin, IGX Orin and Xavier Devices - CVE-2025-23270 and CVE-2025-23269 nvidia.custhelp.com/app/answer

- NVIDIA Container Toolkit - CVE-2025-23266 and CVE-2025-23267 nvidia.custhelp.com/app/answer

- NVIDIA DOCA-Host and Mellanox OFED - CVE-2025-23263 nvidia.custhelp.com/app/answer #Nvidia #cybersecurity #infosec

##

CVE-2025-4657
(6.7 MEDIUM)

EPSS: 0.01%

updated 2025-07-17T21:32:27

1 posts

A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code.

undercodenews@mastodon.social at 2025-07-18T14:24:19.000Z ##

Critical Lenovo Driver Flaw Exposes Millions: CVE-2025-4657 Enables Full System Takeover

A Dangerous Threat Hiding in Plain Sight In July 2025, security researchers uncovered a critical buffer overflow vulnerability—CVE-2025-4657—embedded in Lenovo’s lrtp.sys Protection Driver, used widely in Lenovo PC Manager, Browser, and App Store utilities. This vulnerability, if exploited, allows attackers with local access to gain full system privileges on millions of Lenovo…

undercodenews.com/critical-len

##

CVE-2025-3753
(7.8 HIGH)

EPSS: 0.02%

updated 2025-07-17T21:32:27

1 posts

A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code.

cR0w@infosec.exchange at 2025-07-17T19:23:48.000Z ##

Go hack the robots!

ros.org/blog/noetic-eol/

After May 31st, 2025 ROS 1 Noetic users may find themselves exposed to un-patched security vulnerabilities and bugs, with few avenues of support short of fixing these issues themselves and recompiling Noetic from source.

cve.org/CVERecord?id=CVE-2024-

cve.org/CVERecord?id=CVE-2024-

cve.org/CVERecord?id=CVE-2024-

cve.org/CVERecord?id=CVE-2024-

Edit to add a couple more.

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

##

CVE-2025-7433
(8.8 HIGH)

EPSS: 0.01%

updated 2025-07-17T21:32:27

1 posts

A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution.

cR0w@infosec.exchange at 2025-07-17T19:03:39.000Z ##

Three LPEs in Sophos Intercept X for Windows (CVE-2024-13972, CVE-2025-7433, CVE-2025-7472).

sophos.com/en-us/security-advi

##

CVE-2025-23269
(4.7 MEDIUM)

EPSS: 0.01%

updated 2025-07-17T21:32:27

1 posts

NVIDIA Jetson Linux contains a vulnerability in the kernel where an attacker may cause an exposure of sensitive information due to a shared microarchitectural predictor state that influences transient execution. A successful exploit of this vulnerability may lead to information disclosure.

AAKL@infosec.exchange at 2025-07-15T15:03:47.000Z ##

New.

Nvidia product advisories:

- NVIDIA Jetson Orin, IGX Orin and Xavier Devices - CVE-2025-23270 and CVE-2025-23269 nvidia.custhelp.com/app/answer

- NVIDIA Container Toolkit - CVE-2025-23266 and CVE-2025-23267 nvidia.custhelp.com/app/answer

- NVIDIA DOCA-Host and Mellanox OFED - CVE-2025-23263 nvidia.custhelp.com/app/answer #Nvidia #cybersecurity #infosec

##

CVE-2024-41921
(7.8 HIGH)

EPSS: 0.02%

updated 2025-07-17T21:32:22

1 posts

A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanit

cR0w@infosec.exchange at 2025-07-17T19:23:48.000Z ##

Go hack the robots!

ros.org/blog/noetic-eol/

After May 31st, 2025 ROS 1 Noetic users may find themselves exposed to un-patched security vulnerabilities and bugs, with few avenues of support short of fixing these issues themselves and recompiling Noetic from source.

cve.org/CVERecord?id=CVE-2024-

cve.org/CVERecord?id=CVE-2024-

cve.org/CVERecord?id=CVE-2024-

cve.org/CVERecord?id=CVE-2024-

Edit to add a couple more.

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

##

CVE-2024-41148
(7.8 HIGH)

EPSS: 0.02%

updated 2025-07-17T21:32:22

1 posts

A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitiza

cR0w@infosec.exchange at 2025-07-17T19:23:48.000Z ##

Go hack the robots!

ros.org/blog/noetic-eol/

After May 31st, 2025 ROS 1 Noetic users may find themselves exposed to un-patched security vulnerabilities and bugs, with few avenues of support short of fixing these issues themselves and recompiling Noetic from source.

cve.org/CVERecord?id=CVE-2024-

cve.org/CVERecord?id=CVE-2024-

cve.org/CVERecord?id=CVE-2024-

cve.org/CVERecord?id=CVE-2024-

Edit to add a couple more.

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

##

CVE-2025-7472
(7.6 HIGH)

EPSS: 0.01%

updated 2025-07-17T21:32:14

1 posts

A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1.22 can lead to a local user gaining system level privileges, if the installer is run as SYSTEM.

cR0w@infosec.exchange at 2025-07-17T19:03:39.000Z ##

Three LPEs in Sophos Intercept X for Windows (CVE-2024-13972, CVE-2025-7433, CVE-2025-7472).

sophos.com/en-us/security-advi

##

CVE-2025-25257
(9.8 CRITICAL)

EPSS: 0.13%

updated 2025-07-17T21:15:50.197000

17 posts

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

8 repos

https://github.com/0xgh057r3c0n/CVE-2025-25257

https://github.com/adilburaksen/CVE-2025-25257-Exploit-Tool

https://github.com/secwatch92/fortiweb_rce_toolkit

https://github.com/B1ack4sh/Blackash-CVE-2025-25257

https://github.com/imbas007/CVE-2025-25257

https://github.com/watchtowrlabs/watchTowr-vs-FortiWeb-CVE-2025-25257

https://github.com/aitorfirm/CVE-2025-25257

https://github.com/0xbigshaq/CVE-2025-25257

cisakevtracker@mastodon.social at 2025-07-18T18:01:01.000Z ##

CVE ID: CVE-2025-25257
Vendor: Fortinet
Product: FortiWeb
Date Added: 2025-07-18
Notes: fortiguard.fortinet.com/psirt/ ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL at 2025-07-18T17:45:47.208Z ##

CISA has added Fortinet FortiWeb SQL Injection Vulnerability to the KEV catalogue. That's CVE-2025-25257 cve.org/CVERecord?id=CVE-2025-

CISA KEV catalogue: cisa.gov/known-exploited-vulne

##

cisakevtracker@mastodon.social at 2025-07-18T18:01:01.000Z ##

CVE ID: CVE-2025-25257
Vendor: Fortinet
Product: FortiWeb
Date Added: 2025-07-18
Notes: fortiguard.fortinet.com/psirt/ ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2025-07-18T17:45:47.000Z ##

CISA has added Fortinet FortiWeb SQL Injection Vulnerability to the KEV catalogue. That's CVE-2025-25257 cve.org/CVERecord?id=CVE-2025-

CISA KEV catalogue: cisa.gov/known-exploited-vulne #CISA #cybersecurity #infosec #Fortinet

##

metlstorm@infosec.exchange at 2025-07-15T23:49:56.000Z ##

@benno @riskybusiness

It gets better. Its into MySQL... running as root. They just INTO OUTFILE, lil bit of fiddling with some python-vs-cgibin into unauth'd RCE. :ablobcatnodfast: so savage 💗

labs.watchtowr.com/pre-auth-sq

##

jos1264@social.skynetcloud.site at 2025-07-14T14:55:03.000Z ##

CVE-2025-25257 Vulnerability: Critical SQL Injection in Fortinet FortiWeb Enables Unauthenticated Remote Code Execution – Source: socprime.com ciso2ciso.com/cve-2025-25257-v #rssfeedpostgeneratorecho #CyberSecurityNews #Latestthreats #Vulnerability #socprimecom #socprime #Blog #CVE #rce

##

jos1264@social.skynetcloud.site at 2025-07-14T13:40:02.000Z ##

Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257) helpnetsecurity.com/2025/07/14 #webapplicationsecurity #vulnerability #Don'tmiss #WatchTowr #Hotstuff #Fortinet #exploit #Rapid7 #News #PoC

##

jos1264@social.skynetcloud.site at 2025-07-14T04:05:02.000Z ##

Critical Vulnerability Exposes Fortinet FortiWeb to Full Takeover (CVE-2025-25257) – Source:hackread.com ciso2ciso.com/critical-vulnera #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Vulnerability #Fortinet #FortiWeb #Hackread #security #SQL

##

patrickcmiller@infosec.exchange at 2025-07-13T22:42:06.000Z ##

Critical Vulnerability Exposes Fortinet FortiWeb to Full Takeover (CVE-2025-25257) hackread.com/critical-vulnerab

##

jos1264@social.skynetcloud.site at 2025-07-13T22:30:02.000Z ##

Critical Vulnerability Exposes Fortinet FortiWeb to Full Takeover (CVE-2025-25257) hackread.com/critical-vulnerab #Cybersecurity #Vulnerability #Security #Fortinet #FortiWeb #SQL

##

patrickcmiller@infosec.exchange at 2025-07-13T22:12:16.000Z ##

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb securityaffairs.com/179874/sec

##

campuscodi@mastodon.social at 2025-07-13T12:27:27.000Z ##

WatchTowr Labs has published a write-up and a PoC for a dangerous pre-auth SQL injection in the web interface of Fortinet devices. The bug is tracked as CVE-2025-25257 and was patched last week.

labs.watchtowr.com/pre-auth-sq

##

patrickcmiller@infosec.exchange at 2025-07-13T04:12:07.000Z ##

Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257) thehackernews.com/2025/07/fort

##

jos1264@social.skynetcloud.site at 2025-07-12T00:05:03.000Z ##

Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257) – Source:thehackernews.com ciso2ciso.com/fortinet-release #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Fortinet

##

RedTeamNews@infosec.exchange at 2025-07-11T19:52:35.000Z ##

🚨 Critical alert: A pre-auth RCE exploit (CVE-2025-25257) targeting Fortinet FortiWeb is now public. Patch to 7.6.4+/7.4.8+ immediately or disable HTTP admin interfaces. Unpatched systems are at high risk. Details: redteamnews.com/red-team/cve/c

##

DarkWebInformer@infosec.exchange at 2025-07-11T19:45:36.000Z ##

🚨CVE-2025-25257: Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector

PoC: github.com/watchtowrlabs/watch

Write-up: labs.watchtowr.com/pre-auth-sq

##

raptor@infosec.exchange at 2025-07-11T17:42:46.000Z ##

#FortiWeb Pre-Auth #RCE (CVE-2025-25257)

pwner.gg/blog/2025-07-10-forti

##

CVE-2025-23267
(8.5 HIGH)

EPSS: 0.04%

updated 2025-07-17T21:15:50.197000

3 posts

NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service.

beyondmachines1 at 2025-07-18T09:01:08.181Z ##

NVIDIA reports container escape vulnerabilities in Container Toolkit

NVIDIA has disclosed two critical vulnerabilities in its Container Toolkit and GPU Operator (CVE-2025-23266, CVE-2025-23267) that enable container escape attacks against AI infrastructure used by major cloud providers. The most severe flaw is dubbed "NVIDIAScape" and is exploitable through a simple three-line Dockerfile.

**If you're running NVIDIA Container Toolkit or GPU Operator for AI workloads, either upgrade to Container Toolkit version 1.17.8 and GPU Operator version 25.3.1 or disable the vulnerable enable-cuda-compat hook by setting the disable-cuda-compat-lib-hook flag to true in your configuration files. The exploit is trivial, and attackers will find your systems, one way or another.**

beyondmachines.net/event_detai

##

beyondmachines1@infosec.exchange at 2025-07-18T09:01:08.000Z ##

NVIDIA reports container escape vulnerabilities in Container Toolkit

NVIDIA has disclosed two critical vulnerabilities in its Container Toolkit and GPU Operator (CVE-2025-23266, CVE-2025-23267) that enable container escape attacks against AI infrastructure used by major cloud providers. The most severe flaw is dubbed "NVIDIAScape" and is exploitable through a simple three-line Dockerfile.

**If you're running NVIDIA Container Toolkit or GPU Operator for AI workloads, either upgrade to Container Toolkit version 1.17.8 and GPU Operator version 25.3.1 or disable the vulnerable enable-cuda-compat hook by setting the disable-cuda-compat-lib-hook flag to true in your configuration files. The exploit is trivial, and attackers will find your systems, one way or another.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

AAKL@infosec.exchange at 2025-07-15T15:03:47.000Z ##

New.

Nvidia product advisories:

- NVIDIA Jetson Orin, IGX Orin and Xavier Devices - CVE-2025-23270 and CVE-2025-23269 nvidia.custhelp.com/app/answer

- NVIDIA Container Toolkit - CVE-2025-23266 and CVE-2025-23267 nvidia.custhelp.com/app/answer

- NVIDIA DOCA-Host and Mellanox OFED - CVE-2025-23263 nvidia.custhelp.com/app/answer #Nvidia #cybersecurity #infosec

##

CVE-2024-39289
(7.8 HIGH)

EPSS: 0.02%

updated 2025-07-17T21:15:50.197000

1 posts

A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval() function to process unsanitized, user-supplied parameter values via special converters for angle representations in radians. This flaw allowed attackers to craft and execute arbitrary Pyth

cR0w@infosec.exchange at 2025-07-17T19:23:48.000Z ##

Go hack the robots!

ros.org/blog/noetic-eol/

After May 31st, 2025 ROS 1 Noetic users may find themselves exposed to un-patched security vulnerabilities and bugs, with few avenues of support short of fixing these issues themselves and recompiling Noetic from source.

cve.org/CVERecord?id=CVE-2024-

cve.org/CVERecord?id=CVE-2024-

cve.org/CVERecord?id=CVE-2024-

cve.org/CVERecord?id=CVE-2024-

Edit to add a couple more.

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

##

CVE-2024-13972
(8.8 HIGH)

EPSS: 0.01%

updated 2025-07-17T21:15:50.197000

1 posts

A vulnerability related to registry permissions in the Intercept X for Windows updater prior to version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade.

cR0w@infosec.exchange at 2025-07-17T19:03:39.000Z ##

Three LPEs in Sophos Intercept X for Windows (CVE-2024-13972, CVE-2025-7433, CVE-2025-7472).

sophos.com/en-us/security-advi

##

CVE-2025-54068
(0 None)

EPSS: 0.25%

updated 2025-07-17T21:15:50.197000

1 posts

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be m

cR0w@infosec.exchange at 2025-07-17T18:42:25.000Z ##

RCE in Livewire.

github.com/livewire/livewire/s

sev:CRIT 9.2 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

In Livewire v3 (≤ 3.6.3), a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction.

cve.org/CVERecord?id=CVE-2025-

##

CVE-2025-20284
(6.5 MEDIUM)

EPSS: 0.07%

updated 2025-07-17T21:15:50.197000

1 posts

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow t

AAKL@infosec.exchange at 2025-07-17T14:15:23.000Z ##

Cisco posted five vulnerability updates yesterday:

- Critical, affects CVE-2025-20281; CVE-2025-20282; and CVE-2025-20337 Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities sec.cloudapps.cisco.com/securi

- High, CVE-2025-20274: Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

- Medium, CVE-2025-20272: Cisco Prime Infrastructure and Evolved Programmable Network Manager Blind SQL Injection Vulnerability sec.cloudapps.cisco.com/securi

- CVE-2025-20283; CVE-2025-20284; and CVE-2025-20285: Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities sec.cloudapps.cisco.com/securi

- CVE-2025-20288: Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability sec.cloudapps.cisco.com/securi @TalosSecurity #cybersecurity #Infosec #Cisco

##

CVE-2025-20285
(4.1 MEDIUM)

EPSS: 0.03%

updated 2025-07-17T21:15:50.197000

1 posts

A vulnerability in the IP Access Restriction feature of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to bypass configured IP access restrictions and log in to the device from a disallowed IP address. This vulnerability is due to improper enforcement of access controls that are configured using the IP Access Restriction feature. An attacker could exploit this vulnera

AAKL@infosec.exchange at 2025-07-17T14:15:23.000Z ##

Cisco posted five vulnerability updates yesterday:

- Critical, affects CVE-2025-20281; CVE-2025-20282; and CVE-2025-20337 Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities sec.cloudapps.cisco.com/securi

- High, CVE-2025-20274: Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

- Medium, CVE-2025-20272: Cisco Prime Infrastructure and Evolved Programmable Network Manager Blind SQL Injection Vulnerability sec.cloudapps.cisco.com/securi

- CVE-2025-20283; CVE-2025-20284; and CVE-2025-20285: Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities sec.cloudapps.cisco.com/securi

- CVE-2025-20288: Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability sec.cloudapps.cisco.com/securi @TalosSecurity #cybersecurity #Infosec #Cisco

##

CVE-2025-40777
(7.5 HIGH)

EPSS: 0.02%

updated 2025-07-17T21:15:50.197000

1 posts

If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure. This issue affects BIN

cR0w@infosec.exchange at 2025-07-16T17:17:22.000Z ##

CVE isn't published yet but ISC published another advisory for BIND.

kb.isc.org/docs/cve-2025-40777

sev:HIGH 7.5 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 (the only allowable value other than disabled), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure.

cve.org/CVERecord?id=CVE-2025-

Edit: The CVE is now published.

##

CVE-2025-23270
(7.1 HIGH)

EPSS: 0.02%

updated 2025-07-17T21:15:50.197000

1 posts

NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.

AAKL@infosec.exchange at 2025-07-15T15:03:47.000Z ##

New.

Nvidia product advisories:

- NVIDIA Jetson Orin, IGX Orin and Xavier Devices - CVE-2025-23270 and CVE-2025-23269 nvidia.custhelp.com/app/answer

- NVIDIA Container Toolkit - CVE-2025-23266 and CVE-2025-23267 nvidia.custhelp.com/app/answer

- NVIDIA DOCA-Host and Mellanox OFED - CVE-2025-23263 nvidia.custhelp.com/app/answer #Nvidia #cybersecurity #infosec

##

CVE-2025-20337
(10.0 CRITICAL)

EPSS: 0.16%

updated 2025-07-17T20:42:07.780000

12 posts

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submit

brian_greenberg at 2025-07-18T13:58:06.827Z ##

🚨 Third critical Cisco ISE flaw in a month. Another perfect 10 CVSS score, another no-workaround RCE. If you’re still running ISE 3.3 or 3.4 without the latest patches, you’re leaving the door wide open for remote root access via a crafted API request.

TL;DR
⚠️ CVE-2025-20337 = unauthenticated RCE
🚨 Exploit = remote root with no workaround
🛠️ Fix = Patch 3.3.7 or 3.4.2
🔍 No active exploitation... yet

theregister.com/2025/07/17/cri

##

jbhall56 at 2025-07-18T12:36:53.053Z ##

CVE-2025-20337 is a vulnerability in Cisco's Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products, which the company said in a security advisory darkreading.com/application-se

##

brian_greenberg@infosec.exchange at 2025-07-18T13:58:06.000Z ##

🚨 Third critical Cisco ISE flaw in a month. Another perfect 10 CVSS score, another no-workaround RCE. If you’re still running ISE 3.3 or 3.4 without the latest patches, you’re leaving the door wide open for remote root access via a crafted API request.

TL;DR
⚠️ CVE-2025-20337 = unauthenticated RCE
🚨 Exploit = remote root with no workaround
🛠️ Fix = Patch 3.3.7 or 3.4.2
🔍 No active exploitation... yet

theregister.com/2025/07/17/cri
#Cisco #InfoSec #VulnerabilityManagement #ZeroDay #security #privacy #cloud #infosec #cybersecurity

##

jbhall56@infosec.exchange at 2025-07-18T12:36:53.000Z ##

CVE-2025-20337 is a vulnerability in Cisco's Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products, which the company said in a security advisory darkreading.com/application-se

##

jos1264@social.skynetcloud.site at 2025-07-18T08:45:01.000Z ##

New Cisco Bugs Rated CVSS 10.0, Patch Immediately thecyberexpress.com/cisco-cve- #TheCyberExpressNews #Ciscovulnerability #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202520281 #CVE202520337 #CyberNews #ISE #PIC

##

beyondmachines1@infosec.exchange at 2025-07-18T08:01:08.000Z ##

Cisco reports another critical vulnerability in Cisco ISE that enable enable unauthenticated root code execution

Cisco has disclosed a third critical vulnerability (CVE-2025-20337) affecting its Identity Services Engine platforms that allows unauthenticated remote attackers to execute arbitrary commands with root privileges. Organizations must upgrade to ISE 3.3 Patch 7 or ISE 3.4 Patch 2 for full protection. Previous patches do not fix this flaw.

**If you haven't patched your Cisco Identity Services Engine (ISE), DO IT NOW! Even if you already patched, you probably need to patch again. There are three maximum severity flaws that will harm your ISE. Cisco ISE usually controls network access to a lot of the infrastructure, so you don't want it to be hacked.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

DarkWebInformer@infosec.exchange at 2025-07-17T20:28:57.000Z ##

🚨CVE-2025-20337: A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root.

CVSS: 10

The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input.

An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.

cvedetails.com/cve/CVE-2025-20

##

jos1264@social.skynetcloud.site at 2025-07-17T16:30:02.000Z ##

Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity – Source: securityaffairs.com ciso2ciso.com/cisco-patches-cr #CiscoIdentityServicesEngine #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews

##

oversecurity@mastodon.social at 2025-07-17T16:10:33.000Z ##

Max severity Cisco ISE bug allows pre-auth command execution, patch now

A critical vulnerability (CVE-2025-20337) in Cisco's Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store...

🔗️ [Bleepingcomputer] link.is.it/dI2LDo

##

AAKL@infosec.exchange at 2025-07-17T14:15:23.000Z ##

Cisco posted five vulnerability updates yesterday:

- Critical, affects CVE-2025-20281; CVE-2025-20282; and CVE-2025-20337 Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities sec.cloudapps.cisco.com/securi

- High, CVE-2025-20274: Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

- Medium, CVE-2025-20272: Cisco Prime Infrastructure and Evolved Programmable Network Manager Blind SQL Injection Vulnerability sec.cloudapps.cisco.com/securi

- CVE-2025-20283; CVE-2025-20284; and CVE-2025-20285: Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities sec.cloudapps.cisco.com/securi

- CVE-2025-20288: Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability sec.cloudapps.cisco.com/securi @TalosSecurity #cybersecurity #Infosec #Cisco

##

jbhall56@infosec.exchange at 2025-07-17T12:34:55.000Z ##

Tracked as CVE-2025-20337, the shortcoming carries a CVSS score of 10.0 and is similar to CVE-2025-20281, which was patched by the networking equipment major late last month. thehackernews.com/2025/07/cisc

##

cR0w@infosec.exchange at 2025-07-16T16:29:37.000Z ##

Cisco added a new CVE to that perfect 10 in ISE from a couple weeks ago: CVE-2025-20337

sec.cloudapps.cisco.com/securi

They also published a sev:HIGH in Unified Intelligence Center:

sec.cloudapps.cisco.com/securi

And a couple sev:MED advisories:

sec.cloudapps.cisco.com/securi

sec.cloudapps.cisco.com/securi

##

CVE-2025-23263
(7.6 HIGH)

EPSS: 0.02%

updated 2025-07-17T18:31:24

1 posts

NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on the VLAN.

AAKL@infosec.exchange at 2025-07-15T15:03:47.000Z ##

New.

Nvidia product advisories:

- NVIDIA Jetson Orin, IGX Orin and Xavier Devices - CVE-2025-23270 and CVE-2025-23269 nvidia.custhelp.com/app/answer

- NVIDIA Container Toolkit - CVE-2025-23266 and CVE-2025-23267 nvidia.custhelp.com/app/answer

- NVIDIA DOCA-Host and Mellanox OFED - CVE-2025-23263 nvidia.custhelp.com/app/answer #Nvidia #cybersecurity #infosec

##

CVE-2025-20274
(6.3 MEDIUM)

EPSS: 0.20%

updated 2025-07-16T18:32:46

1 posts

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A

AAKL@infosec.exchange at 2025-07-17T14:15:23.000Z ##

Cisco posted five vulnerability updates yesterday:

- Critical, affects CVE-2025-20281; CVE-2025-20282; and CVE-2025-20337 Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities sec.cloudapps.cisco.com/securi

- High, CVE-2025-20274: Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

- Medium, CVE-2025-20272: Cisco Prime Infrastructure and Evolved Programmable Network Manager Blind SQL Injection Vulnerability sec.cloudapps.cisco.com/securi

- CVE-2025-20283; CVE-2025-20284; and CVE-2025-20285: Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities sec.cloudapps.cisco.com/securi

- CVE-2025-20288: Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability sec.cloudapps.cisco.com/securi @TalosSecurity #cybersecurity #Infosec #Cisco

##

CVE-2025-20288
(5.8 MEDIUM)

EPSS: 0.02%

updated 2025-07-16T18:32:46

1 posts

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected

AAKL@infosec.exchange at 2025-07-17T14:15:23.000Z ##

Cisco posted five vulnerability updates yesterday:

- Critical, affects CVE-2025-20281; CVE-2025-20282; and CVE-2025-20337 Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities sec.cloudapps.cisco.com/securi

- High, CVE-2025-20274: Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

- Medium, CVE-2025-20272: Cisco Prime Infrastructure and Evolved Programmable Network Manager Blind SQL Injection Vulnerability sec.cloudapps.cisco.com/securi

- CVE-2025-20283; CVE-2025-20284; and CVE-2025-20285: Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities sec.cloudapps.cisco.com/securi

- CVE-2025-20288: Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability sec.cloudapps.cisco.com/securi @TalosSecurity #cybersecurity #Infosec #Cisco

##

CVE-2025-20283
(6.5 MEDIUM)

EPSS: 0.07%

updated 2025-07-16T18:32:38

1 posts

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the

AAKL@infosec.exchange at 2025-07-17T14:15:23.000Z ##

Cisco posted five vulnerability updates yesterday:

- Critical, affects CVE-2025-20281; CVE-2025-20282; and CVE-2025-20337 Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities sec.cloudapps.cisco.com/securi

- High, CVE-2025-20274: Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

- Medium, CVE-2025-20272: Cisco Prime Infrastructure and Evolved Programmable Network Manager Blind SQL Injection Vulnerability sec.cloudapps.cisco.com/securi

- CVE-2025-20283; CVE-2025-20284; and CVE-2025-20285: Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities sec.cloudapps.cisco.com/securi

- CVE-2025-20288: Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability sec.cloudapps.cisco.com/securi @TalosSecurity #cybersecurity #Infosec #Cisco

##

CVE-2025-20272
(4.3 MEDIUM)

EPSS: 0.03%

updated 2025-07-16T18:32:38

1 posts

A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected API.

AAKL@infosec.exchange at 2025-07-17T14:15:23.000Z ##

Cisco posted five vulnerability updates yesterday:

- Critical, affects CVE-2025-20281; CVE-2025-20282; and CVE-2025-20337 Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities sec.cloudapps.cisco.com/securi

- High, CVE-2025-20274: Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

- Medium, CVE-2025-20272: Cisco Prime Infrastructure and Evolved Programmable Network Manager Blind SQL Injection Vulnerability sec.cloudapps.cisco.com/securi

- CVE-2025-20283; CVE-2025-20284; and CVE-2025-20285: Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities sec.cloudapps.cisco.com/securi

- CVE-2025-20288: Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability sec.cloudapps.cisco.com/securi @TalosSecurity #cybersecurity #Infosec #Cisco

##

CVE-2025-49706
(6.3 MEDIUM)

EPSS: 0.03%

updated 2025-07-16T17:41:44.517000

1 posts

Improper authentication in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

codewhitesec@infosec.exchange at 2025-07-14T13:01:38.000Z ##

We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to @mwulftange

##

CVE-2025-5994(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-07-16T15:32:40

1 posts

A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to upstream name servers, i.e., at least one of the 'send-client-subnet', 'client-subnet-zone' or 'client-s

CVE-2025-40776
(8.6 HIGH)

EPSS: 0.01%

updated 2025-07-16T15:32:33

1 posts

A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1.

cR0w@infosec.exchange at 2025-07-16T13:55:31.000Z ##

Haven't heard about a birthday attack for a while. This one impacts BIND versions with ECS.

kb.isc.org/docs/cve-2025-40776

sev:HIGH 8.6 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

A resolver configured to send ECS options to authoritative servers can be compelled to make queries that slightly increase the odds of guessing the source port and other details necessary to bypass the original birthday cache poisoning attack mitigations. As a result of this weakness, a resolver with ECS enabled is more vulnerable to successful cache poisoning via spoofed query responses than one that does not implement this feature.

cve.org/CVERecord?id=CVE-2025-

##

CVE-2025-3871
(5.3 MEDIUM)

EPSS: 0.06%

updated 2025-07-16T15:32:32

1 posts

Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows an attacker to create a denial of service situation when configured to use GoAnywhere One-Time Password (GOTP) email two-factor authentication (2FA) and the user has not set an email address. In this scenario, the attacker may enter the email address of a known user when prompted and the user will be disabled if that user has c

cR0w@infosec.exchange at 2025-07-16T14:16:40.000Z ##

Weird DoS in Fortra GoAnywhere.

fortra.com/security/advisories

Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows an attacker to create a denial of service situation when configured to use GoAnywhere One-Time Password (GOTP) email two-factor authentication (2FA) and the user has not set an email address. In this scenario, the attacker may enter the email address of a known user when prompted and the user will be disabled if that user has configured GOTP.

cve.org/CVERecord?id=CVE-2025-

##

CVE-2025-52689
(9.8 CRITICAL)

EPSS: 0.08%

updated 2025-07-16T15:32:27

1 posts

Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point.

1 repos

https://github.com/UltimateHG/CVE-2025-52689-PoC

CVE-2025-52690
(8.1 HIGH)

EPSS: 0.06%

updated 2025-07-16T15:15:32.133000

1 posts

Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point.

CVE-2025-34300
(0 None)

EPSS: 2.73%

updated 2025-07-16T15:15:26.410000

1 posts

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the  ciwweb.pl http://ciwweb.pl/  Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands.

Nuclei template

cR0w@infosec.exchange at 2025-07-16T13:31:33.000Z ##

Perfect 10 template injection in Sawtooth Lighthouse Studio. 🥳

slcyber.io/assetnote-security-

sev:CRIT 10.0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands.

cve.org/CVERecord?id=CVE-2025-

##

CVE-2025-49828
(0 None)

EPSS: 0.34%

updated 2025-07-16T14:59:23.707000

1 posts

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secrets or templates into the Secrets Manager, Self-Hosted database could take advantage of an exposed API

cR0w@infosec.exchange at 2025-07-15T19:56:33.000Z ##

Post-auth RCE in CyberArk Conjur.

github.com/cyberark/conjur/sec

sev:HIGH 8.6 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

An authenticated attacker who can inject secrets or templates into the Secrets Manager, Self-Hosted database could take advantage of an exposed API endpoint to execute arbitrary Ruby code within the Secrets Manager process. This issue affects both Secrets Manager, Self-Hosted (formerly Conjur Enterprise) and Conjur OSS. CyberArk thanks Yarden Porat and Shahar Tal of Cyata Security for responsibly disclosing this issue.

cve.org/CVERecord?id=CVE-2025-

##

CVE-2025-6058
(9.8 CRITICAL)

EPSS: 0.09%

updated 2025-07-16T14:57:37.827000

1 posts

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_booking_type' route in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

2 repos

https://github.com/JayVillain/Scan-CVE-2025-6058

https://github.com/Nxploited/CVE-2025-6058

CVE-2025-7657
(8.8 HIGH)

EPSS: 0.18%

updated 2025-07-16T14:27:43.883000

1 posts

Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

AAKL@infosec.exchange at 2025-07-17T16:40:42.000Z ##

Microsoft listed three vulnerabilities yesterday, all affecting Chromium-based Edge.

Microsoft security guide:

- Chromium: CVE-2025-7657 Use after free in WebRTC msrc.microsoft.com/update-guid

- Chromium: CVE-2025-7656 Integer overflow in V8 msrc.microsoft.com/update-guid

- Chromium: CVE-2025-6558 Incorrect validation of untrusted input in ANGLE and GPU msrc.microsoft.com/update-guid #Microsoft #Chromium #cybersecurity #infosec

##

CVE-2025-6043
(8.1 HIGH)

EPSS: 0.21%

updated 2025-07-16T09:31:15

1 posts

The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing capability check on the wpmr_delete_file() function in all versions up to, and including, 16.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files making remote code execution possibl

CVE-2025-24294
(5.3 MEDIUM)

EPSS: 0.02%

updated 2025-07-15T22:56:20

1 posts

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. ## Details The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a l

CVE-2025-52377
(5.4 MEDIUM)

EPSS: 0.82%

updated 2025-07-15T21:32:49

1 posts

Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below, allowing authenticated attackers to execute arbitrary commands on the device. The vulnerability is present in the web management interface's ping and traceroute functionality, specifically in the /web/um_ping_set.cgi endpoint. The application fails to properly sanitize user input in the `Ping_host_

cR0w@infosec.exchange at 2025-07-15T14:15:36.000Z ##

PoCs for Nexxt Solutions NCM-X1800 Mesh Router Vulnerabilities (CVE-2025-52379) - (CVE-2025-52378) - (CVE-2025-52377) - (CVE-2025-52376)

github.com/Vagebondcur/nexxt-s

cc: @Dio9sys @da_667

#internetOfShit

##

CVE-2025-6558
(8.8 HIGH)

EPSS: 0.14%

updated 2025-07-15T21:32:48

11 posts

Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

1 repos

https://github.com/allinsthon/CVE-2025-6558-exp

cR0w@infosec.exchange at 2025-07-17T16:41:48.000Z ##

@AAKL FYI: CVE-2025-6558 is EITW.

##

AAKL@infosec.exchange at 2025-07-17T16:40:42.000Z ##

Microsoft listed three vulnerabilities yesterday, all affecting Chromium-based Edge.

Microsoft security guide:

- Chromium: CVE-2025-7657 Use after free in WebRTC msrc.microsoft.com/update-guid

- Chromium: CVE-2025-7656 Integer overflow in V8 msrc.microsoft.com/update-guid

- Chromium: CVE-2025-6558 Incorrect validation of untrusted input in ANGLE and GPU msrc.microsoft.com/update-guid #Microsoft #Chromium #cybersecurity #infosec

##

jbhall56@infosec.exchange at 2025-07-17T12:42:19.000Z ##

The vulnerability is identified as CVE-2025-6558 and received a high-severity rating of 8.8. It was discovered by researchers at Google’s Threat Analysis Group (TAG) on June 23. bleepingcomputer.com/news/secu

##

jos1264@social.skynetcloud.site at 2025-07-16T23:10:03.000Z ##

CVE-2025-6558 Vulnerability: Google Chrome Zero-Day Under Active Exploitation – Source: socprime.com ciso2ciso.com/cve-2025-6558-vu #GoogleChromeVulnerability #rssfeedpostgeneratorecho #CyberSecurityNews #CVE-2025-6558 #Latestthreats #Vulnerability #GoogleChrome #socprimecom #socprime #Blog #CVE

##

jos1264@social.skynetcloud.site at 2025-07-16T14:20:02.000Z ##

Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558) helpnetsecurity.com/2025/07/16 #securityupdate #MicrosoftEdge #Don'tmiss #Hotstuff #Chrome #0-day #News

##

beyondmachines1@infosec.exchange at 2025-07-16T14:01:08.000Z ##

Google releases urgent patch for Chrome, fixes actively exploited flaw

Google has released an urgent Chrome security update addressing six vulnerabilities, including a critical zero-day sandbox escape flaw (CVE-2025-6558) that is being actively exploited in the wild. The flaw is discovered by Google's Threat Analysis Group, suggesting potential nation-state involvement.

**Once again - an urgent patch for Chrome - Google is patching an actively exploited flaw in Chrome, and exploitation is just a visit to a malicious site. DONT WAIT! Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

jos1264@social.skynetcloud.site at 2025-07-16T11:15:02.000Z ##

Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild – Source:thehackernews.com ciso2ciso.com/urgent-google-re #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Urgent

##

jos1264@social.skynetcloud.site at 2025-07-16T10:10:03.000Z ##

Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild thehackernews.com/2025/07/urge

##

jos1264@social.skynetcloud.site at 2025-07-16T10:10:02.000Z ##

Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild thehackernews.com/2025/07/urge

##

teezeh@ieji.de at 2025-07-16T05:51:13.000Z ##

Siehe auch

deskmodder.de/blog/2025/07/16/

##

cR0w@infosec.exchange at 2025-07-15T17:28:33.000Z ##

Patch your Chrome. Three sev:HIGH fixes released today for Chrome Desktop and Android, including CVE-2025-6558 which Google says has an ITW exploit.

chromereleases.googleblog.com/

##

CVE-2025-7656
(8.8 HIGH)

EPSS: 0.10%

updated 2025-07-15T21:32:47

1 posts

Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

AAKL@infosec.exchange at 2025-07-17T16:40:42.000Z ##

Microsoft listed three vulnerabilities yesterday, all affecting Chromium-based Edge.

Microsoft security guide:

- Chromium: CVE-2025-7657 Use after free in WebRTC msrc.microsoft.com/update-guid

- Chromium: CVE-2025-7656 Integer overflow in V8 msrc.microsoft.com/update-guid

- Chromium: CVE-2025-6558 Incorrect validation of untrusted input in ANGLE and GPU msrc.microsoft.com/update-guid #Microsoft #Chromium #cybersecurity #infosec

##

CVE-2025-52379
(5.4 MEDIUM)

EPSS: 0.18%

updated 2025-07-15T21:32:47

1 posts

Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated command injection vulnerability in the firmware update feature. The /web/um_fileName_set.cgi and /web/um_web_upgrade.cgi endpoints fail to properly sanitize the upgradeFileName parameter, allowing authenticated attackers to execute arbitrary OS commands on the device, resulting in remote code execution.

cR0w@infosec.exchange at 2025-07-15T14:15:36.000Z ##

PoCs for Nexxt Solutions NCM-X1800 Mesh Router Vulnerabilities (CVE-2025-52379) - (CVE-2025-52378) - (CVE-2025-52377) - (CVE-2025-52376)

github.com/Vagebondcur/nexxt-s

cc: @Dio9sys @da_667

#internetOfShit

##

CVE-2025-41237
(9.4 CRITICAL)

EPSS: 0.02%

updated 2025-07-15T21:31:43

4 posts

VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on

oversecurity@mastodon.social at 2025-07-18T14:50:09.000Z ##

CSA Issues Alert on Critical VMware Vulnerabilities: Patch Now, Experts Warn

Broadcom and CSA warn of critical VMware Vulnerabilities ilties flaws, including CVE-2025-41236 and CVE-2025-41237. Update ESXi, Workstation, and...

🔗️ [Cyble] link.is.it/TPjvMC

##

oversecurity@mastodon.social at 2025-07-18T14:50:09.000Z ##

CSA Issues Alert on Critical VMware Vulnerabilities: Patch Now, Experts Warn

Broadcom and CSA warn of critical VMware Vulnerabilities ilties flaws, including CVE-2025-41236 and CVE-2025-41237. Update ESXi, Workstation, and...

🔗️ [Cyble] link.is.it/TPjvMC

##

harrysintonen@infosec.exchange at 2025-07-16T12:26:03.000Z ##

There are bunch of critical vulnerabilities in #VMWare - "VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)" support.broadcom.com/web/ecx/s

The best part? softwareupdate.broadcom.com is still down, so for example VMWare Workstation or Fusion are blissfully ignorant of any update being available.

#enshittification

##

cR0w@infosec.exchange at 2025-07-15T18:53:53.000Z ##

sev:CRIT advisory from VMWare in a bunch of their stuff. Probably worth checking out the impact matrix in the advisory.

VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)

support.broadcom.com/web/ecx/s

##

CVE-2025-41236
(9.4 CRITICAL)

EPSS: 0.02%

updated 2025-07-15T21:31:43

4 posts

VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.

oversecurity@mastodon.social at 2025-07-18T14:50:09.000Z ##

CSA Issues Alert on Critical VMware Vulnerabilities: Patch Now, Experts Warn

Broadcom and CSA warn of critical VMware Vulnerabilities ilties flaws, including CVE-2025-41236 and CVE-2025-41237. Update ESXi, Workstation, and...

🔗️ [Cyble] link.is.it/TPjvMC

##

oversecurity@mastodon.social at 2025-07-18T14:50:09.000Z ##

CSA Issues Alert on Critical VMware Vulnerabilities: Patch Now, Experts Warn

Broadcom and CSA warn of critical VMware Vulnerabilities ilties flaws, including CVE-2025-41236 and CVE-2025-41237. Update ESXi, Workstation, and...

🔗️ [Cyble] link.is.it/TPjvMC

##

harrysintonen@infosec.exchange at 2025-07-16T12:26:03.000Z ##

There are bunch of critical vulnerabilities in #VMWare - "VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)" support.broadcom.com/web/ecx/s

The best part? softwareupdate.broadcom.com is still down, so for example VMWare Workstation or Fusion are blissfully ignorant of any update being available.

#enshittification

##

cR0w@infosec.exchange at 2025-07-15T18:53:53.000Z ##

sev:CRIT advisory from VMWare in a bunch of their stuff. Probably worth checking out the impact matrix in the advisory.

VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)

support.broadcom.com/web/ecx/s

##

CVE-2025-41238
(9.4 CRITICAL)

EPSS: 0.02%

updated 2025-07-15T21:31:43

2 posts

VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox and

harrysintonen@infosec.exchange at 2025-07-16T12:26:03.000Z ##

There are bunch of critical vulnerabilities in #VMWare - "VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)" support.broadcom.com/web/ecx/s

The best part? softwareupdate.broadcom.com is still down, so for example VMWare Workstation or Fusion are blissfully ignorant of any update being available.

#enshittification

##

cR0w@infosec.exchange at 2025-07-15T18:53:53.000Z ##

sev:CRIT advisory from VMWare in a bunch of their stuff. Probably worth checking out the impact matrix in the advisory.

VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)

support.broadcom.com/web/ecx/s

##

CVE-2025-53020
(7.5 HIGH)

EPSS: 0.05%

updated 2025-07-15T21:31:27

2 posts

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue.

cR0w@infosec.exchange at 2025-07-14T13:47:13.000Z ##

Good write-up on CVE-2025-53020 above.

github.com/icing/blog/blob/mai

##

icing@chaos.social at 2025-07-14T11:15:30.000Z ##

A detailed description of CVE-2025-53020, a DoS vulnerability in the HTTP/2 implementation of Apache httpd. Fixed in 2.4.64.
#apache #httpd #http2

github.com/icing/blog/blob/mai

##

CVE-2025-53825
(9.4 CRITICAL)

EPSS: 0.24%

updated 2025-07-15T20:15:50.550000

1 posts

Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This exposes secrets and potentially enables remote code execution, putting all public Dokploy users using

cR0w@infosec.exchange at 2025-07-15T12:36:05.000Z ##

Dokploy Preview Deployments are vulnerable to Remote Code Execution. PoC in the advisory.

github.com/Dokploy/dokploy/sec

sev:CRIT 9.4 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

An unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This exposes secrets and potentially enables remote code execution, putting all public Dokploy users using these preview deployments at risk.

cve.org/CVERecord?id=CVE-2025-

##

CVE-2025-41239
(7.1 HIGH)

EPSS: 0.01%

updated 2025-07-15T20:07:28.023000

2 posts

VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes communicating with vSockets.

harrysintonen@infosec.exchange at 2025-07-16T12:26:03.000Z ##

There are bunch of critical vulnerabilities in #VMWare - "VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)" support.broadcom.com/web/ecx/s

The best part? softwareupdate.broadcom.com is still down, so for example VMWare Workstation or Fusion are blissfully ignorant of any update being available.

#enshittification

##

cR0w@infosec.exchange at 2025-07-15T18:53:53.000Z ##

sev:CRIT advisory from VMWare in a bunch of their stuff. Probably worth checking out the impact matrix in the advisory.

VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)

support.broadcom.com/web/ecx/s

##

CVE-2025-6971
(7.8 HIGH)

EPSS: 0.01%

updated 2025-07-15T20:07:28.023000

1 posts

Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file.

CVE-2025-52378
(5.4 MEDIUM)

EPSS: 0.03%

updated 2025-07-15T20:07:28.023000

1 posts

Cross-Site Scripting (XSS) vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing attackers to inject JavaScript code that is executed in the context of administrator sessions when viewing the device management page via the DEVICE_ALIAS parameter to the /web/um_device_set_aliasname endpoint.

cR0w@infosec.exchange at 2025-07-15T14:15:36.000Z ##

PoCs for Nexxt Solutions NCM-X1800 Mesh Router Vulnerabilities (CVE-2025-52379) - (CVE-2025-52378) - (CVE-2025-52377) - (CVE-2025-52376)

github.com/Vagebondcur/nexxt-s

cc: @Dio9sys @da_667

#internetOfShit

##

CVE-2025-53890
(9.8 CRITICAL)

EPSS: 0.26%

updated 2025-07-15T15:38:13

1 posts

#### Summary An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows **unauthenticated remote attackers** to execute **arbitrary code** in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system rce. #### Details The vulnerable code r

cR0w@infosec.exchange at 2025-07-15T01:00:11.000Z ##

Remote code execution through js2py onCaptchaResult

github.com/pyload/pyload/secur

sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system remote code execution. Commit 909e5c97885237530d1264cfceb5555870eb9546, the patch for the issue, is included in version 0.5.0b3.dev89.

cve.org/CVERecord?id=CVE-2025-

##

CVE-2025-6965(CVSS UNKNOWN)

EPSS: 0.04%

updated 2025-07-15T15:31:07

3 posts

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

oversecurity@mastodon.social at 2025-07-15T18:40:09.000Z ##

Google says ‘Big Sleep’ AI tool found bug hackers planned to use

On Tuesday, Google said Big Sleep managed to discover CVE-2025-6965 — a critical security flaw that Google said was “only known to threat actors...

🔗️ [Therecord] link.is.it/NuePCK

##

therecord_media@mastodon.social at 2025-07-15T18:27:36.000Z ##

Google said its LLM known as Big Sleep managed to discover CVE-2025-6965 — a critical security flaw that was “only known to threat actors and was at risk of being exploited.”

therecord.media/google-big-sle

##

cR0w@infosec.exchange at 2025-07-15T14:17:50.000Z ##

SQLite isn't used in very many systems, is it?

sqlite.org/src/info/5508b56fd2

sev:HIGH 7.2 - CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L/U:Green

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

cve.org/CVERecord?id=CVE-2025-

##

CVE-2025-6973
(7.8 HIGH)

EPSS: 0.01%

updated 2025-07-15T15:31:07

1 posts

Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.

CVE-2025-7042
(7.8 HIGH)

EPSS: 0.01%

updated 2025-07-15T15:31:07

1 posts

Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file.

CVE-2025-6974
(7.8 HIGH)

EPSS: 0.01%

updated 2025-07-15T15:31:07

1 posts

Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.

CVE-2025-6972
(7.8 HIGH)

EPSS: 0.01%

updated 2025-07-15T15:31:07

1 posts

Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file.

CVE-2025-0831
(7.8 HIGH)

EPSS: 0.01%

updated 2025-07-15T15:31:07

1 posts

Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.

cR0w@infosec.exchange at 2025-07-15T15:08:33.000Z ##

Isn't SOLIDWORKS one of those things a bunch of you nerds like to put random Internet downloads into?

3ds.com/trust-center/security/

##

CVE-2025-52376
(9.8 CRITICAL)

EPSS: 0.09%

updated 2025-07-15T15:31:06

1 posts

An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below, allowing an attacker to remotely enable the Telnet service without authentication, bypassing security controls. The Telnet server is then accessible with hard-coded credentials, allowing attackers to gain administrative shell access and execute arbitra

cR0w@infosec.exchange at 2025-07-15T14:15:36.000Z ##

PoCs for Nexxt Solutions NCM-X1800 Mesh Router Vulnerabilities (CVE-2025-52379) - (CVE-2025-52378) - (CVE-2025-52377) - (CVE-2025-52376)

github.com/Vagebondcur/nexxt-s

cc: @Dio9sys @da_667

#internetOfShit

##

CVE-2025-50121
(0 None)

EPSS: 0.92%

updated 2025-07-15T13:14:49.980000

1 posts

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by default.

beyondmachines1@infosec.exchange at 2025-07-12T08:01:28.000Z ##

Multiple flaws in Schneider Electric EcoStruxure IT Data Center Expert, at least one critical

Schneider Electric reports multiple vulnerabilities in its EcoStruxure IT Data Center Expert platform, including a CVSS 10.0 flaw (CVE-2025-50121) that enables unauthenticated remote code execution. The company released version 9.0 to patch all vulnerabilities.

**If you have Schneider Electric EcoStruxure IT Data Center Expert, make sure it's isolated from the internet and accesible from trusted networks only. Then plan an update cycle to version 9.0 available through Schneider's Customer Care Center with proper testing.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2025-30402
(8.1 HIGH)

EPSS: 0.05%

updated 2025-07-15T13:14:49.980000

1 posts

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f

cR0w@infosec.exchange at 2025-07-11T19:03:09.000Z ##

A Friday advisory from Facebook? Nice.

facebook.com/security/advisori

Description: A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f

##

CVE-2025-7574
(9.8 CRITICAL)

EPSS: 0.10%

updated 2025-07-15T13:14:24.053000

1 posts

A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web Interface. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to th

offseq@infosec.exchange at 2025-07-14T06:01:11.000Z ##

LB-LINK routers (BL-AC1900 & more, ≤20250702) face CRITICAL risk: CVE-2025-7574 allows remote, unauthenticated reboot/restore via /cgi-bin/lighttpd.cgi. Public exploit, no patch yet. Restrict access & monitor! radar.offseq.com/threat/cve-20 #OffSeq #RouterSecurity #CVE20257574

##

CVE-2025-7012
(0 None)

EPSS: 0.02%

updated 2025-07-15T13:14:24.053000

1 posts

An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root by exploiting improper symbolic link handling.

cR0w@infosec.exchange at 2025-07-13T12:59:05.000Z ##

LPE in Cato Linux client.

support.catonetworks.com/hc/en

sev:HIGH 8.6 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/RE:M/U:Green

An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root by exploiting improper symbolic link handling.

cve.org/CVERecord?id=CVE-2025-

##

CVE-2025-6265
(7.2 HIGH)

EPSS: 0.08%

updated 2025-07-15T03:30:37

1 posts

A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device.

cR0w@infosec.exchange at 2025-07-15T12:32:23.000Z ##

../ in Zyxel access points.

zyxel.com/global/en/support/se

sev:HIGH 7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

The path traversal vulnerability in the file_upload-cgi CGI program of certain AP firmware versions could allow an authenticated attacker with administrator privileges to access specific directories and delete files—such as the configuration file—on a vulnerable device. It is important to note that AP management interfaces are typically accessed within a LAN environment, and this attack would only be successful if strong, unique administrator passwords had already been compromised.

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

##

CVE-2025-53833
(10.0 CRITICAL)

EPSS: 11.92%

updated 2025-07-15T00:34:45

1 posts

### Impact Attackers could: 1. Execute arbitrary commands on the server 2. Access sensitive environment variables 3. Escalate access depending on server configuration A critical vulnerability was discovered in LaRecipe that allows an attacker to perform Server-Side Template Injection (SSTI), potentially leading to Remote Code Execution (RCE) in vulnerable configurations. ### Patches Users are st

Nuclei template

1 repos

https://github.com/B1ack4sh/Blackash-CVE-2025-53833

beyondmachines1@infosec.exchange at 2025-07-16T09:01:08.000Z ##

Critical template Injection flaw in LaRecipe Documentation Package enables remote code execution

A critical Server-Side Template Injection (SSTI) vulnerability (CVE-2025-53833) in LaRecipe PHP documentation package allows attackers to execute arbitrary code with minimal technical expertise by injecting malicious template syntax into user-controlled data.

**If you're using LaRecipe PHP documentation package, it's time to update. Isolation of the web application may help but usually these systems are built to have a lot of users. So don't delay, patch to version 2.8.1 or later. Aheck your access logs for exploitation attempts and consider adding a Web Application Firewall (WAF) for additional protection.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

GossiTheDog@cyberplace.social at 2025-07-18T15:19:48.000Z ##

Updated #CitrixBleed2 scans github.com/GossiTheDog/scannin

Fields - IP, SSL certification hostnames, Netscaler firmware, if vulnerable to CVE-2025-5777

I've had a few orgs contest that they're not vulnerable and the scan is wrong. I've assisted each org, and in each case they've been wrong - they'd patched the wrong Netscaler, the passive HA node etc.

##

GossiTheDog@cyberplace.social at 2025-07-18T15:19:48.000Z ##

Updated #CitrixBleed2 scans github.com/GossiTheDog/scannin

Fields - IP, SSL certification hostnames, Netscaler firmware, if vulnerable to CVE-2025-5777

I've had a few orgs contest that they're not vulnerable and the scan is wrong. I've assisted each org, and in each case they've been wrong - they'd patched the wrong Netscaler, the passive HA node etc.

##

teezeh@ieji.de at 2025-07-18T06:30:50.000Z ##

“A critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed "CitrixBleed 2," was actively exploited nearly two weeks before proof-of-concept (PoC) exploits were made public, despite Citrix stating that there was no evidence of attacks.”

bleepingcomputer.com/news/secu

##

oversecurity@mastodon.social at 2025-07-17T23:50:08.000Z ##

Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks

A critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed "CitrixBleed 2," was actively exploited nearly two weeks before...

🔗️ [Bleepingcomputer] link.is.it/eX1RbT

##

GossiTheDog@cyberplace.social at 2025-07-17T16:40:24.000Z ##

Citrix have a blog out about hunting for #CitrixBleed2

netscaler.com/blog/news/evalua

It's what was in my earlier blog - look for invalid characters in the username field and duplicate sessions with different IPs

##

felmoltor@infosec.exchange at 2025-07-17T06:41:18.000Z ##

I've created a pull request to detect CitrixBleed 2 into Burp's Bcheck repository: github.com/PortSwigger/BChecks

The code is here if you want to give it a try:
github.com/felmoltor/BChecks/b

##

GossiTheDog@cyberplace.social at 2025-07-16T22:32:41.000Z ##

GreyNoise blog just out about #CitrixBleed2, they see exploitation from IPs in China from June 23rd targeting specifically Netscaler appliances greynoise.io/blog/exploitation

##

ntkramer@infosec.exchange at 2025-07-16T21:05:18.000Z ##

🩸& #threatintel | We (@greynoise) just published a quick note (greynoise.io/blog/exploitation) regarding CVE-2025-5777 - CitrixBleed 2

The main takeaway is we, first hand, observed exploitation almost two weeks before the POC was released, so ensure all retro threat hunting goes back at LEAST a month, but ideally further.
1/2

##

ntkramer@infosec.exchange at 2025-07-16T01:34:04.000Z ##

@GossiTheDog 🧐 are you referring to CVE-2025-5777 or did I miss yet another? We hadn’t planned on it but what are you thinking?

##

GossiTheDog@cyberplace.social at 2025-07-15T21:43:09.000Z ##

New CitrixBleed 2 scan data:

raw.githubusercontent.com/Goss

+7000 extra hosts added this round, host list is so large you need to use the raw view to see it.

Next set of data publication likely Friday, a month since the patch became available.

3832 orgs/hosts still unpatched.

##

GossiTheDog@cyberplace.social at 2025-07-12T19:26:04.000Z ##

Updated CitrixBleed 2 scan results: github.com/GossiTheDog/scannin

It's down from 24% unpatched to 17% unpatched

The results are partial still, the actual numbers still vuln will be higher.

##

obivan@infosec.exchange at 2025-07-12T09:49:05.000Z ##

Citrix NetScaler Memory Leak Exploit github.com/bughuntar/CVE-2025-

##

GossiTheDog@cyberplace.social at 2025-07-11T17:10:21.000Z ##

If you ask Citrix support for IOCs for CVE-2025-5777 and they send you a script to run that looks for .php files - they’ve sent you an unrelated script, which has nothing to do with session hijacking or memory overread.

##

CVE-2025-47812
(10.0 CRITICAL)

EPSS: 83.38%

updated 2025-07-14T18:31:44

10 posts

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also explo

Nuclei template

8 repos

https://github.com/blindma1den/CVE-2025-47812

https://github.com/rxerium/CVE-2025-47812

https://github.com/pevinkumar10/CVE-2025-47812

https://github.com/4m3rr0r/CVE-2025-47812-poc

https://github.com/ill-deed/WingFTP-CVE-2025-47812-illdeed

https://github.com/0xgh057r3c0n/CVE-2025-47812

https://github.com/B1ack4sh/Blackash-CVE-2025-47812

https://github.com/0xcan1337/CVE-2025-47812-poC

rxerium@infosec.exchange at 2025-07-16T06:56:53.000Z ##

I've created a passive detection script to detect instances that are vulnerable to critical RCE tagged as CVE-2025-47812:
github.com/rxerium/CVE-2025-47

Around ~4000 instances exposed to the internet as of 25.07.16
`http.favicon.hash:963565804`

##

LCSC_IE@infosec.exchange at 2025-07-15T11:00:21.000Z ##

🟥𝐋𝐂𝐒𝐂-𝐈𝐄 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐢𝐧𝐝𝐢𝐧𝐠𝐬-𝟏𝟓 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟓🟥

News:

1. Ireland's National Treasury Management Agency to review security protocols after losing 5 million euros in phishing attack

reuters.com/markets/europe/iri

2. Ransomware in Italy, strike at the Diskstation gang: hacker group leader arrested in Milan

decripto.org/en/ransomware-in-

3. Federal IT Contractor Pays $14.75 Million Fine to Settle Cyber Fraud Charges

thecyberexpress.com/federal-co

4. How Trump's Cyber Cuts Dismantle Federal Information Sharing

bankinfosecurity.com/how-trump

5. New White House cyber executive order pushes rules as code

cyberscoop.com/new-white-house

6. PoC Released for High-Severity Git CLI Vulnerability Allowing Arbitrary File Writes

securitylabs.datadoghq.com/art

---

Global Breaches and Data Leaks:

1. Flutter Entertainment (Paddy Power and Betfair) users warned of 'email danger' after breach

bbc.com/news/articles/cz7l29zv

---

Tactical Reports with IOCs:

1. Heavy metal: the new group of Telemancon attacks industrial organizations

f6.ru/blog/telemancon/

2. GLOBAL GROUP: Emerging Ransomware-as-a-Service, Supporting AI Driven Negotiation and Mobile Control Panel for Their Affiliates

blog.eclecticiq.com/global-gro

3. KongTuke FileFix Leads to New Interlock RAT Variant

thedfirreport.com/2025/07/14/k

4. BlackSuit: A Hybrid Approach with Data Exfiltration and Encryption

cybereason.com/blog/blacksuit-

5. Likely Belarus-Nexus Threat Actor Delivers Downloader to Poland

dmpdump.github.io/posts/Belaru

6. OCTALYN Stealer

cyfirma.com/research/octalyn-s

7. Finding Fake/Phishing Domains with HTML Features in Validin

validin.com/blog/http_feature_

8. Crypto Wallets Continue to be Drained in Elaborate Social Media Scam

darktrace.com/blog/crypto-wall

9. Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication

unit42.paloaltonetworks.com/wi

10. Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques

unit42.paloaltonetworks.com/sl

11. Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader

socket.dev/blog/contagious-int

12. Wing FTP Server Remote Code Execution (CVE-2025-47812) Exploited in the Wild

huntress.com/blog/wing-ftp-ser

13. Matanbuchus 3.0 Loader

github.com/prodaft/malware-ioc

14. CoreSecThree Framework

github.com/prodaft/malware-ioc

15. Malware Found in Official GravityForms Plugin Indicating Supply Chain Breach

patchstack.com/articles/critic

---

APT IOCs:

1. Possible Scattered Spider

cca039482a104d5d9b04bd2e20f6bb64[.]apm[.]us-west-2[.]aws[.]msicrosoft[.]com
outlook[.]msicrosoft[.]com
usa[.]msicrosoft[.]com
ftp[.]msicrosoft[.]com
logincdn[.]msicrosoft[.]com
ulgroup[.]msicrosoft[.]com
login1[.]msicrosoft[.]com
img6[.]msicrosoft[.]com
vn3hg[.]msicrosoft[.]com
msalaunch[.]msicrosoft[.]com
dotfoods[.]msicrosoft[.]com
sso4[.]msicrosoft[.]com
login[.]msicrosoft[.]com
js[.]msicrosoft[.]com
browser[.]msicrosoft[.]com
o[.]msicrosoft[.]com
help[.]msicrosoft[.]com
img1[.]msicrosoft[.]com
fpt2[.]msicrosoft[.]com
authh[.]msicrosoft[.]com
secure[.]msicrosoft[.]com
msfed[.]msicrosoft[.]com
sp[.]authpoint[.]usa1[.]msicrosoft[.]com
res[.]msicrosoft[.]com
mmcapi[.]msicrosoft[.]com
wcpstatic[.]msicrosoft[.]com
account[.]msicrosoft[.]com
ssoo[.]msicrosoft[.]com
gui[.]msicrosoft[.]com
office[.]msicrosoft[.]com
ads[.]msicrosoft[.]com
sso3[.]msicrosoft[.]com
sci[.]msicrosoft[.]com
winsscp[.]org
146.70.87[.]184
www-mlcrosoft[.]com
account.www-mlcrosoft[.]com
sso.www-mlcrosoft[.]com
ssoo.www-mlcrosoft[.]com
18.219.115[.]252
18.117.173[.]7
188.166.149[.]50
kennedywilsoninc[.]com

2. Kimsuky

144[.]172[.]104[.]10
docsdeliver[.]mydns[.]jp
hometxdoc[.]mydns[.]bz
userinfoblg[.]o-r[.]kr
binfo[.]userinfoblg[.]o-r[.]kr
docinfo[.]docsdeliver[.]mydns[.]jp
usr[.]hometxdoc[.]mydns[.]bz
a-info[.]userinfoblg[.]o-r[.]kr
b-info[.]userinfoblg[.]o-r[.]kr
c-info[.]userinfoblg[.]o-r[.]kr
d-info[.]userinfoblg[.]o-r[.]kr
e-info[.]userinfoblg[.]o-r[.]kr
f-info[.]userinfoblg[.]o-r[.]kr
g-info[.]userinfoblg[.]o-r[.]kr
h-info[.]userinfoblg[.]o-r[.]kr
i-info[.]userinfoblg[.]o-r[.]kr
j-info[.]userinfoblg[.]o-r[.]kr
k-info[.]userinfoblg[.]o-r[.]kr
l-info[.]userinfoblg[.]o-r[.]kr
m-info[.]userinfoblg[.]o-r[.]kr
n-info[.]userinfoblg[.]o-r[.]kr
o-info[.]userinfoblg[.]o-r[.]kr
p-info[.]userinfoblg[.]o-r[.]kr
q-info[.]userinfoblg[.]o-r[.]kr
r-info[.]userinfoblg[.]o-r[.]kr
s-info[.]userinfoblg[.]o-r[.]kr
t-info[.]userinfoblg[.]o-r[.]kr
u-info[.]userinfoblg[.]o-r[.]kr
v-info[.]userinfoblg[.]o-r[.]kr
w-info[.]userinfoblg[.]o-r[.]kr
x-info[.]userinfoblg[.]o-r[.]kr
y-info[.]userinfoblg[.]o-r[.]kr
z-info[.]userinfoblg[.]o-r[.]kr

2. bluenoroff

us05zoom[.]com
us05zoom[.]us[.]com

---

Threat Hunting / DFIR/ Malware:

1. Researchers foil $10M DeFi backdoor in thousands of smart contracts

x.com/deeberiroz/status/194304

2. Chasing Ghosts Over RDP: Lateral Movement in Tiny Bitmaps

medium.com/@mathias.fuchs/chas

3. Threat Actor Intelligence Report: 1ucif3r / Lucifer

notion.so/stealthmole-intellig

4. Breaking down the UserAssist artifact structure

securelist.com/userassist-arti

5. Unlocking Advanced Android Capabilities Without Root

mobile-hacker.com/2025/07/14/s

6. ClickFix Chaos: A Deep Dive into Rhadamanthys Infostealer’s Stealth and Steal Tactics

darkatlas.io/blog/clickfix-cha

7. Threat Actor Spotlight: Pryx

morado.io/blog-posts/threat-ac

8. Phishing For Gemini

0din.ai/blog/phishing-for-gemi

9. Exploiting Public APP_KEY Leaks to Achieve RCE in Hundreds of Laravel Applications

blog.gitguardian.com/exploitin

10. [Project 001] Operation Wall Breach: Sysmon Threat Hunt — A Scout Regiment Case File

medium.com/@BeyondTheWalls/ope

11. 195. Hunting for Interlock RAT PHP Based Variant

knowyouradversary.ru/2025/07/1

12. Brewing Trouble — Dissecting a macOS Malware Campaign

medium.com/deriv-tech/brewing-

---

Light Reading:

1. Russia-linked group spoofing European journalists to spread disinformation

substack.com/@gnidaproject/p-1

2. Can identity systems survive geopolitical cyberwar? Israel’s security test

intelligentciso.com/2025/07/09

3. From Tanks to TikTok: Adapting Article 5 for Graduated Responses to Hybrid Warfare

smallwarsjournal.com/2025/07/1

4. Russia Uses Slovak Cyber Firm to Expose Ukrainian Soldiers Online

thedefensepost.com/2025/07/15/

icjk.sk/405/Rodiny-ukrajinskyc

---

##

AAKL@infosec.exchange at 2025-07-14T19:05:16.000Z ##

New.

CISA has added to the KEV catalogue.

- CVE-2025-47812: Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability cve.org/CVERecord?id=CVE-2025- #CISA #cybersecurity #infosec

##

cisakevtracker@mastodon.social at 2025-07-14T18:00:50.000Z ##

CVE ID: CVE-2025-47812
Vendor: Wing FTP Server
Product: Wing FTP Server
Date Added: 2025-07-14
Notes: wftpserver.com/serverhistory.h ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

hrbrmstr@mastodon.social at 2025-07-14T17:53:37.000Z ##

Twas nice of KEV to catch up to us in caring about the Wing FTP RCE

viz.greynoise.io/tags/wing-ftp

##

linux@activitypub.awakari.com at 2025-07-13T15:50:28.000Z ## Wing FTP Server flaw actively exploited shortly after technical details were made public Hackers exploit critical Wing FTP flaw (CVE-2025-47812) for remote code execution with root/system rights af...

#Breaking #News #Hacking #Security #hacking #news #information #security #news #IT #Information

Origin | Interest | Match ##

beyondmachines1@infosec.exchange at 2025-07-12T18:01:29.000Z ##

Critical remote code execution flaw in Wing FTP Server actively exploited

Huntress researchers report active exploitation of a critical perfect 10 CVSS vulnerability (CVE-2025-47812) in Wing FTP Server that allows attackers to execute arbitrary system commands with highest privileges through Lua code injection via malicious HTTP POST requests to the web interface. The exploitation campaign, observed since July 1, 2025, targets approximately 5,000 internet-accessible Wing FTP servers with exposed web interfaces, with attackers creating persistence, downloading malicious files, and installing remote access tools.

**One more reminder that this is an URGENT patch! If you're running Wing FTP Server (any version up to 7.4.3), update NOW, because hackers are already attacking your Wing FTP Server.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

patrickcmiller@infosec.exchange at 2025-07-12T11:12:18.000Z ##

Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild thehackernews.com/2025/07/crit

##

hrbrmstr@mastodon.social at 2025-07-12T07:26:58.000Z ##

We're seeing the opportunistic exploitation attempts hitting the WingFTP bug that the fine folks over at @huntress discovered.

Small # of IPs for now. All with malicious intent.

viz.greynoise.io/tags/wing-ftp

##

jos1264@social.skynetcloud.site at 2025-07-12T00:05:02.000Z ##

Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild – Source:thehackernews.com ciso2ciso.com/critical-wing-ft #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Critical

##

CVE-2024-26293(CVSS UNKNOWN)

EPSS: 0.04%

updated 2025-07-14T12:30:28

1 posts

The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path Traversal vulnerability. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance (SDA+): before 2025.5.1.

cR0w@infosec.exchange at 2025-07-14T13:35:30.000Z ##

This looks like an older disclosure of some vulns in Avid Nexis Agent but it includes a ../ that, at least at the time, was undocumented in gSOAP. That CVE was just published today.

raeph123.github.io/BlogPosts/A

cve.org/CVERecord?id=CVE-2024-

##

CVE-2024-58258
(7.2 HIGH)

EPSS: 0.99%

updated 2025-07-14T00:31:13

1 posts

SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur.

_r_netsec@infosec.exchange at 2025-07-14T08:13:06.000Z ##

[CVE-2024-58258] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability karmainsecurity.com/KIS-2025-04

##

CVE-2025-38001(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-07-13T21:30:32

2 posts

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to d

1 repos

https://github.com/0xdevil/CVE-2025-38001

adulau@infosec.exchange at 2025-07-13T20:53:33.000Z ##

Obscure kernel bug use-after-free and then the VLAI severity told me "maybe important" before I read the drama syst3mfailure.io/rbtree-family

#kernel #linux #exploitation #vulnerability

🔗 vulnerability.circl.lu/vuln/CV

##

raptor@infosec.exchange at 2025-07-13T19:21:07.000Z ##

[CVE-2025-38001] #Exploiting All Google #kernelCTF Instances And Debian 12 With A #0Day For $82k: A RBTree Family Drama (Part One: LTS & COS)

syst3mfailure.io/rbtree-family

##

CVE-2025-30403
(8.1 HIGH)

EPSS: 0.04%

updated 2025-07-11T21:31:11

1 posts

A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a QUIC session. This issue affects mvfst versions prior to v2025.07.07.00.

cR0w@infosec.exchange at 2025-07-11T19:05:04.000Z ##

And another one.

facebook.com/security/advisori

A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a QUIC session. This issue affects mvfst versions prior to v2025.07.07.00.

##

CVE-2025-6691
(8.1 HIGH)

EPSS: 0.34%

updated 2025-07-11T21:31:04

1 posts

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right fi

beyondmachines1@infosec.exchange at 2025-07-12T09:01:28.000Z ##

SureForms WordPress Plugin flaw enables unauthenticated file deletion, potential site takeover

A vulnerabilityin the SureForms WordPress plugin (CVE-2025-6691) allows unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can force sites into setup mode and enable complete website takeover. Patches are available in multiple updated versions.

**If you have the SureForms WordPress plugin installed, immediately check your version and update to the latest patched release (1.7.4 or appropriate version for your branch). Don't delay this one, because you can't really hide the form, and updating the plugin is nearly trivial.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2025-6019
(7.0 None)

EPSS: 0.02%

updated 2025-07-10T15:32:17

1 posts

A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-pr

4 repos

https://github.com/neko205-mx/CVE-2025-6019_Exploit

https://github.com/dreysanox/CVE-2025-6019_Poc

https://github.com/guinea-offensive-security/CVE-2025-6019

https://github.com/And-oss/CVE-2025-6019-exploit

AAKL@infosec.exchange at 2025-07-15T15:36:02.000Z ##

Ahn Lab: Linux libblockdev Package Security Update Advisory (CVE-2025-6019) asec.ahnlab.com/en/89042/ #Linux #cybersecurity #infosec

##

AAKL@infosec.exchange at 2025-07-15T15:33:59.000Z ##

From yesterday. Promo toward the end.

Arctic Wolf: PoC Available for High-Severity Arbitrary File Write in Git CLI (CVE-2025-48384) arcticwolf.com/resources/blog/ #cybersecurity #infosec

##

linux@activitypub.awakari.com at 2025-07-14T14:21:20.000Z ## Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) If you haven’t recently updated the Sudo utility on your Linux box(es), you should do so now, to patch two l...

#Blog #Linux #box #sudo

Origin | Interest | Match ##

CVE-2025-48976(CVSS UNKNOWN)

EPSS: 0.06%

updated 2025-07-09T18:15:39

1 posts

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

2 repos

https://github.com/nankuo/CVE-2025-48976_CVE-2025-48988

https://github.com/Samb102/POC-CVE-2025-48988-CVE-2025-48976

cR0w@infosec.exchange at 2025-07-17T17:36:40.000Z ##

DoS in Apache Commons FileUpload. It impacts some F5 gear. And other things, I'm sure.

my.f5.com/manage/s/article/K00

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

cve.org/CVERecord?id=CVE-2025-

##

CVE-2025-6514
(9.7 CRITICAL)

EPSS: 0.05%

updated 2025-07-09T18:08:46

4 posts

mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL

1 repos

https://github.com/ChaseHCS/CVE-2025-6514

_r_netsec@infosec.exchange at 2025-07-17T07:43:06.000Z ##

Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients jfrog.com/blog/2025-6514-criti

##

_r_netsec@infosec.exchange at 2025-07-16T18:58:06.000Z ##

Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients jfrog.com/blog/2025-6514-criti

##

_r_netsec@infosec.exchange at 2025-07-16T16:58:06.000Z ##

Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients jfrog.com/blog/2025-6514-criti

##

beyondmachines1@infosec.exchange at 2025-07-12T11:01:28.000Z ##

Critical remote code execution flaw in mcp-remote exposes AI Systems to compromise

JFrog Security Research discovered a critical vulnerability (CVE-2025-6514) in the widely-used mcp-remote project that allows attackers to execute arbitrary operating system commands through OAuth authentication manipulation.

**If you use the mcp-remote npm package for connecting local LLM hosts to remote MCP servers, plan an urgent update to version 0.1.16. The flaw allows malicious MCP servers can push back commands to your computer and hack you. Also, make sure to only connect to trusted MCP servers using HTTPS connections.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

Ubuntu@activitypub.awakari.com at 2025-07-17T14:49:51.000Z ## Ubuntu 18.04 & 16.04: Rails Important Information Exposure CVE-2019-5418 Rails could be made to expose sensitive information over the network.

#Ubuntu #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2025-49704
(8.8 HIGH)

EPSS: 0.19%

updated 2025-07-08T18:31:58

1 posts

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

codewhitesec@infosec.exchange at 2025-07-14T13:01:38.000Z ##

We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to @mwulftange

##

CVE-2025-47981
(9.8 CRITICAL)

EPSS: 0.10%

updated 2025-07-08T18:31:51

1 posts

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.

authentic8@mastodon.social at 2025-07-11T23:48:08.000Z ##

The weekly Cyber Intel Brief by AJ Nash is out! ⚠️

A suspected North American APT, NightEagle, targets Chinese tech sectors. Meanwhile, AI-powered impersonation attacks hit high-profile U.S. figures like Secretary of State Marco Rubio.

🔧 Microsoft patches 137 vulnerabilities including a wormable SPNEGO flaw (CVE-2025-47981).
🛡️ CISA adds 6 more to the KEV catalog—compliance due July 28–31.

Dive into the full brief ⬇️
bit.ly/4lKU9M9

##

CVE-2025-3648(CVSS UNKNOWN)

EPSS: 0.04%

updated 2025-07-08T18:31:49

2 posts

A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list (ACL) configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer instance data that is not intended to be accessible to them. To assist customers in enhancing access c

campuscodi@mastodon.social at 2025-07-13T19:11:46.000Z ##

The Varonis team has published a write-up on a ServiceNow bug they found and got patched last week. Tracked as CVE-2025-3648, the vulnerability allows threat actors to infer data from the Now Platform without authentication.

varonis.com/blog/counter-strik

##

patrickcmiller@infosec.exchange at 2025-07-12T06:12:14.000Z ##

ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs thehackernews.com/2025/07/serv

##

CVE-2025-5333
(0 None)

EPSS: 0.43%

updated 2025-07-08T16:18:34.923000

1 posts

Remote attackers can execute arbitrary code in the context of the vulnerable service process.

_r_netsec@infosec.exchange at 2025-07-14T14:58:06.000Z ##

CVE-2025-5333 - CVSS 9.5: Remote Code Execution in Broadcom Symantec Endpoint Management Suite (Altiris) lrqa.com/en/cyber-labs/remote-

##

CVE-2025-6543
(9.8 CRITICAL)

EPSS: 3.54%

updated 2025-07-01T18:30:34

1 posts

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

3 repos

https://github.com/abrewer251/CVE-2025-6543_CitrixNetScaler_PoC

https://github.com/seabed-atavism/CVE-2025-6543

https://github.com/grupooruss/Citrix-cve-2025-6543

CVE-2025-6554
(8.1 HIGH)

EPSS: 0.52%

updated 2025-07-01T15:32:11

4 posts

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

5 repos

https://github.com/gmh5225/CVE-2025-6554-2

https://github.com/windz3r0day/CVE-2025-6554

https://github.com/PwnToday/CVE-2025-6554

https://github.com/9Insomnie/CVE-2025-6554

https://github.com/ghostn4444/POC-CVE-2025-6554

jos1264@social.skynetcloud.site at 2025-07-16T15:35:03.000Z ##

CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025 – Source: securityaffairs.com ciso2ciso.com/cve-2025-6554-ma #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #Security #hacking #zeroday

##

wasm@activitypub.awakari.com at 2025-07-16T10:11:36.000Z ## CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025 Google released security patches to address multiple Chrome vulnerabilities, including one flaw that has b...

#Breaking #News #Hacking #Security #Chrome #Google #hacking #news #information #security #news

Origin | Interest | Match ##

beardedtechguy@infosec.exchange at 2025-07-16T12:13:48.000Z ##

CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025 securityaffairs.com/180001/hac

#cyberseurity #chrome #Zeroday

##

AAKL@infosec.exchange at 2025-07-15T15:06:35.000Z ##

Google posted this yesterday. It affects critical CVE-2025-6192 and CVE-2025-5068, CVE-2025-5281, CVE-2025-6554.

Long Term Support Channel Update for ChromeOS chromereleases.googleblog.com/ #Google #cybersecurity #infosec #Chrome

##

CVE-2025-20281
(9.8 CRITICAL)

EPSS: 0.06%

updated 2025-06-26T21:31:20

3 posts

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitti

4 repos

https://github.com/abrewer251/CVE-2025-20281-2-Cisco-ISE-RCE

https://github.com/B1ack4sh/Blackash-CVE-2025-20281

https://github.com/ill-deed/Cisco-CVE-2025-20281-illdeed

https://github.com/grupooruss/CVE-2025-20281-Cisco

mttaggart@infosec.exchange at 2025-07-17T17:48:41.000Z ##

Yet another perfect 10 from Cisco!

The vulnerability was added via an update to the security bulletin for CVE-2025-20281 and CVE-2025-20282, two similar RCE vulnerabilities that also received the maximum severity score, that impact ISE and ISE-PIC versions 3.4 and 3.3.

bleepingcomputer.com/news/secu

##

AAKL@infosec.exchange at 2025-07-17T14:15:23.000Z ##

Cisco posted five vulnerability updates yesterday:

- Critical, affects CVE-2025-20281; CVE-2025-20282; and CVE-2025-20337 Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities sec.cloudapps.cisco.com/securi

- High, CVE-2025-20274: Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

- Medium, CVE-2025-20272: Cisco Prime Infrastructure and Evolved Programmable Network Manager Blind SQL Injection Vulnerability sec.cloudapps.cisco.com/securi

- CVE-2025-20283; CVE-2025-20284; and CVE-2025-20285: Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities sec.cloudapps.cisco.com/securi

- CVE-2025-20288: Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability sec.cloudapps.cisco.com/securi @TalosSecurity #cybersecurity #Infosec #Cisco

##

jbhall56@infosec.exchange at 2025-07-17T12:34:55.000Z ##

Tracked as CVE-2025-20337, the shortcoming carries a CVSS score of 10.0 and is similar to CVE-2025-20281, which was patched by the networking equipment major late last month. thehackernews.com/2025/07/cisc

##

CVE-2025-20282
(10.0 CRITICAL)

EPSS: 0.14%

updated 2025-06-26T21:31:13

2 posts

A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An a

mttaggart@infosec.exchange at 2025-07-17T17:48:41.000Z ##

Yet another perfect 10 from Cisco!

The vulnerability was added via an update to the security bulletin for CVE-2025-20281 and CVE-2025-20282, two similar RCE vulnerabilities that also received the maximum severity score, that impact ISE and ISE-PIC versions 3.4 and 3.3.

bleepingcomputer.com/news/secu

##

AAKL@infosec.exchange at 2025-07-17T14:15:23.000Z ##

Cisco posted five vulnerability updates yesterday:

- Critical, affects CVE-2025-20281; CVE-2025-20282; and CVE-2025-20337 Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities sec.cloudapps.cisco.com/securi

- High, CVE-2025-20274: Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability sec.cloudapps.cisco.com/securi

- Medium, CVE-2025-20272: Cisco Prime Infrastructure and Evolved Programmable Network Manager Blind SQL Injection Vulnerability sec.cloudapps.cisco.com/securi

- CVE-2025-20283; CVE-2025-20284; and CVE-2025-20285: Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities sec.cloudapps.cisco.com/securi

- CVE-2025-20288: Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability sec.cloudapps.cisco.com/securi @TalosSecurity #cybersecurity #Infosec #Cisco

##

CVE-2023-48795
(5.9 MEDIUM)

EPSS: 61.27%

updated 2025-06-24T17:47:50

1 posts

### Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it. ### Mitigations

Nuclei template

4 repos

https://github.com/Dr0xharakiri/CVE-2023-48795

https://github.com/sameeralam3127/rhel8_cve_2023_48795

https://github.com/TrixSec/CVE-2023-48795

https://github.com/RUB-NDS/Terrapin-Artifacts

cR0w@infosec.exchange at 2025-07-16T13:13:14.000Z ##

Am I reading this right in that it took PAN a year and a half to determine that PAN-OS 10.1 is impacted by Terrapin?

security.paloaltonetworks.com/

##

CVE-2025-49132
(10.0 CRITICAL)

EPSS: 33.56%

updated 2025-06-23T20:16:21.633000

2 posts

Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract s

Nuclei template

7 repos

https://github.com/63square/CVE-2025-49132

https://github.com/uxieltc/CVE-2025-49132

https://github.com/nfoltc/CVE-2025-49132

https://github.com/melonlonmeo/CVE-2025-49132

https://github.com/Zen-kun04/CVE-2025-49132

https://github.com/qiaojojo/CVE-2025-49132_poc

https://github.com/0xtensho/CVE-2025-49132-poc

ntkramer@infosec.exchange at 2025-07-16T21:45:44.000Z ##

🔥 CVE-2025-49132 (Pterodactyl Panel RCE) (10/10 RCE)

Active exploitation observed within days of disclosure.

viz.greynoise.io/tags/pterodac
2/4

##

ntkramer@infosec.exchange at 2025-07-16T21:45:38.000Z ##

🫖 & #threatintel - noticing a few other spikes orgs should be mindful of:
🔥 CVE-2025-49132 (Pterodactyl Panel RCE) (10/10 RCE)
⚡ CVE-2024-20439 (Cisco Smart Licensing Utility) (9.8/10, KEV)
📝 CVE-2017-18370 (Zyxel P660HN)
1/4

##

CVE-2023-4969
(6.5 MEDIUM)

EPSS: 1.98%

updated 2025-06-20T18:15:22.740000

2 posts

A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.

CVE-2025-6192
(8.8 HIGH)

EPSS: 0.11%

updated 2025-06-18T21:30:30

1 posts

Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

AAKL@infosec.exchange at 2025-07-15T15:06:35.000Z ##

Google posted this yesterday. It affects critical CVE-2025-6192 and CVE-2025-5068, CVE-2025-5281, CVE-2025-6554.

Long Term Support Channel Update for ChromeOS chromereleases.googleblog.com/ #Google #cybersecurity #infosec #Chrome

##

CVE-2025-2884
(6.6 MEDIUM)

EPSS: 0.01%

updated 2025-06-13T18:15:21.710000

2 posts

TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0

CVE-2025-49127
(0 None)

EPSS: 0.17%

updated 2025-06-09T16:15:44.833000

1 posts

Kafbat UI is a web user interface for managing Apache Kafka clusters. An unsafe deserialization vulnerability in version 1.0.0 allows any unauthenticated user to execute arbitrary code on the server. Version 1.1.0 fixes the issue.

beyondmachines1@infosec.exchange at 2025-07-16T08:01:09.000Z ##

Remote code execution flaw reported in Kafbat UI

A vulnerability in Kafbat UI version 1.0.0 (CVE-2025-49127) allows unauthenticated attackers to execute arbitrary code by exploiting the dynamic cluster configuration feature that fails to properly validate user-provided JMX endpoints. Organizations should immediately upgrade to version 1.1.0 or disable the dynamic configuration feature by setting DYNAMIC_CONFIG_ENABLED: 'false' to prevent exploitation through malicious HTTP PUT requests to the /api/config endpoint.

**If you're using Kafbat UI version 1.0.0, be aware that there's an attack vector that allows attackers to execute code without authentication. Isolate the API endpoints to only be accesible from trusted networks and communicate only with known servers. Disable the dynamic configuration feature by setting DYNAMIC_CONFIG_ENABLED: 'false' in your application configuration and then plan a patch.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2025-5068
(8.8 HIGH)

EPSS: 0.13%

updated 2025-06-05T14:11:10.430000

1 posts

Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

AAKL@infosec.exchange at 2025-07-15T15:06:35.000Z ##

Google posted this yesterday. It affects critical CVE-2025-6192 and CVE-2025-5068, CVE-2025-5281, CVE-2025-6554.

Long Term Support Channel Update for ChromeOS chromereleases.googleblog.com/ #Google #cybersecurity #infosec #Chrome

##

CVE-2025-2500
(7.4 HIGH)

EPSS: 0.05%

updated 2025-05-30T15:30:39

1 posts

A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain unauthorized access to the product and the time window of a possible password attack could be expanded.

beyondmachines1@infosec.exchange at 2025-07-16T10:01:09.000Z ##

Multiple vulnerabilities reported in Hitachi Energy Asset Suite, at least one critical

Hitachi Energy has disclosed multiple vulnerabilities in its Asset Suite platform affecting critical energy infrastructure, including a critical plaintext password storage flaw (CVE-2025-2500) that could enable unauthorized access and system compromise.

**If you're using Hitachi Energy Asset Suite, make sure the systems are isolated from the internet and used only for the dedicated purpose (no web browsing, email, or instant messaging.). Then contact the vendor for patches.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2025-48927
(5.3 MEDIUM)

EPSS: 11.39%

updated 2025-05-28T18:33:28

3 posts

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.

undercodenews@mastodon.social at 2025-07-18T15:44:26.000Z ##

Signal Clone App Under Attack: TeleMessage SGNL Vulnerability Exposes Sensitive Data in Massive Cybersecurity Breach

Hidden Dangers in Secure Messaging: The TeleMessage SGNL Vulnerability Unmasked In a world increasingly reliant on encrypted messaging, the discovery of a serious vulnerability in TeleMessage SGNL — a clone of the widely used Signal platform — is raising alarms across the cybersecurity landscape. Known officially as CVE-2025-48927, this flaw allows…

undercodenews.com/signal-clone

##

oversecurity@mastodon.social at 2025-07-18T15:20:11.000Z ##

Hackers scanning for TeleMessage Signal clone flaw exposing passwords

Researchers are seeing exploitation attempts for the CVE-2025-48927 vulnerability in the TeleMessage SGNL app, which allows retrieving usernames,...

🔗️ [Bleepingcomputer] link.is.it/p3UBhM

##

oversecurity@mastodon.social at 2025-07-18T15:20:11.000Z ##

Hackers scanning for TeleMessage Signal clone flaw exposing passwords

Researchers are seeing exploitation attempts for the CVE-2025-48927 vulnerability in the TeleMessage SGNL app, which allows retrieving usernames,...

🔗️ [Bleepingcomputer] link.is.it/p3UBhM

##

CVE-2025-5281
(5.4 MEDIUM)

EPSS: 0.07%

updated 2025-05-28T15:35:30

1 posts

Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium)

AAKL@infosec.exchange at 2025-07-15T15:06:35.000Z ##

Google posted this yesterday. It affects critical CVE-2025-6192 and CVE-2025-5068, CVE-2025-5281, CVE-2025-6554.

Long Term Support Channel Update for ChromeOS chromereleases.googleblog.com/ #Google #cybersecurity #infosec #Chrome

##

CVE-2025-4919
(8.8 HIGH)

EPSS: 0.04%

updated 2025-05-28T14:08:29.293000

3 posts

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.

Firefox@activitypub.awakari.com at 2025-07-15T14:27:27.000Z ## CVE-2025-4919: Corruption via Math Space in Mozilla Firefox In recent years, there has been an increase interest in the JavaScript engine vulnerabilities in order to compromise web browsers. Notabl...

#Blog #post

Origin | Interest | Match ##

Firefox@activitypub.awakari.com at 2025-07-15T14:27:27.000Z ## CVE-2025-4919: Corruption via Math Space in Mozilla Firefox In recent years, there has been an increase interest in the JavaScript engine vulnerabilities in order to compromise web browsers. Notabl...

#Blog #post

Origin | Interest | Match ##

Firefox@activitypub.awakari.com at 2025-07-15T14:30:39.000Z ## CVE-2025-4919: Corruption via Math Space in Mozilla Firefox In recent years, there has been an increase in interest in JavaScript engine vulnerabilities in order to compromise web browsers. Notably...

#Malware #News

Origin | Interest | Match ##

CVE-2025-42999
(9.1 CRITICAL)

EPSS: 18.14%

updated 2025-05-13T18:31:57

1 posts

SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

1 repos

https://github.com/Onapsis/Onapsis-Mandiant-CVE-2025-31324-Vuln-Compromise-Assessment

nopatience@swecyb.com at 2025-07-14T17:41:06.000Z ##

"Convergence" around SAP NetWeaver vulnerabilities as entry specifically CVE-2025-31324 sometimes chained with CVE-2025-42999.

2025-07-14: (kudelskisecurity.com) SAP NetWeaver Visual Composer Zero-Day Exploitation: Infrastructure Analysis and Ransomware Attribution

Reference: research.kudelskisecurity.com/

2025-06-16: (darktrace.com) Critical SAP NetWeaver Zero-Day Exploitation: Comprehensive Analysis of CVE-2025-31324 Attacks and Detection Strategies

Reference: darktrace.com/blog/tracking-cv

2025-06-13: (cyfirma.com) Ransomware Landscape Evolution: Advanced Evasion Techniques and Emerging Threat Groups Drive Global Attack Surge

Reference: cyfirma.com/research/tracking-

2025-05-27: (trendmicro.com) Earth Lamia APT Group Deploys Custom PULSEPACK Backdoor in Multi-Industry Campaign Targeting Brazil, India, and Southeast Asia

Reference: trendmicro.com/en_us/research/

#ThreatIntel #Cybersecurity #Infosec

##

CVE-2025-22457
(9.0 CRITICAL)

EPSS: 35.17%

updated 2025-05-03T01:00:02.097000

3 posts

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

5 repos

https://github.com/sfewer-r7/CVE-2025-22457

https://github.com/TRone-ux/CVE-2025-22457

https://github.com/B1ack4sh/Blackash-CVE-2025-22457

https://github.com/Vinylrider/ivantiunlocker

https://github.com/securekomodo/CVE-2025-22457

undercodenews@mastodon.social at 2025-07-18T11:50:16.000Z ##

Ivanti VPNs Under Siege: Cobalt Strike, Vshell RAT and a New Sophisticated Attacks

A Rising Wave of Silent Infiltrations An alarming new cyber threat campaign is sweeping across enterprise networks, using unpatched Ivanti Connect Secure VPN appliances as the primary gateway. Security experts are sounding the alarm over the active exploitation of two recently disclosed vulnerabilities — CVE-2025-0282 and CVE-2025-22457 — which are enabling attackers to infiltrate…

undercodenews.com/ivanti-vpns-

##

VirusBulletin at 2025-07-18T10:15:43.903Z ##

JPCERT/CC's 増渕 維摩 (Yuma Masubuchi) looks into malware identified in attacks exploiting Ivanti Connect Secure vulnerabilities CVE-2025-0282 and CVE-2025-22457 from December 2024 to the present. blogs.jpcert.or.jp/en/2025/07/

##

VirusBulletin@infosec.exchange at 2025-07-18T10:15:43.000Z ##

JPCERT/CC's 増渕 維摩 (Yuma Masubuchi) looks into malware identified in attacks exploiting Ivanti Connect Secure vulnerabilities CVE-2025-0282 and CVE-2025-22457 from December 2024 to the present. blogs.jpcert.or.jp/en/2025/07/

##

nopatience@swecyb.com at 2025-07-14T17:41:06.000Z ##

"Convergence" around SAP NetWeaver vulnerabilities as entry specifically CVE-2025-31324 sometimes chained with CVE-2025-42999.

2025-07-14: (kudelskisecurity.com) SAP NetWeaver Visual Composer Zero-Day Exploitation: Infrastructure Analysis and Ransomware Attribution

Reference: research.kudelskisecurity.com/

2025-06-16: (darktrace.com) Critical SAP NetWeaver Zero-Day Exploitation: Comprehensive Analysis of CVE-2025-31324 Attacks and Detection Strategies

Reference: darktrace.com/blog/tracking-cv

2025-06-13: (cyfirma.com) Ransomware Landscape Evolution: Advanced Evasion Techniques and Emerging Threat Groups Drive Global Attack Surge

Reference: cyfirma.com/research/tracking-

2025-05-27: (trendmicro.com) Earth Lamia APT Group Deploys Custom PULSEPACK Backdoor in Multi-Industry Campaign Targeting Brazil, India, and Southeast Asia

Reference: trendmicro.com/en_us/research/

#ThreatIntel #Cybersecurity #Infosec

##

CVE-2025-24016
(9.9 CRITICAL)

EPSS: 91.65%

updated 2025-04-22T16:53:42

1 posts

### Summary An unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. ### Details DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framewo

Nuclei template

8 repos

https://github.com/celsius026/poc_CVE-2025-24016

https://github.com/cybersecplayground/CVE-2025-24016-Wazuh-Remote-Code-Execution-RCE-PoC

https://github.com/0xjessie21/CVE-2025-24016

https://github.com/MuhammadWaseem29/CVE-2025-24016

https://github.com/rxerium/CVE-2025-24016

https://github.com/guinea-offensive-security/Wazuh-RCE

https://github.com/B1ack4sh/Blackash-CVE-2025-24016

https://github.com/huseyinstif/CVE-2025-24016-Nuclei-Template

cR0w@infosec.exchange at 2025-07-16T12:43:55.000Z ##

Unverified exploit for that Wazuh RCE vuln in February: CVE-2025-24016

attackerkb.com/topics/piW0q4r5

##

CVE-2012-0217(CVSS UNKNOWN)

EPSS: 88.86%

updated 2025-04-11T03:59:22

1 posts

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems,

azonenberg at 2025-07-14T06:08:36.874Z ##

@mimir

* 0x20000000 = start of RAM on most ARM MCUs
* 0xbfc00000 = MIPS reset vector
* 0x00007fffffffffff = last valid address in amd64 (see CVE-2012-0217 et al)
* 0x00 = indirect memory addressing register on 8-bit PIC (not null)
* 0x41414141 = no explanation needed

##

CVE-2025-32461
(10.0 CRITICAL)

EPSS: 0.11%

updated 2025-04-09T04:18:30

1 posts

wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3.

_r_netsec@infosec.exchange at 2025-07-13T14:28:05.000Z ##

[CVE-2025-32461] Tiki Wiki CMS Groupware <= 28.3 Two SSTI Vulnerabilities karmainsecurity.com/KIS-2025-03

##

CVE-2024-4577
(9.8 CRITICAL)

EPSS: 94.41%

updated 2025-03-28T15:12:44.513000

1 posts

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP bina

Nuclei template

66 repos

https://github.com/zomasec/CVE-2024-4577

https://github.com/AlperenY-cs/CVE-2024-4577

https://github.com/olebris/CVE-2024-4577

https://github.com/huseyinstif/CVE-2024-4577-Nuclei-Template

https://github.com/ZeroMemoryEx/PHP-CGI-INTERNAL-RCE

https://github.com/bibo318/CVE-2024-4577-RCE-ATTACK

https://github.com/princew88/CVE-2024-4577

https://github.com/Jcccccx/CVE-2024-4577

https://github.com/a-roshbaik/CVE-2024-4577-PHP-RCE

https://github.com/mistakes1337/CVE-2024-4577

https://github.com/ywChen-NTUST/PHP-CGI-RCE-Scanner

https://github.com/Dejavu666/CVE-2024-4577

https://github.com/bl4cksku11/CVE-2024-4577

https://github.com/Gill-Singh-A/CVE-2024-4577-Exploit

https://github.com/Sysc4ll3r/CVE-2024-4577

https://github.com/tntrock/CVE-2024-4577_PowerShell

https://github.com/Entropt/CVE-2024-4577_Analysis

https://github.com/ibrahmsql/CVE-2024-4577

https://github.com/d3ck4/Shodan-CVE-2024-4577

https://github.com/manuelinfosec/CVE-2024-4577

https://github.com/gh-ost00/CVE-2024-4577-RCE

https://github.com/XiangDongCJC/CVE-2024-4577-PHP-CGI-RCE

https://github.com/PhinehasNarh/CVE-2024-4577-LetsDefend-walkthrough

https://github.com/tpdlshdmlrkfmcla/php-cgi-cve-2024-4577

https://github.com/Skycritch/CVE-2024-4577

https://github.com/hexedbyte/cve-2024-4577

https://github.com/gotr00t0day/CVE-2024-4577

https://github.com/nemu1k5ma/CVE-2024-4577

https://github.com/BTtea/CVE-2024-4577-RCE-PoC

https://github.com/JeninSutradhar/CVE-2024-4577-checker

https://github.com/bughuntar/CVE-2024-4577

https://github.com/K3ysTr0K3R/CVE-2024-4577-EXPLOIT

https://github.com/0x20c/CVE-2024-4577-nuclei

https://github.com/longhoangth18/CVE-2024-4577

https://github.com/charis3306/CVE-2024-4577

https://github.com/Chocapikk/CVE-2024-4577

https://github.com/zjhzjhhh/CVE-2024-4577

https://github.com/xcanwin/CVE-2024-4577-PHP-RCE

https://github.com/Sh0ckFR/CVE-2024-4577

https://github.com/11whoami99/CVE-2024-4577

https://github.com/watchtowrlabs/CVE-2024-4577

https://github.com/dbyMelina/CVE-2024-4577

https://github.com/WanLiChangChengWanLiChang/CVE-2024-4577-RCE-EXP

https://github.com/byteReaper77/CVE-2024-4577

https://github.com/l0n3m4n/CVE-2024-4577-RCE

https://github.com/BitMEXResearch/CVE-2024-4577

https://github.com/ZephrFish/CVE-2024-4577-PHP-RCE

https://github.com/phirojshah/CVE-2024-4577

https://github.com/TAM-K592/CVE-2024-4577

https://github.com/ggfzx/CVE-2024-4577

https://github.com/taida957789/CVE-2024-4577

https://github.com/sug4r-wr41th/CVE-2024-4577

https://github.com/Wh02m1/CVE-2024-4577

https://github.com/Didarul342/CVE-2024-4577

https://github.com/gmh5225/CVE-2024-4577-PHP-RCE

https://github.com/Junp0/CVE-2024-4577

https://github.com/ahmetramazank/CVE-2024-4577

https://github.com/VictorShem/CVE-2024-4577

https://github.com/jakabakos/CVE-2024-4577-PHP-CGI-argument-injection-RCE

https://github.com/AhmedMansour93/Event-ID-268-Rule-Name-SOC292-Possible-PHP-Injection-Detected-CVE-2024-4577-

https://github.com/KimJuhyeong95/cve-2024-4577

https://github.com/Night-have-dreams/php-cgi-Injector

https://github.com/r0otk3r/CVE-2024-4577

https://github.com/a-roshbaik/CVE-2024-4577

https://github.com/ohhhh693/CVE-2024-4577

https://github.com/aaddmin1122345/cve-2024-4577

oversecurity@mastodon.social at 2025-07-15T10:40:52.000Z ##

CVE-2024-4577: payload analysis

As I mentioned in a previous post, I’ve started using the data collected by our honeypot to analyze some exploitation attempts, and a few days ago,...

🔗️ [Roccosicilia] link.is.it/kqWMt9

##

CVE-2019-9082
(8.8 HIGH)

EPSS: 94.14%

updated 2025-02-07T18:31:59

1 posts

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

undercodenews@mastodon.social at 2025-07-18T11:50:16.000Z ##

Ivanti VPNs Under Siege: Cobalt Strike, Vshell RAT and a New Sophisticated Attacks

A Rising Wave of Silent Infiltrations An alarming new cyber threat campaign is sweeping across enterprise networks, using unpatched Ivanti Connect Secure VPN appliances as the primary gateway. Security experts are sounding the alarm over the active exploitation of two recently disclosed vulnerabilities — CVE-2025-0282 and CVE-2025-22457 — which are enabling attackers to infiltrate…

undercodenews.com/ivanti-vpns-

##

VirusBulletin at 2025-07-18T10:15:43.903Z ##

JPCERT/CC's 増渕 維摩 (Yuma Masubuchi) looks into malware identified in attacks exploiting Ivanti Connect Secure vulnerabilities CVE-2025-0282 and CVE-2025-22457 from December 2024 to the present. blogs.jpcert.or.jp/en/2025/07/

##

VirusBulletin@infosec.exchange at 2025-07-18T10:15:43.000Z ##

JPCERT/CC's 増渕 維摩 (Yuma Masubuchi) looks into malware identified in attacks exploiting Ivanti Connect Secure vulnerabilities CVE-2025-0282 and CVE-2025-22457 from December 2024 to the present. blogs.jpcert.or.jp/en/2025/07/

##

CVE-2024-57727
(7.5 HIGH)

EPSS: 94.05%

updated 2025-01-16T21:32:03

1 posts

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.

Nuclei template

1 repos

https://github.com/imjdl/CVE-2024-57727

AAKL@infosec.exchange at 2025-07-17T16:12:40.000Z ##

Fortinet Outbreak Alert: TBK DVRs Botnet Attack (High-severity, exploiting CVE-2024-3721): fortiguard.fortinet.com/outbre @fortinet #cybersecurity #infosec #IoT

From yesterday: SimpleHelp Support Software Attack (high-severity, exploiting CVE-2024-57727) fortiguard.fortinet.com/outbre

##

CVE-2024-20439
(9.8 CRITICAL)

EPSS: 88.88%

updated 2024-09-13T21:31:22

2 posts

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to log in to the affected system. A successful ex

Nuclei template

ntkramer@infosec.exchange at 2025-07-16T21:45:49.000Z ##

⚡ CVE-2024-20439 (Cisco Smart Licensing Utility) (9.8/10, KEV)

Hardcoded credentials have been known since late last year.

viz.greynoise.io/tags/cisco-sm
3/4

##

ntkramer@infosec.exchange at 2025-07-16T21:45:38.000Z ##

🫖 & #threatintel - noticing a few other spikes orgs should be mindful of:
🔥 CVE-2025-49132 (Pterodactyl Panel RCE) (10/10 RCE)
⚡ CVE-2024-20439 (Cisco Smart Licensing Utility) (9.8/10, KEV)
📝 CVE-2017-18370 (Zyxel P660HN)
1/4

##

CVE-2024-39385
(5.5 MEDIUM)

EPSS: 0.06%

updated 2024-09-13T09:31:32

1 posts

Premiere Pro versions 24.5, 23.6.8 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

cR0w@infosec.exchange at 2025-07-17T19:23:48.000Z ##

Go hack the robots!

ros.org/blog/noetic-eol/

After May 31st, 2025 ROS 1 Noetic users may find themselves exposed to un-patched security vulnerabilities and bugs, with few avenues of support short of fixing these issues themselves and recompiling Noetic from source.

cve.org/CVERecord?id=CVE-2024-

cve.org/CVERecord?id=CVE-2024-

cve.org/CVERecord?id=CVE-2024-

cve.org/CVERecord?id=CVE-2024-

Edit to add a couple more.

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

##

CVE-2024-42009
(9.3 CRITICAL)

EPSS: 88.04%

updated 2024-09-07T00:32:35

1 posts

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

4 repos

https://github.com/0xbassiouny1337/CVE-2024-42009

https://github.com/Bhanunamikaze/CVE-2024-42009

https://github.com/DaniTheHack3r/CVE-2024-42009-PoC

https://github.com/Foxer131/CVE-2024-42008-9-exploit

Ubuntu@activitypub.awakari.com at 2025-07-15T06:37:20.000Z ## Ubuntu 24.04: Roundcube Important Info Disclosure CVE-2024-42009 USN-7636-1 Roundcube Webmail could be made to expose sensitive information over the network.

#Ubuntu #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2024-22122
(3.0 LOW)

EPSS: 0.35%

updated 2024-08-12T15:30:49

1 posts

Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.

DarkWebInformer@infosec.exchange at 2025-07-16T18:26:19.000Z ##

🚨🇧🇪Alleged Admin Access Sale to Belgian IT Company's Zabbix Monitoring Panel

A threat actor is selling admin access to a Zabbix monitoring system allegedly belonging to a Belgium-based IT company with $7M revenue.

Details of the Access:

- Platform: Zabbix
- Version: 3.0.32
- Hosts Monitored: 63
- Items Tracked: 5,034
- Triggers: 2,646
- User Accounts:
- Groups: 16

CVE Exposure: CVE-2024-22122, CVE-2024-22120 (These are critical Zabbix vulnerabilities exploited for initial access)

What’s Included?
Full Admin Access to the monitoring infrastructure

Price: 300$

##

CVE-2024-22120
(9.1 CRITICAL)

EPSS: 93.88%

updated 2024-05-17T12:30:59

1 posts

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.

Nuclei template

4 repos

https://github.com/isPique/CVE-2024-22120-RCE-with-gopher

https://github.com/Akshath-Nagulapally/ReproducingCVEs_Akshath_Nagulapally

https://github.com/W01fh4cker/CVE-2024-22120-RCE

https://github.com/g4nkd/CVE-2024-22120-RCE-with-gopher

DarkWebInformer@infosec.exchange at 2025-07-16T18:26:19.000Z ##

🚨🇧🇪Alleged Admin Access Sale to Belgian IT Company's Zabbix Monitoring Panel

A threat actor is selling admin access to a Zabbix monitoring system allegedly belonging to a Belgium-based IT company with $7M revenue.

Details of the Access:

- Platform: Zabbix
- Version: 3.0.32
- Hosts Monitored: 63
- Items Tracked: 5,034
- Triggers: 2,646
- User Accounts:
- Groups: 16

CVE Exposure: CVE-2024-22122, CVE-2024-22120 (These are critical Zabbix vulnerabilities exploited for initial access)

What’s Included?
Full Admin Access to the monitoring infrastructure

Price: 300$

##

CVE-2024-3721
(6.3 MEDIUM)

EPSS: 61.78%

updated 2024-04-13T12:30:30

1 posts

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573

AAKL@infosec.exchange at 2025-07-17T16:12:40.000Z ##

Fortinet Outbreak Alert: TBK DVRs Botnet Attack (High-severity, exploiting CVE-2024-3721): fortiguard.fortinet.com/outbre @fortinet #cybersecurity #infosec #IoT

From yesterday: SimpleHelp Support Software Attack (high-severity, exploiting CVE-2024-57727) fortiguard.fortinet.com/outbre

##

CVE-2017-18370
(8.8 HIGH)

EPSS: 75.83%

updated 2024-04-11T21:16:45

2 posts

The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371.

ntkramer@infosec.exchange at 2025-07-16T21:45:54.000Z ##

📝 CVE-2017-18370 (Zyxel P660HN)

Oldie but goodie.

viz.greynoise.io/tags/zyxel-p6
4/4

##

ntkramer@infosec.exchange at 2025-07-16T21:45:38.000Z ##

🫖 & #threatintel - noticing a few other spikes orgs should be mindful of:
🔥 CVE-2025-49132 (Pterodactyl Panel RCE) (10/10 RCE)
⚡ CVE-2024-20439 (Cisco Smart Licensing Utility) (9.8/10, KEV)
📝 CVE-2017-18370 (Zyxel P660HN)
1/4

##

CVE-2023-34634
(9.8 CRITICAL)

EPSS: 26.00%

updated 2024-04-04T06:28:11

1 posts

Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.

1 repos

https://github.com/radman404/CVE-2023-34634

CVE-2023-2868
(9.4 CRITICAL)

EPSS: 90.10%

updated 2024-04-04T05:46:09

1 posts

A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the

4 repos

https://github.com/cashapp323232/CVE-2023-2868CVE-2023-2868

https://github.com/getdrive/PoC

https://github.com/cfielding-r7/poc-cve-2023-2868

https://github.com/krmxd/CVE-2023-2868

cR0w@infosec.exchange at 2025-07-11T20:58:57.000Z ##

There is a lot less stuff so far using GNU tar than I expected. Lots of roll-your-own shit though like we saw with CVE-2023-2868 in Barracudas.

##

CVE-2025-27212
(0 None)

EPSS: 0.00%

2 posts

N/A

cR0w at 2025-07-18T17:46:33.154Z ##

Go hack more Ubiquiti shit.

community.ui.com/releases/Secu

sev:CRIT 9.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network.

cve.org/CVERecord?id=CVE-2025-

##

cR0w@infosec.exchange at 2025-07-18T17:46:33.000Z ##

Go hack more Ubiquiti shit.

community.ui.com/releases/Secu

sev:CRIT 9.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network.

cve.org/CVERecord?id=CVE-2025-

##

CVE-2024-21969
(0 None)

EPSS: 0.00%

2 posts

N/A

CVE-2025-53816
(0 None)

EPSS: 0.02%

1 posts

N/A

cR0w@infosec.exchange at 2025-07-17T15:20:05.000Z ##

DoS in 7-Zip.

securitylab.github.com/advisor

Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service.

cve.org/CVERecord?id=CVE-2025-

##

CVE-2025-53906
(0 None)

EPSS: 0.01%

1 posts

N/A

Firefox@activitypub.awakari.com at 2025-07-16T12:50:54.000Z ## Vim Command-Line Editor Vulnerability Allows Attackers to Overwrite Sensitive Files A newly identified security vulnerability in Vim’s popular zip.vim plugin has been assigned CVE-2025-53906, hig...

#Cyber #Security #News #Cybersecurity #Vulnerability #Cyber #Security #Cyber #security #news #vulnerability

Origin | Interest | Match ##

cR0w@infosec.exchange at 2025-07-16T12:38:03.000Z ##

Unverified exploit for CVE-2025-27210 which was a ../ in NodeJS.

exploit-db.com/exploits/52369

##

CVE-2025-53895
(0 None)

EPSS: 0.04%

1 posts

N/A

cR0w@infosec.exchange at 2025-07-15T16:50:50.000Z ##

Broken authN and authZ in session API and resulting session tokens in ZITADEL

github.com/zitadel/zitadel/sec

sev:HIGH 7.7 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

A vulnerability in ZITADEL's session management API allows any authenticated user to update a session if they know its ID, due to a missing permission check. This flaw enables session hijacking, allowing an attacker to impersonate another user and access sensitive resources.

cve.org/CVERecord?id=CVE-2025-

##

CVE-2024-47065
(0 None)

EPSS: 0.06%

1 posts

N/A

cR0w@infosec.exchange at 2025-07-11T17:12:35.000Z ##

Looks like this was reported a while ago. CVE was reserved in September 2024.

cve.org/CVERecord?id=CVE-2024-

##

Visit counter For Websites