Here's another easy-mode PrivEsc like @wdormann was talking about the other day with his Nessus Agent CVE.

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00004

sev:MED 6.3 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H

The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11.

https://nvd.nist.gov/vuln/detail/CVE-2025-2781

Here's another easy-mode PrivEsc like @wdormann was talking about the other day with his Nessus Agent CVE.

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00004

sev:MED 6.3 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H

The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11.

https://nvd.nist.gov/vuln/detail/CVE-2025-2781

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

Oprava CVE-2025-2783, zranitelnosti nultého dne v prohlížeči Chrome zneužívané útočníky sponzorovanými státem, provedená společností Google podnítila vývojáře prohlížeče Firefox, aby zkontrolovali, zda prohlížeč neobsahuje podobnou chybu - a našli ji. www.helpnetsecurity.com/2025/03/28/c...

Critical Firefox, Tor Browser ...

Firefox developers reported CVE-2025-2857, a sandbox vulnerability similar to a zero-day reported this week in Google Chrome.

https://therecord.media/firefox-sandbox-vulnerability-similar-chrome-zero-day

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)

https://www.helpnetsecurity.com/2025/03/28/critical-firefox-tor-browser-sandbox-escape-flaw-fixed-cve-2025-2857/

#Firefox #Tor

Whoa, talk about déjà vu! Seems like Firefox is playing catch-up right after Chrome dropped a fix for a sandbox escape. 🤯 Keep an eye out for CVE-2025-2857.

So, what's the deal? In short, this nasty bug could let an attacker break right out of the browser's protective sandbox. And *that* means they could potentially gain full access to your system. Yeah, pretty scary stuff. 😱

If you're running Firefox on Windows, heads up! This affects versions 136.0.4, ESR 115.21.1, and ESR 128.8.1. This whole situation feels familiar because Chrome *just* patched CVE-2025-2783, a similar issue that attackers were already actively exploiting out in the wild!

Make no mistake, sandbox escapes are a huge deal. As a pentester, I can tell you: vulnerabilities like this get weaponized *fast*. Don't wait around.

Seriously, update your Firefox ASAP! Trust me, you don't want to deal with the fallout if someone exploits this. It could get costly, fast.

Ever seen a browser exploit do its thing live? Wild, right? Drop your stories below!

#infosec #pentesting #firefox #cybersecurity #updateNOW

Firefox developers reported CVE-2025-2857, a sandbox vulnerability similar to a zero-day reported this week in Google Chrome.

https://therecord.media/firefox-sandbox-vulnerability-similar-chrome-zero-day

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)

https://www.helpnetsecurity.com/2025/03/28/critical-firefox-tor-browser-sandbox-escape-flaw-fixed-cve-2025-2857/

#Firefox #Tor

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) https://www.helpnetsecurity.com/2025/03/28/critical-firefox-tor-browser-sandbox-escape-flaw-fixed-cve-2025-2857/ #securityupdate #vulnerability #Don'tmiss #Kaspersky #Hotstuff #Firefox #Chrome #Opera #News #Tor

Whoa, talk about déjà vu! Seems like Firefox is playing catch-up right after Chrome dropped a fix for a sandbox escape. 🤯 Keep an eye out for CVE-2025-2857.

So, what's the deal? In short, this nasty bug could let an attacker break right out of the browser's protective sandbox. And *that* means they could potentially gain full access to your system. Yeah, pretty scary stuff. 😱

If you're running Firefox on Windows, heads up! This affects versions 136.0.4, ESR 115.21.1, and ESR 128.8.1. This whole situation feels familiar because Chrome *just* patched CVE-2025-2783, a similar issue that attackers were already actively exploiting out in the wild!

Make no mistake, sandbox escapes are a huge deal. As a pentester, I can tell you: vulnerabilities like this get weaponized *fast*. Don't wait around.

Seriously, update your Firefox ASAP! Trust me, you don't want to deal with the fallout if someone exploits this. It could get costly, fast.

Ever seen a browser exploit do its thing live? Wild, right? Drop your stories below!

#infosec #pentesting #firefox #cybersecurity #updateNOW

Firefox 0-day security vulnerability (CVE-2025-2857) patched

Mozilla patches a sandbox escape vulnerability that is already being exploited (in Chrome)

:firefox:⁠https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/

Announced: 2025-03-27
Impact: ⚠️ critical
Products: Firefox, Firefox ESR (Firefox on Windows only)
Fixed in:
• Firefox 136.0.4 :windows:
• Firefox ESR 115.21.1 :windows:
• Firefox ESR 128.8.1 :windows:

#Firefox #InfoSec #CVE #CVE_2025_2857

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) https://www.helpnetsecurity.com/2025/03/27/crushftp-vulnerability-cve-2025-2825/ #securityupdate #vulnerability #file-sharing #enterprise #Don'tmiss #Hotstuff #CrushFTP #News #SMBs

🚨CVE-2025-2825: Unauthenticated HTTP(S) port access on CrushFTPv10/v11

CVSS: 9.8

https://darkwebinformer.com/cve-2025-2825-unauthenticated-http-s-port-access-on-crushftpv10-v11/

The CrushFTP CVE that @catc0n has been talking about is finally published.

https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update

sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access.

https://nvd.nist.gov/vuln/detail/CVE-2025-2825

Our pals over at VulnCheck very kindly assigned a CVE for the CrushFTP issue since CrushFTP appears reluctant to do the needful directly (thx @albinolobster!)

https://www.cve.org/cverecord?id=CVE-2025-2825

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

Detect NetxJS CVE-2025-29927 efficiently and at scale https://www.patrowl.io/en/actualites/cve-2025-29927-next-js

Way to go with CVE-2025-29927 Vercel...

Detect NetxJS CVE-2025-29927 efficiently and at scale https://www.patrowl.io/en/actualites/cve-2025-29927-next-js

Zscaler: CVE-2025-29927: Next.js Middleware Authorization Bypass Flaw https://www.zscaler.com/blogs/security-research/cve-2025-29927-next-js-middleware-authorization-bypass-flaw @threatlabz #cybersecurity #infosec

[Reproduce Steps]
Add Header

x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware

to the request
⬇️
"Next.js POC for CVE-2025-29927"
👇
https://github.com/azu/nextjs-cve-2025-29927-poc

@da_667 Yes please. Rapid7 did publish this though: https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/

It's not much, but it's better than the vendor.

I don't normally post JS stuff, but CVE-2025-29927 is a whole lot of fun!

"it was possible to skip running Middleware, which could allow requests to skip critical checks—such as authorization cookie validation—before reaching routes." 😱

https://nextjs.org/blog/cve-2025-29927

Get your Next.js updated!

I probably sound like a broken record at this point, but we're not sold yet on the world-ending nature of Next.js CVE-2025-29927.

The fact that the bug isn't known to have been successfully exploited in the wild despite the huge amount of media and industry attention it’s received sure feels like a reasonable early indicator that it's unlikely to be broadly exploitable (classic framework vuln), and may not have any easily identifiable remote attack vectors at all.

https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/

Everyone’s talking about the Next.js vulnerability alert - and rightfully so. 👉 Here's why you need to detect and fix CVE-2025-29927 - now!

CVE-2025-29927 allows attackers to bypass crucial authorization checks via a simple header manipulation. This flaw affects a wide range of Next.js versions, potentially exposing sensitive data and critical admin functionalities.

Here's what you need to know:

👉 Impact: Attackers can gain unauthorized access to protected routes, leading to data breaches and privilege escalation.
👉 Vulnerable versions: Next.js 11.1.4 through 15.2.2.
👉 Detection: our Network Vulnerability Scanner now detects CVE-2025-29927, so a CVE-focused scan lets you identify vulnerable instances in your infrastructure - fast.

🔥 Don't wait for the exploit: act now

✅ Run a network scan

✅ Read the detailed write-up that explains how this vulnerability works, its impact, and detailed remediation steps ➡️ https://pentest-tools.com/blog/CVE-2025-29927-next-js-bypass

Next.js CVE-2025-29927 https://lobste.rs/s/l5c7gj #javascript #security #web
https://nextjs.org/blog/cve-2025-29927

CVE-2025-29927 Next.js Middleware Authorization Bypass Vulnerability  – Source: socprime.com https://ciso2ciso.com/cve-2025-29927-next-js-middleware-authorization-bypass-vulnerability-source-socprime-com/ #socprime.com #0CISO2CISO

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) https://www.helpnetsecurity.com/2025/03/24/critical-next-js-auth-bypass-vulnerability-opens-web-apps-to-compromise-cve-2025-29927/ #webapplicationsecurity #ProjectDiscovery #webdevelopment #vulnerability #Cloudflare #opensource #Don'tmiss #framework #Hotstuff #Next.js #News #PoC

CVE-2025-29927 9.1 critical score in Next.js

"Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware"

> This vulnerability is fixed in 14.2.25 and 15.2.3.

https://nvd.nist.gov/vuln/detail/CVE-2025-29927

CVE-2025-29927 : cette faille critique dans Next.js menace de nombreuses applications https://www.it-connect.fr/cve-2025-29927-cette-faille-critique-dans-next-js-menace-de-nombreuses-applications/ #ActuCybersécurité

Doing the Due Diligence: Analyzing the Next.js Middleware Bypass (CVE-2025-29927) https://slcyber.io/assetnote-security-research-center/doing-the-due-diligence-analysing-the-next-js-middleware-bypass-cve-2025-29927/

»Critical Next.js Middleware Vulnerability Allows Attackers to Bypass Authorization:
A severe vulnerability has been identified in Next.js, a popular React framework used for building web applications, under the designation CVE-2025-29927.«

Well, I have to give it up and look at it.

🧑‍💻 https://gbhackers.com/critical-next-js-middleware-vulnerability/

#javascript #nextjs #webdev #react #sec #framework #middleware #server #itsec

Next.js Middleware Authorization Bypass (CVE-2025-29927) https://github.com/vulhub/vulhub/tree/master/next.js/CVE-2025-29927

The researchers who found the Next.js middleware vulnerability (CVE-2025-29927) have released the full paper: https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware

Notable is that the auth bypass requires the x-middleware-subrequest value to be one of these two forms:
middleware:middleware:middleware:middleware:middleware OR
src/middleware:src/middleware:src/middleware:src/middleware:src/middleware

Medium sucks

I just want to read about the POC
CVE-2025-29927 ,is that so hard.

Critical Next.js Middleware Vulnerability (CVE-2025-29927)

A major auth bypass vulnerability in Next.js middleware (prior to v14.2.25 / v15.2.3) allows attackers to inject the x-middleware-subrequest header and bypass authorization entirely. Exploitable via simple HTTP requests—no user interaction, no special permissions.

Patch. Now. Or block the header manually.

GitHub scored this 9.1 CRITICAL, but the real issue? This flaw exposes a systemic weakness in middleware validation, and some vendors weren’t exactly upfront about the risks.

Details + POC: https://zeropath.com/blog/nextjs-middleware-cve-2025-29927-auth-bypass
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-29927

Security theater is easy. Secure defaults and transparency are harder—but essential.

#infosec #AppSec #NextJS #CVE202529927 #middleware #securityfail

⚠️ Une faille critique dans Next.js permet de contourner les vérifications d'autorisation effectuées dans le middleware.

👉 Framework React trés populaire pour le rendu web côté serveur.

🔍 Détails techniques

En injectant l'en-tête x-middleware-subrequest, un attaquant peut bypasser les contrôles d'accès et accéder à des ressources normalement protégées.

💥 Exploit documenté ici
⬇️
"Next.js and the corrupt middleware: the authorizing artifact"
👇
https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware

🛡️ Versions vulnérables

• 15.x < 15.2.3
  
• 14.x < 14.2.25
  
• 11.1.4 → 13.5.6

🔧 Solutions

✔️ Mettez à jour vers 15.2.3 ou 14.2.25

👇
https://nextjs.org/blog/cve-2025-29927
⬇️
https://github.com/advisories/GHSA-f82v-jwr5-mffw

✔️ En attendant : bloquez les requêtes contenant x-middleware-subrequest côté serveur / WAF

🛰️ Et effectivement selon le moteur de recherche de surface d’attaque ONYPHE,

il y en a un paquet… y compris en Suisse 🇨🇭

#CyberVeille #NextJS #CVE_2025_29927 #websec #infosec #onyphe #ASD

Just to echo @hdm and others - you might want to patch and (first) WAF filter for the Next.js vuln CVE-2025-29927 as a matter of priority.

There’s over 300k of these bad boys on Shodan, before you even get to ones behind cloud WAFs that filter headers. They’re basically all vuln.

“X-Powered-By: Next.js” on Shodan to identify easy wins, org:yourorg or ssl:yourorg as a way to find yours.

WAF rule = deny anything with x-middleware-subrequest in headers.

Some reading:

https://zeropath.com/blog/nextjs-middleware-cve-2025-29927-auth-bypass

Next.js dropped a CVSS 9.1 authentication bypass vulnerability (CVE-2025-29927) over the weekend. This flaw is trivially exploitable by sending the header `x-middleware-subrequest: true` and causes the request to skip all middleware processing, including any authentication steps.

Shodan reports over 300,000 services with the `X-Powered-By: Next.js` header alone.

You can find links to the advisory and queries for runZero at: https://www.runzero.com/blog/next-js/

Next.js version 15.2.3 has been released to address a security vulnerability

Link: https://nextjs.org/blog/cve-2025-29927
Discussion: https://news.ycombinator.com/item?id=43448723

Next.js version 15.2.3 has been released to address a security vulnerability
Link: https://nextjs.org/blog/cve-2025-29927
Comments: https://news.ycombinator.com/item?id=43448723

Next.js version 15.2.3 has been released to address a security vulnerability

Link: https://nextjs.org/blog/cve-2025-29927
Discussion: https://news.ycombinator.com/item?id=43448723

Next.js version 15.2.3 has been released to address a security vulnerability
https://nextjs.org/blog/cve-2025-29927
#ycombinator

CVE-2025-29927 – Next.js
Link: https://nextjs.org/blog/cve-2025-29927
Comments: https://news.ycombinator.com/item?id=43448723

CVE-2025-29927 – Next.js
https://nextjs.org/blog/cve-2025-29927
#ycombinator

Is next dot js a thing? I feel like it's a thing.

https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw

sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 14.2.25 and 15.2.3.

https://nvd.nist.gov/vuln/detail/CVE-2025-29927

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

Recursion kills: The story behind CVE-2024-8176 / Expat 2.7.0 released, includes security fixes: https://blog.hartwork.org/posts/expat-2-7-0-released/

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

Fortinet published another CVE for a vuln from 2019. Just something to keep in mind when people blame Fortinet shops when they get popped by unpatched vulns.

https://nvd.nist.gov/vuln/detail/CVE-2019-16149

Fortinet published another CVE for a vuln from 2019. Just something to keep in mind when people blame Fortinet shops when they get popped by unpatched vulns.

https://nvd.nist.gov/vuln/detail/CVE-2019-16149

Backdoor in a robot dog thing? Yes please.

https://takeonme.org/cves/cve-2025-2894/

sev:MED 6.6 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.

https://nvd.nist.gov/vuln/detail/CVE-2025-2894

🚨CVE-2025-24383: Dell Unity, Dell UnityVSA and Dell Unity XT remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system

CVSS: 9.1

https://darkwebinformer.com/cve-2025-24383-dell-unity-dell-unityvsa-and-dell-unity-xt-remediation-is-available-for-multiple-security-vulnerabilities-that-could-be-exploited-by-malicious-users-to-compromise-the-aff/

🚨CVE-2025-24383: Dell Unity, Dell UnityVSA and Dell Unity XT remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system

CVSS: 9.1

https://darkwebinformer.com/cve-2025-24383-dell-unity-dell-unityvsa-and-dell-unity-xt-remediation-is-available-for-multiple-security-vulnerabilities-that-could-be-exploited-by-malicious-users-to-compromise-the-aff/

Crypto vuln? In perl? That seems like something fedi is built to argue about.

https://metacpan.org/release/ZEFRAM/Data-Entropy-0.007/source/lib/Data/Entropy.pm#L80

Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

https://nvd.nist.gov/vuln/detail/CVE-2025-1860

UAF PrivEsc in Exim. I think it was @buherator who shared the Openwall link for this earlier today or yesterday. It now has a CVE published.

https://www.exim.org/static/doc/security/CVE-2025-30232.txt

https://www.openwall.com/lists/oss-security/2025/03/26/1

sev:HIGH 8.1 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.

https://nvd.nist.gov/vuln/detail/CVE-2025-30232

Oprava CVE-2025-2783, zranitelnosti nultého dne v prohlížeči Chrome zneužívané útočníky sponzorovanými státem, provedená společností Google podnítila vývojáře prohlížeče Firefox, aby zkontrolovali, zda prohlížeč neobsahuje podobnou chybu - a našli ji. www.helpnetsecurity.com/2025/03/28/c...

Critical Firefox, Tor Browser ...

Patchez Google Chrome : cette faille zero-day est exploitée par une campagne d’espionnage https://www.it-connect.fr/google-chrome-faille-zero-day-est-exploitee-campagne-espionnage-cve-2025-2783/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Google

Whoa, talk about déjà vu! Seems like Firefox is playing catch-up right after Chrome dropped a fix for a sandbox escape. 🤯 Keep an eye out for CVE-2025-2857.

So, what's the deal? In short, this nasty bug could let an attacker break right out of the browser's protective sandbox. And *that* means they could potentially gain full access to your system. Yeah, pretty scary stuff. 😱

If you're running Firefox on Windows, heads up! This affects versions 136.0.4, ESR 115.21.1, and ESR 128.8.1. This whole situation feels familiar because Chrome *just* patched CVE-2025-2783, a similar issue that attackers were already actively exploiting out in the wild!

Make no mistake, sandbox escapes are a huge deal. As a pentester, I can tell you: vulnerabilities like this get weaponized *fast*. Don't wait around.

Seriously, update your Firefox ASAP! Trust me, you don't want to deal with the fallout if someone exploits this. It could get costly, fast.

Ever seen a browser exploit do its thing live? Wild, right? Drop your stories below!

#infosec #pentesting #firefox #cybersecurity #updateNOW

Patchez Google Chrome : cette faille zero-day est exploitée par une campagne d’espionnage https://www.it-connect.fr/google-chrome-faille-zero-day-est-exploitee-campagne-espionnage-cve-2025-2783/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Google

Whoa, talk about déjà vu! Seems like Firefox is playing catch-up right after Chrome dropped a fix for a sandbox escape. 🤯 Keep an eye out for CVE-2025-2857.

So, what's the deal? In short, this nasty bug could let an attacker break right out of the browser's protective sandbox. And *that* means they could potentially gain full access to your system. Yeah, pretty scary stuff. 😱

If you're running Firefox on Windows, heads up! This affects versions 136.0.4, ESR 115.21.1, and ESR 128.8.1. This whole situation feels familiar because Chrome *just* patched CVE-2025-2783, a similar issue that attackers were already actively exploiting out in the wild!

Make no mistake, sandbox escapes are a huge deal. As a pentester, I can tell you: vulnerabilities like this get weaponized *fast*. Don't wait around.

Seriously, update your Firefox ASAP! Trust me, you don't want to deal with the fallout if someone exploits this. It could get costly, fast.

Ever seen a browser exploit do its thing live? Wild, right? Drop your stories below!

#infosec #pentesting #firefox #cybersecurity #updateNOW

CVE ID: CVE-2025-2783
Vendor: Google
Product: Chromium Mojo
Date Added: 2025-03-27
Vulnerability: Google Chromium Mojo Sandbox Escape Vulnerability
Notes: https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-2783
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-2783

New: CISA has updated the KEV catalogue.

- CVE-2025-2783: Google Chromium Mojo Sandbox Escape Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-2783

- Added yesterday:

- CVE-2019-9874: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9874

- CVE-2019-9875: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability https://www.cve.org/CVERecord?id=CVE-2019-9875 #CISA #cybersecurity #infosec #Google

Microsoft's notes for Edge Security Updates, posted yesterday: https://msrc.microsoft.com/update-guide

Chromium: CVE-2025-2783 Incorrect handle provided in unspecified circumstances in Mojo on Windows https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-2783 @microsoftsec #Microsoft #cybersecurity #Infosec #Windows

This update included the fix for CVE-2025-2783.

Just to be 100% clear this update included the fix for CVE-2025-2783. We actually had that out in the previous build 7.2.3621.71 from yesterday.

Just to be 100% clear this update included the fix for CVE-2025-2783. We actually had that out in the previous build 7.2.3621.71 from yesterday.

Just to be 100% clear this update included the fix for CVE-2025-2783. Indeed we were the first non-Chrome browser to get that out.

The CVE for this is published but no CVSS assessment yet: https://nvd.nist.gov/vuln/detail/CVE-2025-2783

If you missed this.

Security Week: Google Has Patched CVE-2025-2783, the Chrome Sandbox Escape Zero-Day Vulnerability Caught by Kaspersky https://www.securityweek.com/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky/ @SecurityWeek #cybersecurity #Infosec #Google #Chrome

Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) – Help Net Security https://www.macken.xyz/2025/03/google-fixes-exploited-chrome-sandbox-bypass-zero-day-cve-2025-2783-help-net-security/?utm_source=dlvr.it&utm_medium=mastodon

The vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks targeting organizations in Russia. https://www.securityweek.com/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky/

Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) https://www.helpnetsecurity.com/2025/03/26/google-fixes-exploited-chrome-sandbox-bypass-zero-day-cve-2025-2783/ #Don'tmiss #Kaspersky #Hotstuff #exploit #Windows #Chrome #0-day #News #APT

Chrome Releases Critical Update to Address CVE-2025-2783 Vulnerability https://thecyberexpress.com/chrome-stable-channel-update/ #StableChannelUpdate #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE20252783 #CyberNews #Windows

Chrome *again*? 🙄 Looks like Google's patching *another* critical flaw (CVE-2025-2783), and yep, attackers are already exploiting it in the wild.

Heads up, Windows users – you're the main target, with Russian orgs specifically in the crosshairs. 🇷🇺 The vulnerability's lurking in Mojo (Chrome's Inter-Process Communication system). And get this: all it takes is a convincing phishing email. 🎣 Someone clicks the link, and bam – their system's compromised.

What's really nasty? It cleverly gets around the Chrome sandbox. 🤯 Kaspersky's already tracking this, calling it 'Operation ForumTroll' and linking it to an APT group. Speaking as a pentester, trust me, finding vulnerabilities this deep isn't easy. Your run-of-the-mill scans just won't cut it here.

So, what's the game plan?
1. Update Chrome NOW! Like, right now. 🚨
2. Seriously, double down on training your staff about phishing threats.
3. Keep a close eye on your systems – think SIEM/EDR monitoring.

Curious to know, what are your go-to tools for hunting down threats like this? And how are you folks bracing yourselves against these advanced attacks? 🤔

Stay safe out there! ✌️

#Security #Chrome #Pentest #APT

EITW in Chrome if that's the kind of thing you care about: https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html

Google is aware of reports that an exploit for CVE-2025-2783 exists in the wild.

Ooh, this is four days in a row now with a perfect 10, though this one in INFOCAD doesn't provide a CVSS string. Also not a lot of details.

https://www.infocadfm.com/changelog/broken-authorization-schema/

DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema.

https://nvd.nist.gov/vuln/detail/CVE-2025-26853

And a sev:HIGH SQLi to go with it.

https://www.infocadfm.com/changelog/sql-injection/

DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection.

https://nvd.nist.gov/vuln/detail/CVE-2025-26852

wait3() system call as a side-channel in setuid programs (nvidia-modprobe CVE-2024-0149)

https://seclists.org/oss-sec/2025/q1/254

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

Dell PowerEdge things. I'm tired so dig if you want.

https://www.dell.com/support/kbdoc/en-us/000297463/dsa-2025-123-security-update-for-dell-chassis-management-controller-firmware-for-dell-poweredge-fx2-and-vrtx-vulnerabilities

sev:HIGH 8.3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H

Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

https://nvd.nist.gov/vuln/detail/CVE-2025-26336

Code injection in Apache Kylin.

https://lists.apache.org/thread/6j19pt8yoqfphf1lprtrzoqkvz1gwbnc

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Kylin.
If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system and project admin access is well protected.

This issue affects Apache Kylin: from 4.0.0 through 5.0.1.

Users are recommended to upgrade to version 5.0.2 or above, which fixes the issue.

https://nvd.nist.gov/vuln/detail/CVE-2025-30067

Critical Kubernetes controller flaws: 4,000 IPs exposed, with patch urgency increasing due to code to exploit CVE-2025-1974 vulnerability being published https://www.databreachtoday.com/critical-kubernetes-controller-flaws-4000-ips-exposed-a-27868

Critical Kubernetes controller flaws: 4,000 IPs exposed, with patch urgency increasing due to code to exploit CVE-2025-1974 vulnerability being published https://www.databreachtoday.com/critical-kubernetes-controller-flaws-4000-ips-exposed-a-27868

Ingress-nginx CVE-2025-1974: What You Need to Know #SuggestedRead #devopsish https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

🚨PoC Code to Exploit the IngressNightmare Vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974)

https://darkwebinformer.com/poc-code-to-exploit-the-ingressnightmare-vulnerabilities-cve-2025-1097-cve-2025-1098-cve-2025-24514-and-cve-2025-1974/

CVE-2025-1974: Critical Set of Vulnerabilities in Ingress NGINX Controller for Kubernetes Leading to Unauthenticated RCE – Source: socprime.com https://ciso2ciso.com/cve-2025-1974-critical-set-of-vulnerabilities-in-ingress-nginx-controller-for-kubernetes-leading-to-unauthenticated-rce-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #IngressNightmare #CVE-2025-1974 #Latestthreats #Vulnerability #socprimecom #socprime #Blog #CVE

Ingress-nginx CVE-2025-1974: What You Need to Know | Kubernetes https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

CVE-2025-1974 #SuggestedRead #devopsish https://github.com/kubernetes/kubernetes/issues/131009

Jacob Sandum posted a detailed and well-written PoC for the IngressNightmare (CVE-2025-1974 ) vulnerability found in the Kubernetes ingress-nginx Admission Controller by Wiz (Woogle!). If you are looking for a quick way to reproduce the issue or validate detection and mitigation, take a look:
https://github.com/sandumjacob/IngressNightmare-POCs/blob/main/CVE-2025-1974/README.md

Microsoft updated its security guide yesterday, with several Azure Kubernetes Service vulnerabilities:

CVE-2025-24514: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24514

CVE-2025-1974: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1974

CVE-2025-1098: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1098

CVE-2025-1097: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1097

CVE-2025-24513: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24513 @microsoftsec #cybersecurity #infosec #Microsoft #opensource

Tenable posted this yesterday in relation to CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, and CVE-2025-24514.

Tenable: Frequently asked questions about five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare https://www.tenable.com/blog/cve-2025-1974-frequently-asked-questions-about-ingressnightmare-kubernetes @tenable #cybersecurity #infosec #opensource

We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see https://status.vmst.io for more information. #vmstio

Kubernetesでingress-nginx使ってる各位は確認しておいた方が良いかもです

Ingress-nginx CVE-2025-1974: What You Need to Know | Kubernetes : 👀
---
https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

⚠️ Alerte sécurité sur Kubernetes : #IngressNightmare

Le 24 mars 2025, l’équipe de recherche de Wiz et les mainteneurs de Kubernetes ont dévoilé 5 vulnérabilités majeures affectant le très populaire Ingress-NGINX Controller (présent sur +40% des clusters).

Ces failles, dont la plus grave est CVE-2025-1974 (CVSS 9.8), permettent à un attaquant sans identifiants d’exécuter du code à distance (Remote Code Execution) et de prendre le contrôle complet du cluster Kubernetes, en accédant à tous les secrets (mots de passe, clés d’API, etc.).

Ce qui est en cause :
Le composant vulnérable est le Validating Admission Controller d’Ingress-NGINX. Il valide les objets "Ingress" mais est, par défaut, accessible sans authentification depuis le réseau interne du cluster – parfois même exposé publiquement.

Les chercheurs ont réussi à injecter des configurations NGINX malveillantes, puis à exécuter du code en important des bibliothèques à partir de fichiers temporaires via NGINX. Une véritable porte d’entrée invisible.

✅ Ce que vous devez faire rapidement:
Vérifiez si vous utilisez ingress-nginx :

kubectl get pods --all-namespaces --selector app.kubernetes.io/name=ingress-nginx

Mettez à jour vers une version corrigée :

v1.12.1 ou v1.11.5

Si vous ne pouvez pas mettre à jour tout de suite :

Désactivez temporairement le webhook d’admission (voir instructions officielles).

[Sources officielles]
⬇️
Blog de recherche Wiz :
"IngressNightmare: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX"
👇
https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities

📢 Annonce de Kubernetes (Security Response Committee) :
"Ingress-nginx CVE-2025-1974: What You Need to Know"
👇
https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

#CyberVeille #Kubernetes #DevSecOps #CVE_2025_1974 #RCE

If you're running ingress-nginx in your Kubernetes cluster please take a look at this latest CVE details, it's a big one! Patches are out so please get updating as soon as you can!

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

#Kubernetes #Nginx #Ingress #CloudNative

CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare – Source: securityboulevard.com https://ciso2ciso.com/cve-2025-1097-cve-2025-1098-cve-2025-1974-cve-2025-24513-cve-2025-24514-frequently-asked-questions-about-ingressnightmare-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard

Wow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!

Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.

It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅

Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!

So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔

#kubernetes #security #pentesting #devsecops #cloudsecurity

"Multiple issues have been discovered in ingress-nginx that can result in arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"

Critical (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (Score: 9.8), and assigned CVE-2025-1974.

https://github.com/kubernetes/kubernetes/issues/131009

#devops #infosec #kubernetes

Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT code injection vuln.

https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf

CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209

Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT code injection vuln.

https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf

CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209

Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT code injection vuln.

https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf

CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209

Security Advisory: Kanidm Provisioned Admin Credentials Leaked into System Log (CVE-2025-30205)

https://discourse.nixos.org/t/security-advisory-kanidm-provisioned-admin-credentials-leaked-into-system-log-cve-2025-30205/62128

#security #nixpkgs #nixos

the bug: https://github.com/Mbed-TLS/mbedtls/issues/466

CVE-2025-27809 is mentioned in their latest release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.3

Details about CVE-2025-31160 (memory corruption in #atop) are now available here: https://github.com/Atoptool/atop/issues/334

In a nutshell: atop at startup connects to local (non-privileged) TCP port 59123 where it expects certain data; if a regular user listens on that port, it can feed data to the next invocation of atop that can corrupt it.

The fix (https://github.com/Atoptool/atop/commit/542b7f7ac52926ca272129dba81d7db80279bb98) is primarily "don't do that" with some attempt at better parsing of the untrusted data (by adding return code checking of `sscanf`).

Details about CVE-2025-31160 (memory corruption in #atop) are now available here: https://github.com/Atoptool/atop/issues/334

In a nutshell: atop at startup connects to local (non-privileged) TCP port 59123 where it expects certain data; if a regular user listens on that port, it can feed data to the next invocation of atop that can corrupt it.

The fix (https://github.com/Atoptool/atop/commit/542b7f7ac52926ca272129dba81d7db80279bb98) is primarily "don't do that" with some attempt at better parsing of the untrusted data (by adding return code checking of `sscanf`).

And a couple more.

https://fortiguard.com/advisory/FG-IR-21-031|

sev:HIGH 7.5 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their credentials.

https://nvd.nist.gov/vuln/detail/CVE-2021-26091

https://fortiguard.com/psirt/FG-IR-23-001

sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

https://nvd.nist.gov/vuln/detail/CVE-2023-25610

And a couple more.

https://fortiguard.com/advisory/FG-IR-21-031|

sev:HIGH 7.5 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their credentials.

https://nvd.nist.gov/vuln/detail/CVE-2021-26091

https://fortiguard.com/psirt/FG-IR-23-001

sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

https://nvd.nist.gov/vuln/detail/CVE-2023-25610

Oh look, Fortinet published another CVE for another very old advisory. This one is from October 2021. I you are wondering why I point these out it's because I'm tired of vendors and security nerds yelling about "If you didn't patch quickly it's your own fault if you get popped." But when vendors don't even publish the CVEs for years, it makes it very challenging for some orgs to track the advisories and vulnerabilities. I know the CVE thing is likely falling apart, but this practice needs to be acknowledged as a problem so it can be remedied.

https://fortiguard.fortinet.com/psirt/FG-IR-20-234

sev:MED 6.4 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:X/RC:X

A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests.

https://nvd.nist.gov/vuln/detail/CVE-2021-26105

That RCE in Appsmith from December has a write-up.

https://rhinosecuritylabs.com/research/cve-2024-55963-unauthenticated-rce-in-appsmith/

https://github.com/appsmithorg/appsmith/releases/tag/v1.52

While reviewing the Appsmith Enterprise platform, Rhino Security Labs uncovered a series of critical vulnerabilities affecting default installations of the product. Most severe among them is CVE-2024-55963, which allows unauthenticated remote code execution due to a misconfigured PostgreSQL database included by default. Two additional vulnerabilities (CVE-2024-55964 and CVE-2024-55965) enable unauthorized access to sensitive data and application denial of service.

Unfortunately, the CVE still isn't in NVD.

https://nvd.nist.gov/vuln/detail/CVE-2024-55963

Multiple CVEs in gnuplot. They are all sev:MED 6.2.

https://access.redhat.com/security/cve/CVE-2025-31176

https://access.redhat.com/security/cve/CVE-2025-31178

https://access.redhat.com/security/cve/CVE-2025-31179

https://access.redhat.com/security/cve/CVE-2025-31180

https://access.redhat.com/security/cve/CVE-2025-31181

Multiple CVEs in gnuplot. They are all sev:MED 6.2.

https://access.redhat.com/security/cve/CVE-2025-31176

https://access.redhat.com/security/cve/CVE-2025-31178

https://access.redhat.com/security/cve/CVE-2025-31179

https://access.redhat.com/security/cve/CVE-2025-31180

https://access.redhat.com/security/cve/CVE-2025-31181

Multiple CVEs in gnuplot. They are all sev:MED 6.2.

https://access.redhat.com/security/cve/CVE-2025-31176

https://access.redhat.com/security/cve/CVE-2025-31178

https://access.redhat.com/security/cve/CVE-2025-31179

https://access.redhat.com/security/cve/CVE-2025-31180

https://access.redhat.com/security/cve/CVE-2025-31181

Multiple CVEs in gnuplot. They are all sev:MED 6.2.

https://access.redhat.com/security/cve/CVE-2025-31176

https://access.redhat.com/security/cve/CVE-2025-31178

https://access.redhat.com/security/cve/CVE-2025-31179

https://access.redhat.com/security/cve/CVE-2025-31180

https://access.redhat.com/security/cve/CVE-2025-31181

Multiple CVEs in gnuplot. They are all sev:MED 6.2.

https://access.redhat.com/security/cve/CVE-2025-31176

https://access.redhat.com/security/cve/CVE-2025-31178

https://access.redhat.com/security/cve/CVE-2025-31179

https://access.redhat.com/security/cve/CVE-2025-31180

https://access.redhat.com/security/cve/CVE-2025-31181

Active exploitation of critical SAP flaw CVE-2017-12637 reported by Onapsis
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/active-exploitation-of-critical-sap-flaw-cve-2017-12637-reported-by-onapsis-3-q-e-2-a/gD2P6Ple2L

Happy Sunday. Here, have a D-Link critical with a PoC. Edit to point out the part where it's no longer supported so it's yet another forever-day to put in your back pocket. Looking at the PoC, it looks like it would be really simple to create a Metasploit module for it. I know some of my students were always looking for exploits they could use to better learn Metasploit so there you go if that's you too.

https://witty-maiasaura-083.notion.site/D-link-DAP-1620-check_dws_uid-Vulnerability-1b4b2f2a63618025b049f6e62a1835c0

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

https://nvd.nist.gov/vuln/detail/CVE-2025-2621

Another edit to add that there's more of them so happy hacking.

https://nvd.nist.gov/vuln/detail/CVE-2025-2620

https://nvd.nist.gov/vuln/detail/CVE-2025-2619

https://nvd.nist.gov/vuln/detail/CVE-2025-2618

Happy Sunday. Here, have a D-Link critical with a PoC. Edit to point out the part where it's no longer supported so it's yet another forever-day to put in your back pocket. Looking at the PoC, it looks like it would be really simple to create a Metasploit module for it. I know some of my students were always looking for exploits they could use to better learn Metasploit so there you go if that's you too.

https://witty-maiasaura-083.notion.site/D-link-DAP-1620-check_dws_uid-Vulnerability-1b4b2f2a63618025b049f6e62a1835c0

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

https://nvd.nist.gov/vuln/detail/CVE-2025-2621

Another edit to add that there's more of them so happy hacking.

https://nvd.nist.gov/vuln/detail/CVE-2025-2620

https://nvd.nist.gov/vuln/detail/CVE-2025-2619

https://nvd.nist.gov/vuln/detail/CVE-2025-2618

Happy Sunday. Here, have a D-Link critical with a PoC. Edit to point out the part where it's no longer supported so it's yet another forever-day to put in your back pocket. Looking at the PoC, it looks like it would be really simple to create a Metasploit module for it. I know some of my students were always looking for exploits they could use to better learn Metasploit so there you go if that's you too.

https://witty-maiasaura-083.notion.site/D-link-DAP-1620-check_dws_uid-Vulnerability-1b4b2f2a63618025b049f6e62a1835c0

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

https://nvd.nist.gov/vuln/detail/CVE-2025-2621

Another edit to add that there's more of them so happy hacking.

https://nvd.nist.gov/vuln/detail/CVE-2025-2620

https://nvd.nist.gov/vuln/detail/CVE-2025-2619

https://nvd.nist.gov/vuln/detail/CVE-2025-2618

Happy Sunday. Here, have a D-Link critical with a PoC. Edit to point out the part where it's no longer supported so it's yet another forever-day to put in your back pocket. Looking at the PoC, it looks like it would be really simple to create a Metasploit module for it. I know some of my students were always looking for exploits they could use to better learn Metasploit so there you go if that's you too.

https://witty-maiasaura-083.notion.site/D-link-DAP-1620-check_dws_uid-Vulnerability-1b4b2f2a63618025b049f6e62a1835c0

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

https://nvd.nist.gov/vuln/detail/CVE-2025-2621

Another edit to add that there's more of them so happy hacking.

https://nvd.nist.gov/vuln/detail/CVE-2025-2620

https://nvd.nist.gov/vuln/detail/CVE-2025-2619

https://nvd.nist.gov/vuln/detail/CVE-2025-2618

Bizerba doing that thing like in school where you take up as much of the page as possible. Instead of DoS they say:

An authenticated attacker can compromise the availability of the device via the network

https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0002.pdf

Through the public FTP access the mass storage can be completely filled by mass uploading of data because no quota is in place.

sev:MED 6.5 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

https://nvd.nist.gov/vuln/detail/CVE-2025-2820

Service desk application vulns are always fun. I don't know how popular OXARI is, but if you know it, you might want to look into this one.

https://cert.pl/en/posts/2025/03/CVE-2025-1542/

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Improper permission control vulnerability in the OXARI ServiceDesk application could allow an attacker using a guest access or an unprivileged account to gain additional administrative permissions in the application.This issue affects OXARI ServiceDesk in versions before 2.0.324.0.

https://nvd.nist.gov/vuln/detail/CVE-2025-1542

I don't know how popular Pagure is but this RCE via git seems like it's worth patching. Or attacking. No judgement.

https://access.redhat.com/security/cve/CVE-2024-47516

sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance.

https://nvd.nist.gov/vuln/detail/CVE-2024-47516

I'm still working on my coffee so I'm not reading through the whole issue here, but the CVE description was enough to get me to read the discussion in the issue. Also, the CVSS score seems rather high given the prerequisites that need to be met before even exposing the vulnerability.

https://github.com/corosync/corosync/issues/778

sev:CRIT 9.0 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

https://nvd.nist.gov/vuln/detail/CVE-2025-30472

TIL Linksys is actually running DVWA for a web admin GUI.

https://github.com/JZP018/Vuln/blob/main/linsys/E5600/CI_pingTest_count/CI_pingTest_count.md

sev:HIGH 8.3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter.

https://nvd.nist.gov/vuln/detail/CVE-2025-29226

And a few more Linksys E5600 CVEs. As a treat.

https://nvd.nist.gov/vuln/detail/CVE-2025-29223

https://nvd.nist.gov/vuln/detail/CVE-2025-29227

https://nvd.nist.gov/vuln/detail/CVE-2025-29230

Edit: It's a GUI not a GIU. WTF is a GIU? :blobcatfacepalm:

Authentication bypass CVE-2025-22230 impacts VMware Windows Tools – Source: securityaffairs.com https://ciso2ciso.com/authentication-bypass-cve-2025-22230-impacts-vmware-windows-tools-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #vmwaretools #Security #hacking

VMware corrige une faille importante dans les VMware Tools pour Windows : CVE-2025-22230 https://www.it-connect.fr/vmware-corrige-une-faille-vmware-tools-pour-windows-cve-2025-22230/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Windows #VMware

VMware corrige une faille importante dans les VMware Tools pour Windows : CVE-2025-22230 https://www.it-connect.fr/vmware-corrige-une-faille-vmware-tools-pour-windows-cve-2025-22230/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Windows #VMware

Seriously, Broadcom... what's the deal lately? 🤯

First up, we've got CVE-2025-22230 hitting VMware Tools for Windows. This nasty bug basically lets standard users inside a VM escalate their privileges to admin level. Yikes! 😬 With a CVSS score of 7.8, you'll want to jump on this fix ASAP. It impacts versions 11.x.x and 12.x.x, so upgrading to 12.5.1 needs to be right at the top of your list!

But wait, there's more. CrushFTP is also sounding the alarm about unauthenticated access vulnerabilities lurking on HTTP(S) ports in versions 10 and 11. It's definitely time to double-check those DMZ configurations. Rapid7 has confirmed that exploits are out there, allowing unauthorized access. Pretty intense, right?

Stuff like this is a stark reminder: while automated scans have their place, they just don't cut it alone. Real-deal penetration testing is absolutely essential. Those manual checks are what uncover the sneaky issues that automated tools often breeze right past.

What's your take on this recent wave? How are you keeping your own environments locked down tight? Let's talk 👇

#ITSecurity #Pentesting #VMware #Cybersecurity #InfoSec #VulnerabilityManagement

A new twist on #ESXicape - you need local admin rights to escape the VM to the hypervisor, right?

Slight issue - VMware Tools, installed inside VMs, allows local user to local admin privilege escalation on every VM due to vuln CVE-2025-22230

“A malicious actor with non-administrative privileges on a Windows guest VM may gain ability to perform certain high-privilege operations within that VM.”

Discovered by Positive Technologies, who US claim hack for Moscow.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518

Auth bypass vuln in VMWare Tools for Windows. Nice.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518

sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.

https://nvd.nist.gov/vuln/detail/CVE-2025-22230

🚨CVE-2024-42533: SQL Injection in StandVoice by Convivance

https://darkwebinformer.com/cve-2024-42533-sql-injection-in-standvoice-by-convivance/

Multiple Denial-of-Service vulnerabilities in Hitachi Energy’s RTU500 series Product

This includes a couple sev:HIGH CVEs. Normally DoS vulns bore me, but when they're in RTUs used in energy, they get more interesting.

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true

CVE-2024-10037
CVE-2024-11499
CVE-2024-12169
CVE-2025-1445

Multiple Denial-of-Service vulnerabilities in Hitachi Energy’s RTU500 series Product

This includes a couple sev:HIGH CVEs. Normally DoS vulns bore me, but when they're in RTUs used in energy, they get more interesting.

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true

CVE-2024-10037
CVE-2024-11499
CVE-2024-12169
CVE-2025-1445

Multiple Denial-of-Service vulnerabilities in Hitachi Energy’s RTU500 series Product

This includes a couple sev:HIGH CVEs. Normally DoS vulns bore me, but when they're in RTUs used in energy, they get more interesting.

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true

CVE-2024-10037
CVE-2024-11499
CVE-2024-12169
CVE-2025-1445

Multiple Denial-of-Service vulnerabilities in Hitachi Energy’s RTU500 series Product

This includes a couple sev:HIGH CVEs. Normally DoS vulns bore me, but when they're in RTUs used in energy, they get more interesting.

https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true

CVE-2024-10037
CVE-2024-11499
CVE-2024-12169
CVE-2025-1445

Ooh, this is four days in a row now with a perfect 10, though this one in INFOCAD doesn't provide a CVSS string. Also not a lot of details.

https://www.infocadfm.com/changelog/broken-authorization-schema/

DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema.

https://nvd.nist.gov/vuln/detail/CVE-2025-26853

And a sev:HIGH SQLi to go with it.

https://www.infocadfm.com/changelog/sql-injection/

DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection.

https://nvd.nist.gov/vuln/detail/CVE-2025-26852

CVE-2025-24513 #SuggestedRead #devopsish https://github.com/kubernetes/kubernetes/issues/131005

Microsoft updated its security guide yesterday, with several Azure Kubernetes Service vulnerabilities:

CVE-2025-24514: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24514

CVE-2025-1974: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1974

CVE-2025-1098: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1098

CVE-2025-1097: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1097

CVE-2025-24513: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24513 @microsoftsec #cybersecurity #infosec #Microsoft #opensource

Tenable posted this yesterday in relation to CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, and CVE-2025-24514.

Tenable: Frequently asked questions about five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare https://www.tenable.com/blog/cve-2025-1974-frequently-asked-questions-about-ingressnightmare-kubernetes @tenable #cybersecurity #infosec #opensource

We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see https://status.vmst.io for more information. #vmstio

CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare – Source: securityboulevard.com https://ciso2ciso.com/cve-2025-1097-cve-2025-1098-cve-2025-1974-cve-2025-24513-cve-2025-24514-frequently-asked-questions-about-ingressnightmare-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard

Wow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!

Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.

It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅

Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!

So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔

#kubernetes #security #pentesting #devsecops #cloudsecurity

CVE-2025-24514 #SuggestedRead #devopsish https://github.com/kubernetes/kubernetes/issues/131006

🚨PoC Code to Exploit the IngressNightmare Vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974)

https://darkwebinformer.com/poc-code-to-exploit-the-ingressnightmare-vulnerabilities-cve-2025-1097-cve-2025-1098-cve-2025-24514-and-cve-2025-1974/

oh, this ingress/nginx proxy vuln family: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514

maybe we need to rewrite that component in rust? oh, wait.

Microsoft updated its security guide yesterday, with several Azure Kubernetes Service vulnerabilities:

CVE-2025-24514: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24514

CVE-2025-1974: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1974

CVE-2025-1098: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1098

CVE-2025-1097: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1097

CVE-2025-24513: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24513 @microsoftsec #cybersecurity #infosec #Microsoft #opensource

Tenable posted this yesterday in relation to CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, and CVE-2025-24514.

Tenable: Frequently asked questions about five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare https://www.tenable.com/blog/cve-2025-1974-frequently-asked-questions-about-ingressnightmare-kubernetes @tenable #cybersecurity #infosec #opensource

We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see https://status.vmst.io for more information. #vmstio

CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare – Source: securityboulevard.com https://ciso2ciso.com/cve-2025-1097-cve-2025-1098-cve-2025-1974-cve-2025-24513-cve-2025-24514-frequently-asked-questions-about-ingressnightmare-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard

Wow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!

Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.

It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅

Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!

So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔

#kubernetes #security #pentesting #devsecops #cloudsecurity

🚨PoC Code to Exploit the IngressNightmare Vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974)

https://darkwebinformer.com/poc-code-to-exploit-the-ingressnightmare-vulnerabilities-cve-2025-1097-cve-2025-1098-cve-2025-24514-and-cve-2025-1974/

CVE-2025-1097 #SuggestedRead #devopsish https://github.com/kubernetes/kubernetes/issues/131007

oh, this ingress/nginx proxy vuln family: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514

maybe we need to rewrite that component in rust? oh, wait.

Microsoft updated its security guide yesterday, with several Azure Kubernetes Service vulnerabilities:

CVE-2025-24514: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24514

CVE-2025-1974: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1974

CVE-2025-1098: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1098

CVE-2025-1097: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1097

CVE-2025-24513: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24513 @microsoftsec #cybersecurity #infosec #Microsoft #opensource

Tenable posted this yesterday in relation to CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, and CVE-2025-24514.

Tenable: Frequently asked questions about five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare https://www.tenable.com/blog/cve-2025-1974-frequently-asked-questions-about-ingressnightmare-kubernetes @tenable #cybersecurity #infosec #opensource

We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see https://status.vmst.io for more information. #vmstio

CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare – Source: securityboulevard.com https://ciso2ciso.com/cve-2025-1097-cve-2025-1098-cve-2025-1974-cve-2025-24513-cve-2025-24514-frequently-asked-questions-about-ingressnightmare-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard

Wow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!

Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.

It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅

Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!

So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔

#kubernetes #security #pentesting #devsecops #cloudsecurity

CVE-2025-1098 #SuggestedRead #devopsish https://github.com/kubernetes/kubernetes/issues/131008

🚨PoC Code to Exploit the IngressNightmare Vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974)

https://darkwebinformer.com/poc-code-to-exploit-the-ingressnightmare-vulnerabilities-cve-2025-1097-cve-2025-1098-cve-2025-24514-and-cve-2025-1974/

oh, this ingress/nginx proxy vuln family: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514

maybe we need to rewrite that component in rust? oh, wait.

Microsoft updated its security guide yesterday, with several Azure Kubernetes Service vulnerabilities:

CVE-2025-24514: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24514

CVE-2025-1974: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1974

CVE-2025-1098: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1098

CVE-2025-1097: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1097

CVE-2025-24513: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24513 @microsoftsec #cybersecurity #infosec #Microsoft #opensource

Tenable posted this yesterday in relation to CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, and CVE-2025-24514.

Tenable: Frequently asked questions about five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare https://www.tenable.com/blog/cve-2025-1974-frequently-asked-questions-about-ingressnightmare-kubernetes @tenable #cybersecurity #infosec #opensource

We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see https://status.vmst.io for more information. #vmstio

CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare – Source: securityboulevard.com https://ciso2ciso.com/cve-2025-1097-cve-2025-1098-cve-2025-1974-cve-2025-24513-cve-2025-24514-frequently-asked-questions-about-ingressnightmare-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard

Wow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!

Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.

It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅

Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!

So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔

#kubernetes #security #pentesting #devsecops #cloudsecurity

Tiens joli, une vulnérabilité dans le noyau Linux, (présente depuis… 2005) dans le pilote HFS+, l'ancien système de fichiers de macOS encore supporté. (complexité par ...promiscuité)
⬇️
Pour exploiter cette vulnérabilité, un attaquant devrait créer un système de fichiers HFS+ spécialement conçu avec des structures B-tree malformées, le monter en utilisant des permissions standard, puis déclencher la faille en définissant un attribut étendu (via setxattr)

"Linux kernel hfsplus slab-out-of-bounds Write"
👇
https://ssd-disclosure.com/ssd-advisory-linux-kernel-hfsplus-slab-out-of-bounds-write/

impact Ubuntu :ubuntu:
👇
https://ubuntu.com/security/CVE-2025-0927

impact Debian :debian:
👇
https://security-tracker.debian.org/tracker/CVE-2025-0927

#cyberveille #CVE_2025_0927 #Linux #vulnerabilite

Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT code injection vuln.

https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf

CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209

Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT code injection vuln.

https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf

CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209

Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT code injection vuln.

https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf

CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209

Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT code injection vuln.

https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf

CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209

Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT code injection vuln.

https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf

CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209

Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT code injection vuln.

https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf

CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209

Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT code injection vuln.

https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf

CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209

Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT code injection vuln.

https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf

CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209

Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT code injection vuln.

https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf

CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209

Looks like ABB published 13 CVEs for B&R APROL <4.4-01, including at least one sev:CRIT code injection vuln.

https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf

CVE-2024-45482, CVE-2024-45481, CVE-2024-45480, CVE-2024-8315, CVE-2024-45484, CVE-2024-45483, CVE-2024-8313, CVE-2024-8314, CVE-2024-10206, CVE-2024-10207, CVE-2024-10208, CVE-2024-10210, CVE-2024-10209

SnapCenter Security Flaw Rated Critical—NetApp Urges Immediate Patch https://thecyberexpress.com/netapp-snapcenter-vulnerability-cve-2025-26512/ #NetAppVulnerability #TheCyberExpressNews #SnapCenterServer #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202526512 #SnapCenter #CyberNews

Kuadrant? Kubeslice? Are these actual things or is NVD stroking out?

https://gist.github.com/HouqiyuA/2a34c8f95dac7d9d8d7df7732403f383

Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster

https://nvd.nist.gov/vuln/detail/CVE-2024-53349

https://gist.github.com/HouqiyuA/1cb964206e0d6bebd1c57a124c55fa03

Insecure permissions in kubeslice v1.3.1 allow attackers to gain access to the service account's token, leading to escalation of privileges.

https://nvd.nist.gov/vuln/detail/CVE-2024-53350

Kuadrant? Kubeslice? Are these actual things or is NVD stroking out?

https://gist.github.com/HouqiyuA/2a34c8f95dac7d9d8d7df7732403f383

Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster

https://nvd.nist.gov/vuln/detail/CVE-2024-53349

https://gist.github.com/HouqiyuA/1cb964206e0d6bebd1c57a124c55fa03

Insecure permissions in kubeslice v1.3.1 allow attackers to gain access to the service account's token, leading to escalation of privileges.

https://nvd.nist.gov/vuln/detail/CVE-2024-53350

I missed the three OOB advisories in Edge released on Friday:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29806

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29795

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-2476

I missed the three OOB advisories in Edge released on Friday:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29806

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29795

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-2476

CVE-2025-27407: Inside the Critical GraphQL-Ruby RCE Vulnerability https://cenobe.com/blog/cve-2025-27407/

CVE-2025-27407: Inside the Critical GraphQL-Ruby RCE Vulnerability https://cenobe.com/blog/cve-2025-27407/

(horizon3.ai) What to know about recent Github Actions and Apache Tomcat vulnerabilities—before you investigate https://www.horizon3.ai/attack-research/attack-blogs/critical-or-clickbait-github-actions-and-apache-tomcat-rce-vulnerabilities-2025/

The article from Horizon3 analyzes two recent high-profile vulnerabilities: CVE-2025-30066 affecting GitHub Actions (tj-actions/changed-files) and CVE-2025-24813 affecting Apache Tomcat. Despite widespread publicity, Horizon3.ai's Attack Team found that actual exploitation risk is significantly lower than reported. For the GitHub Actions vulnerability, only one repository among 1,200 examined was exposed, with no evidence of data exfiltration. For Apache Tomcat, analysis of over 10,000 endpoints revealed no vulnerable configurations in production environments. The article emphasizes the importance of prioritizing security responses based on actual risk rather than media hype.

#Cybersecurity #GithubActions #Github #Tomcat #Apache #Vulnerability

Another forever-day but this one's just an XSS. Mostly I'm just posting it because I've never heard of Apache Oozie and it's a funny name.

https://lists.apache.org/thread/fzrmsslnrpl0vpp0jr73fosmfjv4omdq

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Oozie.

This issue affects Apache Oozie: all versions.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

https://nvd.nist.gov/vuln/detail/CVE-2025-26796

I didn't see CVEs in video games very often. This one in Animal Crossing is almost seven years old but still interesting:

https://jamchamb.net/2018/07/11/animal-crossing-nes-emulator-hacks.html

sev:MED 5.4 - CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

A vulnerability has been found in Nintendo Animal Crossing, Doubutsu no Mori+ and Doubutsu no Mori e+ 1.00/1.01 on GameCube and classified as critical. Affected by this vulnerability is an unknown functionality of the component Letter Trigram Handler. The manipulation leads to memory corruption. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

https://nvd.nist.gov/vuln/detail/CVE-2018-25109

I missed the three OOB advisories in Edge released on Friday:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29806

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29795

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-2476

This has been a busy month for Malcolm! I pushed hard to get v25.03.0 out earlier this month, as it contained pretty much just the Keycloak integration one of our partners (and major funding sources) was waiting for. Rather than wait until April for the other stuff that would have gone into the regular end-of-the-month release, I decided to pull those items into this smaller release just a week and a half after the last one.

Malcolm v25.03.1 contains a few enhancements, bug fixes, and several component version updates, including one that addresses a CVE that may affect Hedgehog Linux Kiosk mode and Malcolm's API container.

NOTE: If you have not already upgraded to v25.03.0, read the notes for v25.02.0 and v25.03.0 and follow the Read Before Upgrading instructions on those releases.

Changes in this release

• ✨ Features and enhancements
  • Incorporate new S7comm device identification log, s7comm_known_devices.log (#622)
  • Display current PCAP, Zeek, and Suricata capture results in Hedgehog Linux Kiosk mode (#566)
  • Keycloak authentication: configurable group or role membership restrictions for login (#633) (see Requiring user groups and realm roles)
  • Mark newly-discovered and uninventoried devices in logs during NetBox enrichment (#573)
  • Added "Apply recommended system tweaks automatically without asking for confirmation?" question to install.py to allow the user to accept changes to sysctl.conf, grub kernel parameters, etc., without having to answer "yes" to each one.
• ✅ Component version updates
  • Arkime to v5.6.2
  • evtx to v0.9.0
  • Fluent Bit to v3.2.10
  • gunicorn to v23.0.0 to address CVE-2024-6827, "Gunicorn HTTP Request/Response Smuggling vulnerability"
  • Zeek to v7.1.1
• 🐛 Bug fixes
  • Fix install.py error when answering yes to "Pull Malcolm images?" with podman (#604)
  • Order of user-provided tags from PCAP upload interface not preserved (#624)
• 📄 Configuration changes (in environment variables in ./config/) for Malcolm and in control_vars.conf for Hedgehog Linux
  • added NGINX_REQUIRE_GROUP and NGINX_REQUIRE_ROLE to auth-common.env to support Requiring user groups and realm roles for Keycloak authentication
• 🧹 Code and project maintenance
  • Ensure Malcolm's NetBox configuration Python scripts are baked into the image in addition to bind-mounting them in docker-compose.yml at runtime.

Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #SSO #OIDC #Keycloak #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov

This has been a busy month for Malcolm! I pushed hard to get v25.03.0 out earlier this month, as it contained pretty much just the Keycloak integration one of our partners (and major funding sources) was waiting for. Rather than wait until April for the other stuff that would have gone into the regular end-of-the-month release, I decided to pull those items into this smaller release just a week and a half after the last one.

Malcolm v25.03.1 contains a few enhancements, bug fixes, and several component version updates, including one that addresses a CVE that may affect Hedgehog Linux Kiosk mode and Malcolm's API container.

NOTE: If you have not already upgraded to v25.03.0, read the notes for v25.02.0 and v25.03.0 and follow the Read Before Upgrading instructions on those releases.

Changes in this release

• ✨ Features and enhancements
  • Incorporate new S7comm device identification log, s7comm_known_devices.log (#622)
  • Display current PCAP, Zeek, and Suricata capture results in Hedgehog Linux Kiosk mode (#566)
  • Keycloak authentication: configurable group or role membership restrictions for login (#633) (see Requiring user groups and realm roles)
  • Mark newly-discovered and uninventoried devices in logs during NetBox enrichment (#573)
  • Added "Apply recommended system tweaks automatically without asking for confirmation?" question to install.py to allow the user to accept changes to sysctl.conf, grub kernel parameters, etc., without having to answer "yes" to each one.
• ✅ Component version updates
  • Arkime to v5.6.2
  • evtx to v0.9.0
  • Fluent Bit to v3.2.10
  • gunicorn to v23.0.0 to address CVE-2024-6827, "Gunicorn HTTP Request/Response Smuggling vulnerability"
  • Zeek to v7.1.1
• 🐛 Bug fixes
  • Fix install.py error when answering yes to "Pull Malcolm images?" with podman (#604)
  • Order of user-provided tags from PCAP upload interface not preserved (#624)
• 📄 Configuration changes (in environment variables in ./config/) for Malcolm and in control_vars.conf for Hedgehog Linux
  • added NGINX_REQUIRE_GROUP and NGINX_REQUIRE_ROLE to auth-common.env to support Requiring user groups and realm roles for Keycloak authentication
• 🧹 Code and project maintenance
  • Ensure Malcolm's NetBox configuration Python scripts are baked into the image in addition to bind-mounting them in docker-compose.yml at runtime.

Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #SSO #OIDC #Keycloak #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov

16:1 asymmetric RAM eater in golang-jwt by sending a bunch of . characters. Poor / isn't even needed for this one. :-(

https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp

sev:HIGH 7.5 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

golang-jwt is a Go implementation of JSON Web Tokens. Prior to
5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.

https://nvd.nist.gov/vuln/detail/CVE-2025-30204

TIL Linksys is actually running DVWA for a web admin GUI.

https://github.com/JZP018/Vuln/blob/main/linsys/E5600/CI_pingTest_count/CI_pingTest_count.md

sev:HIGH 8.3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter.

https://nvd.nist.gov/vuln/detail/CVE-2025-29226

And a few more Linksys E5600 CVEs. As a treat.

https://nvd.nist.gov/vuln/detail/CVE-2025-29223

https://nvd.nist.gov/vuln/detail/CVE-2025-29227

https://nvd.nist.gov/vuln/detail/CVE-2025-29230

Edit: It's a GUI not a GIU. WTF is a GIU? :blobcatfacepalm:

TIL Linksys is actually running DVWA for a web admin GUI.

https://github.com/JZP018/Vuln/blob/main/linsys/E5600/CI_pingTest_count/CI_pingTest_count.md

sev:HIGH 8.3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter.

https://nvd.nist.gov/vuln/detail/CVE-2025-29226

And a few more Linksys E5600 CVEs. As a treat.

https://nvd.nist.gov/vuln/detail/CVE-2025-29223

https://nvd.nist.gov/vuln/detail/CVE-2025-29227

https://nvd.nist.gov/vuln/detail/CVE-2025-29230

Edit: It's a GUI not a GIU. WTF is a GIU? :blobcatfacepalm:

TIL Linksys is actually running DVWA for a web admin GUI.

https://github.com/JZP018/Vuln/blob/main/linsys/E5600/CI_pingTest_count/CI_pingTest_count.md

sev:HIGH 8.3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter.

https://nvd.nist.gov/vuln/detail/CVE-2025-29226

And a few more Linksys E5600 CVEs. As a treat.

https://nvd.nist.gov/vuln/detail/CVE-2025-29223

https://nvd.nist.gov/vuln/detail/CVE-2025-29227

https://nvd.nist.gov/vuln/detail/CVE-2025-29230

Edit: It's a GUI not a GIU. WTF is a GIU? :blobcatfacepalm:

Congrats, all. We hit a perfect 10 every day this week 🥳 . This one from IBM.

https://www.ibm.com/support/pages/node/7228722

sev:CRIT 10.0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment.

https://nvd.nist.gov/vuln/detail/CVE-2023-43029

Must be Friday. Fortinet is publishing CVEs for really old advisories.

https://fortiguard.com/advisory/FG-IR-19-301

sev:MED 4.7 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to execute JavaScript code in the victim's browser context.
This happens when the FortiGate has web filtering and category override enabled/configured.

https://nvd.nist.gov/vuln/detail/CVE-2019-16151

Fortinet added CVE-2025-24813, Apache Tomcat RCE (high) to its outbreak alerts yesterday: https://www.fortinet.com/fortiguard/labs @fortinet #cybersecurity #infosec #Apache

Details: https://fortiguard.fortinet.com/outbreak-alert/apache-tomcat-rce

(recordedfuture.com) Apache Tomcat: Critical Path Equivalence Vulnerability (CVE-2025-24813) NOT (yet) under active exploitation

https://www.recordedfuture.com/blog/apache-tomcat-cve-2025-24813-vulnerability-analysis

Insikt Group notes specifically that this vulnerability has not yet been observed as being actively exploited in the wild.

Summary:
This article details CVE-2025-24813, a critical path equivalence vulnerability in Apache Tomcat that allows unauthenticated remote code execution under specific conditions. The vulnerability affects multiple Tomcat versions (11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, 9.0.0-M1 to 9.0.98, and most 8.5.x versions). Greynoise has identified six malicious IP addresses attempting to exploit this vulnerability, targeting systems in the US, Japan, Mexico, South Korea, and Australia. Multiple proof-of-concept exploits have been published, increasing the risk of exploitation. Organizations are advised to upgrade to patched versions (11.0.3, 10.1.35, or 9.0.99) or implement network-level controls if immediate patching isn't possible.

#Cybersecurity #ThreatIntel #Tomcat #ActiveExploitation #ITW #Exploitation #Vulnerability #CVE202524813

Fortinet added CVE-2025-24813, Apache Tomcat RCE (high) to its outbreak alerts yesterday: https://www.fortinet.com/fortiguard/labs @fortinet #cybersecurity #infosec #Apache

Details: https://fortiguard.fortinet.com/outbreak-alert/apache-tomcat-rce

(recordedfuture.com) Apache Tomcat: Critical Path Equivalence Vulnerability (CVE-2025-24813) NOT (yet) under active exploitation

https://www.recordedfuture.com/blog/apache-tomcat-cve-2025-24813-vulnerability-analysis

Insikt Group notes specifically that this vulnerability has not yet been observed as being actively exploited in the wild.

Summary:
This article details CVE-2025-24813, a critical path equivalence vulnerability in Apache Tomcat that allows unauthenticated remote code execution under specific conditions. The vulnerability affects multiple Tomcat versions (11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, 9.0.0-M1 to 9.0.98, and most 8.5.x versions). Greynoise has identified six malicious IP addresses attempting to exploit this vulnerability, targeting systems in the US, Japan, Mexico, South Korea, and Australia. Multiple proof-of-concept exploits have been published, increasing the risk of exploitation. Organizations are advised to upgrade to patched versions (11.0.3, 10.1.35, or 9.0.99) or implement network-level controls if immediate patching isn't possible.

#Cybersecurity #ThreatIntel #Tomcat #ActiveExploitation #ITW #Exploitation #Vulnerability #CVE202524813

New Broadcom security advisory relating to Apache Tomcat CVE-2025-24813.

MICS Resource Management 14.4 vulnerability (critical): https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25524 #cybersecurity #infosec #Apache

CVE-2025-24813: Apache Tomcat Vulnerable to RCE Attacks – Source: securityboulevard.com https://ciso2ciso.com/cve-2025-24813-apache-tomcat-vulnerable-to-rce-attacks-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard

(horizon3.ai) What to know about recent Github Actions and Apache Tomcat vulnerabilities—before you investigate https://www.horizon3.ai/attack-research/attack-blogs/critical-or-clickbait-github-actions-and-apache-tomcat-rce-vulnerabilities-2025/

The article from Horizon3 analyzes two recent high-profile vulnerabilities: CVE-2025-30066 affecting GitHub Actions (tj-actions/changed-files) and CVE-2025-24813 affecting Apache Tomcat. Despite widespread publicity, Horizon3.ai's Attack Team found that actual exploitation risk is significantly lower than reported. For the GitHub Actions vulnerability, only one repository among 1,200 examined was exposed, with no evidence of data exfiltration. For Apache Tomcat, analysis of over 10,000 endpoints revealed no vulnerable configurations in production environments. The article emphasizes the importance of prioritizing security responses based on actual risk rather than media hype.

#Cybersecurity #GithubActions #Github #Tomcat #Apache #Vulnerability

CVE-2025-24813 Detection: Apache Tomcat RCE Vulnerability Actively Exploited in the Wild – Source: socprime.com https://ciso2ciso.com/cve-2025-24813-detection-apache-tomcat-rce-vulnerability-actively-exploited-in-the-wild-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #CVE-2025-24813 #Latestthreats #Vulnerability #socprimecom #socprime #Blog #CVE

Plaintext local exposure of creds in AWS CDK CLI with custom credential plugins.

https://aws.amazon.com/security/security-bulletins/AWS-2025-005/

sev:MED 5.7 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178.2 or later and ensure any forked or derivative code is patched to incorporate the new fixes.

https://nvd.nist.gov/vuln/detail/CVE-2025-2598

LPE in Nessus Agent with a custom install.

https://www.tenable.com/security/tns-2025-02

sev:HIGH 7.8 - AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.

https://nvd.nist.gov/vuln/detail/CVE-2025-24915

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29814

sev:CRIT 9.3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H/E:P/RL:O/RC:C

Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-29814

Another one.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29807

sev:CRIT 8.7 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C

Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-29807

CVE-2024-9956 - PassKey Account Takeover in All Mobile Browsers: https://mastersplinter.work/research/passkey/

CVE-2024-54471: Leaking Passwords (and More!) on macOS

Link: https://wts.dev/posts/password-leak/
Discussion: https://news.ycombinator.com/item?id=43425605

If you missed this, CISA added this vulnerability to the KEV catalogue late yesterday. CVE-2025-30154 was last updated on March 19.

CVE-2025-30154 (high): reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-30154 #CISA #cybersecurity #infosec #GitHub

CVE ID: CVE-2025-30154
Vendor: reviewdog
Product: action-setup GitHub Action
Date Added: 2025-03-24
Vulnerability: reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
Notes: This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https://github.com/reviewdog/reviewdog/security/advisories/GHSA-qmg3-hpqr-gqvc ; https://nvd.nist.gov/vuln/detail/CVE-2025-30154
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-30154