FediSecfeeds

##

cR0w@infosec.exchange at 2025-09-17T13:23:17.000Z ##

Oh there's more.

##

CVE-2025-37125
(7.5 HIGH)

EPSS: 0.03%

updated 2025-09-17T15:30:32

2 posts

A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Successful exploitation could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic being handled improperly

cR0w at 2025-09-17T13:23:17.378Z ##

Oh there's more.

##

cR0w@infosec.exchange at 2025-09-17T13:23:17.000Z ##

Oh there's more.

##

CVE-2025-37130
(6.5 MEDIUM)

EPSS: 0.03%

updated 2025-09-17T15:30:32

2 posts

A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system.

cR0w at 2025-09-17T13:20:50.009Z ##

HPE published some post-auth CVEs in their SD-WAN product.

##

cR0w@infosec.exchange at 2025-09-17T13:20:50.000Z ##

HPE published some post-auth CVEs in their SD-WAN product.

##

CVE-2025-37127
(7.3 HIGH)

EPSS: 0.03%

updated 2025-09-17T15:30:32

2 posts

A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system, potentially leading to unauthorized access and control over the affected systems.

cR0w at 2025-09-17T13:20:50.009Z ##

HPE published some post-auth CVEs in their SD-WAN product.

##

cR0w@infosec.exchange at 2025-09-17T13:20:50.000Z ##

HPE published some post-auth CVEs in their SD-WAN product.

##

CVE-2025-37126
(7.2 HIGH)

EPSS: 0.11%

updated 2025-09-17T15:30:32

2 posts

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system.

cR0w at 2025-09-17T13:20:50.009Z ##

HPE published some post-auth CVEs in their SD-WAN product.

##

cR0w@infosec.exchange at 2025-09-17T13:20:50.000Z ##

HPE published some post-auth CVEs in their SD-WAN product.

##

CVE-2025-37129
(6.7 MEDIUM)

EPSS: 0.01%

updated 2025-09-17T15:30:32

2 posts

A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system if the feature is enabled without proper security measures.

cR0w at 2025-09-17T13:20:50.009Z ##

HPE published some post-auth CVEs in their SD-WAN product.

##

cR0w@infosec.exchange at 2025-09-17T13:20:50.000Z ##

HPE published some post-auth CVEs in their SD-WAN product.

##

CVE-2025-37131
(4.9 MEDIUM)

EPSS: 0.03%

updated 2025-09-17T15:30:32

2 posts

A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information.

cR0w at 2025-09-17T13:20:50.009Z ##

HPE published some post-auth CVEs in their SD-WAN product.

##

cR0w@infosec.exchange at 2025-09-17T13:20:50.000Z ##

HPE published some post-auth CVEs in their SD-WAN product.

##

CVE-2025-34183
(0 None)

EPSS: 0.20%

updated 2025-09-17T15:15:42.780000

1 posts

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential reuse.

offseq at 2025-09-17T04:32:09.526Z ##

🚨 CVE-2025-34183: Ilevia EVE X1 Server ≤4.7.18.0.eden logs plaintext creds in .log files—unauth’d remote attackers can compromise systems. Restrict log access & monitor for abuse until patched. https://radar.offseq.com/threat/cve-2025-34183-cwe-532-insertion-of-sensitive-info-d37fa94d #OffSeq #CVE202534183 #vuln #infosec

##

CVE-2025-49728
(4.0 MEDIUM)

EPSS: 0.03%

updated 2025-09-17T14:18:55.093000

2 posts

Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.

AAKL at 2025-09-17T15:00:38.348Z ##

Microsoft updated its security guide yesterday with two entries: https://msrc.microsoft.com/update-guide #Microsoft #cybersecurity #infosec

Microsoft PC Manager Security Feature Bypass Vulnerability CVE-2025-49728 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49728

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
CVE-2025-47967 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967 #Microsoft #cybersecurity #infosec

##

AAKL@infosec.exchange at 2025-09-17T15:00:38.000Z ##

Microsoft updated its security guide yesterday with two entries: https://msrc.microsoft.com/update-guide #Microsoft #cybersecurity #infosec

Microsoft PC Manager Security Feature Bypass Vulnerability CVE-2025-49728 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49728

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
CVE-2025-47967 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967 #Microsoft #cybersecurity #infosec

##

CVE-2025-9447
(7.8 HIGH)

EPSS: 0.01%

updated 2025-09-17T14:18:55.093000

2 posts

An Out-Of-Bounds Read vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.

cR0w at 2025-09-17T13:26:37.004Z ##

Some SOLIDWORKS CVEs for those that are interested.

##

cR0w@infosec.exchange at 2025-09-17T13:26:37.000Z ##

Some SOLIDWORKS CVEs for those that are interested.

##

CVE-2025-37124
(8.6 HIGH)

EPSS: 0.04%

updated 2025-09-17T14:18:55.093000

2 posts

A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Successful exploitation could allow an attacker to route potentially harmful traffic through the internal network, leading to unauthorized access or disruption of services.

cR0w at 2025-09-17T13:23:17.378Z ##

Oh there's more.

##

cR0w@infosec.exchange at 2025-09-17T13:23:17.000Z ##

Oh there's more.

##

CVE-2025-37128
(6.8 MEDIUM)

EPSS: 0.08%

updated 2025-09-17T14:18:55.093000

2 posts

A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an unstable system state.

cR0w at 2025-09-17T13:20:50.009Z ##

HPE published some post-auth CVEs in their SD-WAN product.

##

cR0w@infosec.exchange at 2025-09-17T13:20:50.000Z ##

HPE published some post-auth CVEs in their SD-WAN product.

https://www.cve.org/CVERecord?id=CVE-2025-8893

##

CVE-2025-8894
(7.8 HIGH)

EPSS: 0.01%

updated 2025-09-17T14:18:55.093000

1 posts

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

cR0w@infosec.exchange at 2025-09-16T14:37:44.000Z ##

A couple whoopsies in some Autodesk products.

https://www.cve.org/CVERecord?id=CVE-2025-8894

##

CVE-2025-9971
(9.8 CRITICAL)

EPSS: 0.13%

updated 2025-09-17T12:30:58

1 posts

Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to manipulate the device via a specific functionality.

offseq at 2025-09-17T07:32:02.566Z ##

🚨 CRITICAL: CVE-2025-9971 in Planet ICG-2510WG-LTE (EU/US) exposes industrial gateways to unauthenticated remote manipulation (CWE-306). No patch — segment networks & restrict access now. https://radar.offseq.com/threat/cve-2025-9971-cwe-306-missing-authentication-for-c-bf9a01c7 #OffSeq #ICS #Vuln #CVE20259971

##

CVE-2025-59458
(8.4 HIGH)

EPSS: 0.00%

updated 2025-09-17T09:30:51

2 posts

In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 code execution was possible due to improper command validation

cR0w at 2025-09-17T13:31:35.320Z ##

Anoyone care about Jetbrains?

https://www.jetbrains.com/privacy-security/issues-fixed

https://www.jetbrains.com/privacy-security/issues-fixed

##

cR0w@infosec.exchange at 2025-09-17T13:31:35.000Z ##

Anoyone care about Jetbrains?

https://www.jetbrains.com/privacy-security/issues-fixed

##

CVE-2025-59455
(4.2 MEDIUM)

EPSS: 0.00%

updated 2025-09-17T09:30:51

2 posts

In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition

cR0w at 2025-09-17T13:31:35.320Z ##

Anoyone care about Jetbrains?

https://www.jetbrains.com/privacy-security/issues-fixed

##

cR0w@infosec.exchange at 2025-09-17T13:31:35.000Z ##

Anoyone care about Jetbrains?

##

CVE-2025-9449
(7.8 HIGH)

EPSS: 0.01%

updated 2025-09-17T09:30:51

2 posts

A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.

cR0w at 2025-09-17T13:26:37.004Z ##

Some SOLIDWORKS CVEs for those that are interested.

##

cR0w@infosec.exchange at 2025-09-17T13:26:37.000Z ##

Some SOLIDWORKS CVEs for those that are interested.

https://www.jetbrains.com/privacy-security/issues-fixed

##

CVE-2025-59457
(7.7 HIGH)

EPSS: 0.00%

updated 2025-09-17T09:30:50

2 posts

In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows

cR0w at 2025-09-17T13:31:35.320Z ##

Anoyone care about Jetbrains?

https://www.jetbrains.com/privacy-security/issues-fixed

##

cR0w@infosec.exchange at 2025-09-17T13:31:35.000Z ##

Anoyone care about Jetbrains?

https://www.jetbrains.com/privacy-security/issues-fixed

##

CVE-2025-59456
(5.5 MEDIUM)

EPSS: 0.00%

updated 2025-09-17T09:30:50

2 posts

In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload

cR0w at 2025-09-17T13:31:35.320Z ##

Anoyone care about Jetbrains?

https://www.jetbrains.com/privacy-security/issues-fixed

##

cR0w@infosec.exchange at 2025-09-17T13:31:35.000Z ##

Anoyone care about Jetbrains?

##

CVE-2025-9242(CVSS UNKNOWN)

EPSS: 0.28%

updated 2025-09-17T09:30:50

1 posts

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and

offseq at 2025-09-17T09:01:54.045Z ##

🚨 CVE-2025-9242: CRITICAL out-of-bounds write in WatchGuard Fireware OS (11.10.2–11.12.4_Update1, 12.0–12.11.3, 2025.1). Remote unauthenticated code execution via IKEv2 VPN w/ dynamic peers. Isolate & monitor now! https://radar.offseq.com/threat/cve-2025-9242-cwe-787-out-of-bounds-write-in-watch-1286bb67 #OffSeq #WatchGuard #Vuln #InfoSec

##

CVE-2025-9450
(7.8 HIGH)

EPSS: 0.01%

updated 2025-09-17T09:30:45

2 posts

A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file.

cR0w at 2025-09-17T13:26:37.004Z ##

Some SOLIDWORKS CVEs for those that are interested.

##

cR0w@infosec.exchange at 2025-09-17T13:26:37.000Z ##

Some SOLIDWORKS CVEs for those that are interested.

https://www.cve.org/CVERecord?id=CVE-2025-26710

##

CVE-2025-47967
(4.7 MEDIUM)

EPSS: 0.07%

updated 2025-09-16T21:32:59

2 posts

Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

AAKL at 2025-09-17T15:00:38.348Z ##

Microsoft updated its security guide yesterday with two entries: https://msrc.microsoft.com/update-guide #Microsoft #cybersecurity #infosec

Microsoft PC Manager Security Feature Bypass Vulnerability CVE-2025-49728 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49728

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
CVE-2025-47967 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967 #Microsoft #cybersecurity #infosec

##

AAKL@infosec.exchange at 2025-09-17T15:00:38.000Z ##

Microsoft updated its security guide yesterday with two entries: https://msrc.microsoft.com/update-guide #Microsoft #cybersecurity #infosec

Microsoft PC Manager Security Feature Bypass Vulnerability CVE-2025-49728 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49728

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
CVE-2025-47967 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967 #Microsoft #cybersecurity #infosec

##

CVE-2025-34184(CVSS UNKNOWN)

EPSS: 0.63%

updated 2025-09-16T21:32:54

1 posts

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or denial of service.

offseq at 2025-09-17T03:01:59.972Z ##

🚨 CVE-2025-34184 (CRITICAL): Ilevia EVE X1 Server ≤4.7.18.0.eden is vulnerable to unauthenticated OS command injection via 'passwd' in /ajax/php/login.php. No patch—immediate isolation & WAF rules advised. https://radar.offseq.com/threat/cve-2025-34184-cwe-78-improper-neutralization-of-s-22f44d2e #OffSeq #Vulnerability #Infosec

##

CVE-2025-56706
(8.0 HIGH)

EPSS: 0.10%

updated 2025-09-16T18:16:01.670000

1 posts

Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution (RCE) vulnerability via the Object parameter in the openwrt_getConfig function.

cR0w@infosec.exchange at 2025-09-16T13:02:07.000Z ##

ZTE

https://www.cve.org/CVERecord?id=CVE-2025-26711

Edimax

https://www.cve.org/CVERecord?id=CVE-2025-56706

https://www.cve.org/CVERecord?id=CVE-2025-8893

##

CVE-2025-8893
(7.8 HIGH)

EPSS: 0.01%

updated 2025-09-16T15:32:45

1 posts

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

cR0w@infosec.exchange at 2025-09-16T14:37:44.000Z ##

A couple whoopsies in some Autodesk products.

https://www.cve.org/CVERecord?id=CVE-2025-8894

##

CVE-2025-26710
(3.5 LOW)

EPSS: 0.02%

updated 2025-09-16T15:32:43

1 posts

There is an an information disclosure vulnerability in ZTE T5400. Due to improper configuration of the access control mechanism, attackers can obtain information through interfaces without authorization, causing the risk of information disclosure.

cR0w@infosec.exchange at 2025-09-16T13:02:07.000Z ##

ZTE

https://www.cve.org/CVERecord?id=CVE-2025-26710

https://www.cve.org/CVERecord?id=CVE-2025-26711

Edimax

https://www.cve.org/CVERecord?id=CVE-2025-56706

https://www.cve.org/CVERecord?id=CVE-2025-26710

##

CVE-2025-26711
(5.7 MEDIUM)

EPSS: 0.02%

updated 2025-09-16T15:32:43

1 posts

There is an unauthorized access vulnerability in ZTE T5400. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface.

cR0w@infosec.exchange at 2025-09-16T13:02:07.000Z ##

ZTE

https://www.cve.org/CVERecord?id=CVE-2025-26711

Edimax

https://www.cve.org/CVERecord?id=CVE-2025-56706

https://github.com/XiaomingX/CVE-2025-43300-exp

##

CVE-2025-43300
(8.8 HIGH)

EPSS: 0.32%

updated 2025-09-16T14:08:16.943000

9 posts

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

4 repos

https://github.com/hunters-sec/CVE-2025-43300

https://github.com/PwnToday/CVE-2025-43300

https://github.com/h4xnz/CVE-2025-43300-Exploit

cancername@mas.to at 2025-09-18T04:11:37.000Z ##

>new zero click exploit
>look inside
>media decoder vuln
every single time!

analysis: https://blog.quarkslab.com/patch-analysis-of-Apple-iOS-CVE-2025-43300.html

https://www.whatsapp.com/security/advisories/2025?lang=en_US
https://github.com/b1n4r1b01/n-days/blob/main/CVE-2025-43300.md

##

beyondmachines1 at 2025-09-17T19:01:01.993Z ##

Apple releases security updates for iOS 18.7, macOS, iPadOS, and releases iOS 26 and macOS 26

Apple released critical security updates for iOS, iPadOS, and macOS addressing CVE-2025-43300, an actively exploited zero-day vulnerability in the ImageIO framework that was chained with a WhatsApp flaw in sophisticated spyware attacks targeting fewer than 200 high-profile individuals globally. The updates patch 13 additional vulnerabilities including privilege escalation flaws.

**Another big OS release from Apple. If you haven't updated your Apple devices with the emergency patch, update now to fix the exploited CVE-2025-43300. Even if you did patch, the regular update is a smart choice. Maybe wait and don't install iOS 26/ macOS Tahoe 26 until immediately, wait a month so you can see if anything bad happens.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/apple-releases-security-updates-for-ios-18-7-macos-ipados-and-releases-ios-26-and-macos-26-o-h-7-y-q/gD2P6Ple2L

##

ransomfeed@poliversity.it at 2025-09-17T10:36:44.000Z ##

Apple Backports Fix per CVE-2025-43300 sfruttato in un attacco spyware sofisticato https://ransomfeed.it/news.php?id_news=nid&nid=230

##

beyondmachines1@infosec.exchange at 2025-09-17T19:01:01.000Z ##

Apple releases security updates for iOS 18.7, macOS, iPadOS, and releases iOS 26 and macOS 26

Apple released critical security updates for iOS, iPadOS, and macOS addressing CVE-2025-43300, an actively exploited zero-day vulnerability in the ImageIO framework that was chained with a WhatsApp flaw in sophisticated spyware attacks targeting fewer than 200 high-profile individuals globally. The updates patch 13 additional vulnerabilities including privilege escalation flaws.

**Another big OS release from Apple. If you haven't updated your Apple devices with the emergency patch, update now to fix the exploited CVE-2025-43300. Even if you did patch, the regular update is a smart choice. Maybe wait and don't install iOS 26/ macOS Tahoe 26 until immediately, wait a month so you can see if anything bad happens.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/apple-releases-security-updates-for-ios-18-7-macos-ipados-and-releases-ios-26-and-macos-26-o-h-7-y-q/gD2P6Ple2L

##

jos1264@social.skynetcloud.site at 2025-09-16T12:30:02.000Z ##

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack https://thehackernews.com/2025/09/apple-backports-fix-for-cve-2025-43300.html

##

jos1264@social.skynetcloud.site at 2025-09-16T11:40:02.000Z ##

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack https://thehackernews.com/2025/09/apple-backports-fix-for-cve-2025-43300.html

##

jos1264@social.skynetcloud.site at 2025-09-16T11:40:01.000Z ##

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack https://thehackernews.com/2025/09/apple-backports-fix-for-cve-2025-43300.html

##

applsec@infosec.exchange at 2025-09-15T17:31:58.000Z ##

📣 EMERGENCY UPDATE 📣

Apple pushed additional updates for a zero-day that may have been actively exploited.

🐛 CVE-2025-43300 (ImageIO) additional patches:
- iOS and iPadOS 15.8.5
- iOS and iPadOS 16.7.12

#apple #cybersecurity #infosec #security #ios

##

ericfreyss@mastodon.social at 2025-09-11T14:36:02.000Z ##

CISA warns of Apple zero-day used in targeted cyberattacks | The Record from Recorded Future News

A recently disclosed vulnerability affecting Apple products has prompted an order for government organizations to patch the bug.

The Cybersecurity and Infrastructure Security Agency (CISA) gave civilian federal agencies until September 11 to implement a fix for CVE-2025-43300 — a vulnerability affecting popular brands of Apple phones, iPads and Macbooks.

https://therecord.media/cisa-warns-of-apple-zero-day

@cyberfr

##

CVE-2025-59056
(0 None)

EPSS: 0.05%

updated 2025-09-16T12:49:16.060000

1 posts

FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the module's database tables, which is where most modules store their configuration. This vulnerability is fixed in 15.0.38, 16.0.41, and 17.0.21.

cR0w@infosec.exchange at 2025-09-15T21:11:42.000Z ##

More FreePBX whoopsies.

https://www.cve.org/CVERecord?id=CVE-2025-55211

https://www.cve.org/CVERecord?id=CVE-2025-59056

##

CVE-2025-59331
(0 None)

EPSS: 0.05%

updated 2025-09-16T12:49:16.060000

1 posts

is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local

cR0w@infosec.exchange at 2025-09-15T20:14:41.000Z ##

More:

https://www.cve.org/CVERecord?id=CVE-2025-59330

https://www.cve.org/CVERecord?id=CVE-2025-59331

##

CVE-2025-59144
(0 None)

EPSS: 0.05%

updated 2025-09-16T12:49:16.060000

1 posts

debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server e

cR0w@infosec.exchange at 2025-09-15T19:28:46.000Z ##

* contains malware after npm account takeover

https://www.cve.org/CVERecord?id=CVE-2025-59330

##

CVE-2025-59330(CVSS UNKNOWN)

EPSS: 0.05%

updated 2025-09-15T23:58:07

1 posts

### Impact On 8 September 2025, an npm publishing account for `error-ex` was taken over after a phishing attack. Version `1.3.3` was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command li

cR0w@infosec.exchange at 2025-09-15T20:14:41.000Z ##

More:

https://www.cve.org/CVERecord?id=CVE-2025-59331

##

CVE-2025-59162(CVSS UNKNOWN)

EPSS: 0.05%

updated 2025-09-15T23:32:38

1 posts

### Impact On 8 September 2025, the npm publishing account for `color-convert` was taken over after a phishing attack. Version `3.1.1` was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, comm

cR0w@infosec.exchange at 2025-09-15T19:28:46.000Z ##

* contains malware after npm account takeover

https://www.cve.org/CVERecord?id=CVE-2025-59145

##

CVE-2025-59145(CVSS UNKNOWN)

EPSS: 0.05%

updated 2025-09-15T22:03:30

1 posts

### Impact On 8 September 2025, an npm publishing account for `color-name` was taken over after a phishing attack. Version `2.0.1` was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command

cR0w@infosec.exchange at 2025-09-15T20:40:22.000Z ##

And another:

##

CVE-2025-59143(CVSS UNKNOWN)

EPSS: 0.05%

updated 2025-09-15T21:59:09

1 posts

### Impact On 8 September 2025, the npm publishing account for `color` was taken over after a phishing attack. Version `5.0.1` was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line

cR0w@infosec.exchange at 2025-09-15T19:28:46.000Z ##

* contains malware after npm account takeover

##

CVE-2025-59142(CVSS UNKNOWN)

EPSS: 0.05%

updated 2025-09-15T21:59:05

1 posts

### Impact On 8 September 2025, the npm publishing account for `color-string` was taken over after a phishing attack. Version `2.1.1` was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, comma

cR0w@infosec.exchange at 2025-09-15T19:28:46.000Z ##

* contains malware after npm account takeover

##

CVE-2025-59141(CVSS UNKNOWN)

EPSS: 0.05%

updated 2025-09-15T21:59:00

1 posts

### Impact On 8 September 2025, the npm publishing account for `simple-swizzle` was taken over after a phishing attack. Version `0.2.3` was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, com

cR0w@infosec.exchange at 2025-09-15T19:28:46.000Z ##

* contains malware after npm account takeover

##

CVE-2025-59140(CVSS UNKNOWN)

EPSS: 0.05%

updated 2025-09-15T21:58:59

1 posts

### Impact On 8 September 2025, the npm publishing account for `backslash` was taken over after a phishing attack. Version `0.2.1` was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command

cR0w@infosec.exchange at 2025-09-15T19:28:46.000Z ##

* contains malware after npm account takeover

https://github.com/mrk336/Cluster-Chaos-Exploiting-CVE-2025-59359-for-Kubernetes-Takeover

##

CVE-2025-59360
(9.8 CRITICAL)

EPSS: 0.48%

updated 2025-09-15T21:07:43

1 posts

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

Kubernetes@activitypub.awakari.com at 2025-09-17T11:14:20.000Z ## Chaos Mesh Critical Vulnerabilities Expose Kubernetes Clusters to Takeover Security Research recently uncovered four new flaws, CVE-2025-59358, CVE-2025-59359, CVE-2025-59360, and CVE-2025-59361, i...

#CVE/vulnerability #Cyber #Security #News #Vulnerabilities #Vulnerability #cyber #security

Origin | Interest | Match ##

CVE-2025-59359
(9.8 CRITICAL)

EPSS: 0.48%

updated 2025-09-15T21:07:17

1 posts

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

1 repos

Kubernetes@activitypub.awakari.com at 2025-09-17T11:14:20.000Z ## Chaos Mesh Critical Vulnerabilities Expose Kubernetes Clusters to Takeover Security Research recently uncovered four new flaws, CVE-2025-59358, CVE-2025-59359, CVE-2025-59360, and CVE-2025-59361, i...

#CVE/vulnerability #Cyber #Security #News #Vulnerabilities #Vulnerability #cyber #security

Origin | Interest | Match ##

CVE-2025-59358
(7.5 HIGH)

EPSS: 0.03%

updated 2025-09-15T21:06:37

1 posts

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service.

Kubernetes@activitypub.awakari.com at 2025-09-17T11:14:20.000Z ## Chaos Mesh Critical Vulnerabilities Expose Kubernetes Clusters to Takeover Security Research recently uncovered four new flaws, CVE-2025-59358, CVE-2025-59359, CVE-2025-59360, and CVE-2025-59361, i...

#CVE/vulnerability #Cyber #Security #News #Vulnerabilities #Vulnerability #cyber #security

Origin | Interest | Match ##

CVE-2025-6202(CVSS UNKNOWN)

EPSS: 0.01%

updated 2025-09-15T18:32:08

3 posts

Vulnerability in SK Hynix DDR5 on x86 allows a local attacker to trigger Rowhammer bit flips impacting the Hardware Integrity and the system's security. This issue affects DDR5: DIMMs produced from 2021-1 until 2024-12.

decio@infosec.exchange at 2025-09-16T10:45:45.000Z ##

Tiens, la recherche de l'EPFZ "Phoenix" (CVE-2025-6202) montre que des DIMM DDR5 (produites entre le 2021-1 et 2024-12) de SK Hynix, un de plus grand fabricant mondial de DRAM restent vulnérables au Rowhammer malgré des contre-mesures avancées intégrées dans la puce.

"Phoenix: Rowhammer Attacks on DDR5 with Self-Correcting Synchronization"
👇
https://comsec.ethz.ch/research/dram/phoenix/
⬇️
https://comsec-files.ethz.ch/papers/phoenix_sp26.pdf
⬇️
https://github.com/comsec-group/phoenix

Les chercheurs ont trouvé deux nouveaux schémas d’attaque et une méthode de synchronisation qui contournent les protections intégrées au DRAM.
Les bit-flips obtenus sont exploitables : lecture/écriture arbitraire via PTE, vol de clés RSA/SSH, et escalation vers root (moyenne ≈ 5 min 😵 ). L’ECC embarquée ne suffit pas.
Les auteurs recommandent et démontrent qu’un refresh ×3 empêche Phoenix de provoquer des bit-flips sur leurs tests, au prix d’une surcharge de perf mesurée (+~8%).

Modules DRAM non patchables — risque long terme selon les scenarios de la menace sur nos différents datacenters ou ordis...

PoC
👇
https://github.com/comsec-group/phoenix/tree/main/poc

https://vulnerability.circl.lu/vuln/CVE-2025-6202

#CyberVeille #DDR5 #DIMM #Phoenix #Hynix #Rowhammer #CVE_2025_6202

##

silentexception@mastodon.social at 2025-09-16T05:21:29.000Z ##

"Phoenix is currently tracked as CVE-2025-6202 and received a high-severity score. It affects all DIMM RAM modules produced between January 2021 and December 2024."

New Phoenix attack bypasses Rowhammer defenses in DDR5 memory
https://www.bleepingcomputer.com/news/security/new-phoenix-attack-bypasses-rowhammer-defenses-in-ddr5-memory/
NB: "Rowhammer is a DRAM disturbance error that was first publicly reported in 2014 on DDR3"

#cybersecurity #AMD #DDR5 #DIMM #SKHynix

##

cR0w@infosec.exchange at 2025-09-15T16:12:25.000Z ##

Another rowhammer CVE.

https://comsec.ethz.ch/research/dram/phoenix/

https://www.cve.org/CVERecord?id=CVE-2025-6202

##

CVE-2025-58434
(9.8 CRITICAL)

EPSS: 3.40%

updated 2025-09-15T15:31:16

2 posts

### Summary The `forgot-password` endpoint in Flowise returns sensitive information including a valid password reset `tempToken` without authentication or verification. This enables any attacker to generate a reset token for arbitrary users and directly reset their password, leading to a complete **account takeover (ATO)**. This vulnerability applies to **both the cloud service (`cloud.flowiseai

https://comsec.ethz.ch/research/microarch/vmscape-exposing-and-exploiting-incomplete-branch-predictor-isolation-in-cloud-environments/

beyondmachines1@infosec.exchange at 2025-09-16T08:01:08.000Z ##

Critical FlowiseAI password reset flaw exposes accounts to complete takeover

FlowiseAI has disclosed a critical vulnerability (CVE-2025-58434) in its password reset mechanism that allows unauthenticated attackers to compromise user accounts by exploiting valid reset tokens leaked in API response.

**THIS ONE IS URGENT AND IMPORTANT! Immediately upgrade to FlowiseAI 3.0.6 or later, because all your user accounts are exposed to account takeover. If you can't upgrade right away, disable public access to the /api/v1/account/forgot-password endpoint until you can patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-flowiseai-password-reset-flaw-exposes-accounts-to-complete-takeover-l-l-h-0-f/gD2P6Ple2L

##

jos1264@social.skynetcloud.site at 2025-09-15T11:40:02.000Z ##

CVE-2025-58434: Critical FlowiseAI Flaw Enables Full Account Takeover https://thecyberexpress.com/cve-2025-58434/ #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #Vulnerability #APIendpoints #CVE202558434 #CyberNews #FlowiseAI

##

CVE-2025-58364
(6.5 MEDIUM)

EPSS: 0.03%

updated 2025-09-15T15:22:38.297000

2 posts

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local subnet in default configurations. It can cause the cups & cups-browsed to crash, on all the machines i

linux@activitypub.awakari.com at 2025-09-16T12:00:35.000Z ## Linux CUPS: Remote DoS and Authentication Bypass Exploit The discovery of CVE-2025-58364 and CVE-2025-58060 reveals two critical weaknesses in the Linux Common Unix Printing System (CUPS). Exploiti...

#Category(Default) #- #Do #Not #Use #This

Origin | Interest | Match ##

beyondmachines1@infosec.exchange at 2025-09-16T10:01:03.000Z ##

Vulnerabilities reported in CUPS system for Linux

Two vulnerabilities affect Linux CUPS printing systems: CVE-2025-58060 allows authentication bypass to gain unauthorized administrative access, while CVE-2025-58364 enables remote denial-of-service attacks through crafted printer responses. The authentication bypass has been patched in CUPS version 2.4.13, but the DoS vulnerability remains unpatched.

**Finally not an urgent patch. Ideally, if not used disable cups-browsed and plan an update of the cups packages.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/vulnerabilities-reported-in-cups-system-for-linux-s-1-6-5-c/gD2P6Ple2L

##

CVE-2025-40300
(0 None)

EPSS: 0.04%

updated 2025-09-15T15:22:38.297000

3 posts

In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors af

benzogaga33@mamot.fr at 2025-09-12T09:40:02.000Z ##

VMScape : Linux se protège de la nouvelle vulnérabilité ciblant les CPU Intel et AMD https://www.it-connect.fr/vmscape-linux-kvm-qemu-cve-2025-40300/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Cloud #Linux

##

linux@activitypub.awakari.com at 2025-09-12T07:39:23.000Z ## VMScape : Linux se protège de la nouvelle vulnérabilité ciblant les CPU Intel et AMD VMScape (CVE-2025-40300) : une faille de sécurité affecte certains processeurs AMD et Intel, et menace les ...

#Actu #Cybersécurité #Cloud #Cybersécurité #Linux #Vulnérabilité

Origin | Interest | Match ##

kernellogger@hachyderm.io at 2025-09-11T16:45:10.000Z ##

Mitigations for #vmscape have been merged to #Linux mainline and included in new stable and longterm #kernel versions released about an hour ago (like 6.16.7 or 6.12.47).

Vmscape is a vulnerability that essentially takes Spectre-v2 and attacks host userspace from a guest. It particularly affects hypervisors like #QEMU.

For more details see this #LinuxKernel merge commit https://git.kernel.org/torvalds/c/223ba8ee0a3986718c874b66ed24e7f87f6b8124, the doc changes in contains at https://git.kernel.org/torvalds/c/9969779d0803f5dcd4460ae7aca2bc3fd91bff12, or the following page from those that published the vulnerability:

It is tracked as #CVE-2025-40300

https://www.cve.org/CVERecord?id=CVE-2025-40300

##

CVE-2025-59361
(9.8 CRITICAL)

EPSS: 0.48%

updated 2025-09-15T15:21:42.937000

1 posts

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

Kubernetes@activitypub.awakari.com at 2025-09-17T11:14:20.000Z ## Chaos Mesh Critical Vulnerabilities Expose Kubernetes Clusters to Takeover Security Research recently uncovered four new flaws, CVE-2025-59358, CVE-2025-59359, CVE-2025-59360, and CVE-2025-59361, i...

#CVE/vulnerability #Cyber #Security #News #Vulnerabilities #Vulnerability #cyber #security

Origin | Interest | Match ##

CVE-2025-10442
(6.3 MEDIUM)

EPSS: 2.35%

updated 2025-09-15T15:21:42.937000

1 posts

A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

cR0w@infosec.exchange at 2025-09-15T13:20:20.000Z ##

Tenda

D-Link

Intelbras

##

CVE-2025-10443
(8.8 HIGH)

EPSS: 0.09%

updated 2025-09-15T15:21:42.937000

1 posts

A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.

cR0w@infosec.exchange at 2025-09-15T13:20:20.000Z ##

Tenda

D-Link

Intelbras

https://security.paloaltonetworks.com/CVE-2025-4234

##

CVE-2025-4234
(0 None)

EPSS: 0.01%

updated 2025-09-15T15:21:42.937000

1 posts

A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs.

cR0w@infosec.exchange at 2025-09-10T16:25:13.000Z ##

PAN published some advisories today including a sev:LOW 0.5 for logging user creds in plaintext logs. Yes, I typed that correctly. They gave it a CVSS-BT score of 0.5.

##

CVE-2025-10440
(6.3 MEDIUM)

EPSS: 0.43%

updated 2025-09-15T12:31:31

1 posts

A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and

cR0w@infosec.exchange at 2025-09-15T13:20:20.000Z ##

Tenda

D-Link

Intelbras

##

CVE-2025-10441
(6.3 MEDIUM)

EPSS: 0.43%

updated 2025-09-15T12:31:31

1 posts

A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub_433F7C of the file version_upgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used.

cR0w@infosec.exchange at 2025-09-15T13:20:20.000Z ##

Tenda

D-Link

Intelbras

##

CVE-2025-10432
(9.8 CRITICAL)

EPSS: 0.05%

updated 2025-09-15T09:30:29

1 posts

A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function check_param_changed of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the argument wanMTU results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

cR0w@infosec.exchange at 2025-09-15T13:20:20.000Z ##

Tenda

D-Link

Intelbras

https://curl.se/docs/CVE-2025-9086.html

##

CVE-2025-9086
(7.5 HIGH)

EPSS: 0.05%

updated 2025-09-12T18:32:16

1 posts

1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic ma

bagder@mastodon.social at 2025-09-10T05:56:27.000Z ##

CVE-2025-9086: Out of bounds read for cookie path

Severity: Low

##

CVE-2025-10148
(5.3 MEDIUM)

EPSS: 0.03%

updated 2025-09-12T18:32:11

2 posts

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as

bagder@mastodon.social at 2025-09-10T12:28:57.000Z ##

oops I got the affected version range wrong for CVE-2025-10148, it has now been updated

##

bagder@mastodon.social at 2025-09-10T05:56:57.000Z ##

CVE-2025-10148: predictable WebSocket mask

Severity: Low

https://curl.se/docs/CVE-2025-10148.html

##

CVE-2025-9556
(9.8 CRITICAL)

EPSS: 0.06%

updated 2025-09-12T15:31:42

1 posts

Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read files, which leads to a server side template injection vulnerability within langchaingo, allowing an attacker to insert a statement into a prompt to read the "etc/passwd" file.

beyondmachines1@infosec.exchange at 2025-09-16T09:01:08.000Z ##

LangChainGo template injection vulnerability enables arbitrary file access

LangChainGo is reporting a critical server-side template injection vulnerability (CVE-2025-9556) that allows attackers to read arbitrary files by injecting malicious Jinja2 directives like {% include '/etc/passwd' %} through the prompt interface.

**Another URGENT advisory. If you're using LangChainGo, immediately upgrade to version 0.18.2 or later because the template engine allows attackers to send template injection in the chat prompt and read any file on your server. Isolating doesn't help much, your users are your potential attackers.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/langchaingo-template-injection-vulnerability-enables-arbitrary-file-access-r-8-5-0-k/gD2P6Ple2L

##

CVE-2025-5086
(9.0 CRITICAL)

EPSS: 63.95%

updated 2025-09-12T13:40:47.133000

9 posts

A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.

https://github.com/SacX-7/CVE-2025-50867

2 repos

https://github.com/SacX-7/CVE-2025-50866

beyondmachines1@infosec.exchange at 2025-09-13T10:01:08.000Z ##

Critical flaw in DELMIA Apriso manufacturing software under active exploitation

CISA has issued an urgent warning about threat actors actively exploiting CVE-2025-5086, a critical deserialization vulnerability in DELMIA Apriso manufacturing software that enables remote code execution.

**If you use DELMIA Apriso factory software (any version from 2020 to 2025), make sure it's isolated and accessible only from trusted networks. Then check for security patches from Dassault Systèmes and apply them right away. Attackers are actively exploiting this system.**
#cybersecurity #infosec #advisory #ransomware
https://beyondmachines.net/event_details/critical-flaw-in-delmia-apriso-manufacturing-software-under-active-exploitation-q-y-9-u-w/gD2P6Ple2L

##

technadu@infosec.exchange at 2025-09-13T09:41:37.000Z ##

⚠️ CISA alert: Active exploitation of CVE-2025-5086 (RCE in Dassault DELMIA Apriso).
💡 Affects 2020–2025 releases
💡 Exploit = malicious SOAP requests → .NET payload execution
💡 Used in aerospace, auto, high-tech, and manufacturing sectors
💡 Patch deadline for U.S. agencies: Oct 2
Private enterprises should move with the same urgency.
👉 Follow @technadu for vulnerability + KEV updates.

#CyberSecurity #CISA #CVE20255086 #RCE #IndustrialSecurity

##

jos1264@social.skynetcloud.site at 2025-09-13T00:20:02.000Z ##

Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning – Source:thehackernews.com https://ciso2ciso.com/critical-cve-2025-5086-in-delmia-apriso-actively-exploited-cisa-issues-warning-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Critical

##

defendopsdiaries@infosec.exchange at 2025-09-12T17:02:48.000Z ##

A critical bug in DELMIA Apriso now lets hackers remotely hijack systems—with malicious SOAP requests already in play. Is your production line prepared for this high-stakes vulnerability?

https://thedefendopsdiaries.com/understanding-the-critical-cve-2025-5086-vulnerability-in-delmia-apriso/

#cve20255086
#delmiaapriso
#cybersecurity
#vulnerability
#remotecodeexecution

##

technadu@infosec.exchange at 2025-09-12T15:54:47.000Z ##

🚨 CISA adds CVE-2025-5086 (Dassault DELMIA Apriso deserialization flaw) to the Known Exploited Vulnerabilities Catalog after active exploitation evidence.

⚠️ BOD 22-01 requires U.S. federal agencies to patch, but CISA urges all orgs to prioritize.

Do KEVs get top priority in your patching strategy?

👉 Follow @technadu for more updates.

#CISA #KEV #CVE #Infosec

##

jos1264@social.skynetcloud.site at 2025-09-12T13:45:02.000Z ##

Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning https://thehackernews.com/2025/09/critical-cve-2025-5086-in-delmia-apriso.html

##

jos1264@social.skynetcloud.site at 2025-09-12T13:45:02.000Z ##

Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning https://thehackernews.com/2025/09/critical-cve-2025-5086-in-delmia-apriso.html

##

AAKL@infosec.exchange at 2025-09-11T18:12:12.000Z ##

CISA has updated the KEV catalogue.

CVE-2025-5086: Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-5086

There are also several industrial advisories: https://www.cisa.gov/news-events/cybersecurity-advisories

From yesterday:

CISA Presents Vision for the Common Vulnerabilities and Exposures (CVE) Program https://www.cisa.gov/news-events/news/cisa-presents-vision-common-vulnerabilities-and-exposures-cve-program

The Mandate, Mission, and Momentum to lead the CVE Program into the Future belongs to CISA https://www.cisa.gov/news-events/news/mandate-mission-and-momentum-lead-cve-program-future-belongs-cisa #CISA #cybersecurity #infosec

##

cisakevtracker@mastodon.social at 2025-09-11T18:00:47.000Z ##

CVE ID: CVE-2025-5086
Vendor: Dassault Systèmes
Product: DELMIA Apriso
Date Added: 2025-09-11
Notes: https://www.3ds.com/trust-center/security/security-advisories/cve-2025-5086 ; https://nvd.nist.gov/vuln/detail/CVE-2025-5086
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-5086

##

CVE-2025-10266
(9.8 CRITICAL)

EPSS: 0.08%

updated 2025-09-12T12:30:30

1 posts

NUP Pro developed by NewType Infortech has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

offseq@infosec.exchange at 2025-09-12T10:31:58.000Z ##

🚨 CVE-2025-10266: CRITICAL SQL Injection in NewType Infortech NUP Portal (ver 0) lets unauthenticated attackers remotely access, modify, or delete DB data. No patch yet—enforce WAFs, restrict access, monitor logs. https://radar.offseq.com/threat/cve-2025-10266-cwe-89-improper-neutralization-of-s-cd78c7fe #OffSeq #SQLInjection #Vulnerability

##

CVE-2025-21043
(8.8 HIGH)

EPSS: 0.10%

updated 2025-09-12T09:30:38

10 posts

Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.

Hackread@mstdn.social at 2025-09-15T10:26:16.000Z ##

Samsung has patched CVE-2025-21043, a critical Android image parsing vulnerability reported by WhatsApp in which attackers used malicious images in live attacks.

Read: https://hackread.com/samsung-android-image-parsing-vulnerability-attacks/

#CyberSecurity #Samsung #WhatsApp #Vulnerability #Android

##

benzogaga33@mamot.fr at 2025-09-15T09:40:02.000Z ##

Patchez votre appareil Samsung – CVE-2025-21043 : cette faille zero-day est activement exploitée ! https://www.it-connect.fr/samsung-cve-2025-21043-patch-android-septembre/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Samsung

##

Android@activitypub.awakari.com at 2025-09-13T09:04:47.000Z ## Samsung corrige vulnerabilidad crítica (CVE-2025-21043) explotada activamente en Android Samsung ha publicado su paquete mensual de actualizaciones de seguridad para Android, abordando especialmen...

#Seguridad

Origin | Interest | Match ##

beyondmachines1@infosec.exchange at 2025-09-13T09:01:08.000Z ##

Samsung patches critical Vulnerability exploited in targeted attacks on Galaxy devices

Samsung patched multiple critical vulnerabilities in its September 2025 Security Maintenance Release, including an actively exploited zero-day vulnerability (CVE-2025-21043) in the libimagecodec.quram.so image parsing library that allows remote code execution on Samsung Galaxy devices.

**If you have a Samsung phone, keep up with the updates and make sure to update to the September 2025 patch when it's available. All Samsung phones have a flaw that's actively exploited. Waiting for an hour for the update to finish is easier hoping you won't be hacked.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/samsung-patches-critical-vulnerability-exploited-in-targeted-attacks-on-galaxy-devices-u-8-2-f-4/gD2P6Ple2L

##

jos1264@social.skynetcloud.site at 2025-09-13T00:20:02.000Z ##

Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks – Source:thehackernews.com https://ciso2ciso.com/samsung-fixes-critical-zero-day-cve-2025-21043-exploited-in-android-attacks-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Samsung

##

Android@activitypub.awakari.com at 2025-09-12T15:16:00.000Z ## Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks Tech-Wire - Stay Updated with insights, trends, news and opinions on Technology, Digital Marketing, Education, and HR | T...

#Cyber #Security

Origin | Interest | Match ##

jos1264@social.skynetcloud.site at 2025-09-12T15:55:02.000Z ##

Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks https://thehackernews.com/2025/09/samsung-fixes-critical-zero-day-cve.html

##

jos1264@social.skynetcloud.site at 2025-09-12T15:55:02.000Z ##

Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks https://thehackernews.com/2025/09/samsung-fixes-critical-zero-day-cve.html

##

jos1264@social.skynetcloud.site at 2025-09-12T15:55:01.000Z ##

Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks https://thehackernews.com/2025/09/samsung-fixes-critical-zero-day-cve.html

##

Android@activitypub.awakari.com at 2025-09-12T11:44:35.000Z ## Samsung fixed actively exploited zero-day Samsung fixed the remote code execution flaw CVE-2025-21043 that was exploited in zero-day attacks against Android devices. Samsung addressed the remote co...

#Breaking #News #Hacking #Mobile #Security #Android #CVE-2025-21043 #information #security #news #IT

Origin | Interest | Match ##

CVE-2025-9918
(0 None)

EPSS: 0.34%

updated 2025-09-11T17:14:10.147000

1 posts

A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server (versions 6.3.54.0, 6.3.53.2, and all prior versions) allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution (RCE) via uploading a malicious ZIP archive containing path traversal sequences.

cR0w@infosec.exchange at 2025-09-15T13:13:48.000Z ##

LOL nice ../ Google LMAO

A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server (versions 6.3.54.0, 6.3.53.2, and all prior versions) allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution (RCE) via uploading a malicious ZIP archive containing path traversal sequences.

https://www.cve.org/CVERecord?id=CVE-2025-9918

##

CVE-2025-10200
(8.8 HIGH)

EPSS: 0.07%

updated 2025-09-11T17:14:10.147000

2 posts

Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Android@activitypub.awakari.com at 2025-09-12T10:18:00.000Z ## Minor update(7) for Vivaldi Android Browser 7.5 This update adds a warning for Android 9 users about future deprecation, and includes security updates from Chromium upstream for CVE-2025-10200. Ori...

#Android #Android #Updates

Origin | Interest | Match ##

beyondmachines1@infosec.exchange at 2025-09-10T10:01:08.000Z ##

Google releases urgent Chrome update, patches critical vulnerability

Google released a critical Chrome security update addressing CVE-2025-10200, a use-after-free vulnerability in ServiceWorker that could enable remote code execution, along with a high-severity inappropriate implementation flaw in Mojo. The company is withholding detailed vulnerability information until the majority of users receive the automatic security patches.

**Once again - an critical patch for Chrome - Google is patching an critica flaw in Chrome. Not exploited yet, but the reward for the bug was huge, so there is a real danger of this flaw being exploited. Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-releases-urgent-chrome-update-patches-critical-vulnerability-a-u-u-k-s/gD2P6Ple2L

##

CVE-2025-10250
(5.0 MEDIUM)

EPSS: 0.02%

updated 2025-09-11T12:31:30

1 posts

A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high complexity level is associated with this attack. The exploitability is told to be difficult. The exploit has

cR0w@infosec.exchange at 2025-09-15T13:11:04.000Z ##

The write-up on GitHub and the description in the CVE don't really match, but either way, go hack some EOL DJI shit.

https://github.com/ByteMe1001/DJI-Enhanced-WiFi-Weak-Cryptography

https://www.cve.org/CVERecord?id=CVE-2025-10250

##

CVE-2025-55976
(8.4 HIGH)

EPSS: 0.01%

updated 2025-09-10T21:31:21

1 posts

Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint.

cR0w@infosec.exchange at 2025-09-15T13:20:20.000Z ##

Tenda

D-Link

Intelbras

https://github.com/amalpvatayam67/day01-sessionreaper-lab

##

CVE-2025-54236
(9.1 CRITICAL)

EPSS: 0.33%

updated 2025-09-10T20:40:02

10 posts

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact to high. Exploitation of this issue does not require user interaction.

1 repos

patrickcmiller@infosec.exchange at 2025-09-10T13:42:01.000Z ##

SessionReaper, unauthenticated RCE in Magento & Adobe Commerce (CVE-2025-54236) https://sansec.io/research/sessionreaper

##

beyondmachines1@infosec.exchange at 2025-09-10T09:01:08.000Z ##

Adobe releases September 2025 patches for multiple products, warns of critical flaw in Adobe Commerce/Magento

Adobe's September 2025 security updates include a critical emergency patch for the "SessionReaper" vulnerability (CVE-2025-54236) affecting Commerce and Magento platforms, which allows unauthenticated attackers to take control of customer accounts through the REST API and is expected to enable automated large-scale account takeovers and fraudulent transactions. The patch release also addresses multiple critical vulnerabilities in Acrobat, Premiere Pro, ColdFusion, and Experience Manager.

**If you are using Adobe Commerce/Magento this advisory is URGENT AND IMPORTANT - Patch your Commerce/Magento IMMEDIATELY. For everyone else, high priority patching is Adobe Acrobat/Reader and Cold Fusion. Then review the advisory for the rest of the Adobe products you use.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/adobe-releases-september-2025-patches-for-multiple-products-v-5-g-g-3/gD2P6Ple2L

##

jos1264@social.skynetcloud.site at 2025-09-10T07:40:02.000Z ##

Adobe Issues Urgent Patch for ‘SessionReaper’ Vulnerability in Commerce and Magento https://thecyberexpress.com/adobe-commerce-flaw-cve-2025-54236/ #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #AdobeCommerce #SessionReaper #CVE202554236 #CyberNews #Magento

##

decio@infosec.exchange at 2025-09-10T07:29:37.000Z ##

⚠️ si tu administres (ou sais que) ton site e-commerce tourne sur Magento / Adobe Commerce : c’est LE moment de le mettre à jour

Une faille critique baptisée SessionReaper (CVE-2025-54236) a été rendue publique. Elle permet à un attaquant, sans aucune authentification, de prendre le contrôle d’une boutique en ligne, d’accéder aux comptes clients… et dans certains cas d’exécuter du code à distance sur le serveur.
👉 En clair : risque important de vol d’infos de paiement, compromission massive de boutiques, déploiement de malwares.

Adobe a publié un patch d’urgence hors calendrier
👇
https://helpx.adobe.com/security/products/magento/apsb25-88.html
⬇️
https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397

Selon la société spécialisée Sansec:
« Cela n’aide pas que le patch Adobe ait fuité accidentellement la semaine dernière, donc il est possible que des acteurs malveillants travaillent déjà sur un code d’exploitation. »

(https://sansec.io/research/sessionreaper)

Qui est concerné ?

Adobe Commerce (tous déploiements) : 2.4.9-alpha2 et toutes les versions antérieures jusqu’à 2.4.4-p15 inclus
Magento Open Source : mêmes versions affectées
Adobe Commerce B2B : 1.5.3-alpha2 et antérieures jusqu’à 1.3.3-p15 inclus
Module Custom Attributes Serializable : 0.1.0 → 0.4.0

Que faire ?

Appliquer dès que possible le patch 👉 Adobe APSB25-88

Tester vos personnalisations : ce correctif désactive certaines fonctions internes, certains modules tiers risquent de casser

Si vous ne pouvez patcher dans les prochaines heures → activez un WAF (Fastly ou Sansec Shield). Adobe a déjà poussé de nouvelles règles WAF côté Cloud.

⚡ L’historique montre que les failles Magento de ce type (Shoplift 2015, TrojanOrder 2022, CosmicSting 2024…) sont exploitées (en masse) très rapidement et récursivement.

( https://vulnerability.circl.lu/vuln/CVE-2025-54236 )

#Magento #CyberVeille #AdobeCommerce #Cyberveille #CVE_2025_54236

##

jos1264@social.skynetcloud.site at 2025-09-10T02:15:03.000Z ##

Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts https://thehackernews.com/2025/09/adobe-commerce-flaw-cve-2025-54236-lets.html

##

jos1264@social.skynetcloud.site at 2025-09-10T02:15:02.000Z ##

Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts https://thehackernews.com/2025/09/adobe-commerce-flaw-cve-2025-54236-lets.html

##

jos1264@social.skynetcloud.site at 2025-09-10T02:15:02.000Z ##

Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts https://thehackernews.com/2025/09/adobe-commerce-flaw-cve-2025-54236-lets.html

##

oversecurity@mastodon.social at 2025-09-09T16:10:39.000Z ##

Adobe patches critical SessionReaper flaw in Magento eCommerce platform

Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper...

🔗️ [Bleepingcomputer] https://link.is.it/mmUoFw

##

gtronix@infosec.exchange at 2025-09-09T16:01:11.000Z ##

Adobe patches critical SessionReaper flaw in Magento eCommerce platform

[...] Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of " the most severe" flaws in the history of the product.

https://www.bleepingcomputer.com/news/security/adobe-patches-critical-sessionreaper-flaw-in-magento-ecommerce-platform/

#OpenSource

##

wall_e at 2025-09-09T14:24:39.059Z ##

Should you find yourself in the unfortunate position of running (or being otherwise responsible for) a Magento / Adobe Commerce platform...you may wanna update _today_

https://sansec.io/research/sessionreaper

TL;DR CVE-2025-54236: possible unauthenticated RCE and customer account takeover

#magento #adobe #SessionReaper

##

CVE-2025-29927
(9.1 CRITICAL)

EPSS: 92.08%

updated 2025-09-10T15:49:40.637000

2 posts

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the

https://github.com/elshaheedy/CVE-2025-29927-Sigma-Rule

100 repos

https://github.com/olimpiofreitas/CVE-2025-29927-scanner

https://github.com/m2hcz/PoC-for-Next.js-Middleware

https://github.com/aleongx/CVE-2025-29927

https://github.com/TheresAFewConors/CVE-2025-29927-Testing

https://github.com/kuzushiki/CVE-2025-29927-test

https://github.com/0xPThree/next.js_cve-2025-29927

https://github.com/Nekicj/CVE-2025-29927-exploit

https://github.com/Heimd411/CVE-2025-29927-PoC

https://github.com/nicknisi/next-attack

https://github.com/YEONDG/nextjs-cve-2025-29927

https://github.com/fahimalshihab/NextBypass

https://github.com/b4sh0xf/PoC-CVE-2025-29927

https://github.com/l1uk/nextjs-middleware-exploit

https://github.com/enochgitgamefied/NextJS-CVE-2025-29927

https://github.com/moften/CVE-2025-29927

https://github.com/iSee857/CVE-2025-29927

https://github.com/pickovven/vulnerable-nextjs-14-CVE-2025-29927

https://github.com/maronnjapan/claude-create-CVE-2025-29927

https://github.com/furmak331/CVE-2025-29927

https://github.com/BilalGns/CVE-2025-29927

https://github.com/Balajih4kr/cve-2025-29927

https://github.com/dedibagus/cve-2025-29927-poc

https://github.com/hed1ad/CVE-2025-29927

https://github.com/strobes-security/nextjs-vulnerable-app

https://github.com/mickhacking/Thank-u-Next

https://github.com/6mile/nextjs-CVE-2025-29927

https://github.com/emadshanab/CVE-2025-29927

https://github.com/lem0n817/CVE-2025-29927

https://github.com/mhamzakhattak/CVE-2025-29927

https://github.com/jmbowes/NextSecureScan

https://github.com/Knotsecurity/CVE-2025-29927-NextJs-Middleware-Simulation

https://github.com/0xPb1/Next.js-CVE-2025-29927

https://github.com/kh4sh3i/CVE-2025-29927

https://github.com/sagsooz/CVE-2025-29927

https://github.com/EQSTLab/CVE-2025-29927

https://github.com/0xnxt1me/CVE-2025-29927

https://github.com/arvion-agent/next-CVE-2025-29927

https://github.com/aydinnyunus/CVE-2025-29927

https://github.com/lirantal/vulnerable-nextjs-14-CVE-2025-29927

https://github.com/jeymo092/cve-2025-29927

https://github.com/MKIRAHMET/CVE-2025-29927-PoC

https://github.com/gotr00t0day/CVE-2025-29927

https://github.com/pixilated730/NextJS-Exploit-

https://github.com/ticofookfook/poc-nextjs-CVE-2025-29927

https://github.com/t3tra-dev/cve-2025-29927-demo

https://github.com/AnonKryptiQuz/NextSploit

https://github.com/Kamal-Hegazi/CVE-2025-29927-Next.js-Middleware-Authorization-Bypass

https://github.com/UNICORDev/exploit-CVE-2025-29927

https://github.com/rgvillanueva28/vulnbox-easy-CVE-2025-29927

https://github.com/adjscent/vulnerable-nextjs-14-CVE-2025-29927

https://github.com/serhalp/test-cve-2025-29927

https://github.com/Neoxs/nextjs-middleware-vuln-poc

https://github.com/Oyst3r1ng/CVE-2025-29927

https://github.com/Jull3Hax0r/next.js-exploit

https://github.com/alastair66/CVE-2025-29927

https://github.com/yugo-eliatrope/test-cve-2025-29927

https://github.com/SugiB3o/vulnerable-nextjs-14-CVE-2025-29927

https://github.com/ricsirigu/CVE-2025-29927

https://github.com/zs1n/CVE-2025-29927

https://github.com/c0dejump/CVE-2025-29927-check

https://github.com/alihussainzada/CVE-2025-29927-PoC

https://github.com/newweshi/CVE-2025-29927

https://github.com/sn1p3rt3s7/NextJS_CVE-2025-29927

https://github.com/ValGrace/middleware-auth-bypass

https://github.com/Naveen-005/Next.Js-middleware-bypass-vulnerability-CVE-2025-29927

https://github.com/w2hcorp/CVE-2025-29927-PoC

https://github.com/ayato-shitomi/WebLab_CVE-2025-29927

https://github.com/Gokul-Krishnan-V-R/cve-2025-29927

https://github.com/sahbaazansari/CVE-2025-29927

https://github.com/aleongx/CVE-2025-29927_Scanner

https://github.com/darklotuskdb/nextjs-CVE-2025-29927-hunter

https://github.com/ethanol1310/POC-CVE-2025-29927-

https://github.com/websecnl/CVE-2025-29927-PoC-Exploit

https://github.com/pouriam23/Next.js-Middleware-Bypass-CVE-2025-29927-

https://github.com/MuhammadWaseem29/CVE-2025-29927-POC

https://github.com/kOaDT/poc-cve-2025-29927

https://github.com/0xWhoknows/CVE-2025-29927

https://github.com/ferpalma21/Automated-Next.js-Security-Scanner-for-CVE-2025-29927

https://github.com/RoyCampos/CVE-2025-29927

https://github.com/Ademking/CVE-2025-29927

https://github.com/0xcucumbersalad/cve-2025-29927

https://github.com/AventurineJ/CVE-2025-29927-Research

https://github.com/R3verseIN/Nextjs-middleware-vulnerable-appdemo-CVE-2025-29927

https://github.com/luq0x/0xMiddleware

https://github.com/fourcube/nextjs-middleware-bypass-demo

https://github.com/nocomp/CVE-2025-29927-scanner

https://github.com/enochgitgamefied/NextJS-CVE-2025-29927-Docker-Lab

https://github.com/dante01yoon/CVE-2025-29927

https://github.com/Kamal-418/Vulnerable-Lab-NextJS-CVE-2025-29927

https://github.com/yuzu-juice/CVE-2025-29927_demo

https://github.com/Grand-Moomin/Vuln-Next.js-CVE-2025-29927

https://github.com/Hirainsingadia/CVE-2025-29927

https://github.com/rubbxalc/CVE-2025-29927

https://github.com/Eve-SatOrU/POC-CVE-2025-29927

https://github.com/EarthAngel666/x-middleware-exploit

https://github.com/takumade/ghost-route

https://github.com/HoumanPashaei/CVE-2025-29927

https://github.com/azu/nextjs-cve-2025-29927-poc

https://github.com/nyctophile0969/CVE-2025-29927

DarkWebInformer at 2025-09-17T16:20:42.966Z ##

🚨CVE-2025-29927: Next.js Middleware Bypass Vulnerability

PoC: https://github.com/AnonKryptiQuz/NextSploit

Credit: youtube.com/@aungsec

##

DarkWebInformer@infosec.exchange at 2025-09-17T16:20:42.000Z ##

🚨CVE-2025-29927: Next.js Middleware Bypass Vulnerability

PoC: https://github.com/AnonKryptiQuz/NextSploit

Credit: youtube.com/@aungsec

##

CVE-2025-9994
(9.8 CRITICAL)

EPSS: 0.06%

updated 2025-09-10T14:15:44.493000

1 posts

The Amp’ed RF BT-AP 111 Bluetooth access point's HTTP admin interface does not have an authentication feature, allowing unauthorized access to anyone with network access.

beyondmachines1@infosec.exchange at 2025-09-11T20:01:08.000Z ##

Critical authentication bypass flaw reported in Amp'ed RF BT-AP 111 Bluetooth access point

Security researchers discovered a critical vulnerability (CVE-2025-9994) in the Amp'ed RF BT-AP 111 Bluetooth Access Point that completely lacks authentication controls, allowing any network user to access and modify all administrative settings through the HTTP interface. The vendor is not esponsive to security disclosures and no firmware updates are available.

**If you have Amp'ed RF BT-AP 111 Bluetooth Access Points, make sure they are isolated on a separate VLAN since they have no authentication protection on their admin interface, and there is no vendor patch. Consider replacing these devices entirely.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaw-reported-in-amp-ed-rf-bt-ap-111-bluetooth-access-point-b-9-a-0-z/gD2P6Ple2L

##

CVE-2025-10159
(9.8 CRITICAL)

EPSS: 0.16%

updated 2025-09-09T21:30:39

1 posts

An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7).

beyondmachines1@infosec.exchange at 2025-09-11T17:01:08.000Z ##

Sophos patches critical authentication bypass flaw in AP6 Series wireless access points

Sophos patched a critical vulnerability (CVE-2025-10159) in its AP6 Series Wireless Access Points that could allow attackers to gain complete administrative control over affected devices running firmware prior to version 1.7.2563. The vulnerability requires access to the device's management IP address.

**If you have Sophos AP6 Series Wireless Access Points, first make sure the management port is isolated from the internet and accessible only from trusted networks. The check that they're running firmware version 1.7.2563 (MR7) or newer. If not, manually upgrade to the latest firmware.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sophos-patches-critical-authentication-bypass-flaw-in-ap6-series-wireless-access-points-b-a-9-9-g/gD2P6Ple2L

##

CVE-2025-55234
(8.8 HIGH)

EPSS: 0.53%

updated 2025-09-09T18:31:31

1 posts

SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft i

1 repos

https://github.com/mrk336/Patch-the-Path-CVE-2025-55234-Detection-Defense

beyondmachines1@infosec.exchange at 2025-09-09T20:01:07.000Z ##

Microsoft's September 2025 Patch Tuesday patches 81 vulnerabilities, 13 critical, two publicly disclosed

Microsoft's September 2025 Patch Tuesday addressed 81 security vulnerabilities including two zero-day flaws—a Windows SMB elevation of privilege vulnerability (CVE-2025-55234) enabling authentication relay attacks and a Newtonsoft.Json issue in SQL Server (CVE-2024-21907) causing denial of service. The update included 13 critical vulnerabilities spanning Windows graphics components, Microsoft Office applications, Azure cloud services, and Hyper-V virtualization platform.

**This month prioritize Windows and Microsoft SQL Server for patching - most critical and zero-days vulnerabilities affect these flaws. Then focus on the Microsoft Office and Azure products.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/microsoft-s-september-2025-patch-tuesday-patches-81-vulnerabilities-13-critical-two-publicly-disclosed-5-4-6-6-c/gD2P6Ple2L

##

CVE-2025-54911
(7.3 HIGH)

EPSS: 0.06%

updated 2025-09-09T18:31:27

1 posts

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.

LLMs@activitypub.awakari.com at 2025-09-14T22:32:15.000Z ## Windows BitLocker flaw CVE-2025-54911 raises concerns for unpatched systems In Microsoft’s September 2025 Patch Tuesday release, one of the more notable fixes addressed a vulnerability in Windows...

#Windows #BitLocker #CVE-2025-54911 #privilege #escalation #Patch #Tuesday #Windows #11 #Articles #Vulnerabilities

Origin | Interest | Match ##

CVE-2025-40804
(9.1 CRITICAL)

EPSS: 0.04%

updated 2025-09-09T16:28:43.660000

1 posts

A vulnerability has been identified in SIMATIC Virtualization as a Service (SIVaaS) (All versions). The affected application exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization.

beyondmachines1@infosec.exchange at 2025-09-12T09:01:08.000Z ##

Critical vulnerability reported in Siemens SIMATIC Virtualization Service

Siemens disclosed a critical vulnerability (CVE-2025-40804) in its SIMATIC Virtualization as a Service (SIVaaS) platform that allows unauthenticated remote access to network shares containing critical industrial automation. The vulnerability affects all SIVaaS versions. There is no software patch, the fix is manual reconfiguration.

**If you have Siemens SIMATIC Virtualization as a Service (SIVaaS) systems, make sure they are isolated from any untrusted networks because they're exposing critical data on network shares. Then contact Siemens Technical Support since there's no software patch - they need to provide manual configuration fixes.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerability-reported-in-siemens-simatic-virtualization-service-s-7-7-f-l/gD2P6Ple2L

##

CVE-2025-40795
(9.8 CRITICAL)

EPSS: 0.15%

updated 2025-09-09T09:31:19

1 posts

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a stack-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition.

beyondmachines1@infosec.exchange at 2025-09-12T10:01:08.000Z ##

Multiple vulnerabilities in Siemens User Management Component affect industrial control systems

Siemens disclosed multiple critical vulnerabilities in its User Management Component (UMC), including a stack-based buffer overflow (CVE-2025-40795) that allows unauthenticated remote attackers to execute arbitrary code with full system privileges. Patches are available for standalone UMC installations but Siemens has no planned fixes for embedded systems like SIMATIC PCS neo V4.1 and V5.0.

**If you have Siemens User Management Component (UMC), limit access to TCP ports 4002 and 4004 only to necessary systems. Then where possible, plan a quick update to version 2.15.1.3. Be aware that SIMATIC PCS neo V4.1 and V5.0 systems can't be patched and should be isolated from untrusted networks.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/multiple-vulnerabilities-in-siemens-user-management-component-affect-industrial-control-systems-u-s-d-4-y/gD2P6Ple2L

##

CVE-2025-42944
(10.0 CRITICAL)

EPSS: 0.04%

updated 2025-09-09T03:30:19

2 posts

Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability.

1 repos

https://github.com/rxerium/CVE-2025-42944

beyondmachines1@infosec.exchange at 2025-09-09T16:01:08.000Z ##

SAP fixes multiple critical flaws in September 2025 patch day, including maximum severity NetWeaver flaw

SAP's September 2025 Security Patch Day addressed 21 new vulnerabilities including a critical maximum-severity flaw (CVE-2025-42944) in SAP NetWeaver that allows unauthenticated attackers to achieve remote code execution through insecure deserialization.

**If you run SAP systems, review the advisory to check if you are affected. First priority is NetWeaver. Make sure the RMI-P4 port is isolated from the internet and accessible only from trusted systems. Then prioritize patching NetWeaver, it's already being targeted so we know hackers love it.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-fixes-multiple-critical-flaws-in-september-2025-patch-day-including-maximum-severity-netweaver-flaw-i-p-7-j-o/gD2P6Ple2L

##

decio@infosec.exchange at 2025-09-09T14:24:37.000Z ##

https://vulnerability.circl.lu/vuln/CVE-2025-42944

##

CVE-2025-49457
(9.6 CRITICAL)

EPSS: 0.09%

updated 2025-09-08T15:44:28.283000

1 posts

Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access

beyondmachines1@infosec.exchange at 2025-09-10T08:01:08.000Z ##

Zoom releases multiple patches for Windows and macOS clients, at least one critical

Zoom patched multiple vulnerabilities across its Windows and macOS client applications, with the most critical being CVE-2025-49457, an untrusted search path vulnerability in Windows clients that allows unauthenticated attackers to conduct privilege escalation attacks via network access.

**If you're using Zoom products on Windows or macOS, update to the latest version (6.3.10 or newer). Prioritize Windows systems first since they face the highest risk (critical flaw), and ensure all Zoom products including Workplace, Rooms, and VDI clients are updated across your organization.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/zoom-releases-multiple-patches-for-windows-and-macos-clients-at-least-one-critical-1-t-1-8-3/gD2P6Ple2L

##

CVE-2025-55241
(9.0 CRITICAL)

EPSS: 0.08%

updated 2025-09-05T17:47:10.303000

5 posts

Azure Entra Elevation of Privilege Vulnerability

decio at 2025-09-17T18:42:10.793Z ##

LOLSOB :lolsob: 🤦‍♂️ microsoft

🥸 ᴀᴄᴛᴏʀ ᴛᴏᴋᴇɴs 🥸
⬇️
"...Cette faille aurait pu me permettre de compromettre chaque tenant Entra ID dans le monde (sauf probablement ceux déployés dans les clouds nationaux). Si vous êtes administrateur Entra ID et que vous lisez ceci, oui, cela signifie un accès complet à votre tenant. La vulnérabilité se composait de deux éléments : des jetons d’impersonation non documentés, appelés “Actor tokens”, que Microsoft utilise en backend pour la communication service-à-service (S2S). De plus, il y avait une faille critique dans l’API (legacy) Azure AD Graph qui ne validait pas correctement le tenant d’origine, permettant l’utilisation de ces jetons pour un accès cross-tenant."
❗
👇
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
⬇️
https://cve.circl.lu/vuln/CVE-2025-55241#sightings

#Cyberveille #entraID #CVE2025_55241

##

GossiTheDog@cyberplace.social at 2025-09-17T18:00:45.000Z ##

Dirk-jan Mollema, who discovered Zerologon (the most impactful on prem Active Directory vulnerability ever), has discovered an Azure Active Directory (EntraID) vulnerability which allowed anybody to take over any tenant - access any Microsoft 365 resource, basically. CVE-2025-55241

https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/

Edit: Tom Tervoort discovered ZeroLogon and Dirk-jan expanded upon it.

##

thijs at 2025-09-17T14:19:23.898Z ##

So the other day I tooted that it is still magic that MSFT reports a CVE in Azure with a score of 10.0. But no clue or thing that you as a customer can do or should check for.

Today I learned that due to a researcher the problem in CVE-2025-55241 is resolved by MSFT.

Read the article of Dirk-jan and get surprised:

https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/

#cve2025_55241 #azure #cloud #actortoken

##

decio@infosec.exchange at 2025-09-17T18:42:10.000Z ##

LOLSOB :lolsob: 🤦‍♂️ microsoft

🥸 ᴀᴄᴛᴏʀ ᴛᴏᴋᴇɴs 🥸
⬇️
"...Cette faille aurait pu me permettre de compromettre chaque tenant Entra ID dans le monde (sauf probablement ceux déployés dans les clouds nationaux). Si vous êtes administrateur Entra ID et que vous lisez ceci, oui, cela signifie un accès complet à votre tenant. La vulnérabilité se composait de deux éléments : des jetons d’impersonation non documentés, appelés “Actor tokens”, que Microsoft utilise en backend pour la communication service-à-service (S2S). De plus, il y avait une faille critique dans l’API (legacy) Azure AD Graph qui ne validait pas correctement le tenant d’origine, permettant l’utilisation de ces jetons pour un accès cross-tenant."
❗
👇
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
⬇️
https://cve.circl.lu/vuln/CVE-2025-55241#sightings

#Cyberveille #entraID #CVE2025_55241

##

GossiTheDog@cyberplace.social at 2025-09-17T18:00:45.000Z ##

Dirk-jan Mollema, who discovered Zerologon (the most impactful on prem Active Directory vulnerability ever), has discovered an Azure Active Directory (EntraID) vulnerability which allowed anybody to take over any tenant - access any Microsoft 365 resource, basically. CVE-2025-55241

https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/

Edit: Tom Tervoort discovered ZeroLogon and Dirk-jan expanded upon it.

##

CVE-2025-55190
(9.9 CRITICAL)

EPSS: 0.04%

updated 2025-09-05T17:47:10.303000

3 posts

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint, even when the token only has standard application manage

cloud-native@activitypub.awakari.com at 2025-09-08T08:50:06.000Z ## Argo CD Security Flaw Rated 9.8 Leaves GitOps Repositories Exposed A security flaw in Argo CD, the popular open-source GitOps tool for Kubernetes, has been targeted at the DevOps and cloud-native c...

#Firewall #Daily #Cyber #News #Vulnerabilities #Argo #CD #CVE-2025-55190 #DevOps #GitOps #tool

Origin | Interest | Match ##

CVE-2025-38494(CVSS UNKNOWN)

EPSS: 0.03%

updated 2025-08-28T15:31:40

2 posts

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid paramto be used.

xairy@infosec.exchange at 2025-09-11T15:39:34.000Z ##

I also suspect that the CVE-2025-38494/5 fix is what actually fixes CVE-2024-50302.

Assuming the used chain was portable enough to also cover devices with CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y, replacing kmalloc with kzalloc possibly did nothing.

https://infosec.exchange/@xairy/114082306954145500

##

xairy@infosec.exchange at 2025-09-11T15:39:08.000Z ##

Wrote a trigger for CVE-2025-38494/5 (an integer underflow in the HID subsystem) that leaks 64 KB of OOB memory over USB.

Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels).

https://github.com/xairy/kernel-exploits/tree/master/CVE-2025-38494

##

CVE-2025-5821
(9.8 CRITICAL)

EPSS: 0.22%

updated 2025-08-25T20:24:45.327000

2 posts

The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebook_ajax_login_callback(). This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on

beyondmachines1 at 2025-09-17T13:01:02.371Z ##

Case Theme User WordPress plugin flaw enables authentication bypass

A critical authentication bypass vulnerability (CVE-2025-5821) in the Case Theme User WordPress plugin allows attackers to hijack any user account, including administrators, by simply knowing victim email addresses due to flawed Facebook social login logic. The flaw has been actively exploited since August 2025.

**If you're using the Case Theme User WordPress plugin, THIS IS URGENT. Your site is under attack. Immediately update to version 1.0.4 or later. Also check your audit logs for suspicious user account creation and unusual admin activity around that time.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/case-theme-user-wordpress-plugin-flaw-enables-authentication-bypass-a-q-p-i-0/gD2P6Ple2L

##

beyondmachines1@infosec.exchange at 2025-09-17T13:01:02.000Z ##

Case Theme User WordPress plugin flaw enables authentication bypass

A critical authentication bypass vulnerability (CVE-2025-5821) in the Case Theme User WordPress plugin allows attackers to hijack any user account, including administrators, by simply knowing victim email addresses due to flawed Facebook social login logic. The flaw has been actively exploited since August 2025.

**If you're using the Case Theme User WordPress plugin, THIS IS URGENT. Your site is under attack. Immediately update to version 1.0.4 or later. Also check your audit logs for suspicious user account creation and unusual admin activity around that time.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/case-theme-user-wordpress-plugin-flaw-enables-authentication-bypass-a-q-p-i-0/gD2P6Ple2L

##

CVE-2025-53187
(7.0 None)

EPSS: 0.08%

updated 2025-08-21T12:31:42

1 posts

Improper Control of Generation of Code ('Code Injection') vulnerability in ABB ASPECT.This issue affects ASPECT: before <3.08.04-s01.

beyondmachines1@infosec.exchange at 2025-09-12T08:01:08.000Z ##

Critical vulnerabilities reported in ABB Cylon Aspect building management systems

ABB patched multiple critical vulnerabilities in its Cylon Aspect Building Management System, including a severe authentication bypass (CVE-2025-53187) caused by debugging code mistakenly left in production firmware that could allow attackers complete control over critical building operations like HVAC, lighting, and fire safety systems. ABB released firmware version 3.08.04-s01 to address the most critical flaw but the other authentication and buffer overflow vulnerabilities are not patched.

**If you have ABB Cylon Aspect Building Management Systems make sure the systems are isolated from the internet. Then immediately update firmware to version 3.08.04-s01 to fix critical authentication bypass vulnerabilities that could give attackers complete control of your building systems.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerabilities-reported-in-abb-cylon-aspect-building-management-systems-a-w-z-s-6/gD2P6Ple2L

##

CVE-2025-53136
(5.5 MEDIUM)

EPSS: 0.06%

updated 2025-08-12T18:31:31

10 posts

Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally.

Ubuntu@activitypub.awakari.com at 2025-09-12T22:26:55.000Z ## New Windows 11 Flaw Slips In Through Old Patch A Microsoft fix introduced CVE-2025-53136, leaking kernel addresses in Windows 11/Server 2022. Learn risks and how to stay protected. The post New Win...

#News #CVE-2025-53136 #Kernel #address #leak #Local #privilege #escalation #Microsoft #security #patch

Origin | Interest | Match ##

hn100@social.lansky.name at 2025-09-12T00:10:08.000Z ##

NT OS Kernel Information Disclosure Vulnerability

Link: https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/
Discussion: https://news.ycombinator.com/item?id=45213299

##

hackernewsrobot@mastodon.social at 2025-09-11T22:41:08.000Z ##

NT OS Kernel Information Disclosure Vulnerability https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/

##

hn50@social.lansky.name at 2025-09-11T18:30:06.000Z ##

NT OS Kernel Information Disclosure Vulnerability

Link: https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/
Discussion: https://news.ycombinator.com/item?id=45213299

##

ycombinator@rss-mstdn.studiofreesia.com at 2025-09-11T18:00:51.000Z ##

NT OS Kernel Information Disclosure Vulnerability
https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/
#ycombinator

##

newsycombinator@framapiaf.org at 2025-09-11T18:00:56.000Z ##

NT OS Kernel Information Disclosure Vulnerability
Link: https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/
Comments: https://news.ycombinator.com/item?id=45213299

##

ycombinator@rss-mstdn.studiofreesia.com at 2025-09-11T16:40:37.000Z ##

Windows KASLR Bypass – CVE-2025-53136
https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/
#ycombinator

##

CuratedHackerNews@mastodon.social at 2025-09-11T16:30:05.000Z ##

NT OS Kernel Information Disclosure Vulnerability

https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/

##

h4ckernews@mastodon.social at 2025-09-11T16:29:14.000Z ##

Windows KASLR Bypass – CVE-2025-53136

https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/

#HackerNews #Windows #KASLR #Bypass #CVE-2025-53136 #Cybersecurity #Vulnerability #Exploit #Hacking

##

_r_netsec@infosec.exchange at 2025-09-11T16:13:06.000Z ##

Windows KASLR Bypass - CVE-2025-53136 https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/

##

CVE-2025-54381
(9.9 CRITICAL)

EPSS: 0.29%

updated 2025-08-05T15:41:26.900000

2 posts

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP requests. The vulnerability stems from the multipart form data and JSON request handlers, which automaticall

2 repos

https://github.com/rockmelodies/bentoml_CVE-2025-54381

https://github.com/B1ack4sh/Blackash-CVE-2025-54381

AAKL at 2025-09-17T15:07:48.545Z ##

Tenable: How Tenable Found a Way To Bypass a Patch for BentoML’s Server-Side Request Forgery Vulnerability CVE-2025-54381 https://www.tenable.com/blog/how-tenable-bypassed-patch-for-bentoml-ssrf-vulnerability-CVE-2025-54381 @tenable #cybersecurity #infosec #opensource

##

AAKL@infosec.exchange at 2025-09-17T15:07:48.000Z ##

Tenable: How Tenable Found a Way To Bypass a Patch for BentoML’s Server-Side Request Forgery Vulnerability CVE-2025-54381 https://www.tenable.com/blog/how-tenable-bypassed-patch-for-bentoml-ssrf-vulnerability-CVE-2025-54381 @tenable #cybersecurity #infosec #opensource

##

CVE-2025-32711
(9.3 CRITICAL)

EPSS: 0.40%

updated 2025-08-04T18:15:34.497000

1 posts

Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

1 repos

https://github.com/daryllundy/cve-2025-32711

arXiv_csCR_bot@mastoxiv.page at 2025-09-16T08:57:46.000Z ##

EchoLeak: The First Real-World Zero-Click Prompt Injection Exploit in a Production LLM System

Pavan Reddy, Aditya Sanjay Gujral
https://arxiv.org/abs/2509.10540 https://arxiv.org/pdf/2509.10540 https://arxiv.org/html/2509.10540

arXiv:2509.10540v1 Announce Type: new
Abstract: Large language model (LLM) assistants are increasingly integrated into enterprise workflows, raising new security concerns as they bridge internal and external data sources. This paper presents an in-depth case study of EchoLeak (CVE-2025-32711), a zero-click prompt injection vulnerability in Microsoft 365 Copilot that enabled remote, unauthenticated data exfiltration via a single crafted email. By chaining multiple bypasses-evading Microsofts XPIA (Cross Prompt Injection Attempt) classifier, circumventing link redaction with reference-style Markdown, exploiting auto-fetched images, and abusing a Microsoft Teams proxy allowed by the content security policy-EchoLeak achieved full privilege escalation across LLM trust boundaries without user interaction. We analyze why existing defenses failed, and outline a set of engineering mitigations including prompt partitioning, enhanced input/output filtering, provenance-based access control, and strict content security policies. Beyond the specific exploit, we derive generalizable lessons for building secure AI copilots, emphasizing the principle of least privilege, defense-in-depth architectures, and continuous adversarial testing. Our findings establish prompt injection as a practical, high-severity vulnerability class in production AI systems and provide a blueprint for defending against future AI-native threats.

toXiv_bot_toot

##

CVE-2025-49704
(8.8 HIGH)

EPSS: 70.38%

updated 2025-07-30T01:00:01.490000

1 posts

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

pentesttools@infosec.exchange at 2025-09-11T12:03:13.000Z ##

We’ve added full support for Microsoft SharePoint authentication bypass & remote code execution (CVE-2025-53771 & CVE-2025-49704)

🟠 Network Scanner → Detect vulnerable SharePoint instances at scale

🔴 Sniper: Auto-Exploiter → Validate real exploitability with automated proof

Why it matters: attackers can bypass authentication and run arbitrary code, directly impacting business-critical collaboration platforms.

✅ Detect. Exploit. Report. With evidence you can trust.

👉 More details here: https://pentest-tools.com/vulnerabilities-exploits/microsoft-sharepoint-authentication-bypass-and-remote-code-execution_27620

#pentesting #cybersecurity #offensivesecurity

##

CVE-2025-53771
(6.3 MEDIUM)

EPSS: 7.02%

updated 2025-07-22T21:32:17

1 posts

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

2 repos

https://github.com/unk9vvn/sharepoint-toolpane

https://github.com/zach115th/ToolShellFinder

pentesttools@infosec.exchange at 2025-09-11T12:03:13.000Z ##

We’ve added full support for Microsoft SharePoint authentication bypass & remote code execution (CVE-2025-53771 & CVE-2025-49704)

🟠 Network Scanner → Detect vulnerable SharePoint instances at scale

🔴 Sniper: Auto-Exploiter → Validate real exploitability with automated proof

Why it matters: attackers can bypass authentication and run arbitrary code, directly impacting business-critical collaboration platforms.

✅ Detect. Exploit. Report. With evidence you can trust.

👉 More details here: https://pentest-tools.com/vulnerabilities-exploits/microsoft-sharepoint-authentication-bypass-and-remote-code-execution_27620

#pentesting #cybersecurity #offensivesecurity

##

CVE-2025-24919
(8.2 HIGH)

EPSS: 0.15%

updated 2025-06-14T00:30:28

1 posts

A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can compromise a ControlVault firmware and have it craft a malicious response to trigger this vulnerability.

pentesttools@infosec.exchange at 2025-09-15T11:12:44.000Z ##

💥 An RCE in your SIEM means attackers could own your monitoring.

Detect and validate the impact of Fortinet FortiSIEM (CVE-2025-24919) with our new module, now live in both:
1️⃣ Network Scanner
2️⃣ Sniper: Auto-Exploiter

Full vulnerability details here 👉 https://pentest-tools.com/vulnerabilities-exploits/fortinet-fortisiem-remote-code-execution_27619

#pentesting #cybersecurity #offensivesecurity

##

CVE-2025-3052
(8.3 HIGH)

EPSS: 0.02%

updated 2025-06-10T21:31:31

1 posts

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.

AAKL@infosec.exchange at 2025-09-11T16:45:21.000Z ##

This relates to CVE-2025-3052.

Binerly, from yesterday: Signed and Dangerous: BYOVD Attacks on Secure Boot https://www.binarly.io/blog/signed-and-dangerous-byovd-attacks-on-secure-boot #cybersecurity #infosec

##

CVE-2025-31324
(10.0 CRITICAL)

EPSS: 30.27%

updated 2025-05-02T15:31:16

1 posts

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

https://github.com/Alizngnc/SAP-CVE-2025-31324

19 repos

https://github.com/ODST-Forge/CVE-2025-31324_PoC

https://github.com/nullcult/CVE-2025-31324-File-Upload

https://github.com/Onapsis/Onapsis-Mandiant-CVE-2025-31324-Vuln-Compromise-Assessment

https://github.com/JonathanStross/CVE-2025-31324

https://github.com/rf-peixoto/sap_netweaver_cve-2025-31324-

https://github.com/moften/CVE-2025-31324-NUCLEI

https://github.com/sug4r-wr41th/CVE-2025-31324

https://github.com/antichainalysis/sap-netweaver-0day-CVE-2025-31324

https://github.com/NULLTRACE0X/CVE-2025-31324

https://github.com/respondiq/jsp-webshell-scanner

https://github.com/abrewer251/CVE-2025-31324_PoC_SAP

https://github.com/rxerium/CVE-2025-31324

https://github.com/harshitvarma05/CVE-2025-31324-Exploits

https://github.com/redrays-io/CVE-2025-31324

https://github.com/Onapsis/Onapsis_CVE-2025-31324_Scanner_Tools

https://github.com/moften/CVE-2025-31324

https://github.com/nairuzabulhul/nuclei-template-cve-2025-31324-check

https://github.com/BlueOWL-overlord/Burp_CVE-2025-31324

GossiTheDog@cyberplace.social at 2025-09-09T22:59:54.000Z ##

As a follow up thread to this - if you use SAP Netweaver and present it directly to the internet, either patch CVE-2025-31324 or put a very robust mitigation in place in front of the SAP webapp.

Patching rate is still absolutely abysmal, vast majority of orgs years behind any patching.
https://cyberplace.social/@GossiTheDog/115142288361584633

##

CVE-2021-39275
(9.8 CRITICAL)

EPSS: 44.80%

updated 2025-05-01T15:39:40.260000

2 posts

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

beyondmachines1 at 2025-09-17T10:01:02.712Z ##

Critical Apache HTTP Server vulnerabilities reported in Siemens Industrial Network Management Systems

CISA warns of Siemens critical vulnerabilities (CVE-2021-39275 CVE-2021-40438) in Apache HTTP Server components embedded in industrial network management products like RUGGEDCOM NMS and SINEC NMS, enabling remote code execution and server-side request forgery attacks.

**If you're using Siemens industrial network products, make sure they are isolated from the internet and accessible only from trusted networks. Then plan update for SINEC NMS to V1.0.3+ and SINEMA Remote Connect Server to V3.1+. For RUGGEDCOM NMS and SINEMA Server V14 there are no planned fixes. All you can do isolate them, then check with the vendor again.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-apache-http-server-vulnerabilities-reported-in-siemens-industrial-network-management-systems-g-o-o-g-g/gD2P6Ple2L

##

beyondmachines1@infosec.exchange at 2025-09-17T10:01:02.000Z ##

Critical Apache HTTP Server vulnerabilities reported in Siemens Industrial Network Management Systems

CISA warns of Siemens critical vulnerabilities (CVE-2021-39275 CVE-2021-40438) in Apache HTTP Server components embedded in industrial network management products like RUGGEDCOM NMS and SINEC NMS, enabling remote code execution and server-side request forgery attacks.

**If you're using Siemens industrial network products, make sure they are isolated from the internet and accessible only from trusted networks. Then plan update for SINEC NMS to V1.0.3+ and SINEMA Remote Connect Server to V3.1+. For RUGGEDCOM NMS and SINEMA Server V14 there are no planned fixes. All you can do isolate them, then check with the vendor again.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-apache-http-server-vulnerabilities-reported-in-siemens-industrial-network-management-systems-g-o-o-g-g/gD2P6Ple2L

##

CVE-2025-24132
(6.5 MEDIUM)

EPSS: 0.01%

updated 2025-05-01T15:31:39

1 posts

The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination.

2 repos

https://github.com/Feralthedogg/CVE-2025-24132-Scanner

https://github.com/ekomsSavior/AirBorne-PoC

_r_netsec@infosec.exchange at 2025-09-10T08:58:05.000Z ##

Pwn My Ride: Apple CarPlay RCE - iAP2 protocol and CVE-2025-24132 Explained https://www.oligo.security/blog/pwn-my-ride-exploring-the-carplay-attack-surface

##

CVE-2024-50302
(5.5 MEDIUM)

EPSS: 0.30%

updated 2025-03-10T20:26:51.137000

1 posts

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.

xairy@infosec.exchange at 2025-09-11T15:39:34.000Z ##

I also suspect that the CVE-2025-38494/5 fix is what actually fixes CVE-2024-50302.

Assuming the used chain was portable enough to also cover devices with CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y, replacing kmalloc with kzalloc possibly did nothing.

https://infosec.exchange/@xairy/114082306954145500

##

CVE-2025-21692
(7.8 HIGH)

EPSS: 0.03%

updated 2025-02-21T18:32:16

1 posts

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan <g1042620637@gmail.com> found that ets_class_from_arg() can index an Out-Of-Bound class in ets_class_from_arg() when passed clid of 0. The overflow may cause local privilege escalation. [ 18.852298] ------------[ cut here ]------------ [ 18.853271] UBSAN: array-index-out-o

1 repos

https://github.com/volticks/CVE-2025-21692-poc

DarkWebInformer@infosec.exchange at 2025-09-16T18:27:04.000Z ##

🚨 Proof of concept exploit source code for CVE-2025-21692 Linux Kernel up to 6.13.0

GitHub: https://github.com/volticks/CVE-2025-21692-poc

Write-up: https://volticks.github.io/CVE-2025-21692-nday-writeup

##

CVE-2025-0108
(9.1 CRITICAL)

EPSS: 94.01%

updated 2025-02-20T03:32:03

1 posts

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality

https://github.com/fr4nc1stein/CVE-2025-0108-SCAN

6 repos

https://github.com/becrevex/CVE-2025-0108

https://github.com/sohaibeb/CVE-2025-0108

https://github.com/barcrange/CVE-2025-0108-Authentication-Bypass-checker

https://github.com/FOLKS-iwd/CVE-2025-0108-PoC

https://github.com/iSee857/CVE-2025-0108-PoC

robertlock@infosec.exchange at 2025-09-13T16:44:29.000Z ##

cve-2025-0108 is back!

##

CVE-2020-1350
(10.0 CRITICAL)

EPSS: 93.32%

updated 2025-02-07T18:32:09

1 posts

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.

17 repos

https://github.com/mr-r3b00t/CVE-2020-1350

https://github.com/connormcgarr/CVE-2020-1350

https://github.com/tinkersec/cve-2020-1350

https://github.com/maxpl0it/CVE-2020-1350-DoS

https://github.com/captainGeech42/CVE-2020-1350

https://github.com/corelight/SIGRed

https://github.com/jmaddington/dRMM-CVE-2020-1350-response

https://github.com/simeononsecurity/CVE-2020-1350-Fix

https://github.com/graph-inc/CVE-2020-1350

https://github.com/gdwnet/cve-2020-1350

https://github.com/ZephrFish/CVE-2020-1350_HoneyPoC

https://github.com/ejlevin99/CVE---2020---1350

https://github.com/psc4re/NSE-scripts

https://github.com/T13nn3s/CVE-2020-1350

https://github.com/zoomerxsec/Fake_CVE-2020-1350

https://github.com/Plazmaz/CVE-2020-1350-poc

https://github.com/CVEmaster/CVE-2020-1350

jos1264@social.skynetcloud.site at 2025-09-16T22:30:02.000Z ##

SigRed: CVE-2020-1350 Windows DNS Server Remote Code Execution Vulnerability https://fortiguard.fortinet.com/threat-signal-report/3577

##

CVE-2024-7344
(8.2 HIGH)

EPSS: 0.08%

updated 2025-01-22T15:41:04.577000

6 posts

Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

VirusBulletin@infosec.exchange at 2025-09-15T10:58:56.000Z ##

ESET Research introduces HybridPetya, a Petya/NotPetya copycat discovered on VirusTotal in Feb 2025. It encrypts the NTFS MFT and can compromise UEFI systems, weaponizing CVE-2024-7344 to bypass Secure Boot on outdated machines. https://www.welivesecurity.com/en/eset-research/introducing-hybridpetya-petya-notpetya-copycat-uefi-secure-boot-bypass/

##

technadu@infosec.exchange at 2025-09-13T14:29:19.000Z ##

🚨 HybridPetya ransomware bypasses UEFI Secure Boot via CVE-2024-7344.
- EFI System Partition infection
- Petya/NotPetya-style destructive encryption
- Fake CHKDSK + ransom note ($1,000 BTC)
- Found on VirusTotal; not yet seen in active attacks
Mitigation: apply Jan 2025 Microsoft patch + keep offline backups.
Follow @technadu for ransomware and infosec updates.

#HybridPetya #Ransomware #CyberSecurity #UEFI #InfoSec #ThreatIntel

##

jos1264@social.skynetcloud.site at 2025-09-13T00:20:02.000Z ##

New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit – Source:thehackernews.com https://ciso2ciso.com/new-hybridpetya-ransomware-bypasses-uefi-secure-boot-with-cve-2024-7344-exploit-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #HybridPetya

##

jann@infosec.exchange at 2025-09-12T16:46:49.000Z ##

@GabrielKerneis @mjg59 wouldn't that also block the attack described in that post? https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/ says that this was relying on a bug in stuff signed with a "third-party UEFI certificate"

##

jos1264@social.skynetcloud.site at 2025-09-12T13:45:02.000Z ##

New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit https://thehackernews.com/2025/09/new-hybridpetya-ransomware-bypasses.html

##

jos1264@social.skynetcloud.site at 2025-09-12T13:45:02.000Z ##

New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit https://thehackernews.com/2025/09/new-hybridpetya-ransomware-bypasses.html

##

CVE-2024-50264
(7.8 HIGH)

EPSS: 0.02%

updated 2024-12-11T15:15:14.343000

1 posts

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.

_r_netsec@infosec.exchange at 2025-09-09T17:13:06.000Z ##

Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel https://a13xp0p0v.github.io/2025/09/02/kernel-hack-drill-and-CVE-2024-50264.html

##

CVE-2024-0132
(9.1 CRITICAL)

EPSS: 5.24%

updated 2024-10-29T19:48:12

1 posts

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, informat

2 repos

https://github.com/r0binak/CVE-2024-0132

https://github.com/ssst0n3/poc-cve-2024-0132

kubesploit@learnk8s.news at 2025-09-09T18:06:03.000Z ##

This repo demonstrates CVE-2024-0132, a container escape in NVIDIA Container Toolkit

It swaps directory contents during validation, causing the toolkit to mount the entire host filesystem into the container instead of just a library file

➜ https://ku.bz/0Z5QPQl_N

##

CVE-2024-40766
(9.3 CRITICAL)

EPSS: 9.41%

updated 2024-09-06T18:32:29

4 posts

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

defendopsdiaries@infosec.exchange at 2025-09-11T17:14:16.000Z ##

A tiny flaw in SonicWall’s SSLVPN is giving Akira ransomware a free pass—hackers are exploiting it with simple HTTP requests and 100+ companies have already paid the price. Is your network prepared?

https://thedefendopsdiaries.com/understanding-the-akira-ransomware-exploitation-of-sonicwall-vulnerability-cve-2024-40766/

#akira
#ransomware
#sonicwall
#cve202440766
#cybersecurity

##

oversecurity@mastodon.social at 2025-09-11T16:50:07.000Z ##

Akira ransomware exploiting critical SonicWall SSLVPN bug again

The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to gain unauthorized...

🔗️ [Bleepingcomputer] https://link.is.it/1ekh5P

##

jos1264@social.skynetcloud.site at 2025-09-11T11:50:01.000Z ##

Australia Warns of Ransomware Attacks Exploiting SonicWall VPN Flaw CVE-2024-40766 https://thecyberexpress.com/sonicwall-ssl-vpn-flaw-cve-2024-40766/ #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202440766 #CyberNews #SonicWall #ACSC #ASD

##

oversecurity@mastodon.social at 2025-09-10T14:10:06.000Z ##

Australian Cyber Authorities Warn of Active Exploitation of SonicWall SSL Vulnerability (CVE-2024-40766)

ASD’s ACSC confirms active exploitation of CVE-2024-40766 in SonicWall SSL VPNs. Urges urgent patching, MFA, and access controls for Aussie orgs.

🔗️ [Cyble] https://link.is.it/eSrark

##

CVE-2024-42531
(9.8 CRITICAL)

EPSS: 0.29%

updated 2024-08-23T21:31:47

1 posts

Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed.

arXiv_csCR_bot@mastoxiv.page at 2025-09-12T09:18:19.000Z ##

IoTFuzzSentry: A Protocol Guided Mutation Based Fuzzer for Automatic Vulnerability Testing in Commercial IoT Devices

Priyanka Rushikesh Chaudhary, Rajib Ranjan Maiti
https://arxiv.org/abs/2509.09158 https://arxiv.org/pdf/2509.09158 https://arxiv.org/html/2509.09158

arXiv:2509.09158v1 Announce Type: new
Abstract: Protocol fuzzing is a scalable and cost-effective technique for identifying security vulnerabilities in deployed Internet of Things devices. During their operational phase, IoT devices often run lightweight servers to handle user interactions, such as video streaming or image capture in smart cameras. Implementation flaws in transport or application-layer security mechanisms can expose IoT devices to a range of threats, including unauthorized access and data leakage. This paper addresses the challenge of uncovering such vulnerabilities by leveraging protocol fuzzing techniques that inject crafted transport and application-layer packets into IoT communications. We present a mutation-based fuzzing tool, named IoTFuzzSentry, to identify specific non-trivial vulnerabilities in commercial IoT devices. We further demonstrate how these vulnerabilities can be exploited in real-world scenarios. We integrated our fuzzing tool into a well-known testing tool Cotopaxi and evaluated it with commercial-off-the-shelf IoT devices such as IP cameras and Smart Plug. Our evaluation revealed vulnerabilities categorized into 4 types (IoT Access Credential Leakage, Sneak IoT Live Video Stream, Creep IoT Live Image, IoT Command Injection) and we show their exploits using three IoT devices. We have responsibly disclosed all these vulnerabilities to the respective vendors. So far, we have published two CVEs, CVE-2024-41623 and CVE-2024-42531, and one is awaiting. To extend the applicability, we have investigated the traffic of six additional IoT devices and our analysis shows that these devices can have similar vulnerabilities, due to the presence of a similar set of application protocols. We believe that IoTFuzzSentry has the potential to discover unconventional security threats and allow IoT vendors to strengthen the security of their commercialized IoT devices automatically with negligible overhead.

toXiv_bot_toot

##

CVE-2024-41623
(9.8 CRITICAL)

EPSS: 0.43%

updated 2024-08-23T18:32:59

1 posts

An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload

arXiv_csCR_bot@mastoxiv.page at 2025-09-12T09:18:19.000Z ##

IoTFuzzSentry: A Protocol Guided Mutation Based Fuzzer for Automatic Vulnerability Testing in Commercial IoT Devices

Priyanka Rushikesh Chaudhary, Rajib Ranjan Maiti
https://arxiv.org/abs/2509.09158 https://arxiv.org/pdf/2509.09158 https://arxiv.org/html/2509.09158

arXiv:2509.09158v1 Announce Type: new
Abstract: Protocol fuzzing is a scalable and cost-effective technique for identifying security vulnerabilities in deployed Internet of Things devices. During their operational phase, IoT devices often run lightweight servers to handle user interactions, such as video streaming or image capture in smart cameras. Implementation flaws in transport or application-layer security mechanisms can expose IoT devices to a range of threats, including unauthorized access and data leakage. This paper addresses the challenge of uncovering such vulnerabilities by leveraging protocol fuzzing techniques that inject crafted transport and application-layer packets into IoT communications. We present a mutation-based fuzzing tool, named IoTFuzzSentry, to identify specific non-trivial vulnerabilities in commercial IoT devices. We further demonstrate how these vulnerabilities can be exploited in real-world scenarios. We integrated our fuzzing tool into a well-known testing tool Cotopaxi and evaluated it with commercial-off-the-shelf IoT devices such as IP cameras and Smart Plug. Our evaluation revealed vulnerabilities categorized into 4 types (IoT Access Credential Leakage, Sneak IoT Live Video Stream, Creep IoT Live Image, IoT Command Injection) and we show their exploits using three IoT devices. We have responsibly disclosed all these vulnerabilities to the respective vendors. So far, we have published two CVEs, CVE-2024-41623 and CVE-2024-42531, and one is awaiting. To extend the applicability, we have investigated the traffic of six additional IoT devices and our analysis shows that these devices can have similar vulnerabilities, due to the presence of a similar set of application protocols. We believe that IoTFuzzSentry has the potential to discover unconventional security threats and allow IoT vendors to strengthen the security of their commercialized IoT devices automatically with negligible overhead.

toXiv_bot_toot

##

CVE-2021-40438
(9.1 CRITICAL)

EPSS: 94.44%

updated 2024-07-24T18:32:20

2 posts

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

https://github.com/Kashkovsky/CVE-2021-40438

10 repos

https://github.com/sergiovks/CVE-2021-40438-Apache-2.4.48-SSRF-exploit

https://github.com/Cappricio-Securities/CVE-2021-40438

https://github.com/xiaojiangxl/CVE-2021-40438

https://github.com/BabyTeam1024/CVE-2021-40438

https://github.com/pisut4152/Sigma-Rule-for-CVE-2021-40438-exploitation-attempt

https://github.com/ericmann/apache-cve-poc

https://github.com/yakir2b/check-point-gateways-rce

https://github.com/sixpacksecurity/CVE-2021-40438

https://github.com/gassara-kys/CVE-2021-40438

beyondmachines1 at 2025-09-17T10:01:02.712Z ##

Critical Apache HTTP Server vulnerabilities reported in Siemens Industrial Network Management Systems

CISA warns of Siemens critical vulnerabilities (CVE-2021-39275 CVE-2021-40438) in Apache HTTP Server components embedded in industrial network management products like RUGGEDCOM NMS and SINEC NMS, enabling remote code execution and server-side request forgery attacks.

**If you're using Siemens industrial network products, make sure they are isolated from the internet and accessible only from trusted networks. Then plan update for SINEC NMS to V1.0.3+ and SINEMA Remote Connect Server to V3.1+. For RUGGEDCOM NMS and SINEMA Server V14 there are no planned fixes. All you can do isolate them, then check with the vendor again.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-apache-http-server-vulnerabilities-reported-in-siemens-industrial-network-management-systems-g-o-o-g-g/gD2P6Ple2L

##

beyondmachines1@infosec.exchange at 2025-09-17T10:01:02.000Z ##

Critical Apache HTTP Server vulnerabilities reported in Siemens Industrial Network Management Systems

CISA warns of Siemens critical vulnerabilities (CVE-2021-39275 CVE-2021-40438) in Apache HTTP Server components embedded in industrial network management products like RUGGEDCOM NMS and SINEC NMS, enabling remote code execution and server-side request forgery attacks.

**If you're using Siemens industrial network products, make sure they are isolated from the internet and accessible only from trusted networks. Then plan update for SINEC NMS to V1.0.3+ and SINEMA Remote Connect Server to V3.1+. For RUGGEDCOM NMS and SINEMA Server V14 there are no planned fixes. All you can do isolate them, then check with the vendor again.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-apache-http-server-vulnerabilities-reported-in-siemens-industrial-network-management-systems-g-o-o-g-g/gD2P6Ple2L

##

CVE-2024-31497(CVSS UNKNOWN)

EPSS: 18.16%

updated 2024-04-17T00:31:29

1 posts

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. One scenario is that the adversary is an operator of an SSH server to which the victim authenticates (f

5 repos

https://github.com/sh1k4ku/CVE-2024-31497

https://github.com/HugoBond/CVE-2024-31497-POC

https://github.com/edutko/cve-2024-31497

https://github.com/RUB-NDS/SSH-Client-Signatures-Artifacts

https://github.com/daedalus/BreakingECDSAwithLLL

arXiv_csCR_bot@mastoxiv.page at 2025-09-12T09:39:29.000Z ##

On the Security of SSH Client Signatures

Fabian B\"aumer, Marcus Brinkmann, Maximilian Radoy, J\"org Schwenk, Juraj Somorovsky
https://arxiv.org/abs/2509.09331 https://arxiv.org/pdf/2509.09331 https://arxiv.org/html/2509.09331

arXiv:2509.09331v1 Announce Type: new
Abstract: Administrators and developers use SSH client keys and signatures for authentication, for example, to access internet backbone servers or to commit new code on platforms like GitHub. However, unlike servers, SSH clients cannot be measured through internet scans. We close this gap in two steps. First, we collect SSH client public keys. Such keys are regularly published by their owners on open development platforms like GitHub and GitLab. We systematize previous non-academic work by subjecting these keys to various security tests in a longitudinal study. Second, in a series of black-box lab experiments, we analyze the implementations of algorithms for SSH client signatures in 24 popular SSH clients for Linux, Windows, and macOS.
We extracted 31,622,338 keys from three public sources in two scans. Compared to previous work, we see a clear tendency to abandon RSA signatures in favor of EdDSA signatures. Still, in January 2025, we found 98 broken short keys, 139 keys generated from weak randomness, and 149 keys with common or small factors-the large majority of the retrieved keys exposed no weakness.
Weak randomness can not only compromise a secret key through its public key, but also through signatures. It is well-known that a bias in random nonces in ECDSA can reveal the secret key through public signatures. For the first time, we show that the use of deterministic nonces in ECDSA can also be dangerous: The private signing key of a PuTTY client can be recovered from just 58 valid signatures if ECDSA with NIST curve P-521 is used. PuTTY acknowledged our finding in CVE-2024-31497, and they subsequently replaced the nonce generation algorithm.

toXiv_bot_toot

##

CVE-2010-1378
(9.8 CRITICAL)

EPSS: 0.23%

updated 2024-02-23T05:05:13

1 posts

OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority.

rgov@infosec.exchange at 2025-09-10T18:13:40.000Z ##

I rummaged through my personal archives to find the security vulnerability that launched my security research career at Apple: https://ryan.govost.es/2009/apple-openssl-bug/

OpenSSL
CVE-ID: CVE-2010-1378
Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A remote user may bypass TLS authentication or spoof a trusted server
Description: An arithmetic issue exists in OpenSSL's certificate validation. A remote user may bypass certificate validation steps, and cause OpenSSL to accept any certificate signed by a trusted root as valid. This issue is addressed through improved certificate validation. This issue does not affect systems prior to Mac OS X v10.6. This issue only affects the Mac OS X distribution of OpenSSL.
Credit to Ryan Govostes of RPISEC for reporting this issue.

##

CVE-2024-21907
(7.5 HIGH)

EPSS: 3.03%

updated 2024-01-03T20:06:37

1 posts

Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of expressions with high nesting level that lead to StackOverFlow exception or high CPU and RAM usage. Exploiting this vulnerability results in Denial Of Service (DoS). The serialization and deserialization path have different properties regarding the issue. Deserializing methods (like `JsonConve

beyondmachines1@infosec.exchange at 2025-09-09T20:01:07.000Z ##

Microsoft's September 2025 Patch Tuesday patches 81 vulnerabilities, 13 critical, two publicly disclosed

Microsoft's September 2025 Patch Tuesday addressed 81 security vulnerabilities including two zero-day flaws—a Windows SMB elevation of privilege vulnerability (CVE-2025-55234) enabling authentication relay attacks and a Newtonsoft.Json issue in SQL Server (CVE-2024-21907) causing denial of service. The update included 13 critical vulnerabilities spanning Windows graphics components, Microsoft Office applications, Azure cloud services, and Hyper-V virtualization platform.

**This month prioritize Windows and Microsoft SQL Server for patching - most critical and zero-days vulnerabilities affect these flaws. Then focus on the Microsoft Office and Azure products.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/microsoft-s-september-2025-patch-tuesday-patches-81-vulnerabilities-13-critical-two-publicly-disclosed-5-4-6-6-c/gD2P6Ple2L

##

CVE-2023-2668
(6.3 MEDIUM)

EPSS: 0.12%

updated 2023-11-10T05:03:55

1 posts

A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function manager_category of the file admin/?page=categories/manage_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-22

cloud-native@activitypub.awakari.com at 2025-09-11T23:14:05.000Z ## Critical Security Flaw in Kubernetes Libraries: CVE-2023-2668 Critical Security Flaw in Kubernetes Libraries: CVE-2023-2668 Introduction In the rapidly evolving landscape of cloud-native technologi...

#Cyber #Security

Origin | Interest | Match ##

CVE-2020-14198
(7.5 HIGH)

EPSS: 2.21%

updated 2023-01-31T05:02:37

1 posts

Bitcoin Core 0.20.0 allows remote denial of service.

cloud-native@activitypub.awakari.com at 2025-09-13T03:05:45.000Z ## Unveiling the Risks: CVE-2020-14198 Exposure Unveiling the Risks: CVE-2020-14198 Exposure In today’s digital landscape, cybersecurity threats are an ever-present concern for organizations and ind...

#Cheeky #Crypto

Origin | Interest | Match ##

CVE-2025-10585
(0 None)

EPSS: 0.00%

2 posts

N/A

secureblue.dev@bsky.brid.gy at 2025-09-17T23:21:47.009Z ##

Trivalent 140.0.7339.185-439535 released: github.com/secureblue/T... chromereleases.googleblog.com/2025/09/stab... This release includes upstream security fixes for several CVEs, including CVE-2025-10585. Google is aware of an exploit for CVE-2025-10585 that exists in the wild.

Release 140.0.7339.185-439535 ...

##

secureblue.dev@bsky.brid.gy at 2025-09-17T23:21:47.009Z ##

Trivalent 140.0.7339.185-439535 released: github.com/secureblue/T... chromereleases.googleblog.com/2025/09/stab... This release includes upstream security fixes for several CVEs, including CVE-2025-10585. Google is aware of an exploit for CVE-2025-10585 that exists in the wild.

Release 140.0.7339.185-439535 ...

##

CVE-2025-10155
(0 None)

EPSS: 0.26%

1 posts

N/A

offseq at 2025-09-17T10:31:55.784Z ##

🚨 CVE-2025-10155 (CRITICAL, CVSS 9.3) in mmaitre314 picklescan ≤0.0.30: Improper input validation lets attackers bypass pickle file security via PyTorch extensions, enabling remote code execution. Stop using vulnerable versions now! https://radar.offseq.com/threat/cve-2025-10155-cwe-20-improper-input-validation-in-aa0633e3 #OffSeq #Python #RCE

##

CVE-2025-59334
(0 None)

EPSS: 0.12%

1 posts

N/A

offseq at 2025-09-17T06:02:14.991Z ##

🔒 CRITICAL: CVE-2025-59334 in mohammadzain2008 Linkr (<2.0.1) allows file injection via unverified manifests—risk of remote code execution if exploited. Update to 2.0.1+ ASAP. Details: https://radar.offseq.com/threat/cve-2025-59334-cwe-347-improper-verification-of-cr-c0a08755 #OffSeq #Vuln #AppSec #CVE2025_59334

##

CVE-2025-58060
(0 None)

EPSS: 0.02%

2 posts

N/A

linux@activitypub.awakari.com at 2025-09-16T12:00:35.000Z ## Linux CUPS: Remote DoS and Authentication Bypass Exploit The discovery of CVE-2025-58364 and CVE-2025-58060 reveals two critical weaknesses in the Linux Common Unix Printing System (CUPS). Exploiti...

#Category(Default) #- #Do #Not #Use #This

Origin | Interest | Match ##

beyondmachines1@infosec.exchange at 2025-09-16T10:01:03.000Z ##

Vulnerabilities reported in CUPS system for Linux

Two vulnerabilities affect Linux CUPS printing systems: CVE-2025-58060 allows authentication bypass to gain unauthorized administrative access, while CVE-2025-58364 enables remote denial-of-service attacks through crafted printer responses. The authentication bypass has been patched in CUPS version 2.4.13, but the DoS vulnerability remains unpatched.

**Finally not an urgent patch. Ideally, if not used disable cups-browsed and plan an update of the cups packages.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/vulnerabilities-reported-in-cups-system-for-linux-s-1-6-5-c/gD2P6Ple2L

##

CVE-2025-55211
(0 None)

EPSS: 0.05%

1 posts

N/A

cR0w@infosec.exchange at 2025-09-15T21:11:42.000Z ##

More FreePBX whoopsies.

https://www.cve.org/CVERecord?id=CVE-2025-55211

https://www.cve.org/CVERecord?id=CVE-2025-59056

##

CVE-2025-57819
(0 None)

EPSS: 37.34%

3 posts

N/A