## Updated at UTC 2025-02-12T23:35:49.984063

Access data as JSON

CVE CVSS EPSS Posts Repos Nuclei Updated Description
CVE-2025-0903 7.8 0.04% 4 0 2025-02-12T21:32:59 PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execu
CVE-2025-0108 None 0.00% 6 0 2025-02-12T21:32:02 An authentication bypass in the Palo Alto Networks PAN-OS software enables an un
CVE-2025-1215 2.8 0.00% 2 0 2025-02-12T21:32:02 A vulnerability classified as problematic was found in vim up to 9.1.1096. This
CVE-2025-0113 None 0.00% 2 0 2025-02-12T21:32:02 A problem with the network isolation mechanism of the Palo Alto Networks Cortex
CVE-2025-0111 None 0.00% 2 0 2025-02-12T21:32:02 An authenticated file read vulnerability in the Palo Alto Networks PAN-OS softwa
CVE-2025-0109 None 0.00% 2 0 2025-02-12T21:32:02 An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS
CVE-2025-0110 None 0.00% 2 0 2025-02-12T21:32:02 A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig pl
CVE-2025-1146 8.1 0.00% 8 0 2025-02-12T21:32:01 CrowdStrike uses industry-standard TLS (transport layer security) to secure comm
CVE-2025-0994 8.8 5.58% 15 1 2025-02-12T19:29:30.383000 Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion v
CVE-2025-1244 8.8 0.00% 2 0 2025-02-12T15:32:08 A flaw was found in the Emacs text editor. Improper handling of custom "man" URI
CVE-2025-23359 8.4 0.04% 3 0 2025-02-12T03:31:24 NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU)
CVE-2025-1240 7.8 0.04% 2 0 2025-02-12T00:32:25 WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability.
CVE-2024-12797 0 0.04% 9 0 2025-02-11T23:15:08.807000 Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a se
CVE-2025-1052 8.8 0.04% 4 0 2025-02-11T21:32:14 Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vuln
CVE-2024-0179 8.3 0.04% 4 0 2025-02-11T21:32:14 SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow
CVE-2025-0906 3.3 0.04% 4 0 2025-02-11T21:32:14 PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vu
CVE-2025-0908 3.3 0.04% 4 0 2025-02-11T21:32:14 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vu
CVE-2025-0907 3.3 0.04% 4 0 2025-02-11T21:32:14 PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vu
CVE-2025-0909 3.3 0.04% 4 0 2025-02-11T21:32:14 PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vu
CVE-2025-0910 7.8 0.04% 4 0 2025-02-11T21:32:14 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vu
CVE-2025-0902 3.3 0.04% 4 0 2025-02-11T21:32:14 PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vu
CVE-2025-0911 3.3 0.04% 4 0 2025-02-11T21:32:14 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vu
CVE-2025-1044 9.8 0.04% 4 0 2025-02-11T21:32:14 Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulner
CVE-2025-0901 7.8 0.04% 4 0 2025-02-11T21:32:14 PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerabi
CVE-2025-0905 3.3 0.04% 4 0 2025-02-11T21:32:13 PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vu
CVE-2025-0904 3.3 0.04% 4 0 2025-02-11T21:32:13 PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vu
CVE-2025-0899 7.8 0.04% 4 0 2025-02-11T21:32:13 PDF-XChange Editor AcroForm Use-After-Free Remote Code Execution Vulnerability.
CVE-2024-7419 8.3 0.08% 4 0 2025-02-11T19:25:14.023000 The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Executio
CVE-2025-24200 4.6 0.04% 34 1 2025-02-11T19:15:17.037000 An authorization issue was addressed with improved state management. This issue
CVE-2022-35202 0 0.04% 1 0 2025-02-11T19:15:10.230000 A security issue in Sitevision version 10.3.1 and older allows a remote attacker
CVE-2025-24472 8.1 0.04% 8 0 2025-02-11T18:31:43 An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-2
CVE-2025-21377 6.5 0.09% 1 0 2025-02-11T18:31:43 NTLM Hash Disclosure Spoofing Vulnerability
CVE-2024-52966 2.3 0.04% 1 0 2025-02-11T18:31:42 An exposure of sensitive information to an unauthorized actor in Fortinet FortiA
CVE-2024-27780 2.2 0.04% 1 0 2025-02-11T18:31:42 Multiple Improper Neutralization of Input During Web Page Generation ('Cross-sit
CVE-2024-40591 8.8 0.04% 1 0 2025-02-11T18:31:42 An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS ve
CVE-2024-36508 6.0 0.04% 1 0 2025-02-11T18:31:42 An improper limitation of a pathname to a restricted directory ('Path Traversal'
CVE-2024-27781 7.1 0.04% 1 0 2025-02-11T18:31:42 An improper neutralization of input during web page generation ('cross-site scri
CVE-2024-52968 6.7 0.04% 1 0 2025-02-11T18:31:42 An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allow
CVE-2024-40584 7.2 0.04% 1 0 2025-02-11T18:31:42 An improper neutralization of special elements used in an OS command ('OS Comman
CVE-2025-24470 8.6 0.04% 1 0 2025-02-11T18:31:42 An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal
CVE-2024-50567 7.2 0.04% 1 0 2025-02-11T18:31:42 An improper neutralization of special elements used in an os command ('os comman
CVE-2025-21418 7.8 0.14% 9 0 2025-02-11T18:31:41 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerabili
CVE-2025-21391 7.1 1.07% 9 0 2025-02-11T18:31:40 Windows Storage Elevation of Privilege Vulnerability
CVE-2025-21376 8.1 0.09% 1 0 2025-02-11T18:31:39 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulne
CVE-2025-21198 9.1 0.04% 1 0 2025-02-11T18:31:37 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerabilit
CVE-2025-21194 7.1 0.05% 1 0 2025-02-11T18:31:37 Microsoft Surface Security Feature Bypass Vulnerability
CVE-2024-35279 8.1 0.04% 1 0 2025-02-11T18:31:37 A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS versio
CVE-2023-40721 6.7 0.04% 1 0 2025-02-11T18:31:37 A use of externally-controlled format string vulnerability [CWE-134] in Fortinet
CVE-2024-40586 6.7 0.04% 1 0 2025-02-11T18:31:37 An Improper Access Control vulnerability [CWE-284] in FortiClient Windows versio
CVE-2024-33504 4.1 0.04% 1 0 2025-02-11T18:31:37 A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [C
CVE-2024-47908 9.1 0.04% 2 0 2025-02-11T18:31:37 OS command injection in the admin web console of Ivanti CSA before version 5.0.5
CVE-2024-11771 5.3 0.04% 2 0 2025-02-11T18:31:37 Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticate
CVE-2024-50569 6.6 0.04% 1 0 2025-02-11T18:31:35 A improper neutralization of special elements used in an os command ('os command
CVE-2025-21404 4.3 0.05% 1 0 2025-02-11T18:31:33 Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2019-15002 0 0.04% 1 0 2025-02-11T18:15:18.557000 An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4
CVE-2025-26493 4.6 0.04% 1 0 2025-02-11T15:32:31 In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on th
CVE-2025-1162 6.3 0.04% 2 0 2025-02-11T15:15:20.047000 A vulnerability classified as critical has been found in code-projects Job Recru
CVE-2025-1160 7.3 0.04% 2 0 2025-02-11T15:15:19.790000 A vulnerability was found in SourceCodester Employee Management System 1.0. It h
CVE-2024-52611 3.5 0.04% 1 0 2025-02-11T09:30:38 The SolarWinds Platform is vulnerable to an information disclosure vulnerability
CVE-2024-45718 4.6 0.04% 1 0 2025-02-11T09:30:38 Sensitive data could be exposed to non- privileged users in a configuration file
CVE-2024-52606 3.5 0.04% 1 0 2025-02-11T09:30:38 SolarWinds Platform is affected by server-side request forgery vulnerability. Pr
CVE-2025-25194 4.0 0.04% 2 0 2025-02-11T00:33:49 ### Summary This vulnerability allows a user to bypass any predefined hardcoded
CVE-2025-24970 7.5 0.04% 2 0 2025-02-11T00:33:48 ### Impact When a special crafted packet is received via SslHandler it doesn't c
CVE-2025-25193 5.5 0.04% 2 0 2025-02-11T00:33:48 ### Summary An unsafe reading of environment file could potentially cause a deni
CVE-2025-1159 3.5 0.04% 2 0 2025-02-11T00:31:58 A vulnerability was found in CampCodes School Management Software 1.0. It has be
CVE-2025-1158 6.3 0.08% 2 0 2025-02-11T00:31:58 A vulnerability was found in ESAFENET CDG 5.6.3.154.205_20250114. It has been cl
CVE-2025-1157 6.3 0.05% 4 0 2025-02-10T21:31:46 A vulnerability was found in Allims lab.online up to 20250201 and classified as
CVE-2025-1153 3.1 0.06% 4 0 2025-02-10T21:31:46 A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. A
CVE-2025-1002 5.7 0.04% 2 0 2025-02-10T21:31:45 MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update s
CVE-2025-1156 7.3 0.05% 2 0 2025-02-10T21:31:45 A vulnerability has been found in Pix Software Vivaz 6.0.10 and classified as cr
CVE-2025-1154 6.3 0.08% 4 0 2025-02-10T21:31:45 A vulnerability, which was classified as critical, has been found in xxyopen Nov
CVE-2025-1155 4.3 0.04% 4 0 2025-02-10T21:31:45 A vulnerability, which was classified as problematic, was found in Webkul QloApp
CVE-2024-8550 7.5 0.04% 4 0 2025-02-10T21:31:39 A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint
CVE-2025-1150 3.1 0.05% 4 0 2025-02-10T18:30:56 A vulnerability was found in GNU Binutils 2.43. It has been declared as problema
CVE-2025-1151 3.1 0.05% 4 0 2025-02-10T18:30:55 A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic
CVE-2025-1152 3.1 0.05% 4 0 2025-02-10T18:30:55 A vulnerability classified as problematic has been found in GNU Binutils 2.43. A
CVE-2025-25187 7.8 0.04% 2 0 2025-02-10T18:15:35.703000 Joplin is a free, open source note taking and to-do application, which can handl
CVE-2025-24366 7.5 0.04% 2 0 2025-02-10T17:01:47 ### Impact SFTPGo supports execution of a defined set of commands via SSH. Besid
CVE-2024-10334 7.3 0.04% 1 0 2025-02-10T15:32:27 A vulnerability exists in the VideONet product included in the listed System 800
CVE-2024-13440 7.5 0.09% 2 0 2025-02-09T06:30:57 The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via t
CVE-2025-0445 5.4 0.04% 1 0 2025-02-08T00:33:21 Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote at
CVE-2025-0444 6.3 0.04% 1 0 2025-02-08T00:33:21 Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote
CVE-2025-1113 6.3 0.04% 2 0 2025-02-08T00:32:26 A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as
CVE-2025-1114 3.5 0.04% 2 0 2025-02-08T00:32:20 A vulnerability classified as problematic has been found in newbee-mall 1.0. Aff
CVE-2025-0451 6.3 0.04% 1 0 2025-02-08T00:32:20 Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6
CVE-2024-57357 8.0 0.04% 2 0 2025-02-07T23:15:14.550000 An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a r
CVE-2024-57279 5.4 0.04% 2 0 2025-02-07T23:15:14.400000 A reflected Cross-Site Scripting (XSS) vulnerability has been identified in the
CVE-2024-57278 5.4 0.04% 2 0 2025-02-07T23:15:14.230000 A reflected Cross-Site Scripting (XSS) vulnerability exists in /webscan/sqlmap/i
CVE-2021-27017 6.6 0.04% 2 0 2025-02-07T21:31:06 Utilization of a module presented a security risk by allowing the deserializatio
CVE-2025-25183 2.6 0.04% 2 0 2025-02-07T20:15:34.083000 vLLM is a high-throughput and memory-efficient inference and serving engine for
CVE-2025-1106 5.4 0.07% 4 0 2025-02-07T19:15:24.613000 A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This a
CVE-2025-0411 7.0 2.73% 8 2 2025-02-07T18:32:19 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote att
CVE-2024-7425 6.8 0.05% 4 0 2025-02-07T18:31:29 The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modific
CVE-2024-9664 7.2 0.05% 4 0 2025-02-07T18:31:28 The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection
CVE-2022-26389 7.7 0.04% 2 0 2025-02-07T18:31:28 An improper access control vulnerability may allow privilege escalation.This iss
CVE-2022-26388 6.4 0.04% 2 0 2025-02-07T18:31:28 A use of hard-coded password vulnerability may allow authentication abuse.This i
CVE-2025-1105 4.3 0.05% 4 0 2025-02-07T18:15:28.433000 A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problemati
CVE-2025-1104 7.3 0.06% 4 0 2025-02-07T17:15:31.477000 A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as criti
CVE-2025-1103 6.5 0.04% 4 0 2025-02-07T16:15:39.973000 A vulnerability, which was classified as problematic, was found in D-Link DIR-82
CVE-2024-9661 4.3 0.05% 4 0 2025-02-07T16:15:39.263000 The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request F
CVE-2024-10383 8.7 0.04% 2 0 2025-02-07T15:32:44 An issue has been discovered in the gitlab-web-ide-vscode-fork component distrib
CVE-2025-1108 8.6 0.04% 4 0 2025-02-07T14:15:48.530000 Insufficient data authenticity verification vulnerability in Janto, versions pri
CVE-2025-1107 9.9 0.04% 4 0 2025-02-07T14:15:48.343000 Unverified password change vulnerability in Janto, versions prior to r12. This c
CVE-2025-25154 7.1 0.04% 2 0 2025-02-07T12:31:26 Cross-Site Request Forgery (CSRF) vulnerability in scweber Custom Comment Notifi
CVE-2025-25155 7.5 0.04% 2 0 2025-02-07T12:31:26 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v
CVE-2025-25156 7.1 0.04% 2 0 2025-02-07T12:31:26 Cross-Site Request Forgery (CSRF) vulnerability in Stanko Metodiev Quote Comment
CVE-2025-25167 8.2 0.09% 2 0 2025-02-07T12:31:26 Missing Authorization vulnerability in blackandwhitedigital BookPress – For Book
CVE-2025-25140 7.1 0.04% 2 0 2025-02-07T12:31:26 Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profi
CVE-2025-25151 8.5 0.04% 2 0 2025-02-07T12:31:26 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2025-25152 7.1 0.04% 2 0 2025-02-07T12:31:26 Cross-Site Request Forgery (CSRF) vulnerability in LukaszWiecek Smart DoFollow a
CVE-2025-25148 7.1 0.04% 2 0 2025-02-07T12:31:26 Cross-Site Request Forgery (CSRF) vulnerability in ElbowRobo Read More Copy Link
CVE-2025-25159 7.1 0.04% 2 0 2025-02-07T12:31:26 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
CVE-2025-25160 7.1 0.05% 2 0 2025-02-07T12:31:26 Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker all
CVE-2025-25168 7.1 0.05% 2 0 2025-02-07T12:31:25 Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigital BookPres
CVE-2025-25166 7.1 0.05% 2 0 2025-02-07T12:31:25 Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation all
CVE-2025-25153 7.1 0.04% 2 0 2025-02-07T12:31:25 Cross-Site Request Forgery (CSRF) vulnerability in djjmz Simple Auto Tag allows
CVE-2025-25147 7.1 0.04% 2 0 2025-02-07T12:31:25 Cross-Site Request Forgery (CSRF) vulnerability in Phillip.Gooch Auto SEO allows
CVE-2025-25149 7.1 0.04% 2 0 2025-02-07T12:31:25 Cross-Site Request Forgery (CSRF) vulnerability in Danillo Nunes Login-box allow
CVE-2025-25163 7.5 0.09% 2 0 2025-02-07T12:31:25 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v
CVE-2025-1083 3.1 0.05% 4 0 2025-02-07T03:32:09 A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考
CVE-2025-21342 8.8 0.13% 1 0 2025-02-07T03:32:09 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2025-21283 6.5 0.13% 1 0 2025-02-07T03:32:09 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2025-21408 8.8 0.13% 1 0 2025-02-07T03:32:09 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2025-21177 8.7 0.09% 1 0 2025-02-07T03:32:09 Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 Sales allows an aut
CVE-2025-21253 5.3 0.06% 1 0 2025-02-07T03:32:09 Microsoft Edge for IOS and Android Spoofing Vulnerability
CVE-2025-0674 9.8 0.04% 1 0 2025-02-07T03:32:09 Multiple Elber products are affected by an authentication bypass vulnerability
CVE-2025-0675 7.5 0.04% 1 0 2025-02-07T03:32:09 Multiple Elber products suffer from an unauthenticated device configuration and
CVE-2025-1082 3.5 0.07% 4 0 2025-02-07T03:32:08 A vulnerability classified as problematic has been found in Mindskip xzs-mysql 学
CVE-2025-21279 6.5 0.13% 1 0 2025-02-07T03:32:08 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2025-21267 4.4 0.06% 1 0 2025-02-07T03:32:08 Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-21413 9.8 2.25% 6 17 2025-02-07T02:00:02.403000 Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-0725 7.3 0.04% 3 0 2025-02-06T21:32:10 When libcurl is asked to perform automatic gzip decompression of content-encoded
CVE-2025-1081 3.1 0.05% 4 0 2025-02-06T21:15:23.120000 A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has
CVE-2025-0158 5.5 0.04% 4 0 2025-02-06T21:15:21.923000 IBM EntireX 11.1 could allow a local user to cause a denial of service due to an
CVE-2024-27137 5.3 0.04% 1 0 2025-02-06T21:15:20.997000 In Apache Cassandra it is possible for a local attacker without access to the A
CVE-2025-24860 5.4 0.04% 1 0 2025-02-06T20:15:41.030000 Incorrect Authorization vulnerability in Apache Cassandra allowing users to acce
CVE-2022-23748 7.8 0.29% 3 0 2025-02-06T18:32:07 mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly
CVE-2025-1078 5.3 0.04% 4 0 2025-02-06T18:31:11 A vulnerability has been found in AppHouseKitchen AlDente Charge Limiter up to 1
CVE-2024-7595 6.5 0.04% 1 2 2025-02-06T18:31:05 GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a netwo
CVE-2020-29574 9.8 5.32% 3 0 2025-02-06T18:30:59 An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04
CVE-2020-15069 9.8 7.51% 3 0 2025-02-06T18:30:59 Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote c
CVE-2025-25181 5.8 0.04% 3 0 2025-02-06T18:15:33.030000 A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore throug
CVE-2024-57968 9.9 0.04% 3 0 2025-02-06T18:15:32.287000 Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload
CVE-2023-5878 9.1 0.04% 1 0 2025-02-06T15:33:54 Honeywell OneWireless Wireless Device Manager (WDM) for the following versions
CVE-2024-53104 7.8 0.14% 6 0 2025-02-06T02:00:02.120000 In the Linux kernel, the following vulnerability has been resolved: media: uvcv
CVE-2025-23419 4.3 0.04% 4 0 2025-02-05T21:33:37 When multiple server blocks are configured to share the same IP address and port
CVE-2024-56135 8.5 0.04% 1 0 2025-02-05T18:34:52 Improper Input Validation vulnerability of Authenticated User in Progress LoadMa
CVE-2024-56134 8.5 0.04% 1 0 2025-02-05T18:34:52 Improper Input Validation vulnerability of Authenticated User in Progress LoadMa
CVE-2024-56132 8.5 0.04% 1 0 2025-02-05T18:34:52 Improper Input Validation vulnerability of Authenticated User in Progress LoadMa
CVE-2024-56133 8.5 0.04% 1 0 2025-02-05T18:34:52 Improper Input Validation vulnerability of Authenticated User in Progress LoadMa
CVE-2025-20124 9.9 0.05% 2 0 2025-02-05T18:34:52 A vulnerability in an API of Cisco ISE could allow an authenticated, remote atta
CVE-2025-20175 7.7 0.04% 1 0 2025-02-05T18:34:52 A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Sof
CVE-2025-20179 6.1 0.05% 1 0 2025-02-05T18:34:52 A vulnerability in the web-based management interface of Cisco Expressway Series
CVE-2025-20176 7.7 0.04% 1 0 2025-02-05T18:34:52 A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Sof
CVE-2025-20170 7.7 0.04% 1 0 2025-02-05T18:34:52 A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Sof
CVE-2024-56131 8.5 0.04% 1 0 2025-02-05T18:34:46 Improper Input Validation vulnerability of Authenticated User in Progress LoadMa
CVE-2025-20204 4.8 0.04% 1 0 2025-02-05T18:34:46 A vulnerability in the web-based management interface of Cisco Identity Services
CVE-2025-20207 4.3 0.04% 1 0 2025-02-05T18:34:46 A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco S
CVE-2025-20205 4.8 0.04% 1 0 2025-02-05T18:34:46 A vulnerability in the web-based management interface of Cisco Identity Services
CVE-2025-20125 9.1 0.04% 2 0 2025-02-05T18:34:45 A vulnerability in an API of Cisco ISE could allow an authenticated, remote atta
CVE-2025-20173 7.7 0.04% 1 0 2025-02-05T18:34:45 A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Sof
CVE-2025-20174 7.7 0.04% 1 0 2025-02-05T18:34:45 A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Sof
CVE-2025-20171 7.7 0.04% 1 0 2025-02-05T18:34:45 A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Sof
CVE-2025-20172 7.7 0.04% 1 0 2025-02-05T18:34:45 A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Softwa
CVE-2025-20183 5.8 0.05% 1 0 2025-02-05T17:15:25.527000 A vulnerability in a policy-based Cisco Application Visibility and Control (AVC)
CVE-2025-20180 4.8 0.04% 1 0 2025-02-05T17:15:25.370000 A vulnerability in the web-based management interface of Cisco AsyncOS Software
CVE-2025-20169 7.7 0.04% 1 0 2025-02-05T17:15:22.777000 A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Sof
CVE-2024-45195 7.5 71.15% 3 0 template 2025-02-05T03:33:14 Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue af
CVE-2025-23114 9.0 0.04% 5 0 2025-02-05T03:32:19 A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to
CVE-2025-25064 9.8 0.04% 1 0 2025-02-04T18:31:56 SQL injection vulnerability in the ZimbraSyncService SOAP endpoint in Zimbra Col
CVE-2018-9276 7.2 81.10% 3 3 2025-02-04T18:31:44 An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who
CVE-2018-19410 9.8 4.91% 3 1 2025-02-04T18:31:44 PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers
CVE-2024-40891 8.8 4.13% 5 0 2025-02-04T12:31:04 **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerabil
CVE-2024-40890 8.8 4.13% 5 0 2025-02-04T12:31:03 **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerabil
CVE-2025-0890 9.8 0.09% 1 0 2025-02-04T11:15:08.880000 **UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet functi
CVE-2024-57726 8.8 0.05% 1 0 2025-01-31T21:33:50 SimpleHelp remote support software v5.5.7 and before has a vulnerability that al
CVE-2024-57728 7.2 0.05% 1 0 2025-01-31T21:33:50 SimpleHelp remote support software v5.5.7 and before allows admin users to uploa
CVE-2025-0683 5.9 0.04% 1 0 2025-01-31T18:32:12 In its default configuration, the affected product transmits plain-text patient
CVE-2025-0626 7.5 0.04% 2 0 2025-01-31T17:15:16.323000 Contec Health CMS8000 Patient Monitor sends out remote access requests to a hard
CVE-2024-52875 8.8 0.05% 2 0 template 2025-01-31T09:31:57 An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET p
CVE-2025-24085 7.8 0.21% 1 1 2025-01-30T02:00:02.057000 A use after free issue was addressed with improved memory management. This issue
CVE-2025-0282 9.1 15.32% 2 10 2025-01-28T18:32:27 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5,
CVE-2024-13176 4.1 0.04% 2 0 2025-01-27T21:32:01 Issue summary: A timing side-channel which could potentially allow recovering th
CVE-2025-21298 9.8 0.05% 1 1 2025-01-24T21:48:49.880000 Windows OLE Remote Code Execution Vulnerability
CVE-2025-0693 5.3 0.04% 2 0 2025-01-23T22:15:15.397000 Variable response times in the AWS Sign-in IAM user login flow allowed for the u
CVE-2024-55957 7.8 0.04% 1 0 2025-01-23T15:32:07 In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instru
CVE-2024-55591 9.8 2.63% 5 10 2025-01-23T02:00:02.310000 An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-2
CVE-2024-9310 None 0.04% 1 0 2025-01-22T21:31:03 By utilizing software-defined radios and a custom low-latency processing pipelin
CVE-2024-11166 None 0.04% 1 0 2025-01-22T21:31:03 For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-
CVE-2025-23369 None 0.04% 2 2 2025-01-21T21:30:54 An improper verification of cryptographic signature vulnerability was identified
CVE-2025-21293 8.8 0.05% 2 0 2025-01-14T18:32:14 Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2024-46668 7.5 0.05% 1 0 2025-01-14T15:31:03 An allocation of resources without limits or throttling vulnerability [CWE-770]
CVE-2024-46666 5.3 0.04% 1 0 2025-01-14T15:31:02 An allocation of resources without limits or throttling [CWE-770] vulnerability
CVE-2024-53704 9.8 0.04% 4 1 2025-01-09T15:32:57 An Improper Authentication vulnerability in the SSLVPN authentication mechanism
CVE-2024-12754 5.5 0.04% 1 0 2024-12-30T18:30:49 AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability
CVE-2024-38856 8.1 95.01% 1 10 template 2024-12-20T18:31:30 Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apach
CVE-2024-10573 6.7 0.04% 1 0 2024-12-18T09:31:35 An out-of-bounds write flaw was found in mpg123 when handling crafted streams. W
CVE-2024-49138 7.8 0.05% 1 3 2024-12-12T03:33:06 Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-9474 7.2 97.48% 1 8 template 2024-11-29T18:35:05 A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allow
CVE-2024-0012 9.8 97.00% 1 10 template 2024-11-29T18:34:02 An authentication bypass in Palo Alto Networks PAN-OS software enables an unauth
CVE-2024-8856 9.8 0.13% 1 2 template 2024-11-21T16:15:27.633000 The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to
CVE-2024-7264 6.5 0.06% 1 0 2024-11-21T09:51:10.360000 libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an A
CVE-2024-37313 7.3 0.04% 1 0 2024-11-21T09:23:35.390000 Nextcloud server is a self hosted personal cloud system. Under some circumstance
CVE-2024-20696 7.3 0.22% 1 1 2024-11-21T08:52:56.870000 Windows libarchive Remote Code Execution Vulnerability
CVE-2020-13946 5.9 0.07% 1 0 2024-11-21T05:02:12.400000 In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.
CVE-2024-50089 5.5 0.04% 1 0 2024-11-13T18:32:54 In the Linux kernel, the following vulnerability has been resolved: unicode: Do
CVE-2024-0132 9.1 0.09% 4 2 2024-10-29T19:48:12 NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use
CVE-2024-39713 8.6 0.52% 1 1 template 2024-09-06T17:35:12.380000 A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoi
CVE-2024-7646 8.8 0.04% 1 2 2024-08-16T18:31:08 A security issue was discovered in ingress-nginx where an actor with permission
CVE-2024-41710 6.8 0.04% 6 0 2024-08-14T21:34:16 A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phon
CVE-2024-5261 None 0.04% 1 0 2024-06-25T15:31:12 Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mo
CVE-2020-10136 5.3 2.49% 1 2 2024-06-18T00:32:28 Multiple products that implement the IP Encapsulation within IP standard (RFC 20
CVE-2024-29059 7.5 69.15% 3 1 template 2024-04-05T00:31:27 .NET Framework Information Disclosure Vulnerability
CVE-2020-13393 None 0.80% 1 0 2023-01-29T05:02:45 An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.
CVE-2022-26118 6.7 0.04% 1 0 2023-01-27T05:06:25 A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6
CVE-2024-55630 0 0.04% 2 0 N/A
CVE-2025-24028 0 0.04% 2 0 N/A
CVE-2025-0998 0 0.00% 2 0 N/A
CVE-2025-0996 0 0.00% 2 0 N/A
CVE-2025-0997 0 0.00% 2 0 N/A
CVE-2025-0995 0 0.00% 2 0 N/A
CVE-2025-0112 0 0.00% 2 0 N/A
CVE-2025-24016 0 0.04% 3 0 N/A
CVE-2024-24472 0 0.00% 2 0 N/A
CVE-2024-40585 0 0.00% 1 0 N/A
CVE-2025-24032 0 0.04% 1 0 N/A
CVE-2024-56161 0 0.04% 2 0 N/A
CVE-2024-20185 0 0.00% 1 0 N/A
CVE-2024-20184 0 0.00% 1 0 N/A

CVE-2025-0903
(7.8 HIGH)

EPSS: 0.04%

updated 2025-02-12T21:32:59

4 posts

PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RT

CVE-2025-0108(CVSS UNKNOWN)

EPSS: 0.00%

updated 2025-02-12T21:32:02

6 posts

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality

screaminggoat at 2025-02-12T18:35:46.512Z ##

Assetnote: Nginx/Apache Path Confusion to Auth Bypass in PAN-OS (CVE-2025-0108)
If I'm reading this correctly, Assetnote dropped vulnerability details and proof of concept for CVE-2025-0108 (CVSSv4: 8.8 high) PAN-OS: Authentication Bypass in the Management Web Interface. They are describing this as a zero-day auth bypass, but it should be called "patch bypass." See related PAN security advisory.

Fun operational mistake: Assetnote wrote This vulnerability was fixed in versions xx and yy and assigned CVE zz. in their conclusion.

##

screaminggoat@infosec.exchange at 2025-02-12T18:35:46.000Z ##

Assetnote: Nginx/Apache Path Confusion to Auth Bypass in PAN-OS (CVE-2025-0108)
If I'm reading this correctly, Assetnote dropped vulnerability details and proof of concept for CVE-2025-0108 (CVSSv4: 8.8 high) PAN-OS: Authentication Bypass in the Management Web Interface. They are describing this as a zero-day auth bypass, but it should be called "patch bypass." See related PAN security advisory.

Fun operational mistake: Assetnote wrote This vulnerability was fixed in versions xx and yy and assigned CVE zz. in their conclusion.

#paloaltonetworks #CVE_2025_0108 #infosec #vulnerability #cve #cybersecurity #poc #proofofconcept

##

screaminggoat at 2025-02-12T18:35:46.512Z ##

Assetnote: Nginx/Apache Path Confusion to Auth Bypass in PAN-OS (CVE-2025-0108)
If I'm reading this correctly, Assetnote dropped vulnerability details and proof of concept for CVE-2025-0108 (CVSSv4: 8.8 high) PAN-OS: Authentication Bypass in the Management Web Interface. They are describing this as a zero-day auth bypass, but it should be called "patch bypass." See related PAN security advisory.

Fun operational mistake: Assetnote wrote This vulnerability was fixed in versions xx and yy and assigned CVE zz. in their conclusion.

##

screaminggoat@infosec.exchange at 2025-02-12T18:35:46.000Z ##

Assetnote: Nginx/Apache Path Confusion to Auth Bypass in PAN-OS (CVE-2025-0108)
If I'm reading this correctly, Assetnote dropped vulnerability details and proof of concept for CVE-2025-0108 (CVSSv4: 8.8 high) PAN-OS: Authentication Bypass in the Management Web Interface. They are describing this as a zero-day auth bypass, but it should be called "patch bypass." See related PAN security advisory.

Fun operational mistake: Assetnote wrote This vulnerability was fixed in versions xx and yy and assigned CVE zz. in their conclusion.

#paloaltonetworks #CVE_2025_0108 #infosec #vulnerability #cve #cybersecurity #poc #proofofconcept

##

screaminggoat at 2025-02-12T17:49:45.452Z ##

Happy from Palo Alto Networks (LIKELY ZERO-DAYS):
(Note: PAN likes to downplay severity by showing the base + threat metrics CVSSv4 score. I listed base score only)

  1. CVE-2025-0113 (CVSSv4.0: 7.6 high) Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers
  2. CVE-2025-0112 (CVSSv4: 6.8 medium) Cortex XDR Agent: Local Windows User Can Disable the Agent
  3. CVE-2025-0110 (CVSSv4.0: 8.6 high) PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin
    • Exploit Maturity: POC 🤔
  4. PAN-SA-2025-0005 GlobalProtect Clientless VPN: Same-Origin Policy Does Not Apply When Using Clientless VPN
  5. PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025) (multiple CVEs)
  6. CVE-2025-0109 (CVSSv4: 6.9 medium) PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface
    • Exploit Maturity: POC 🤔
  7. CVE-2025-0111 (CVSSv4: 7.1 high) PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface
  8. EDIT: NEW! CVE-2025-0108 (CVSSv4: 8.8 high) PAN-OS: Authentication Bypass in the Management Web Interface

Palo Alto Networks is not aware of any malicious exploitation of this issue.

My new concern is whether I should say for CVE-2025-0110 and 0109. Based on the First criteria for Exploit Maturity:

Based on threat intelligence sources each of the following must apply:

  • Proof-of-concept is publicly available
  • No knowledge of reported attempts to exploit this vulnerability
  • No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability

##

screaminggoat@infosec.exchange at 2025-02-12T17:49:45.000Z ##

Happy #PatchTuesday from Palo Alto Networks (LIKELY ZERO-DAYS):
(Note: PAN likes to downplay severity by showing the base + threat metrics CVSSv4 score. I listed base score only)

  1. CVE-2025-0113 (CVSSv4.0: 7.6 high) Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers
  2. CVE-2025-0112 (CVSSv4: 6.8 medium) Cortex XDR Agent: Local Windows User Can Disable the Agent
  3. CVE-2025-0110 (CVSSv4.0: 8.6 high) PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin
    • Exploit Maturity: POC 🤔
  4. PAN-SA-2025-0005 GlobalProtect Clientless VPN: Same-Origin Policy Does Not Apply When Using Clientless VPN
  5. PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025) (multiple CVEs)
  6. CVE-2025-0109 (CVSSv4: 6.9 medium) PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface
    • Exploit Maturity: POC 🤔
  7. CVE-2025-0111 (CVSSv4: 7.1 high) PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface
  8. EDIT: NEW! CVE-2025-0108 (CVSSv4: 8.8 high) PAN-OS: Authentication Bypass in the Management Web Interface

Palo Alto Networks is not aware of any malicious exploitation of this issue.

My new concern is whether I should say #zeroday for CVE-2025-0110 and 0109. Based on the First criteria for Exploit Maturity:

Based on threat intelligence sources each of the following must apply:

  • Proof-of-concept is publicly available
  • No knowledge of reported attempts to exploit this vulnerability
  • No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability

#paloaltonetworks #infosec #vulnerability #cve #cybersecurity #poc #proofofconcept

##

CVE-2025-1215
(2.8 LOW)

EPSS: 0.00%

updated 2025-02-12T21:32:02

2 posts

A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is rec

cR0w at 2025-02-12T20:45:10.899Z ##

@reverseics @neurovagrant There, in a show of goodwill and fairness, here's a fresh CVE for vim: nvd.nist.gov/vuln/detail/CVE-2

The vuln's not much ( or anything, really ), but when vim is that much better than emacs in general, what can you expect? 😉

##

cR0w@infosec.exchange at 2025-02-12T20:45:10.000Z ##

@reverseics @neurovagrant There, in a show of goodwill and fairness, here's a fresh CVE for vim: nvd.nist.gov/vuln/detail/CVE-2

The vuln's not much ( or anything, really ), but when vim is that much better than emacs in general, what can you expect? 😉

##

CVE-2025-0113(CVSS UNKNOWN)

EPSS: 0.00%

updated 2025-02-12T21:32:02

2 posts

A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server.

screaminggoat at 2025-02-12T17:49:45.452Z ##

Happy from Palo Alto Networks (LIKELY ZERO-DAYS):
(Note: PAN likes to downplay severity by showing the base + threat metrics CVSSv4 score. I listed base score only)

  1. CVE-2025-0113 (CVSSv4.0: 7.6 high) Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers
  2. CVE-2025-0112 (CVSSv4: 6.8 medium) Cortex XDR Agent: Local Windows User Can Disable the Agent
  3. CVE-2025-0110 (CVSSv4.0: 8.6 high) PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin
    • Exploit Maturity: POC 🤔
  4. PAN-SA-2025-0005 GlobalProtect Clientless VPN: Same-Origin Policy Does Not Apply When Using Clientless VPN
  5. PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025) (multiple CVEs)
  6. CVE-2025-0109 (CVSSv4: 6.9 medium) PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface
    • Exploit Maturity: POC 🤔
  7. CVE-2025-0111 (CVSSv4: 7.1 high) PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface
  8. EDIT: NEW! CVE-2025-0108 (CVSSv4: 8.8 high) PAN-OS: Authentication Bypass in the Management Web Interface

Palo Alto Networks is not aware of any malicious exploitation of this issue.

My new concern is whether I should say for CVE-2025-0110 and 0109. Based on the First criteria for Exploit Maturity:

Based on threat intelligence sources each of the following must apply:

  • Proof-of-concept is publicly available
  • No knowledge of reported attempts to exploit this vulnerability
  • No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability

##

screaminggoat@infosec.exchange at 2025-02-12T17:49:45.000Z ##

Happy #PatchTuesday from Palo Alto Networks (LIKELY ZERO-DAYS):
(Note: PAN likes to downplay severity by showing the base + threat metrics CVSSv4 score. I listed base score only)

  1. CVE-2025-0113 (CVSSv4.0: 7.6 high) Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers
  2. CVE-2025-0112 (CVSSv4: 6.8 medium) Cortex XDR Agent: Local Windows User Can Disable the Agent
  3. CVE-2025-0110 (CVSSv4.0: 8.6 high) PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin
    • Exploit Maturity: POC 🤔
  4. PAN-SA-2025-0005 GlobalProtect Clientless VPN: Same-Origin Policy Does Not Apply When Using Clientless VPN
  5. PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025) (multiple CVEs)
  6. CVE-2025-0109 (CVSSv4: 6.9 medium) PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface
    • Exploit Maturity: POC 🤔
  7. CVE-2025-0111 (CVSSv4: 7.1 high) PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface
  8. EDIT: NEW! CVE-2025-0108 (CVSSv4: 8.8 high) PAN-OS: Authentication Bypass in the Management Web Interface

Palo Alto Networks is not aware of any malicious exploitation of this issue.

My new concern is whether I should say #zeroday for CVE-2025-0110 and 0109. Based on the First criteria for Exploit Maturity:

Based on threat intelligence sources each of the following must apply:

  • Proof-of-concept is publicly available
  • No knowledge of reported attempts to exploit this vulnerability
  • No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability

#paloaltonetworks #infosec #vulnerability #cve #cybersecurity #poc #proofofconcept

##

CVE-2025-0111(CVSS UNKNOWN)

EPSS: 0.00%

updated 2025-02-12T21:32:02

2 posts

An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to

screaminggoat at 2025-02-12T17:49:45.452Z ##

Happy from Palo Alto Networks (LIKELY ZERO-DAYS):
(Note: PAN likes to downplay severity by showing the base + threat metrics CVSSv4 score. I listed base score only)

  1. CVE-2025-0113 (CVSSv4.0: 7.6 high) Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers
  2. CVE-2025-0112 (CVSSv4: 6.8 medium) Cortex XDR Agent: Local Windows User Can Disable the Agent
  3. CVE-2025-0110 (CVSSv4.0: 8.6 high) PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin
    • Exploit Maturity: POC 🤔
  4. PAN-SA-2025-0005 GlobalProtect Clientless VPN: Same-Origin Policy Does Not Apply When Using Clientless VPN
  5. PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025) (multiple CVEs)
  6. CVE-2025-0109 (CVSSv4: 6.9 medium) PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface
    • Exploit Maturity: POC 🤔
  7. CVE-2025-0111 (CVSSv4: 7.1 high) PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface
  8. EDIT: NEW! CVE-2025-0108 (CVSSv4: 8.8 high) PAN-OS: Authentication Bypass in the Management Web Interface

Palo Alto Networks is not aware of any malicious exploitation of this issue.

My new concern is whether I should say for CVE-2025-0110 and 0109. Based on the First criteria for Exploit Maturity:

Based on threat intelligence sources each of the following must apply:

  • Proof-of-concept is publicly available
  • No knowledge of reported attempts to exploit this vulnerability
  • No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability

##

screaminggoat@infosec.exchange at 2025-02-12T17:49:45.000Z ##

Happy #PatchTuesday from Palo Alto Networks (LIKELY ZERO-DAYS):
(Note: PAN likes to downplay severity by showing the base + threat metrics CVSSv4 score. I listed base score only)

  1. CVE-2025-0113 (CVSSv4.0: 7.6 high) Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers
  2. CVE-2025-0112 (CVSSv4: 6.8 medium) Cortex XDR Agent: Local Windows User Can Disable the Agent
  3. CVE-2025-0110 (CVSSv4.0: 8.6 high) PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin
    • Exploit Maturity: POC 🤔
  4. PAN-SA-2025-0005 GlobalProtect Clientless VPN: Same-Origin Policy Does Not Apply When Using Clientless VPN
  5. PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025) (multiple CVEs)
  6. CVE-2025-0109 (CVSSv4: 6.9 medium) PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface
    • Exploit Maturity: POC 🤔
  7. CVE-2025-0111 (CVSSv4: 7.1 high) PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface
  8. EDIT: NEW! CVE-2025-0108 (CVSSv4: 8.8 high) PAN-OS: Authentication Bypass in the Management Web Interface

Palo Alto Networks is not aware of any malicious exploitation of this issue.

My new concern is whether I should say #zeroday for CVE-2025-0110 and 0109. Based on the First criteria for Exploit Maturity:

Based on threat intelligence sources each of the following must apply:

  • Proof-of-concept is publicly available
  • No knowledge of reported attempts to exploit this vulnerability
  • No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability

#paloaltonetworks #infosec #vulnerability #cve #cybersecurity #poc #proofofconcept

##

CVE-2025-0109(CVSS UNKNOWN)

EPSS: 0.00%

updated 2025-02-12T21:32:02

2 posts

An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files. You can greatly reduce the risk of this issue by restricting access to th

screaminggoat at 2025-02-12T17:49:45.452Z ##

Happy from Palo Alto Networks (LIKELY ZERO-DAYS):
(Note: PAN likes to downplay severity by showing the base + threat metrics CVSSv4 score. I listed base score only)

  1. CVE-2025-0113 (CVSSv4.0: 7.6 high) Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers
  2. CVE-2025-0112 (CVSSv4: 6.8 medium) Cortex XDR Agent: Local Windows User Can Disable the Agent
  3. CVE-2025-0110 (CVSSv4.0: 8.6 high) PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin
    • Exploit Maturity: POC 🤔
  4. PAN-SA-2025-0005 GlobalProtect Clientless VPN: Same-Origin Policy Does Not Apply When Using Clientless VPN
  5. PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025) (multiple CVEs)
  6. CVE-2025-0109 (CVSSv4: 6.9 medium) PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface
    • Exploit Maturity: POC 🤔
  7. CVE-2025-0111 (CVSSv4: 7.1 high) PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface
  8. EDIT: NEW! CVE-2025-0108 (CVSSv4: 8.8 high) PAN-OS: Authentication Bypass in the Management Web Interface

Palo Alto Networks is not aware of any malicious exploitation of this issue.

My new concern is whether I should say for CVE-2025-0110 and 0109. Based on the First criteria for Exploit Maturity:

Based on threat intelligence sources each of the following must apply:

  • Proof-of-concept is publicly available
  • No knowledge of reported attempts to exploit this vulnerability
  • No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability

##

screaminggoat@infosec.exchange at 2025-02-12T17:49:45.000Z ##

Happy #PatchTuesday from Palo Alto Networks (LIKELY ZERO-DAYS):
(Note: PAN likes to downplay severity by showing the base + threat metrics CVSSv4 score. I listed base score only)

  1. CVE-2025-0113 (CVSSv4.0: 7.6 high) Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers
  2. CVE-2025-0112 (CVSSv4: 6.8 medium) Cortex XDR Agent: Local Windows User Can Disable the Agent
  3. CVE-2025-0110 (CVSSv4.0: 8.6 high) PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin
    • Exploit Maturity: POC 🤔
  4. PAN-SA-2025-0005 GlobalProtect Clientless VPN: Same-Origin Policy Does Not Apply When Using Clientless VPN
  5. PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025) (multiple CVEs)
  6. CVE-2025-0109 (CVSSv4: 6.9 medium) PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface
    • Exploit Maturity: POC 🤔
  7. CVE-2025-0111 (CVSSv4: 7.1 high) PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface
  8. EDIT: NEW! CVE-2025-0108 (CVSSv4: 8.8 high) PAN-OS: Authentication Bypass in the Management Web Interface

Palo Alto Networks is not aware of any malicious exploitation of this issue.

My new concern is whether I should say #zeroday for CVE-2025-0110 and 0109. Based on the First criteria for Exploit Maturity:

Based on threat intelligence sources each of the following must apply:

  • Proof-of-concept is publicly available
  • No knowledge of reported attempts to exploit this vulnerability
  • No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability

#paloaltonetworks #infosec #vulnerability #cve #cybersecurity #poc #proofofconcept

##

CVE-2025-0110(CVSS UNKNOWN)

EPSS: 0.00%

updated 2025-02-12T21:32:02

2 posts

A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary commands. The commands are run as the “__openconfig” user (which has the Device Administrator role) on the firewall. You can greatly reduce the risk

screaminggoat at 2025-02-12T17:49:45.452Z ##

Happy from Palo Alto Networks (LIKELY ZERO-DAYS):
(Note: PAN likes to downplay severity by showing the base + threat metrics CVSSv4 score. I listed base score only)

  1. CVE-2025-0113 (CVSSv4.0: 7.6 high) Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers
  2. CVE-2025-0112 (CVSSv4: 6.8 medium) Cortex XDR Agent: Local Windows User Can Disable the Agent
  3. CVE-2025-0110 (CVSSv4.0: 8.6 high) PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin
    • Exploit Maturity: POC 🤔
  4. PAN-SA-2025-0005 GlobalProtect Clientless VPN: Same-Origin Policy Does Not Apply When Using Clientless VPN
  5. PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025) (multiple CVEs)
  6. CVE-2025-0109 (CVSSv4: 6.9 medium) PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface
    • Exploit Maturity: POC 🤔
  7. CVE-2025-0111 (CVSSv4: 7.1 high) PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface
  8. EDIT: NEW! CVE-2025-0108 (CVSSv4: 8.8 high) PAN-OS: Authentication Bypass in the Management Web Interface

Palo Alto Networks is not aware of any malicious exploitation of this issue.

My new concern is whether I should say for CVE-2025-0110 and 0109. Based on the First criteria for Exploit Maturity:

Based on threat intelligence sources each of the following must apply:

  • Proof-of-concept is publicly available
  • No knowledge of reported attempts to exploit this vulnerability
  • No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability

##

screaminggoat@infosec.exchange at 2025-02-12T17:49:45.000Z ##

Happy #PatchTuesday from Palo Alto Networks (LIKELY ZERO-DAYS):
(Note: PAN likes to downplay severity by showing the base + threat metrics CVSSv4 score. I listed base score only)

  1. CVE-2025-0113 (CVSSv4.0: 7.6 high) Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers
  2. CVE-2025-0112 (CVSSv4: 6.8 medium) Cortex XDR Agent: Local Windows User Can Disable the Agent
  3. CVE-2025-0110 (CVSSv4.0: 8.6 high) PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin
    • Exploit Maturity: POC 🤔
  4. PAN-SA-2025-0005 GlobalProtect Clientless VPN: Same-Origin Policy Does Not Apply When Using Clientless VPN
  5. PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025) (multiple CVEs)
  6. CVE-2025-0109 (CVSSv4: 6.9 medium) PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface
    • Exploit Maturity: POC 🤔
  7. CVE-2025-0111 (CVSSv4: 7.1 high) PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface
  8. EDIT: NEW! CVE-2025-0108 (CVSSv4: 8.8 high) PAN-OS: Authentication Bypass in the Management Web Interface

Palo Alto Networks is not aware of any malicious exploitation of this issue.

My new concern is whether I should say #zeroday for CVE-2025-0110 and 0109. Based on the First criteria for Exploit Maturity:

Based on threat intelligence sources each of the following must apply:

  • Proof-of-concept is publicly available
  • No knowledge of reported attempts to exploit this vulnerability
  • No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability

#paloaltonetworks #infosec #vulnerability #cve #cybersecurity #poc #proofofconcept

##

CVE-2025-1146
(8.1 HIGH)

EPSS: 0.00%

updated 2025-02-12T21:32:01

8 posts

CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor where our TLS connection routine to the CrowdStrike cloud can incorrectly process server certificate validat

screaminggoat at 2025-02-12T19:04:52.566Z ##

Happy from CrowdStrike: CVE 2025-1146 - CrowdStrike Falcon Sensor for Linux TLS Issue
CVE-2025-1146 CrowdStrike Falcon Sensor for Linux TLS Issue:

CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor where our TLS connection routine to the CrowdStrike cloud can incorrectly process server certificate validation. This could allow an attacker with the ability to control network traffic to potentially conduct a man-in-the-middle (MiTM) attack.

CrowdStrike has no indication of any exploitation of this issue in the wild.

I want to note that ClownStrike does not have a date or timestamp on their security advisory. 🤡 h/t: @cR0w

##

cR0w at 2025-02-12T18:47:50.715Z ##

@screaminggoat I just saw it and only because I saw the CVE for it: CVE-2025-1146 . Sure would be nice for these assholes to date their shit like grown-ups but here we are.

##

screaminggoat at 2025-02-12T18:46:54.531Z ##

@cR0w yo what the fuck. when was this released?

EDIT: published today 2025-02-12
cve.org/CVERecord?id=CVE-2025-

##

cR0w at 2025-02-12T18:41:33.414Z ##

crowdstrike.com/security-advis

##

screaminggoat@infosec.exchange at 2025-02-12T19:04:52.000Z ##

Happy #PatchTuesday from CrowdStrike: CVE 2025-1146 - CrowdStrike Falcon Sensor for Linux TLS Issue
CVE-2025-1146 CrowdStrike Falcon Sensor for Linux TLS Issue:

CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor where our TLS connection routine to the CrowdStrike cloud can incorrectly process server certificate validation. This could allow an attacker with the ability to control network traffic to potentially conduct a man-in-the-middle (MiTM) attack.

CrowdStrike has no indication of any exploitation of this issue in the wild.

I want to note that ClownStrike does not have a date or timestamp on their security advisory. 🤡 h/t: @cR0w

#crowdstrike #crowdstrikefalcon #CVE_2025_1146 #cve #vulnerability #infosec #cybersecurity

##

cR0w@infosec.exchange at 2025-02-12T18:47:50.000Z ##

@screaminggoat I just saw it and only because I saw the CVE for it: CVE-2025-1146 . Sure would be nice for these assholes to date their shit like grown-ups but here we are.

##

screaminggoat@infosec.exchange at 2025-02-12T18:46:54.000Z ##

@cR0w yo what the fuck. when was this released?

EDIT: published today 2025-02-12
cve.org/CVERecord?id=CVE-2025-

##

cR0w@infosec.exchange at 2025-02-12T18:41:33.000Z ##

crowdstrike.com/security-advis

##

CVE-2025-0994
(8.8 HIGH)

EPSS: 5.58%

updated 2025-02-12T19:29:30.383000

15 posts

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.

1 repos

https://github.com/rxerium/CVE-2025-0994

threatcodex at 2025-02-10T18:51:40.328Z ##

Hackers exploiting bug in popular Trimble Cityworks tool used by local gov’ts

therecord.media/hackers-exploi

##

screaminggoat at 2025-02-07T19:41:53.303Z ##

CISA: Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software
CISA puts out a standalone security alert about Trimble Cityworks Server Asset Management System (AMS), which was exploited with zero-day CVE-2025-0994.

IOC:

4b7561e27c87a1895446d7f2b83e2d9fcf71e6d6e8bc99d4 4818dc39a6ff99d5
4ffc33bdc8527a2e8cb87e49cdc16c3b1480dfc135e507d552f581a67d1850a9
8a6c735f3608719ec9f46d9c6c5fc196db8c97065957c218b98733a491edd899
883d849b94238c26c57c0595ccb95b8c356628887b9a3628bf56e726332af925
151a71c43e63db802d41d5d715aa98eb1b236e0a6441076a8d30fd93990416b4
1de72c03927bcd2810ce98205ff871ef1ebf4344fba187e1 26e50caa1e43250b
14a072113baa0a1e1e2b6044068c7bc972ae5e541a0aec06577b0d6663140079
04dc3a16e1e2b4924943805a1cea5e402c4f2304c717ea21fdf43274b8c34a84
f09b51b759dfe7de06fa724bd89592f5b8eae57053d5fb4891e40f24055103fb
C:\windows\temp\z1.exe
C:\windows\temp\z2.exe
C:\windows\temp\z44.exe
C:\windows\temp\z55.exe
C:\Windows\Temp\UDGEZR.exe
C:\Windows\Temp\z55.exe_winpty\winpty-agent.exe
C:\Windows\Temp\z55.exe_winpty\winpty.dll
192.210.239[.]172:3219
192.210.239[.]172:4219
23.247.136[.]238
31.59.70[.]13
31.59.70[.]11
149.112.117[.]49
cdn[.]phototagx[.]com  
https[:]//cdn.lgaircon[.]xyz[:]443/jquery-3.3.1.min.js 
https[:]//192.210.239[.]172/messages/73KWf-o0-s0hxVCDJp1sfAHRcgdm7 
192.210.137[.]81 
192.210.183[.]118 
ifode[.]xyz 

##

screaminggoat at 2025-02-06T15:42:20.992Z ##

EXPLOITED ZERO-DAY: CISA: Trimble Cityworks
Now that it's public, I can confirm that CVE-2025-0994 (8.6 high) remote code execution is an exploited zero-day.

CISA has received reports of this vulnerability being actively exploited.

Quoting Trimble internal communication:

These changes address a recently discovered vulnerability enabling an external actor to exploit a deserialization vulnerability for remote code execution (RCE) against a customer's Microsoft Internet Information Services (IIS) web server

Indicators of compromise are on page 2 of the Trimble communication page* (thanks @campuscodi)

##

screaminggoat@infosec.exchange at 2025-02-07T19:41:53.000Z ##

CISA: Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software
CISA puts out a standalone security alert about Trimble Cityworks Server Asset Management System (AMS), which was exploited with zero-day CVE-2025-0994.

IOC:

4b7561e27c87a1895446d7f2b83e2d9fcf71e6d6e8bc99d4 4818dc39a6ff99d5
4ffc33bdc8527a2e8cb87e49cdc16c3b1480dfc135e507d552f581a67d1850a9
8a6c735f3608719ec9f46d9c6c5fc196db8c97065957c218b98733a491edd899
883d849b94238c26c57c0595ccb95b8c356628887b9a3628bf56e726332af925
151a71c43e63db802d41d5d715aa98eb1b236e0a6441076a8d30fd93990416b4
1de72c03927bcd2810ce98205ff871ef1ebf4344fba187e1 26e50caa1e43250b
14a072113baa0a1e1e2b6044068c7bc972ae5e541a0aec06577b0d6663140079
04dc3a16e1e2b4924943805a1cea5e402c4f2304c717ea21fdf43274b8c34a84
f09b51b759dfe7de06fa724bd89592f5b8eae57053d5fb4891e40f24055103fb
C:\windows\temp\z1.exe
C:\windows\temp\z2.exe
C:\windows\temp\z44.exe
C:\windows\temp\z55.exe
C:\Windows\Temp\UDGEZR.exe
C:\Windows\Temp\z55.exe_winpty\winpty-agent.exe
C:\Windows\Temp\z55.exe_winpty\winpty.dll
192.210.239[.]172:3219
192.210.239[.]172:4219
23.247.136[.]238
31.59.70[.]13
31.59.70[.]11
149.112.117[.]49
cdn[.]phototagx[.]com  
https[:]//cdn.lgaircon[.]xyz[:]443/jquery-3.3.1.min.js 
https[:]//192.210.239[.]172/messages/73KWf-o0-s0hxVCDJp1sfAHRcgdm7 
192.210.137[.]81 
192.210.183[.]118 
ifode[.]xyz 

#cisa #CVE_2025_0994 #kev #eitw #zeroday #vulnerability #trimble #cityworks #activeexploitation #infosec #cybersecurity #KnownExploitedVulnerabilitiesCatalog

##

screaminggoat@infosec.exchange at 2025-02-06T15:42:20.000Z ##

EXPLOITED ZERO-DAY: CISA: Trimble Cityworks
Now that it's public, I can confirm that CVE-2025-0994 (8.6 high) remote code execution is an exploited zero-day.

CISA has received reports of this vulnerability being actively exploited.

Quoting Trimble internal communication:

These changes address a recently discovered vulnerability enabling an external actor to exploit a deserialization vulnerability for remote code execution (RCE) against a customer's Microsoft Internet Information Services (IIS) web server

Indicators of compromise are on page 2 of the Trimble communication page* (thanks @campuscodi)

#threatintel #zeroday #trimble #cityworks #activeexploitation #eitw #CVE_2025_0994 #infosec #cybersecurity #cyberthreatintelligence #vulnerability #CTI

##

jos1264@social.skynetcloud.site at 2025-02-10T12:50:03.000Z ##

CISA Flags Critical Trimble Cityworks Vulnerability (CVE-2025-0994) in KEV Catalog thecyberexpress.com/cve-2025-0 #TrimbleCityworksDeserializationvulnerability #knownexploitedvulnerabilities #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE20250994 #CyberNews #CISA

##

threatcodex at 2025-02-10T18:51:40.328Z ##

Hackers exploiting bug in popular Trimble Cityworks tool used by local gov’ts

therecord.media/hackers-exploi

##

screaminggoat at 2025-02-07T19:41:53.303Z ##

CISA: Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software
CISA puts out a standalone security alert about Trimble Cityworks Server Asset Management System (AMS), which was exploited with zero-day CVE-2025-0994.

IOC:

4b7561e27c87a1895446d7f2b83e2d9fcf71e6d6e8bc99d4 4818dc39a6ff99d5
4ffc33bdc8527a2e8cb87e49cdc16c3b1480dfc135e507d552f581a67d1850a9
8a6c735f3608719ec9f46d9c6c5fc196db8c97065957c218b98733a491edd899
883d849b94238c26c57c0595ccb95b8c356628887b9a3628bf56e726332af925
151a71c43e63db802d41d5d715aa98eb1b236e0a6441076a8d30fd93990416b4
1de72c03927bcd2810ce98205ff871ef1ebf4344fba187e1 26e50caa1e43250b
14a072113baa0a1e1e2b6044068c7bc972ae5e541a0aec06577b0d6663140079
04dc3a16e1e2b4924943805a1cea5e402c4f2304c717ea21fdf43274b8c34a84
f09b51b759dfe7de06fa724bd89592f5b8eae57053d5fb4891e40f24055103fb
C:\windows\temp\z1.exe
C:\windows\temp\z2.exe
C:\windows\temp\z44.exe
C:\windows\temp\z55.exe
C:\Windows\Temp\UDGEZR.exe
C:\Windows\Temp\z55.exe_winpty\winpty-agent.exe
C:\Windows\Temp\z55.exe_winpty\winpty.dll
192.210.239[.]172:3219
192.210.239[.]172:4219
23.247.136[.]238
31.59.70[.]13
31.59.70[.]11
149.112.117[.]49
cdn[.]phototagx[.]com  
https[:]//cdn.lgaircon[.]xyz[:]443/jquery-3.3.1.min.js 
https[:]//192.210.239[.]172/messages/73KWf-o0-s0hxVCDJp1sfAHRcgdm7 
192.210.137[.]81 
192.210.183[.]118 
ifode[.]xyz 

##

screaminggoat at 2025-02-06T15:42:20.992Z ##

EXPLOITED ZERO-DAY: CISA: Trimble Cityworks
Now that it's public, I can confirm that CVE-2025-0994 (8.6 high) remote code execution is an exploited zero-day.

CISA has received reports of this vulnerability being actively exploited.

Quoting Trimble internal communication:

These changes address a recently discovered vulnerability enabling an external actor to exploit a deserialization vulnerability for remote code execution (RCE) against a customer's Microsoft Internet Information Services (IIS) web server

Indicators of compromise are on page 2 of the Trimble communication page* (thanks @campuscodi)

##

screaminggoat@infosec.exchange at 2025-02-07T19:41:53.000Z ##

CISA: Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software
CISA puts out a standalone security alert about Trimble Cityworks Server Asset Management System (AMS), which was exploited with zero-day CVE-2025-0994.

IOC:

4b7561e27c87a1895446d7f2b83e2d9fcf71e6d6e8bc99d4 4818dc39a6ff99d5
4ffc33bdc8527a2e8cb87e49cdc16c3b1480dfc135e507d552f581a67d1850a9
8a6c735f3608719ec9f46d9c6c5fc196db8c97065957c218b98733a491edd899
883d849b94238c26c57c0595ccb95b8c356628887b9a3628bf56e726332af925
151a71c43e63db802d41d5d715aa98eb1b236e0a6441076a8d30fd93990416b4
1de72c03927bcd2810ce98205ff871ef1ebf4344fba187e1 26e50caa1e43250b
14a072113baa0a1e1e2b6044068c7bc972ae5e541a0aec06577b0d6663140079
04dc3a16e1e2b4924943805a1cea5e402c4f2304c717ea21fdf43274b8c34a84
f09b51b759dfe7de06fa724bd89592f5b8eae57053d5fb4891e40f24055103fb
C:\windows\temp\z1.exe
C:\windows\temp\z2.exe
C:\windows\temp\z44.exe
C:\windows\temp\z55.exe
C:\Windows\Temp\UDGEZR.exe
C:\Windows\Temp\z55.exe_winpty\winpty-agent.exe
C:\Windows\Temp\z55.exe_winpty\winpty.dll
192.210.239[.]172:3219
192.210.239[.]172:4219
23.247.136[.]238
31.59.70[.]13
31.59.70[.]11
149.112.117[.]49
cdn[.]phototagx[.]com  
https[:]//cdn.lgaircon[.]xyz[:]443/jquery-3.3.1.min.js 
https[:]//192.210.239[.]172/messages/73KWf-o0-s0hxVCDJp1sfAHRcgdm7 
192.210.137[.]81 
192.210.183[.]118 
ifode[.]xyz 

#cisa #CVE_2025_0994 #kev #eitw #zeroday #vulnerability #trimble #cityworks #activeexploitation #infosec #cybersecurity #KnownExploitedVulnerabilitiesCatalog

##

screaminggoat@infosec.exchange at 2025-02-06T15:42:20.000Z ##

EXPLOITED ZERO-DAY: CISA: Trimble Cityworks
Now that it's public, I can confirm that CVE-2025-0994 (8.6 high) remote code execution is an exploited zero-day.

CISA has received reports of this vulnerability being actively exploited.

Quoting Trimble internal communication:

These changes address a recently discovered vulnerability enabling an external actor to exploit a deserialization vulnerability for remote code execution (RCE) against a customer's Microsoft Internet Information Services (IIS) web server

Indicators of compromise are on page 2 of the Trimble communication page* (thanks @campuscodi)

#threatintel #zeroday #trimble #cityworks #activeexploitation #eitw #CVE_2025_0994 #infosec #cybersecurity #cyberthreatintelligence #vulnerability #CTI

##

cisakevtracker@mastodon.social at 2025-02-07T19:00:45.000Z ##

CVE ID: CVE-2025-0994
Vendor: Trimble
Product: Cityworks
Date Added: 2025-02-07
Vulnerability: Trimble Cityworks Deserialization Vulnerability
Notes: learn.assetlifecycle.trimble.c?; cisa.gov/news-events/ics-advis ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2025-02-07T18:26:57.000Z ##

CISA has updated the KEV catalogue.

CVE-2025-0994: Trimble Cityworks Deserialization Vulnerability cve.org/CVERecord?id=CVE-2025- @cisagov #CISA #cybersecurity #infosec

##

screaminggoat@infosec.exchange at 2025-02-07T18:19:11.000Z ##

CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2025-0994 (8.6 high) Trimble Cityworks Deserialization Vulnerability

See parent toot above for details about the zero-day, and link to indicators of compromise. cc: @ntkramer rare Friday KEV

#cisa #cisakev #kev #eitw #zeroday #vulnerability #trimble #cityworks #activeexploitation #infosec #cybersecurity #KnownExploitedVulnerabilitiesCatalog

##

thehackernews@feeds.schraads.com at 2025-02-07T13:39:05.000Z ##

CISA Warns of Active Exploitation in Trimble Cityworks Vulnerability Leading to IIS RCE

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution.
"This could

thehackernews.com/2025/02/cisa

#tech

##

CVE-2025-1244
(8.8 HIGH)

EPSS: 0.00%

updated 2025-02-12T15:32:08

2 posts

A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

cR0w at 2025-02-12T15:27:20.810Z ##

sev:HIGH shell injection due to improper man handling in Emacs.

access.redhat.com/security/cve

A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

##

cR0w@infosec.exchange at 2025-02-12T15:27:20.000Z ##

sev:HIGH shell injection due to improper man handling in Emacs.

access.redhat.com/security/cve

A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

##

CVE-2025-23359
(8.4 HIGH)

EPSS: 0.04%

updated 2025-02-12T03:31:24

3 posts

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

0x40k at 2025-02-12T15:28:41.799Z ##

Alter Falter, NVIDIA! Da knallt's ja schon wieder im Container. CVE-2025-23359, TOCTOU-Race Condition... wer das NVIDIA Container Toolkit oder den GPU Operator nutzt (Kubernetes, ML/AI, aufgepasst!), sollte schleunigst updaten! Sonst gibts Container-Escape vom Feinsten.

Betrifft wohl alle bis 1.17.3 (Toolkit) bzw. 24.9.1 (Operator). Geht um nen Bypass für CVE-2024-0132. Wiz hat's analysiert.

Was passieren kann? Code Execution, DoS, Privilege Escalation, Data Tampering... das volle Programm. Container-Escape bedeutet hier halt Host-Kompromittierung. Also, ran an die Updates! Und lasst das "--no-cntlibs" Flag bloß nicht deaktiviert in Production!

Schonmal nen Container-Escape live gesehen? Ist echt kein Spaß!

##

0x40k@infosec.exchange at 2025-02-12T15:28:41.000Z ##

Alter Falter, NVIDIA! Da knallt's ja schon wieder im Container. CVE-2025-23359, TOCTOU-Race Condition... wer das NVIDIA Container Toolkit oder den GPU Operator nutzt (Kubernetes, ML/AI, aufgepasst!), sollte schleunigst updaten! Sonst gibts Container-Escape vom Feinsten.

Betrifft wohl alle bis 1.17.3 (Toolkit) bzw. 24.9.1 (Operator). Geht um nen Bypass für CVE-2024-0132. Wiz hat's analysiert.

Was passieren kann? Code Execution, DoS, Privilege Escalation, Data Tampering... das volle Programm. Container-Escape bedeutet hier halt Host-Kompromittierung. Also, ran an die Updates! Und lasst das "--no-cntlibs" Flag bloß nicht deaktiviert in Production!

Schonmal nen Container-Escape live gesehen? Ist echt kein Spaß! #infosec #pentesting #containers #kubernetes #nvidia #security #vulnerability #cve

##

screaminggoat@infosec.exchange at 2025-02-11T19:39:28.000Z ##

Wiz: How Wiz found a Critical NVIDIA AI vulnerability:  Deep Dive into a container escape (CVE-2024-0132)
This is an update to a previous blog post from 26 September 2024. Wiz provides vulnerability details for CVE-2024-0132 (9.0 critical) NVIDIA Container Toolkit 1.16.1 or earlier TOCTOU (hehe funny acronym @cR0w) which can lead to "code execution, denial of service, escalation of privileges, information disclosure, and data tampering."

We withheld specific technical details of the vulnerability because the NVIDIA PSIRT team identified that the original patch did not fully resolve the issue. We worked closely with the NVIDIA team to ensure proper mitigation of both the original vulnerability and the bypass. The bypass is tracked under a separate CVE, CVE-2025-23359.

#nvidia #cve #vulnerability #CVE_2024_0132 #CVE_2025_23359 #infosec #cybersecurity

##

CVE-2025-1240
(7.8 HIGH)

EPSS: 0.04%

updated 2025-02-12T00:32:25

2 posts

WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 7Z files. The issue results from t

CVE-2024-12797
(0 None)

EPSS: 0.04%

updated 2025-02-11T23:15:08.807000

9 posts

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys may be vulnerable to man-in-middle attacks when server authentication failure is not detected by cl

hertg at 2025-02-11T16:27:29.418Z ##

An impact summary has now been added to the openssl website:

Impact summary: TLS and DTLS connections using raw public keys may be vulnerable to man-in-middle attacks when server authentication failure is not detected by clients.

RPKs are disabled by default in both TLS clients and TLS servers. The issue only arises when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain. The affected clients are those that then rely on the handshake to fail when the server’s RPK fails to match one of the expected public keys, by setting the verification mode to SSL_VERIFY_PEER.

Clients that enable server-side raw public keys can still find out that raw public key verification failed by calling SSL_get_verify_result(), and those that do, and take appropriate action, are not affected. This issue was introduced in the initial implementation of RPK support in OpenSSL 3.2.

The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

openssl-library.org/news/vulne

##

hertg at 2025-02-11T15:41:26.008Z ##

Some more info from the release notes:

Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set.

##

hertg at 2025-02-11T15:25:09.615Z ##

Does anyone have more information about the vuln that was just fixed in openssl?

CVE-2024-12797
"Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected."

github.com/openssl/openssl/rel

##

st1nger@infosec.exchange at 2025-02-11T18:12:41.000Z ##

#OpenSSL 3.4.1 is a #security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected. (CVE-2024-12797)

Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)

github.com/openssl/openssl/rel

##

thedarktangent@defcon.social at 2025-02-11T17:44:05.000Z ##

On top of being Patch Tuesday it is also update #OpenSSL day.

"OpenSSL 3.4.1 is a security patch release. The most severe CVE fixed in this release is HIGH.

- Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected. (CVE-2024-12797)

- Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)"

#InfoSec #SysAdmin

##

alienghic@octodon.social at 2025-02-11T17:16:27.000Z ##

@GossiTheDog

Grumbles for the developers though...

sid, trixie 3.4.0-2 vulnerable

security-tracker.debian.org/tr

##

GossiTheDog@cyberplace.social at 2025-02-11T17:13:13.000Z ##

There’s a high severity flaw in OpenSSL - CVE-2024-12797

- it only applies to OpenSSL 3.2 or above, which in enterprises won’t be most things

- the feature in question isn’t enabled by default

- it’s potential attacker in the middle traffic inspection, not RCE

- clients can still spot the issue if well coded

So, for vast majority of orgs it will not be a drop everything to patch situation

openssl-library.org/news/secad

##

harrysintonen@infosec.exchange at 2025-02-11T16:35:47.000Z ##

#OpenSSL has a high level #vulnerability #CVE_2024_12797 with clients that utilise #RFC7250 Raw Public Keys. In these situations the client may fail to notice that the server was not authenticated leading to potential attacker in the middle attacks. Luckily this vulnerability has a fairly narrow scope since only application specifically using this feature are affected (and for example the feature is disabled by default).

openssl-library.org/news/vulne

##

jschauma@mstdn.social at 2025-02-11T16:00:19.000Z ##

New "High" severity #OpenSSL security advisory affecting 3.4.0 before 3.4.1, 3.3.0 before 3.3.3, 3.2.0 before 3.2.4:

openssl-library.org/news/vulne

CVE-2024-12797: RFC7250 (Raw Public Keys) handshakes with unauthenticated servers don't abort as expected.

##

CVE-2025-1052
(8.8 HIGH)

EPSS: 0.04%

updated 2025-02-11T21:32:14

4 posts

Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of sixel images. The issue

CVE-2024-0179
(8.3 HIGH)

EPSS: 0.04%

updated 2025-02-11T21:32:14

4 posts

SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution.

CVE-2025-0906
(3.3 LOW)

EPSS: 0.04%

updated 2025-02-11T21:32:14

4 posts

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J

CVE-2025-0908
(3.3 LOW)

EPSS: 0.04%

updated 2025-02-11T21:32:14

4 posts

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U

CVE-2025-0907
(3.3 LOW)

EPSS: 0.04%

updated 2025-02-11T21:32:14

4 posts

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J

CVE-2025-0909
(3.3 LOW)

EPSS: 0.04%

updated 2025-02-11T21:32:14

4 posts

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X

CVE-2025-0910
(7.8 HIGH)

EPSS: 0.04%

updated 2025-02-11T21:32:14

4 posts

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files

CVE-2025-0902
(3.3 LOW)

EPSS: 0.04%

updated 2025-02-11T21:32:14

4 posts

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X

CVE-2025-0911
(3.3 LOW)

EPSS: 0.04%

updated 2025-02-11T21:32:14

4 posts

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U

CVE-2025-1044
(9.8 CRITICAL)

EPSS: 0.04%

updated 2025-02-11T21:32:14

4 posts

Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. The issue results from the lack of proper imple

CVE-2025-0901
(7.8 HIGH)

EPSS: 0.04%

updated 2025-02-11T21:32:14

4 posts

PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. Th

CVE-2025-0905
(3.3 LOW)

EPSS: 0.04%

updated 2025-02-11T21:32:13

4 posts

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J

CVE-2025-0904
(3.3 LOW)

EPSS: 0.04%

updated 2025-02-11T21:32:13

4 posts

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X

CVE-2025-0899
(7.8 HIGH)

EPSS: 0.04%

updated 2025-02-11T21:32:13

4 posts

PDF-XChange Editor AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue

CVE-2024-7419
(8.3 HIGH)

EPSS: 0.08%

updated 2025-02-11T19:25:14.023000

4 posts

The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into form fields that get executed on the server during the export, potentiall

CVE-2025-24200
(4.6 MEDIUM)

EPSS: 0.04%

updated 2025-02-11T19:15:17.037000

34 posts

An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

1 repos

https://github.com/McTavishSue/CVE-2025-24200

threatcodex at 2025-02-12T19:15:33.280Z ##

Cyber Security Agency of Singapore Alerts Users on Active Exploitation of Zero-Day Vulnerability in Apple Products

cyble.com/blog/csa-alerts-user

##

PrivacyDigest@mas.to at 2025-02-11T03:15:23.000Z ##

#Apple Fixes Zero-Day #Exploited In 'Extremely Sophisticated' Attacks - Slashdot

#cve_2025_24200 #security #ios #privacy #zeroday #attack

apple.slashdot.org/story/25/02

##

screaminggoat at 2025-02-10T18:39:56.486Z ##

APPLE ZERO-DAY: About the security content of iPadOS 17.7.5 ; About the security content of iOS 18.3.1 and iPadOS 18.3.1
CVE-2025-24200 (score pending) A physical attack may disable USB Restricted Mode on a locked device. An authorization issue was addressed with improved state management. h/t: @applsec

Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

##

PrivacyDigest@mas.to at 2025-02-11T03:15:23.000Z ##

#Apple Fixes Zero-Day #Exploited In 'Extremely Sophisticated' Attacks - Slashdot

#cve_2025_24200 #security #ios #privacy #zeroday #attack

apple.slashdot.org/story/25/02

##

screaminggoat@infosec.exchange at 2025-02-10T18:39:56.000Z ##

APPLE ZERO-DAY: About the security content of iPadOS 17.7.5 ; About the security content of iOS 18.3.1 and iPadOS 18.3.1
CVE-2025-24200 (score pending) A physical attack may disable USB Restricted Mode on a locked device. An authorization issue was addressed with improved state management. h/t: @applsec

Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

#apple #zeroday #vulnerability #CVE_2025_24200 #eitw #activeexploitation #infosec #cybersecurity

##

news@wakoka.com at 2025-02-11T15:15:37.000Z ##

wacoca.com/news/2414116/ 【セキュリティ ニュース】「iOS」「iPadOS」にアップデート – ゼロデイ脆弱性を解消(1ページ目 / 全1ページ):Security NEXT #Apple #CitizenLab #CVE202524200 #IOS18.3.1 #IPadOS17.7.5 #IPadOS18.3.1 #Science&Technology #ScienceNews #Security #TechnologyNews #USB制限モード #セキュリティ #セキュリティアップデート #ゼロデイ攻撃 #テクノロジー #ニュース #対策 #悪用 #標的型攻撃 #科学 #科学&テクノロジー

##

yayafa@jforo.com at 2025-02-11T08:04:09.000Z ##

【セキュリティ ニュース】「iOS」「iPadOS」にアップデート – ゼロデイ脆弱性を解消(1ページ目 / 全1ページ):Security NEXT yayafa.com/2178748/ #Apple #CitizenLab #CVE202524200 #IOS18.3.1 #IPadOS17.7.5 #IPadOS18.3.1 #SCIENCE #Science&Technology #SECURITY #Technology #USB制限モード #セキュリティ #セキュリティアップデート #ゼロデイ攻撃 #テクノロジー #ニュース #対策 #悪用 #標的型攻撃 #科学 #科学&テクノロジー

##

jos1264@social.skynetcloud.site at 2025-02-11T14:45:03.000Z ##

Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update thecyberexpress.com/apple-patc #zerodayvulnerability #TheCyberExpressNews #authorizationissue #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202524200 #iOSZeroDay #CyberNews #iPadOS #iOS

##

jos1264@social.skynetcloud.site at 2025-02-10T20:20:03.000Z ##

Apple Confirms USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack securityweek.com/apple-confirm #USBRestrictedMode #Malware&Threats #CVE202524200 #NationState #CitizenLab #iOS1831 #Apple #iOS

##

jos1264@social.skynetcloud.site at 2025-02-10T20:20:02.000Z ##

Apple Confirms USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack securityweek.com/apple-confirm #USBRestrictedMode #Malware&Threats #CVE202524200 #NationState #CitizenLab #iOS1831 #Apple #iOS

##

news@wakoka.com at 2025-02-11T15:15:37.000Z ##

wacoca.com/news/2414116/ 【セキュリティ ニュース】「iOS」「iPadOS」にアップデート – ゼロデイ脆弱性を解消(1ページ目 / 全1ページ):Security NEXT #Apple #CitizenLab #CVE202524200 #IOS18.3.1 #IPadOS17.7.5 #IPadOS18.3.1 #Science&Technology #ScienceNews #Security #TechnologyNews #USB制限モード #セキュリティ #セキュリティアップデート #ゼロデイ攻撃 #テクノロジー #ニュース #対策 #悪用 #標的型攻撃 #科学 #科学&テクノロジー

##

yayafa@jforo.com at 2025-02-11T08:04:09.000Z ##

【セキュリティ ニュース】「iOS」「iPadOS」にアップデート – ゼロデイ脆弱性を解消(1ページ目 / 全1ページ):Security NEXT yayafa.com/2178748/ #Apple #CitizenLab #CVE202524200 #IOS18.3.1 #IPadOS17.7.5 #IPadOS18.3.1 #SCIENCE #Science&Technology #SECURITY #Technology #USB制限モード #セキュリティ #セキュリティアップデート #ゼロデイ攻撃 #テクノロジー #ニュース #対策 #悪用 #標的型攻撃 #科学 #科学&テクノロジー

##

jos1264@social.skynetcloud.site at 2025-02-11T14:45:03.000Z ##

Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update thecyberexpress.com/apple-patc #zerodayvulnerability #TheCyberExpressNews #authorizationissue #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202524200 #iOSZeroDay #CyberNews #iPadOS #iOS

##

jos1264@social.skynetcloud.site at 2025-02-10T20:20:03.000Z ##

Apple Confirms USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack securityweek.com/apple-confirm #USBRestrictedMode #Malware&Threats #CVE202524200 #NationState #CitizenLab #iOS1831 #Apple #iOS

##

jos1264@social.skynetcloud.site at 2025-02-10T20:20:02.000Z ##

Apple Confirms USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack securityweek.com/apple-confirm #USBRestrictedMode #Malware&Threats #CVE202524200 #NationState #CitizenLab #iOS1831 #Apple #iOS

##

screaminggoat at 2025-02-12T16:08:58.450Z ##

CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Still semi "hot off the press":

  • CVE-2024-41710 (6.8 medium) Mitel SIP Phones Argument Injection Vulnerability
  • CVE-2025-24200 (4.6 medium) Apple iOS and iPadOS Incorrect Authorization

##

cisakevtracker@mastodon.social at 2025-02-12T16:00:56.000Z ##

CVE ID: CVE-2025-24200
Vendor: Apple
Product: iOS and iPadOS
Date Added: 2025-02-12
Vulnerability: Apple iOS and iPadOS Incorrect Authorization Vulnerability
Notes: support.apple.com/en-us/122173 ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL at 2025-02-12T15:47:35.341Z ##

CISA updates to the KEV catalogue:

- CVE-2024-41710: Mitel SIP Phones Argument Injection Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2025-24200: Apple iOS and iPadOS Incorrect Authorization Vulnerability cve.org/CVERecord?id=CVE-2025- @cisagov

##

screaminggoat@infosec.exchange at 2025-02-12T16:08:58.000Z ##

CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Still semi "hot off the press":

  • CVE-2024-41710 (6.8 medium) Mitel SIP Phones Argument Injection Vulnerability
  • CVE-2025-24200 (4.6 medium) Apple iOS and iPadOS Incorrect Authorization

#cisa #kev #cisakev #KnownExploitedVulnerabilitiesCatalog #vulnerability #zeroday #eitw #activeexploitation #infosec #cybersecurity #cve

##

cisakevtracker@mastodon.social at 2025-02-12T16:00:56.000Z ##

CVE ID: CVE-2025-24200
Vendor: Apple
Product: iOS and iPadOS
Date Added: 2025-02-12
Vulnerability: Apple iOS and iPadOS Incorrect Authorization Vulnerability
Notes: support.apple.com/en-us/122173 ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2025-02-12T15:47:35.000Z ##

CISA updates to the KEV catalogue:

- CVE-2024-41710: Mitel SIP Phones Argument Injection Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2025-24200: Apple iOS and iPadOS Incorrect Authorization Vulnerability cve.org/CVERecord?id=CVE-2025- @cisagov #cybersecurity #infosec #Apple #CISA

##

DarkWebInformer@infosec.exchange at 2025-02-11T21:50:54.000Z ##

🚨Apple Releases Urgent Patch for CVE-2025-24200

support.apple.com/en-us/122174

"Impact: A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals."

##

ClubTeleMatique@mstdn.social at 2025-02-11T20:15:44.000Z ##

Hacker News: Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update thehackernews.com/2025/02/appl #news #IT

##

AAKL@infosec.exchange at 2025-02-11T17:00:27.000Z ##

Cycle: Cyber Security Agency of Singapore Alerts Users on Active Exploitation of Zero-Day Vulnerability in Apple Products cyble.com/blog/csa-alerts-user

EFCC Witness Exposes Shocking Details of Cyber Terrorism and Internet Fraud Scheme cyble.com/blog/efcc-witness-de @thecyberexpress #cybersecurity #infosec #zeroday

##

avoidthehack@infosec.exchange at 2025-02-11T14:45:00.000Z ##

#Apple Patches 'Extremely Sophisticated Attack' That Can Hit iPhones

This patch is an emergency update (18.3.1) from Apple. It fixes an vulnerability where USB Restricted Mode can be disabled on the device. Tracked as CVE-2025-24200 and may have been used by law enforcement.

Apple describes the zero day as highly sophisticated attack against a targeted individual.

#iphone #cve #cybersecurity #security #infosec

pcmag.com/news/apple-patches-e

##

jos1264@social.skynetcloud.site at 2025-02-11T13:55:02.000Z ##

Cyber Security Agency of Singapore Alerts Users on Active Exploitation of Zero-Day Vulnerability in Apple Products cyble.com/blog/csa-alerts-user #Cybernews

##

oversecurity@mastodon.social at 2025-02-11T13:10:13.000Z ##

Cyber Security Agency of Singapore Alerts Users on Active Exploitation of Zero-Day Vulnerability in Apple Products

The Cyber Security Agency of Singapore warns of the active exploitation of CVE-2025-24200, a zero-day vulnerability in Apple products, allowing...

🔗️ [Cyble] link.is.it/kn3rmx

##

jos1264@social.skynetcloud.site at 2025-02-11T11:40:03.000Z ##

Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) helpnetsecurity.com/2025/02/11 #securityupdate #Don'tmiss #Hotstuff #0-day #Apple #News #iPad #iOS

##

benzogaga33@mamot.fr at 2025-02-11T10:40:02.000Z ##

Apple corrige une faille zero-day exploitée : CVE-2025-24200 – Patchez votre iPhone ! it-connect.fr/apple-faille-zer #ActuCybersécurité #Cybersécurité #Vulnérabilité #iPhone #Apple

##

thehackernews@feeds.schraads.com at 2025-02-11T05:39:04.000Z ##

Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update

Apple on Monday released out-of-band security updates to address a security flaw in iOS and iPadOS that it said has been exploited in the wild.
Assigned the CVE identifier CVE-2025-24200, the vulnerability has been described as an authorization issue that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack.
This

thehackernews.com/2025/02/appl

#tech

##

jos1264@social.skynetcloud.site at 2025-02-11T05:15:02.000Z ##

Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update thehackernews.com/2025/02/appl

##

jos1264@social.skynetcloud.site at 2025-02-11T05:00:02.000Z ##

Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update thehackernews.com/2025/02/appl

##

saltmyhash@infosec.exchange at 2025-02-10T19:25:32.000Z ##

@screaminggoat @applsec

It’s always interesting when Citizen Lab gets the CVE credit.

Speaking of which, founder Ronald Deibert just published an excellent book on Citizen Lab entitled “Chasing Shadows.” Good reading which gives insight into their research and investigations which I am assuming likely played a role in identifying CVE-2025-24200.

##

applsec@infosec.exchange at 2025-02-10T18:35:15.000Z ##

📣 EMERGENCY UPDATE 📣

Apple pushed updates for a new zero-day that may have been actively exploited.

🐛 CVE-2025-24200 (Accessibility):
- iOS and iPadOS 18.3.1
- iPadOS 17.7.5

#apple #cybersecurity #infosec #security #ios

##

CVE-2022-35202
(0 None)

EPSS: 0.04%

updated 2025-02-11T19:15:10.230000

1 posts

A security issue in Sitevision version 10.3.1 and older allows a remote attacker, in certain (non-default) scenarios, to gain access to the private keys used for signing SAML Authn requests. The underlying issue is a Java keystore that may become accessible and downloadable via WebDAV. This keystore is protected with a low-complexity, auto-generated password.

CVE-2025-24472
(8.1 HIGH)

EPSS: 0.04%

updated 2025-02-11T18:31:43

8 posts

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests.

AAKL at 2025-02-12T17:26:04.466Z ##

Orange Cyberdefense: New Fortinet exploit CVE-2025-24472 disclosed orangecyberdefense.com/global/

##

screaminggoat at 2025-02-12T03:36:29.036Z ##

RE: Fortinet's CVE-2024-24472
Bleeping Computer: Fortinet discloses second firewall auth bypass patched in January

Update 2/11/25 07:32 PM ET: After publishing our story, Fortinet has informed us that the new CVE-2025-24472 flaw added to FG-IR-24-535 today is not a zero-day and was already fixed in January.

@cR0w I called it 💪 Not a zero-day.

##

AAKL@infosec.exchange at 2025-02-12T17:26:04.000Z ##

Orange Cyberdefense: New Fortinet exploit CVE-2025-24472 disclosed orangecyberdefense.com/global/ #cybersecurity #infosec #Fortinet

##

screaminggoat@infosec.exchange at 2025-02-12T03:36:29.000Z ##

RE: Fortinet's CVE-2024-24472
Bleeping Computer: Fortinet discloses second firewall auth bypass patched in January

Update 2/11/25 07:32 PM ET: After publishing our story, Fortinet has informed us that the new CVE-2025-24472 flaw added to FG-IR-24-535 today is not a zero-day and was already fixed in January.

@cR0w I called it 💪 Not a zero-day.

#fortinet #cve #infosec #cybersecurity #vulnerability

##

screaminggoat@infosec.exchange at 2025-02-12T00:38:07.000Z ##

@cR0w @womble okay CVE-diffing:

  • CVE-2024-55591
    • Description: An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8 critical)
  • CVE-2025-24472
    • Description: An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests.
    • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (8.1 high)

Ignoring the same CWE, the newer CVE still affects the same exact FortiOS and FortiProxy versions (written backwards for 24472). The main difference is the attack complexity (AC:H) and method: crafted CSF proxy requests.

Reading back on watchTowr's blog post, it's snuck in:

While reversing this, we identified several other issues, which we’ve reported to Fortinet.

I'm updating my assessment to roughly even chance (50%) that this is actually exploited in the wild. This method was not mentioned by Arctic Wolf or Fortinet prior to watchTowr's blog.

If Fortinet coordinates with CISA who then updates their KEV Catalog, and this wasn't added on the same Patch Tuesday that Microsoft very likely notifies CISA about zero-days. 🤔

##

screaminggoat@infosec.exchange at 2025-02-11T23:58:30.000Z ##

@cR0w @womble on a quick skim, I immediately recognized that this was the same security advisory as CVE-2024-55591 without even looking at the right-hand menu. And that same skim led me to assess that nothing in the content has changed since the last edit.

My take on CVE-2025-24472 is that Fortinet intentionally re-used the same security advisory. They're lazy? sure. Fortinet has updated an older security advisory before with extra CVEs to denote "two similar variants of the previous" (Bleeping Computer)

I'm not in the business of speculating what should have been a black-and-white answer. Fortinet should have updated their exploitation verbiage to denote if only one or both were exploited in the wild.

##

screaminggoat@infosec.exchange at 2025-02-11T23:27:35.000Z ##

subtoot about Fortinet zero-day. Those infosec publications are running WILD calling it an exploited zero-day (complete with a backstory) with absolutely no evidence. Are we reading the same security advisory? What the fuck are you guys conjuring up and extrapolating from 2025-02-11: Added CVE-2025-24472 and its acknowledgement?

EDIT: You've heard of "patch-diffing." Get ready for advisory-diffing:
web.archive.org/web/2025011416 (14 January 2025)
versus fortiguard.fortinet.com/psirt/ (11 February 2025):

  • An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module or via crafted CSF proxy requests.
  • Follow the recommended upgrade path using our tool at: docs.fortinet.com/upgrade-tool https://docs.fortinet.com/upgrade-tool
  • Please note that the above IP parameters are under attacker control and therefore can be any other IP address. not the actual source IP addresses of the attack traffic, they are generated arbitrarily by the attacker as a parameter. Because of this they should not be used for any blocking.
  • edit 2set intf "allany"
  • Please note as well that an attacker needs to know an admin account's username to perform the attack and log in the CLI. Therefore, having a non-standard and non-guessable username for admin accounts does offer some protection, and is, in general, a best practice. Keep in mind however that the targeted websocket not being an authentication point, nothing would prevent an attacker from bruteforcing the username.
  • CSF requests issue:Disable Security Fabric from the CLI:Config system csfSet status disableend

Some of these are explained in the changelog, but I wanted to be certain.

##

screaminggoat@infosec.exchange at 2025-02-11T19:31:08.000Z ##

Happy #PatchTuesday: Exploited Fortinet zero-day??? FG-IR-24-535
CVE-2025-24472 (8.1 high) Authentication bypass in Node.js websocket module and CSF requests
If this security advisory looks familiar, that's because it belongs to the previous Fortinet exploited zero-day CVE-2024-55591 (9.6 critical) . This was tacked onto the same advisory, with no context other than the changelog:

2025-02-11: Added CVE-2025-24472 and its acknowledgement

@BleepingComputer seems to think it is: Fortinet warns of new zero-day exploited to hijack firewalls but I'm skeptical.

#fortinet #infosec #CVE_2024_55591 #vulnerability #cve #CVE_2025_24472 #cybersecurity #eitw #activeexploitation #zeroday

##

CVE-2025-21377
(6.5 MEDIUM)

EPSS: 0.09%

updated 2025-02-11T18:31:43

1 posts

NTLM Hash Disclosure Spoofing Vulnerability

screaminggoat@infosec.exchange at 2025-02-11T18:07:12.000Z ##

Happy #PatchTuesday from Microsoft: 4 ZERO-DAYS (2 EXPLOITED) out of 56 new CVEs

  • CVE-2025-21377 (6.5 medium) NTLM Hash Disclosure Spoofing Vulnerability (PUBLICLY DISCLOSED)
  • CVE-2025-21194 (7.1 high) Microsoft Surface Security Feature Bypass Vulnerability (PUBLICLY DISCLOSED)
  • CVE-2025-21418 (7.8 high) Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (EXPLOITED)
  • CVE-2025-21391 (7.1 high) Windows Storage Elevation of Privilege Vulnerability (EXPLOITED)

#microsoft #zeroday #cve #eitw #activeexploitation #vulnerability #infosec #cybersecurity

##

CVE-2024-52966
(2.3 LOW)

EPSS: 0.04%

updated 2025-02-11T18:31:42

1 posts

An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6.4.0 through 7.6.0 allows attacker to cause information disclosure via filter manipulation.

screaminggoat@infosec.exchange at 2025-02-11T17:45:27.000Z ##

Happy #PatchTuesday from Fortinet:

  1. FG-IR-24-422 CVE-2024-52966 (2.3 low) Disclosure of Logs of Devices not belonging to the Current ADOM from Log View
  2. FG-IR-23-261 CVE-2023-40721 (6.7 medium) FortiOS / FortiProxy / FortiPAM / FortiSwitchManager - Format string vulnerability in CLI commands
  3. FG-IR-24-300 CVE-2024-52968 (6.7 medium) Improper Authentication in FortiMonitor Agent
  4. FG-IR-23-279 CVE-2024-40586 (6.7 medium) Improper access control to FortiSslvpnNamedPipe
  5. FG-IR-24-311 CVE-2024-40585 (6.5 medium) Insertion of sensitive information into Event log
  6. FG-IR-24-063 CVE-2024-27781 (7.1 high) Multiple Reflected and Stored Cross-Site Scripting
  7. FG-IR-24-147 CVE-2024-36508 (6.0 medium) Multiple arbitrary file deletion in the CLI
  8. FG-IR-24-438 CVE-2024-50567 and CVE-2024-50569 (7.2 high) OS Command Injections
  9. FG-IR-24-220 CVE-2024-40584 (7.2 high) OS command injection in external connector
  10. FG-IR-25-015 CVE-2025-24470 (8.6 high) Off-by-slash vulnerability in Nginx config
  11. FG-IR-24-302 CVE-2024-40591 (8.8 high) Permission escalation due to an Improper Privilege Management
  12. FG-IR-23-324 CVE-2024-27780 (3.1 low) Reflected XSS (cross site scripting) in incident page
  13. FG-IR-24-160 CVE-2024-35279 (8.1 high) Stack buffer overflow in fabric service
  14. FG-IR-24-094 CVE-2024-33504 (4.1 medium) Use of Hard-coded Cryptographic Key to encrypt sensitive data

Fortinet downplays the CVSSv3.1 score by listing temporal only, I have listed base score instead. No mention of exploitation.

#fortinet #fortios #fortiproxy #fortiswitchmanager #cve #vulnerability #infosec #cybersecurity

##

CVE-2024-27780
(2.2 LOW)

EPSS: 0.04%

updated 2025-02-11T18:31:42

1 posts

Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests.

screaminggoat@infosec.exchange at 2025-02-11T17:45:27.000Z ##

Happy #PatchTuesday from Fortinet:

  1. FG-IR-24-422 CVE-2024-52966 (2.3 low) Disclosure of Logs of Devices not belonging to the Current ADOM from Log View
  2. FG-IR-23-261 CVE-2023-40721 (6.7 medium) FortiOS / FortiProxy / FortiPAM / FortiSwitchManager - Format string vulnerability in CLI commands
  3. FG-IR-24-300 CVE-2024-52968 (6.7 medium) Improper Authentication in FortiMonitor Agent
  4. FG-IR-23-279 CVE-2024-40586 (6.7 medium) Improper access control to FortiSslvpnNamedPipe
  5. FG-IR-24-311 CVE-2024-40585 (6.5 medium) Insertion of sensitive information into Event log
  6. FG-IR-24-063 CVE-2024-27781 (7.1 high) Multiple Reflected and Stored Cross-Site Scripting
  7. FG-IR-24-147 CVE-2024-36508 (6.0 medium) Multiple arbitrary file deletion in the CLI
  8. FG-IR-24-438 CVE-2024-50567 and CVE-2024-50569 (7.2 high) OS Command Injections
  9. FG-IR-24-220 CVE-2024-40584 (7.2 high) OS command injection in external connector
  10. FG-IR-25-015 CVE-2025-24470 (8.6 high) Off-by-slash vulnerability in Nginx config
  11. FG-IR-24-302 CVE-2024-40591 (8.8 high) Permission escalation due to an Improper Privilege Management
  12. FG-IR-23-324 CVE-2024-27780 (3.1 low) Reflected XSS (cross site scripting) in incident page
  13. FG-IR-24-160 CVE-2024-35279 (8.1 high) Stack buffer overflow in fabric service
  14. FG-IR-24-094 CVE-2024-33504 (4.1 medium) Use of Hard-coded Cryptographic Key to encrypt sensitive data

Fortinet downplays the CVSSv3.1 score by listing temporal only, I have listed base score instead. No mention of exploitation.

#fortinet #fortios #fortiproxy #fortiswitchmanager #cve #vulnerability #infosec #cybersecurity

##

CVE-2024-40591
(8.8 HIGH)

EPSS: 0.04%

updated 2025-02-11T18:31:42

1 posts

An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targetted FortiGate to a malicious upstream FortiGate they control.

screaminggoat@infosec.exchange at 2025-02-11T17:45:27.000Z ##

Happy #PatchTuesday from Fortinet:

  1. FG-IR-24-422 CVE-2024-52966 (2.3 low) Disclosure of Logs of Devices not belonging to the Current ADOM from Log View
  2. FG-IR-23-261 CVE-2023-40721 (6.7 medium) FortiOS / FortiProxy / FortiPAM / FortiSwitchManager - Format string vulnerability in CLI commands
  3. FG-IR-24-300 CVE-2024-52968 (6.7 medium) Improper Authentication in FortiMonitor Agent
  4. FG-IR-23-279 CVE-2024-40586 (6.7 medium) Improper access control to FortiSslvpnNamedPipe
  5. FG-IR-24-311 CVE-2024-40585 (6.5 medium) Insertion of sensitive information into Event log
  6. FG-IR-24-063 CVE-2024-27781 (7.1 high) Multiple Reflected and Stored Cross-Site Scripting
  7. FG-IR-24-147 CVE-2024-36508 (6.0 medium) Multiple arbitrary file deletion in the CLI
  8. FG-IR-24-438 CVE-2024-50567 and CVE-2024-50569 (7.2 high) OS Command Injections
  9. FG-IR-24-220 CVE-2024-40584 (7.2 high) OS command injection in external connector
  10. FG-IR-25-015 CVE-2025-24470 (8.6 high) Off-by-slash vulnerability in Nginx config
  11. FG-IR-24-302 CVE-2024-40591 (8.8 high) Permission escalation due to an Improper Privilege Management
  12. FG-IR-23-324 CVE-2024-27780 (3.1 low) Reflected XSS (cross site scripting) in incident page
  13. FG-IR-24-160 CVE-2024-35279 (8.1 high) Stack buffer overflow in fabric service
  14. FG-IR-24-094 CVE-2024-33504 (4.1 medium) Use of Hard-coded Cryptographic Key to encrypt sensitive data

Fortinet downplays the CVSSv3.1 score by listing temporal only, I have listed base score instead. No mention of exploitation.

#fortinet #fortios #fortiproxy #fortiswitchmanager #cve #vulnerability #infosec #cybersecurity

##

CVE-2024-36508
(6.0 MEDIUM)

EPSS: 0.04%

updated 2025-02-11T18:31:42

1 posts

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 CLI allows an authenticated admin user with diagnose privileges to delete files on the system.

screaminggoat@infosec.exchange at 2025-02-11T17:45:27.000Z ##

Happy #PatchTuesday from Fortinet:

  1. FG-IR-24-422 CVE-2024-52966 (2.3 low) Disclosure of Logs of Devices not belonging to the Current ADOM from Log View
  2. FG-IR-23-261 CVE-2023-40721 (6.7 medium) FortiOS / FortiProxy / FortiPAM / FortiSwitchManager - Format string vulnerability in CLI commands
  3. FG-IR-24-300 CVE-2024-52968 (6.7 medium) Improper Authentication in FortiMonitor Agent
  4. FG-IR-23-279 CVE-2024-40586 (6.7 medium) Improper access control to FortiSslvpnNamedPipe
  5. FG-IR-24-311 CVE-2024-40585 (6.5 medium) Insertion of sensitive information into Event log
  6. FG-IR-24-063 CVE-2024-27781 (7.1 high) Multiple Reflected and Stored Cross-Site Scripting
  7. FG-IR-24-147 CVE-2024-36508 (6.0 medium) Multiple arbitrary file deletion in the CLI
  8. FG-IR-24-438 CVE-2024-50567 and CVE-2024-50569 (7.2 high) OS Command Injections
  9. FG-IR-24-220 CVE-2024-40584 (7.2 high) OS command injection in external connector
  10. FG-IR-25-015 CVE-2025-24470 (8.6 high) Off-by-slash vulnerability in Nginx config
  11. FG-IR-24-302 CVE-2024-40591 (8.8 high) Permission escalation due to an Improper Privilege Management
  12. FG-IR-23-324 CVE-2024-27780 (3.1 low) Reflected XSS (cross site scripting) in incident page
  13. FG-IR-24-160 CVE-2024-35279 (8.1 high) Stack buffer overflow in fabric service
  14. FG-IR-24-094 CVE-2024-33504 (4.1 medium) Use of Hard-coded Cryptographic Key to encrypt sensitive data

Fortinet downplays the CVSSv3.1 score by listing temporal only, I have listed base score instead. No mention of exploitation.

#fortinet #fortios #fortiproxy #fortiswitchmanager #cve #vulnerability #infosec #cybersecurity

##

CVE-2024-27781
(7.1 HIGH)

EPSS: 0.04%

updated 2025-02-11T18:31:42

1 posts

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox at least versions 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP requests.

screaminggoat@infosec.exchange at 2025-02-11T17:45:27.000Z ##

Happy #PatchTuesday from Fortinet:

  1. FG-IR-24-422 CVE-2024-52966 (2.3 low) Disclosure of Logs of Devices not belonging to the Current ADOM from Log View
  2. FG-IR-23-261 CVE-2023-40721 (6.7 medium) FortiOS / FortiProxy / FortiPAM / FortiSwitchManager - Format string vulnerability in CLI commands
  3. FG-IR-24-300 CVE-2024-52968 (6.7 medium) Improper Authentication in FortiMonitor Agent
  4. FG-IR-23-279 CVE-2024-40586 (6.7 medium) Improper access control to FortiSslvpnNamedPipe
  5. FG-IR-24-311 CVE-2024-40585 (6.5 medium) Insertion of sensitive information into Event log
  6. FG-IR-24-063 CVE-2024-27781 (7.1 high) Multiple Reflected and Stored Cross-Site Scripting
  7. FG-IR-24-147 CVE-2024-36508 (6.0 medium) Multiple arbitrary file deletion in the CLI
  8. FG-IR-24-438 CVE-2024-50567 and CVE-2024-50569 (7.2 high) OS Command Injections
  9. FG-IR-24-220 CVE-2024-40584 (7.2 high) OS command injection in external connector
  10. FG-IR-25-015 CVE-2025-24470 (8.6 high) Off-by-slash vulnerability in Nginx config
  11. FG-IR-24-302 CVE-2024-40591 (8.8 high) Permission escalation due to an Improper Privilege Management
  12. FG-IR-23-324 CVE-2024-27780 (3.1 low) Reflected XSS (cross site scripting) in incident page
  13. FG-IR-24-160 CVE-2024-35279 (8.1 high) Stack buffer overflow in fabric service
  14. FG-IR-24-094 CVE-2024-33504 (4.1 medium) Use of Hard-coded Cryptographic Key to encrypt sensitive data

Fortinet downplays the CVSSv3.1 score by listing temporal only, I have listed base score instead. No mention of exploitation.

#fortinet #fortios #fortiproxy #fortiswitchmanager #cve #vulnerability #infosec #cybersecurity

##

CVE-2024-52968
(6.7 MEDIUM)

EPSS: 0.04%

updated 2025-02-11T18:31:42

1 posts

An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password.

screaminggoat@infosec.exchange at 2025-02-11T17:45:27.000Z ##

Happy #PatchTuesday from Fortinet:

  1. FG-IR-24-422 CVE-2024-52966 (2.3 low) Disclosure of Logs of Devices not belonging to the Current ADOM from Log View
  2. FG-IR-23-261 CVE-2023-40721 (6.7 medium) FortiOS / FortiProxy / FortiPAM / FortiSwitchManager - Format string vulnerability in CLI commands
  3. FG-IR-24-300 CVE-2024-52968 (6.7 medium) Improper Authentication in FortiMonitor Agent
  4. FG-IR-23-279 CVE-2024-40586 (6.7 medium) Improper access control to FortiSslvpnNamedPipe
  5. FG-IR-24-311 CVE-2024-40585 (6.5 medium) Insertion of sensitive information into Event log
  6. FG-IR-24-063 CVE-2024-27781 (7.1 high) Multiple Reflected and Stored Cross-Site Scripting
  7. FG-IR-24-147 CVE-2024-36508 (6.0 medium) Multiple arbitrary file deletion in the CLI
  8. FG-IR-24-438 CVE-2024-50567 and CVE-2024-50569 (7.2 high) OS Command Injections
  9. FG-IR-24-220 CVE-2024-40584 (7.2 high) OS command injection in external connector
  10. FG-IR-25-015 CVE-2025-24470 (8.6 high) Off-by-slash vulnerability in Nginx config
  11. FG-IR-24-302 CVE-2024-40591 (8.8 high) Permission escalation due to an Improper Privilege Management
  12. FG-IR-23-324 CVE-2024-27780 (3.1 low) Reflected XSS (cross site scripting) in incident page
  13. FG-IR-24-160 CVE-2024-35279 (8.1 high) Stack buffer overflow in fabric service
  14. FG-IR-24-094 CVE-2024-33504 (4.1 medium) Use of Hard-coded Cryptographic Key to encrypt sensitive data

Fortinet downplays the CVSSv3.1 score by listing temporal only, I have listed base score instead. No mention of exploitation.

#fortinet #fortios #fortiproxy #fortiswitchmanager #cve #vulnerability #infosec #cybersecurity

##

CVE-2024-40584
(7.2 HIGH)

EPSS: 0.04%

updated 2025-02-11T18:31:42

1 posts

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6.2.13, Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6.2.1

screaminggoat@infosec.exchange at 2025-02-11T17:45:27.000Z ##

Happy #PatchTuesday from Fortinet:

  1. FG-IR-24-422 CVE-2024-52966 (2.3 low) Disclosure of Logs of Devices not belonging to the Current ADOM from Log View
  2. FG-IR-23-261 CVE-2023-40721 (6.7 medium) FortiOS / FortiProxy / FortiPAM / FortiSwitchManager - Format string vulnerability in CLI commands
  3. FG-IR-24-300 CVE-2024-52968 (6.7 medium) Improper Authentication in FortiMonitor Agent
  4. FG-IR-23-279 CVE-2024-40586 (6.7 medium) Improper access control to FortiSslvpnNamedPipe
  5. FG-IR-24-311 CVE-2024-40585 (6.5 medium) Insertion of sensitive information into Event log
  6. FG-IR-24-063 CVE-2024-27781 (7.1 high) Multiple Reflected and Stored Cross-Site Scripting
  7. FG-IR-24-147 CVE-2024-36508 (6.0 medium) Multiple arbitrary file deletion in the CLI
  8. FG-IR-24-438 CVE-2024-50567 and CVE-2024-50569 (7.2 high) OS Command Injections
  9. FG-IR-24-220 CVE-2024-40584 (7.2 high) OS command injection in external connector
  10. FG-IR-25-015 CVE-2025-24470 (8.6 high) Off-by-slash vulnerability in Nginx config
  11. FG-IR-24-302 CVE-2024-40591 (8.8 high) Permission escalation due to an Improper Privilege Management
  12. FG-IR-23-324 CVE-2024-27780 (3.1 low) Reflected XSS (cross site scripting) in incident page
  13. FG-IR-24-160 CVE-2024-35279 (8.1 high) Stack buffer overflow in fabric service
  14. FG-IR-24-094 CVE-2024-33504 (4.1 medium) Use of Hard-coded Cryptographic Key to encrypt sensitive data

Fortinet downplays the CVSSv3.1 score by listing temporal only, I have listed base score instead. No mention of exploitation.

#fortinet #fortios #fortiproxy #fortiswitchmanager #cve #vulnerability #infosec #cybersecurity

##

CVE-2025-24470
(8.6 HIGH)

EPSS: 0.04%

updated 2025-02-11T18:31:42

1 posts

An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests.

screaminggoat@infosec.exchange at 2025-02-11T17:45:27.000Z ##

Happy #PatchTuesday from Fortinet:

  1. FG-IR-24-422 CVE-2024-52966 (2.3 low) Disclosure of Logs of Devices not belonging to the Current ADOM from Log View
  2. FG-IR-23-261 CVE-2023-40721 (6.7 medium) FortiOS / FortiProxy / FortiPAM / FortiSwitchManager - Format string vulnerability in CLI commands
  3. FG-IR-24-300 CVE-2024-52968 (6.7 medium) Improper Authentication in FortiMonitor Agent
  4. FG-IR-23-279 CVE-2024-40586 (6.7 medium) Improper access control to FortiSslvpnNamedPipe
  5. FG-IR-24-311 CVE-2024-40585 (6.5 medium) Insertion of sensitive information into Event log
  6. FG-IR-24-063 CVE-2024-27781 (7.1 high) Multiple Reflected and Stored Cross-Site Scripting
  7. FG-IR-24-147 CVE-2024-36508 (6.0 medium) Multiple arbitrary file deletion in the CLI
  8. FG-IR-24-438 CVE-2024-50567 and CVE-2024-50569 (7.2 high) OS Command Injections
  9. FG-IR-24-220 CVE-2024-40584 (7.2 high) OS command injection in external connector
  10. FG-IR-25-015 CVE-2025-24470 (8.6 high) Off-by-slash vulnerability in Nginx config
  11. FG-IR-24-302 CVE-2024-40591 (8.8 high) Permission escalation due to an Improper Privilege Management
  12. FG-IR-23-324 CVE-2024-27780 (3.1 low) Reflected XSS (cross site scripting) in incident page
  13. FG-IR-24-160 CVE-2024-35279 (8.1 high) Stack buffer overflow in fabric service
  14. FG-IR-24-094 CVE-2024-33504 (4.1 medium) Use of Hard-coded Cryptographic Key to encrypt sensitive data

Fortinet downplays the CVSSv3.1 score by listing temporal only, I have listed base score instead. No mention of exploitation.

#fortinet #fortios #fortiproxy #fortiswitchmanager #cve #vulnerability #infosec #cybersecurity

##

CVE-2024-50567
(7.2 HIGH)

EPSS: 0.04%

updated 2025-02-11T18:31:42

1 posts

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.

screaminggoat@infosec.exchange at 2025-02-11T17:45:27.000Z ##

Happy #PatchTuesday from Fortinet:

  1. FG-IR-24-422 CVE-2024-52966 (2.3 low) Disclosure of Logs of Devices not belonging to the Current ADOM from Log View
  2. FG-IR-23-261 CVE-2023-40721 (6.7 medium) FortiOS / FortiProxy / FortiPAM / FortiSwitchManager - Format string vulnerability in CLI commands
  3. FG-IR-24-300 CVE-2024-52968 (6.7 medium) Improper Authentication in FortiMonitor Agent
  4. FG-IR-23-279 CVE-2024-40586 (6.7 medium) Improper access control to FortiSslvpnNamedPipe
  5. FG-IR-24-311 CVE-2024-40585 (6.5 medium) Insertion of sensitive information into Event log
  6. FG-IR-24-063 CVE-2024-27781 (7.1 high) Multiple Reflected and Stored Cross-Site Scripting
  7. FG-IR-24-147 CVE-2024-36508 (6.0 medium) Multiple arbitrary file deletion in the CLI
  8. FG-IR-24-438 CVE-2024-50567 and CVE-2024-50569 (7.2 high) OS Command Injections
  9. FG-IR-24-220 CVE-2024-40584 (7.2 high) OS command injection in external connector
  10. FG-IR-25-015 CVE-2025-24470 (8.6 high) Off-by-slash vulnerability in Nginx config
  11. FG-IR-24-302 CVE-2024-40591 (8.8 high) Permission escalation due to an Improper Privilege Management
  12. FG-IR-23-324 CVE-2024-27780 (3.1 low) Reflected XSS (cross site scripting) in incident page
  13. FG-IR-24-160 CVE-2024-35279 (8.1 high) Stack buffer overflow in fabric service
  14. FG-IR-24-094 CVE-2024-33504 (4.1 medium) Use of Hard-coded Cryptographic Key to encrypt sensitive data

Fortinet downplays the CVSSv3.1 score by listing temporal only, I have listed base score instead. No mention of exploitation.

#fortinet #fortios #fortiproxy #fortiswitchmanager #cve #vulnerability #infosec #cybersecurity

##

CVE-2025-21418
(7.8 HIGH)

EPSS: 0.14%

updated 2025-02-11T18:31:41

9 posts

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

jos1264@social.skynetcloud.site at 2025-02-11T20:10:02.000Z ##

Microsoft Patches ‘Wormable’ Windows Flaw and File-Deleting Zero-Day securityweek.com/microsoft-pat #Malware&Threats #Vulnerabilities #CVE202521391 #CVE202521418 #PatchTuesday #Microsoft #ZeroDay

##

jos1264@social.skynetcloud.site at 2025-02-11T20:10:03.000Z ##

Microsoft Patches ‘Wormable’ Windows Flaw and File-Deleting Zero-Day securityweek.com/microsoft-pat #Malware&Threats #Vulnerabilities #CVE202521391 #CVE202521418 #PatchTuesday #Microsoft #ZeroDay

##

0x40k at 2025-02-12T13:37:52.027Z ##

Patch Tuesday ist da! 🚨 Microsoft fixt 63 Bugs, aber 2 werden schon ausgenutzt! CVE-2025-21391 (Datei-Löschung, aber Chaining Gefahr!) & CVE-2025-21418 (EoP in AFD.sys - Grüße an Lazarus!). HPC-Cluster betroffen? CVE-2025-21198 (RCE!) checken! LDAP-Admins aufgepasst: CVE-2025-21376 (RCE!) ist auch dabei. Direkt patchen leute! CISA KEV beachten!

##

jos1264@social.skynetcloud.site at 2025-02-12T05:55:02.000Z ##

Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) – Source: securityboulevard.com ciso2ciso.com/microsofts-febru #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard

##

jos1264@social.skynetcloud.site at 2025-02-11T21:15:02.000Z ##

Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) helpnetsecurity.com/2025/02/11 #securityupdate #WindowsServer #PatchTuesday #TrendMicro #Don'tmiss #Microsoft #Hotstuff #Action1 #Tenable #Windows #News

##

cisakevtracker@mastodon.social at 2025-02-11T19:44:49.000Z ##

CVE ID: CVE-2025-21418
Vendor: Microsoft
Product: Windows
Date Added: 2025-02-11
Vulnerability: Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
Notes: msrc.microsoft.com/update-guid ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

screaminggoat@infosec.exchange at 2025-02-11T19:21:23.000Z ##

CISA: CISA Adds Four Known Exploited Vulnerabilities to Catalog

  • CVE-2025-21418 (7.8 high) Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
  • CVE-2025-21391 (7.1 high) Microsoft Windows Storage Link Following Vulnerability
  • CVE-2024-40890 (8.8 high) Zyxel DSL CPE OS Command Injection Vulnerability
  • CVE-2024-40891 (8.8 high) Zyxel DSL CPE OS Command Injection Vulnerability

The Zyxel stuff is not new, but since the Microsoft zero-days are part of #PatchTuesday, I'm including them in this conversation.

#cisa #kev #cisakev #KnownExploitedVulnerabilitiesCatalog #vulnerability #zeroday #eitw #activeexploitation #infosec #cybersecurity #cve

##

AAKL@infosec.exchange at 2025-02-11T18:47:40.000Z ##

CISA has updated the KEV catalogue.

- CVE-2025-21391: Microsoft Windows Storage Link Following Vulnerability cve.org/CVERecord?id=CVE-2025-

- CVE-2025-21418: Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability

- CVE-2024-40890: Zyxel DSL CPE OS Command Injection Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-40891: Zyxel DSL CPE OS Command Injection Vulnerability cve.org/CVERecord?id=CVE-2024- @cisagov #cybersecurity #infosec #CISA #Microsoft #Zyxel

##

screaminggoat@infosec.exchange at 2025-02-11T18:07:12.000Z ##

Happy #PatchTuesday from Microsoft: 4 ZERO-DAYS (2 EXPLOITED) out of 56 new CVEs

  • CVE-2025-21377 (6.5 medium) NTLM Hash Disclosure Spoofing Vulnerability (PUBLICLY DISCLOSED)
  • CVE-2025-21194 (7.1 high) Microsoft Surface Security Feature Bypass Vulnerability (PUBLICLY DISCLOSED)
  • CVE-2025-21418 (7.8 high) Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (EXPLOITED)
  • CVE-2025-21391 (7.1 high) Windows Storage Elevation of Privilege Vulnerability (EXPLOITED)

#microsoft #zeroday #cve #eitw #activeexploitation #vulnerability #infosec #cybersecurity

##

CVE-2025-21391
(7.1 HIGH)

EPSS: 1.07%

updated 2025-02-11T18:31:40

9 posts

Windows Storage Elevation of Privilege Vulnerability

jos1264@social.skynetcloud.site at 2025-02-11T20:10:02.000Z ##

Microsoft Patches ‘Wormable’ Windows Flaw and File-Deleting Zero-Day securityweek.com/microsoft-pat #Malware&Threats #Vulnerabilities #CVE202521391 #CVE202521418 #PatchTuesday #Microsoft #ZeroDay

##

jos1264@social.skynetcloud.site at 2025-02-11T20:10:03.000Z ##

Microsoft Patches ‘Wormable’ Windows Flaw and File-Deleting Zero-Day securityweek.com/microsoft-pat #Malware&Threats #Vulnerabilities #CVE202521391 #CVE202521418 #PatchTuesday #Microsoft #ZeroDay

##

0x40k at 2025-02-12T13:37:52.027Z ##

Patch Tuesday ist da! 🚨 Microsoft fixt 63 Bugs, aber 2 werden schon ausgenutzt! CVE-2025-21391 (Datei-Löschung, aber Chaining Gefahr!) & CVE-2025-21418 (EoP in AFD.sys - Grüße an Lazarus!). HPC-Cluster betroffen? CVE-2025-21198 (RCE!) checken! LDAP-Admins aufgepasst: CVE-2025-21376 (RCE!) ist auch dabei. Direkt patchen leute! CISA KEV beachten!

##

jos1264@social.skynetcloud.site at 2025-02-12T05:55:02.000Z ##

Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) – Source: securityboulevard.com ciso2ciso.com/microsofts-febru #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard

##

jos1264@social.skynetcloud.site at 2025-02-11T21:15:02.000Z ##

Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) helpnetsecurity.com/2025/02/11 #securityupdate #WindowsServer #PatchTuesday #TrendMicro #Don'tmiss #Microsoft #Hotstuff #Action1 #Tenable #Windows #News

##

cisakevtracker@mastodon.social at 2025-02-11T19:45:05.000Z ##

CVE ID: CVE-2025-21391
Vendor: Microsoft
Product: Windows
Date Added: 2025-02-11
Vulnerability: Microsoft Windows Storage Link Following Vulnerability
Notes: msrc.microsoft.com/update-guid ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

screaminggoat@infosec.exchange at 2025-02-11T19:21:23.000Z ##

CISA: CISA Adds Four Known Exploited Vulnerabilities to Catalog

  • CVE-2025-21418 (7.8 high) Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
  • CVE-2025-21391 (7.1 high) Microsoft Windows Storage Link Following Vulnerability
  • CVE-2024-40890 (8.8 high) Zyxel DSL CPE OS Command Injection Vulnerability
  • CVE-2024-40891 (8.8 high) Zyxel DSL CPE OS Command Injection Vulnerability

The Zyxel stuff is not new, but since the Microsoft zero-days are part of #PatchTuesday, I'm including them in this conversation.

#cisa #kev #cisakev #KnownExploitedVulnerabilitiesCatalog #vulnerability #zeroday #eitw #activeexploitation #infosec #cybersecurity #cve

##

AAKL@infosec.exchange at 2025-02-11T18:47:40.000Z ##

CISA has updated the KEV catalogue.

- CVE-2025-21391: Microsoft Windows Storage Link Following Vulnerability cve.org/CVERecord?id=CVE-2025-

- CVE-2025-21418: Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability

- CVE-2024-40890: Zyxel DSL CPE OS Command Injection Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2024-40891: Zyxel DSL CPE OS Command Injection Vulnerability cve.org/CVERecord?id=CVE-2024- @cisagov #cybersecurity #infosec #CISA #Microsoft #Zyxel

##

screaminggoat@infosec.exchange at 2025-02-11T18:07:12.000Z ##

Happy #PatchTuesday from Microsoft: 4 ZERO-DAYS (2 EXPLOITED) out of 56 new CVEs

  • CVE-2025-21377 (6.5 medium) NTLM Hash Disclosure Spoofing Vulnerability (PUBLICLY DISCLOSED)
  • CVE-2025-21194 (7.1 high) Microsoft Surface Security Feature Bypass Vulnerability (PUBLICLY DISCLOSED)
  • CVE-2025-21418 (7.8 high) Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (EXPLOITED)
  • CVE-2025-21391 (7.1 high) Windows Storage Elevation of Privilege Vulnerability (EXPLOITED)

#microsoft #zeroday #cve #eitw #activeexploitation #vulnerability #infosec #cybersecurity

##

CVE-2025-21376
(8.1 HIGH)

EPSS: 0.09%

updated 2025-02-11T18:31:39

1 posts

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

0x40k at 2025-02-12T13:37:52.027Z ##

Patch Tuesday ist da! 🚨 Microsoft fixt 63 Bugs, aber 2 werden schon ausgenutzt! CVE-2025-21391 (Datei-Löschung, aber Chaining Gefahr!) & CVE-2025-21418 (EoP in AFD.sys - Grüße an Lazarus!). HPC-Cluster betroffen? CVE-2025-21198 (RCE!) checken! LDAP-Admins aufgepasst: CVE-2025-21376 (RCE!) ist auch dabei. Direkt patchen leute! CISA KEV beachten!

##

CVE-2025-21198
(9.1 CRITICAL)

EPSS: 0.04%

updated 2025-02-11T18:31:37

1 posts

Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability

0x40k at 2025-02-12T13:37:52.027Z ##

Patch Tuesday ist da! 🚨 Microsoft fixt 63 Bugs, aber 2 werden schon ausgenutzt! CVE-2025-21391 (Datei-Löschung, aber Chaining Gefahr!) & CVE-2025-21418 (EoP in AFD.sys - Grüße an Lazarus!). HPC-Cluster betroffen? CVE-2025-21198 (RCE!) checken! LDAP-Admins aufgepasst: CVE-2025-21376 (RCE!) ist auch dabei. Direkt patchen leute! CISA KEV beachten!

##

CVE-2025-21194
(7.1 HIGH)

EPSS: 0.05%

updated 2025-02-11T18:31:37

1 posts

Microsoft Surface Security Feature Bypass Vulnerability

screaminggoat@infosec.exchange at 2025-02-11T18:07:12.000Z ##

Happy #PatchTuesday from Microsoft: 4 ZERO-DAYS (2 EXPLOITED) out of 56 new CVEs

  • CVE-2025-21377 (6.5 medium) NTLM Hash Disclosure Spoofing Vulnerability (PUBLICLY DISCLOSED)
  • CVE-2025-21194 (7.1 high) Microsoft Surface Security Feature Bypass Vulnerability (PUBLICLY DISCLOSED)
  • CVE-2025-21418 (7.8 high) Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (EXPLOITED)
  • CVE-2025-21391 (7.1 high) Windows Storage Elevation of Privilege Vulnerability (EXPLOITED)

#microsoft #zeroday #cve #eitw #activeexploitation #vulnerability #infosec #cybersecurity

##

CVE-2024-35279
(8.1 HIGH)

EPSS: 0.04%

updated 2025-02-11T18:31:37

1 posts

A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the CAPWAP control, provided the attacker were able to evade FortiOS stack protections and provided the fabric service is running on the exposed interface.

screaminggoat@infosec.exchange at 2025-02-11T17:45:27.000Z ##

Happy #PatchTuesday from Fortinet:

  1. FG-IR-24-422 CVE-2024-52966 (2.3 low) Disclosure of Logs of Devices not belonging to the Current ADOM from Log View
  2. FG-IR-23-261 CVE-2023-40721 (6.7 medium) FortiOS / FortiProxy / FortiPAM / FortiSwitchManager - Format string vulnerability in CLI commands
  3. FG-IR-24-300 CVE-2024-52968 (6.7 medium) Improper Authentication in FortiMonitor Agent
  4. FG-IR-23-279 CVE-2024-40586 (6.7 medium) Improper access control to FortiSslvpnNamedPipe
  5. FG-IR-24-311 CVE-2024-40585 (6.5 medium) Insertion of sensitive information into Event log
  6. FG-IR-24-063 CVE-2024-27781 (7.1 high) Multiple Reflected and Stored Cross-Site Scripting
  7. FG-IR-24-147 CVE-2024-36508 (6.0 medium) Multiple arbitrary file deletion in the CLI
  8. FG-IR-24-438 CVE-2024-50567 and CVE-2024-50569 (7.2 high) OS Command Injections
  9. FG-IR-24-220 CVE-2024-40584 (7.2 high) OS command injection in external connector
  10. FG-IR-25-015 CVE-2025-24470 (8.6 high) Off-by-slash vulnerability in Nginx config
  11. FG-IR-24-302 CVE-2024-40591 (8.8 high) Permission escalation due to an Improper Privilege Management
  12. FG-IR-23-324 CVE-2024-27780 (3.1 low) Reflected XSS (cross site scripting) in incident page
  13. FG-IR-24-160 CVE-2024-35279 (8.1 high) Stack buffer overflow in fabric service
  14. FG-IR-24-094 CVE-2024-33504 (4.1 medium) Use of Hard-coded Cryptographic Key to encrypt sensitive data

Fortinet downplays the CVSSv3.1 score by listing temporal only, I have listed base score instead. No mention of exploitation.

#fortinet #fortios #fortiproxy #fortiswitchmanager #cve #vulnerability #infosec #cybersecurity

##

CVE-2023-40721
(6.7 MEDIUM)

EPSS: 0.04%

updated 2025-02-11T18:31:37

1 posts

A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.6, FortiProxy version 7.4.0 and before 7.2.7, FortiPAM version 1.1.2 and before 1.0.3, FortiSwitchManager version 7.2.0 through 7.2.2 and before 7.0.2 allows a privileged attacker to execute arbitrary code or commands via specially crafted requests.

screaminggoat@infosec.exchange at 2025-02-11T17:45:27.000Z ##

Happy #PatchTuesday from Fortinet:

  1. FG-IR-24-422 CVE-2024-52966 (2.3 low) Disclosure of Logs of Devices not belonging to the Current ADOM from Log View
  2. FG-IR-23-261 CVE-2023-40721 (6.7 medium) FortiOS / FortiProxy / FortiPAM / FortiSwitchManager - Format string vulnerability in CLI commands
  3. FG-IR-24-300 CVE-2024-52968 (6.7 medium) Improper Authentication in FortiMonitor Agent
  4. FG-IR-23-279 CVE-2024-40586 (6.7 medium) Improper access control to FortiSslvpnNamedPipe
  5. FG-IR-24-311 CVE-2024-40585 (6.5 medium) Insertion of sensitive information into Event log
  6. FG-IR-24-063 CVE-2024-27781 (7.1 high) Multiple Reflected and Stored Cross-Site Scripting
  7. FG-IR-24-147 CVE-2024-36508 (6.0 medium) Multiple arbitrary file deletion in the CLI
  8. FG-IR-24-438 CVE-2024-50567 and CVE-2024-50569 (7.2 high) OS Command Injections
  9. FG-IR-24-220 CVE-2024-40584 (7.2 high) OS command injection in external connector
  10. FG-IR-25-015 CVE-2025-24470 (8.6 high) Off-by-slash vulnerability in Nginx config
  11. FG-IR-24-302 CVE-2024-40591 (8.8 high) Permission escalation due to an Improper Privilege Management
  12. FG-IR-23-324 CVE-2024-27780 (3.1 low) Reflected XSS (cross site scripting) in incident page
  13. FG-IR-24-160 CVE-2024-35279 (8.1 high) Stack buffer overflow in fabric service
  14. FG-IR-24-094 CVE-2024-33504 (4.1 medium) Use of Hard-coded Cryptographic Key to encrypt sensitive data

Fortinet downplays the CVSSv3.1 score by listing temporal only, I have listed base score instead. No mention of exploitation.

#fortinet #fortios #fortiproxy #fortiswitchmanager #cve #vulnerability #infosec #cybersecurity

##

CVE-2024-40586
(6.7 MEDIUM)

EPSS: 0.04%

updated 2025-02-11T18:31:37

1 posts

An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe.

screaminggoat@infosec.exchange at 2025-02-11T17:45:27.000Z ##

Happy #PatchTuesday from Fortinet:

  1. FG-IR-24-422 CVE-2024-52966 (2.3 low) Disclosure of Logs of Devices not belonging to the Current ADOM from Log View
  2. FG-IR-23-261 CVE-2023-40721 (6.7 medium) FortiOS / FortiProxy / FortiPAM / FortiSwitchManager - Format string vulnerability in CLI commands
  3. FG-IR-24-300 CVE-2024-52968 (6.7 medium) Improper Authentication in FortiMonitor Agent
  4. FG-IR-23-279 CVE-2024-40586 (6.7 medium) Improper access control to FortiSslvpnNamedPipe
  5. FG-IR-24-311 CVE-2024-40585 (6.5 medium) Insertion of sensitive information into Event log
  6. FG-IR-24-063 CVE-2024-27781 (7.1 high) Multiple Reflected and Stored Cross-Site Scripting
  7. FG-IR-24-147 CVE-2024-36508 (6.0 medium) Multiple arbitrary file deletion in the CLI
  8. FG-IR-24-438 CVE-2024-50567 and CVE-2024-50569 (7.2 high) OS Command Injections
  9. FG-IR-24-220 CVE-2024-40584 (7.2 high) OS command injection in external connector
  10. FG-IR-25-015 CVE-2025-24470 (8.6 high) Off-by-slash vulnerability in Nginx config
  11. FG-IR-24-302 CVE-2024-40591 (8.8 high) Permission escalation due to an Improper Privilege Management
  12. FG-IR-23-324 CVE-2024-27780 (3.1 low) Reflected XSS (cross site scripting) in incident page
  13. FG-IR-24-160 CVE-2024-35279 (8.1 high) Stack buffer overflow in fabric service
  14. FG-IR-24-094 CVE-2024-33504 (4.1 medium) Use of Hard-coded Cryptographic Key to encrypt sensitive data

Fortinet downplays the CVSSv3.1 score by listing temporal only, I have listed base score instead. No mention of exploitation.

#fortinet #fortios #fortiproxy #fortiswitchmanager #cve #vulnerability #infosec #cybersecurity

##

CVE-2024-33504
(4.1 MEDIUM)

EPSS: 0.04%

updated 2025-02-11T18:31:37

1 posts

A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the 'private-data-encryption' setting is enabled.

screaminggoat@infosec.exchange at 2025-02-11T17:45:27.000Z ##

Happy #PatchTuesday from Fortinet:

  1. FG-IR-24-422 CVE-2024-52966 (2.3 low) Disclosure of Logs of Devices not belonging to the Current ADOM from Log View
  2. FG-IR-23-261 CVE-2023-40721 (6.7 medium) FortiOS / FortiProxy / FortiPAM / FortiSwitchManager - Format string vulnerability in CLI commands
  3. FG-IR-24-300 CVE-2024-52968 (6.7 medium) Improper Authentication in FortiMonitor Agent
  4. FG-IR-23-279 CVE-2024-40586 (6.7 medium) Improper access control to FortiSslvpnNamedPipe
  5. FG-IR-24-311 CVE-2024-40585 (6.5 medium) Insertion of sensitive information into Event log
  6. FG-IR-24-063 CVE-2024-27781 (7.1 high) Multiple Reflected and Stored Cross-Site Scripting
  7. FG-IR-24-147 CVE-2024-36508 (6.0 medium) Multiple arbitrary file deletion in the CLI
  8. FG-IR-24-438 CVE-2024-50567 and CVE-2024-50569 (7.2 high) OS Command Injections
  9. FG-IR-24-220 CVE-2024-40584 (7.2 high) OS command injection in external connector
  10. FG-IR-25-015 CVE-2025-24470 (8.6 high) Off-by-slash vulnerability in Nginx config
  11. FG-IR-24-302 CVE-2024-40591 (8.8 high) Permission escalation due to an Improper Privilege Management
  12. FG-IR-23-324 CVE-2024-27780 (3.1 low) Reflected XSS (cross site scripting) in incident page
  13. FG-IR-24-160 CVE-2024-35279 (8.1 high) Stack buffer overflow in fabric service
  14. FG-IR-24-094 CVE-2024-33504 (4.1 medium) Use of Hard-coded Cryptographic Key to encrypt sensitive data

Fortinet downplays the CVSSv3.1 score by listing temporal only, I have listed base score instead. No mention of exploitation.

#fortinet #fortios #fortiproxy #fortiswitchmanager #cve #vulnerability #infosec #cybersecurity

##

CVE-2024-47908
(9.1 CRITICAL)

EPSS: 0.04%

updated 2025-02-11T18:31:37

2 posts

OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

AAKL@infosec.exchange at 2025-02-11T17:10:53.000Z ##

An interesting post that seems to be on the defensive. Still, there are some important items.

- Security Advisory Ivanti Cloud Services Application (CSA) (CVE-2024-47908, CVE-2024-11771) forums.ivanti.com/s/article/Se

- N-MDM - Security Advisory Ivanti Neurons for MDM (N-MDM) forums.ivanti.com/s/article/Se

- February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs) forums.ivanti.com/s/article/Fe

Ivanti: February Security Update ivanti.com/blog/february-secur #cybersecurity #infosec #Ivanti

##

screaminggoat@infosec.exchange at 2025-02-11T15:23:29.000Z ##

Happy #PatchTuesday from Ivanti: February Security Update

We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program.

#Ivanti #ivantiCSA #neurons #connectsecure #cve #vulnerability #infosec #cybersecurity

##

CVE-2024-11771
(5.3 MEDIUM)

EPSS: 0.04%

updated 2025-02-11T18:31:37

2 posts

Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.

AAKL@infosec.exchange at 2025-02-11T17:10:53.000Z ##

An interesting post that seems to be on the defensive. Still, there are some important items.

- Security Advisory Ivanti Cloud Services Application (CSA) (CVE-2024-47908, CVE-2024-11771) forums.ivanti.com/s/article/Se

- N-MDM - Security Advisory Ivanti Neurons for MDM (N-MDM) forums.ivanti.com/s/article/Se

- February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs) forums.ivanti.com/s/article/Fe

Ivanti: February Security Update ivanti.com/blog/february-secur #cybersecurity #infosec #Ivanti

##

screaminggoat@infosec.exchange at 2025-02-11T15:23:29.000Z ##

Happy #PatchTuesday from Ivanti: February Security Update

We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program.

#Ivanti #ivantiCSA #neurons #connectsecure #cve #vulnerability #infosec #cybersecurity

##

CVE-2024-50569
(6.6 MEDIUM)

EPSS: 0.04%

updated 2025-02-11T18:31:35

1 posts

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.

screaminggoat@infosec.exchange at 2025-02-11T17:45:27.000Z ##

Happy #PatchTuesday from Fortinet:

  1. FG-IR-24-422 CVE-2024-52966 (2.3 low) Disclosure of Logs of Devices not belonging to the Current ADOM from Log View
  2. FG-IR-23-261 CVE-2023-40721 (6.7 medium) FortiOS / FortiProxy / FortiPAM / FortiSwitchManager - Format string vulnerability in CLI commands
  3. FG-IR-24-300 CVE-2024-52968 (6.7 medium) Improper Authentication in FortiMonitor Agent
  4. FG-IR-23-279 CVE-2024-40586 (6.7 medium) Improper access control to FortiSslvpnNamedPipe
  5. FG-IR-24-311 CVE-2024-40585 (6.5 medium) Insertion of sensitive information into Event log
  6. FG-IR-24-063 CVE-2024-27781 (7.1 high) Multiple Reflected and Stored Cross-Site Scripting
  7. FG-IR-24-147 CVE-2024-36508 (6.0 medium) Multiple arbitrary file deletion in the CLI
  8. FG-IR-24-438 CVE-2024-50567 and CVE-2024-50569 (7.2 high) OS Command Injections
  9. FG-IR-24-220 CVE-2024-40584 (7.2 high) OS command injection in external connector
  10. FG-IR-25-015 CVE-2025-24470 (8.6 high) Off-by-slash vulnerability in Nginx config
  11. FG-IR-24-302 CVE-2024-40591 (8.8 high) Permission escalation due to an Improper Privilege Management
  12. FG-IR-23-324 CVE-2024-27780 (3.1 low) Reflected XSS (cross site scripting) in incident page
  13. FG-IR-24-160 CVE-2024-35279 (8.1 high) Stack buffer overflow in fabric service
  14. FG-IR-24-094 CVE-2024-33504 (4.1 medium) Use of Hard-coded Cryptographic Key to encrypt sensitive data

Fortinet downplays the CVSSv3.1 score by listing temporal only, I have listed base score instead. No mention of exploitation.

#fortinet #fortios #fortiproxy #fortiswitchmanager #cve #vulnerability #infosec #cybersecurity

##

CVE-2025-21404
(4.3 MEDIUM)

EPSS: 0.05%

updated 2025-02-11T18:31:33

1 posts

Microsoft Edge (Chromium-based) Spoofing Vulnerability

screaminggoat@infosec.exchange at 2025-02-07T02:32:28.000Z ##

Microsoft Security Response Center (MSRC) security advisories 06 February 2025:

  • CVE-2025-21177 (8.7 high) Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability (cloud service CVE)
  • CVE-2025-21253 (5.3 medium) Microsoft Edge for IOS and Android Spoofing Vulnerability
  • CVE-2025-21408 (8.8 high) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (exploitation unlikely)
  • CVE-2025-21404 (4.3 medium) Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • CVE-2025-21342 (8.8 high) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21283 (6.5 medium) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21279 (6.5 medium) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21267 (4.4 medium) Microsoft Edge (Chromium-based) Spoofing Vulnerability

There are an additional three CVEs patched, first announced by Google Chrome 2 days ago. All of these are Not Exploited, Not Publicly Disclosed, and Exploitability Assessment: Exploitation Less Likely, except for the Dynamics 365 CVE (N/A) and 21408 which actually says UNLIKELY. 🤔

#microsoft #vulnerability #dynamics365 #cve #edge #chromium #chrome #infosec #cybersecurity

##

CVE-2019-15002
(0 None)

EPSS: 0.04%

updated 2025-02-11T18:15:18.557000

1 posts

An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account.

cR0w@infosec.exchange at 2025-02-11T18:25:11.000Z ##

Atlassian finally published CVE-2019-15002 which was a CSRF in Jira that was patched in v8.0.0 which was released in 2020. Maybe this one just slipped behind the couch or something. Not that it matters since CNAs aren't generally held to any standards anyway, especially when they report on their own CVEs.

##

CVE-2025-26493
(4.6 MEDIUM)

EPSS: 0.04%

updated 2025-02-11T15:32:31

1 posts

In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab

cR0w@infosec.exchange at 2025-02-11T16:32:04.000Z ##

🎶 We built TeamCity...🎶

🎶 We built TeamCity on XSS🎶

No I did not sleep well why do you ask? 🤪

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-1162
(6.3 MEDIUM)

EPSS: 0.04%

updated 2025-02-11T15:15:20.047000

2 posts

A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. This affects an unknown part of the file /\_parse/load\_user-profile.php. The manipulation of the argument userhash leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-1160
(7.3 HIGH)

EPSS: 0.04%

updated 2025-02-11T15:15:19.790000

2 posts

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument username/password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-52611
(3.5 LOW)

EPSS: 0.04%

updated 2025-02-11T09:30:38

1 posts

The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions.

CVE-2024-45718
(4.6 MEDIUM)

EPSS: 0.04%

updated 2025-02-11T09:30:38

1 posts

Sensitive data could be exposed to non- privileged users in a configuration file. Local access to the computer with a low- privileged account is required to access the configuration file containing the sensitive data.

CVE-2024-52606
(3.5 LOW)

EPSS: 0.04%

updated 2025-02-11T09:30:38

1 posts

SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request.

CVE-2025-25194
(4.0 None)

EPSS: 0.04%

updated 2025-02-11T00:33:49

2 posts

### Summary This vulnerability allows a user to bypass any predefined hardcoded URL path or security anti-Localhost mechanism and perform an arbitrary GET request to any Host, Port and URL using a Webfinger Request. ### Details The Webfinger endpoint takes a remote domain for checking accounts as a feature, however, as per the ActivityPub spec (https://www.w3.org/TR/activitypub/#security-consider

CVE-2025-24970
(7.5 HIGH)

EPSS: 0.04%

updated 2025-02-11T00:33:48

2 posts

### Impact When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. ### Workarounds As workaround its possible to either disable the usage of the native SSLEngine or changing the code from: ``` SslContext context = ...; SslHandler handler = context.newHandler(....); ``` to: ``` SslContext con

CVE-2025-25193
(5.5 MEDIUM)

EPSS: 0.04%

updated 2025-02-11T00:33:48

2 posts

### Summary An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. ### Details A similar issue was previously reported in https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv This issu

CVE-2025-1159
(3.5 LOW)

EPSS: 0.04%

updated 2025-02-11T00:31:58

2 posts

A vulnerability was found in CampCodes School Management Software 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academic-calendar. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-1158
(6.3 MEDIUM)

EPSS: 0.08%

updated 2025-02-11T00:31:58

2 posts

A vulnerability was found in ESAFENET CDG 5.6.3.154.205_20250114. It has been classified as critical. Affected is an unknown function of the file addPolicyToSafetyGroup.jsp. The manipulation of the argument safetyGroupId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this discl

CVE-2025-1157
(6.3 MEDIUM)

EPSS: 0.05%

updated 2025-02-10T21:31:46

4 posts

A vulnerability was found in Allims lab.online up to 20250201 and classified as critical. This issue affects some unknown processing of the file /model/model_recuperar_senha.php. The manipulation of the argument recuperacao leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure

CVE-2025-1153
(3.1 LOW)

EPSS: 0.06%

updated 2025-02-10T21:31:46

4 posts

A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifi

CVE-2025-1002
(5.7 MEDIUM)

EPSS: 0.04%

updated 2025-02-10T21:31:45

2 posts

MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the attackers to modify the server's response and deliver a malicious update to the user.

CVE-2025-1156
(7.3 HIGH)

EPSS: 0.05%

updated 2025-02-10T21:31:45

2 posts

A vulnerability has been found in Pix Software Vivaz 6.0.10 and classified as critical. This vulnerability affects unknown code of the file /servlet?act=login. The manipulation of the argument usuario leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in

CVE-2025-1154
(6.3 MEDIUM)

EPSS: 0.08%

updated 2025-02-10T21:31:45

4 posts

A vulnerability, which was classified as critical, has been found in xxyopen Novel up to 3.4.1. Affected by this issue is some unknown functionality of the file /api/front/search/books. The manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVE-2025-1155
(4.3 MEDIUM)

EPSS: 0.04%

updated 2025-02-10T21:31:45

4 posts

A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is planned to remove this page in the long term.

CVE-2024-8550
(7.5 HIGH)

EPSS: 0.04%

updated 2025-02-10T21:31:39

4 posts

A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue arises due to improper sanitization of user input passed to the os.path.join function, which can be explo

CVE-2025-1150
(3.1 LOW)

EPSS: 0.05%

updated 2025-02-10T18:30:56

4 posts

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be use

CVE-2025-1151
(3.1 LOW)

EPSS: 0.05%

updated 2025-02-10T18:30:55

4 posts

A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is rec

CVE-2025-1152
(3.1 LOW)

EPSS: 0.05%

updated 2025-02-10T18:30:55

4 posts

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is reco

CVE-2025-25187
(7.8 HIGH)

EPSS: 0.04%

updated 2025-02-10T18:15:35.703000

2 posts

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's `dangerouslySetInnerHTML`, without first escaping HTML entities. Joplin lacks a Content-Security-Policy with a restrictive `script-src`. This allows arbitrary JavaScript execution via inl

CVE-2025-24366
(7.5 HIGH)

EPSS: 0.04%

updated 2025-02-10T17:01:47

2 posts

### Impact SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being `rsync`: it is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote storage backends. Due to missing sanitization of the client provided `rsync` command, an authenticat

CVE-2024-10334
(7.3 HIGH)

EPSS: 0.04%

updated 2025-02-10T15:32:27

1 posts

A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.  An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X.

cR0w@infosec.exchange at 2025-02-10T15:12:26.000Z ##

ABB. Again. LOL. LMAO.

search.abb.com/library/Downloa

CVE-2024-10334 Camera passwords stored in clear text

An attacker who successfully exploited this vulnerability could retrieve the login credentials for all cameras and manipulate or stop the video feed.

There will be no update for VideONet in System 800xA. Instead, the recommendation is to transfer to the new product, Camera Connect, as soon as it becomes available.

##

CVE-2024-13440
(7.5 HIGH)

EPSS: 0.09%

updated 2025-02-09T06:30:57

2 posts

The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssf_wp_user_name’ parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into an already existing query to sto

CVE-2025-0445
(5.4 MEDIUM)

EPSS: 0.04%

updated 2025-02-08T00:33:21

1 posts

Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

screaminggoat@infosec.exchange at 2025-02-04T19:05:24.000Z ##

Unofficial #PatchTuesday continues with Google Chrome: Stable Channel Update for Desktop
Chrome 133.0.6943.53 (Linux) and 133.0.6943.53/54( Windows, Mac) includes 12 security fixes, 3 are externally reported:

  • CVE-2025-0444 (high) Use after free in Skia
  • CVE-2025-0445 (high) Use after free in V8
  • CVE-2025-0451 (medium) Inappropriate implementation in Extensions API

No mention of exploitation.

#google #chrome #vulnerability #cve #infosec #cybersecurity

##

CVE-2025-0444
(6.3 MEDIUM)

EPSS: 0.04%

updated 2025-02-08T00:33:21

1 posts

Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

screaminggoat@infosec.exchange at 2025-02-04T19:05:24.000Z ##

Unofficial #PatchTuesday continues with Google Chrome: Stable Channel Update for Desktop
Chrome 133.0.6943.53 (Linux) and 133.0.6943.53/54( Windows, Mac) includes 12 security fixes, 3 are externally reported:

  • CVE-2025-0444 (high) Use after free in Skia
  • CVE-2025-0445 (high) Use after free in V8
  • CVE-2025-0451 (medium) Inappropriate implementation in Extensions API

No mention of exploitation.

#google #chrome #vulnerability #cve #infosec #cybersecurity

##

CVE-2025-1113
(6.3 MEDIUM)

EPSS: 0.04%

updated 2025-02-08T00:32:26

2 posts

A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-1114
(3.5 LOW)

EPSS: 0.04%

updated 2025-02-08T00:32:20

2 posts

A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling relea

CVE-2025-0451
(6.3 MEDIUM)

EPSS: 0.04%

updated 2025-02-08T00:32:20

1 posts

Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)

screaminggoat@infosec.exchange at 2025-02-04T19:05:24.000Z ##

Unofficial #PatchTuesday continues with Google Chrome: Stable Channel Update for Desktop
Chrome 133.0.6943.53 (Linux) and 133.0.6943.53/54( Windows, Mac) includes 12 security fixes, 3 are externally reported:

  • CVE-2025-0444 (high) Use after free in Skia
  • CVE-2025-0445 (high) Use after free in V8
  • CVE-2025-0451 (medium) Inappropriate implementation in Extensions API

No mention of exploitation.

#google #chrome #vulnerability #cve #infosec #cybersecurity

##

CVE-2024-57357
(8.0 HIGH)

EPSS: 0.04%

updated 2025-02-07T23:15:14.550000

2 posts

An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting 'devpwd'.

CVE-2024-57279
(5.4 MEDIUM)

EPSS: 0.04%

updated 2025-02-07T23:15:14.400000

2 posts

A reflected Cross-Site Scripting (XSS) vulnerability has been identified in the LDAP User Manager <= ce92321, specifically in the /setup/index.php endpoint via the returnto parameter. This vulnerability arises due to improper sanitization of user-supplied input, allowing an attacker to inject malicious JavaScript.

CVE-2024-57278
(5.4 MEDIUM)

EPSS: 0.04%

updated 2025-02-07T23:15:14.230000

2 posts

A reflected Cross-Site Scripting (XSS) vulnerability exists in /webscan/sqlmap/index.html in QingScan <=v1.8.0. The vulnerability is caused by improper input sanitization of the query parameter, allowing an attacker to inject malicious JavaScript payloads. When a victim accesses a crafted URL containing the malicious input, the script executes in the victim's browser context.

CVE-2021-27017
(6.6 MEDIUM)

EPSS: 0.04%

updated 2025-02-07T21:31:06

2 posts

Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release.

CVE-2025-25183
(2.6 LOW)

EPSS: 0.04%

updated 2025-02-07T20:15:34.083000

2 posts

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable consta

CVE-2025-1106
(5.4 MEDIUM)

EPSS: 0.07%

updated 2025-02-07T19:15:24.613000

4 posts

A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This affects the function deletedir_action/restore_action in the library lib/admin/database_admin.php. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respon

CVE-2025-0411
(7.0 None)

EPSS: 2.73%

updated 2025-02-07T18:32:19

8 posts

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a

2 repos

https://github.com/dhmosfunk/7-Zip-CVE-2025-0411-POC

https://github.com/iSee857/CVE-2025-0411-PoC

patrickcmiller@infosec.exchange at 2025-02-07T08:12:00.000Z ##

CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks trendmicro.com/en_us/research/

##

screaminggoat@infosec.exchange at 2025-02-06T17:21:53.000Z ##

CISA: CISA Adds Five Known Exploited Vulnerabilities to Catalog
Hot off the press!

  • CVE-2020-15069 (9.8 critical) Sophos XG Firewall Buffer Overflow Vulnerability
  • CVE-2020-29574 (9.8 critical) CyberoamOS (CROS) SQL Injection Vulnerability
  • CVE-2024-21413 (9.8 critical) Microsoft Outlook Improper Input Validation Vulnerability
  • CVE-2022-23748 (7.8 high) Dante Discovery Process Control Vulnerability
  • CVE-2025-0411 (7.0 high) 7-Zip Mark of the Web Bypass Vulnerability

#cisa #cisakev #kev #vulnerability #eitw #activeexploitation #infosec #cybersecurity #knownexploitedvulnerabilitiescatalog

##

cisakevtracker@mastodon.social at 2025-02-06T17:02:00.000Z ##

CVE ID: CVE-2025-0411
Vendor: 7-Zip
Product: 7-Zip
Date Added: 2025-02-06
Vulnerability: 7-Zip Mark of the Web Bypass Vulnerability
Notes: 7-zip.org/history.txt ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2025-02-06T16:44:41.000Z ##

CISA has updated the KEV catalogue:

- CVE-2025-0411: 7-Zip Mark of the Web Bypass Vulnerability cve.org/CVERecord?id=CVE-2025-

-CVE-2022-23748: Dante Discovery Process Control Vulnerability cve.org/CVERecord?id=CVE-2022-

- CVE-2024-21413: Microsoft Outlook Improper Input Validation Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2020-29574: CyberoamOS (CROS) SQL Injection Vulnerability cve.org/CVERecord?id=CVE-2020-

CVE.org link updated today: CVE-2020-15069: Sophos XG Firewall Buffer Overflow Vulnerability cve.org/CVERecord?id=CVE-2020- @cisagov #cybersecurity #infosec #CISA

##

soc_prime@infosec.exchange at 2025-02-05T13:10:59.000Z ##

CVE-2025-0411, a zero-day #vulnerability in 7-Zip is actively exploited by russian adversaries to target Ukraine in a #SmokeLoader campaign involving homoglyph attacks. Detect exploitation attempts using a set of #Sigma rules from SOC Prime Platform.
socprime.com/blog/cve-2025-041

##

VirusBulletin@infosec.exchange at 2025-02-05T10:51:54.000Z ##

Trend Micro's ZDI team describe how the CVE-2025-0411 vulnerability in 7-Zip was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks. trendmicro.com/en_us/research/

##

screaminggoat@infosec.exchange at 2025-02-04T16:45:41.000Z ##

Trend Micro: CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks
Trend Micro reports that CVE-2025-0411 (7.0 high) 7-Zip Mark-of-the-Web Bypass Vulnerability was exploited as a zero-day in a SmokeLoader malware campaign targeting Ukrainian entities back in September 2024. 7zip released a patch in version 24.09 on 30 November 2024. The vulnerability was actively exploited by Russian cybercrime groups through spear-phishing campaigns, using homoglyph attacks to spoof document extensions and trick users and the Windows Operating System into executing malicious files. The vulnerability was likely exploited as a cyberespionage campaign against Ukrainian government and civilian organizations. Indicators of compromise are provided.

#threatintel #CVE_2025_0411 #zeroday #eitw #activeexploitation #vulnerability #7zip #infosec #cybersecurity #cyberthreatintelligence #smokeloader #cyberespionage #cti #IOC #phishing #cybercrime

##

jos1264@social.skynetcloud.site at 2025-02-04T14:05:02.000Z ##

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) helpnetsecurity.com/2025/02/04 #securitycontrols #spearphishing #vulnerability #TrendMicro #Don'tmiss #Hotstuff #Ukraine #Windows #0-day #News

##

CVE-2024-7425
(6.8 MEDIUM)

EPSS: 0.05%

updated 2025-02-07T18:31:29

4 posts

The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to update arbitrary options on the WordPress site. This can be leveraged t

CVE-2024-9664
(7.2 HIGH)

EPSS: 0.05%

updated 2025-02-07T18:31:28

4 posts

The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an addit

CVE-2022-26389
(7.7 HIGH)

EPSS: 0.04%

updated 2025-02-07T18:31:28

2 posts

An improper access control vulnerability may allow privilege escalation.This issue affects:  * ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior;  * ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: Versions 2.3.1 and prior;  * ELI 250c/BUR 250c Resting Electrocardiograph: Versions 2.1.2 and prior;  * ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: Versions

CVE-2022-26388
(6.4 MEDIUM)

EPSS: 0.04%

updated 2025-02-07T18:31:28

2 posts

A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: Versions 2.3.1 and prior; ELI 250c/BUR 250c Resting Electrocardiograph: Versions 2.1.2 and prior; ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: Versions 2.2.0 and prior.

CVE-2025-1105
(4.3 MEDIUM)

EPSS: 0.05%

updated 2025-02-07T18:15:28.433000

4 posts

A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early ab

CVE-2025-1104
(7.3 HIGH)

EPSS: 0.06%

updated 2025-02-07T17:15:31.477000

4 posts

A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-1103
(6.5 MEDIUM)

EPSS: 0.04%

updated 2025-02-07T16:15:39.973000

4 posts

A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and

CVE-2024-9661
(4.3 MEDIUM)

EPSS: 0.05%

updated 2025-02-07T16:15:39.263000

4 posts

The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated attackers to delete imported content (posts, comments, users, etc.) via a forged request, granted they can trick a site administrator into performing an

CVE-2024-10383
(8.7 HIGH)

EPSS: 0.04%

updated 2025-02-07T15:32:44

2 posts

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE

CVE-2025-1108
(8.6 HIGH)

EPSS: 0.04%

updated 2025-02-07T14:15:48.530000

4 posts

Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into the ‘Xml’ parameter on the ‘/public/cgi/Gateway.php’ endpoint.

CVE-2025-1107
(9.9 CRITICAL)

EPSS: 0.04%

updated 2025-02-07T14:15:48.343000

4 posts

Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’.

CVE-2025-25154
(7.1 HIGH)

EPSS: 0.04%

updated 2025-02-07T12:31:26

2 posts

Cross-Site Request Forgery (CSRF) vulnerability in scweber Custom Comment Notifications allows Stored XSS. This issue affects Custom Comment Notifications: from n/a through 1.0.8.

CVE-2025-25155
(7.5 HIGH)

EPSS: 0.04%

updated 2025-02-07T12:31:26

2 posts

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in efreja Music Sheet Viewer allows Path Traversal. This issue affects Music Sheet Viewer: from n/a through 4.1.

CVE-2025-25156
(7.1 HIGH)

EPSS: 0.04%

updated 2025-02-07T12:31:26

2 posts

Cross-Site Request Forgery (CSRF) vulnerability in Stanko Metodiev Quote Comments allows Stored XSS. This issue affects Quote Comments: from n/a through 2.2.1.

CVE-2025-25167
(8.2 HIGH)

EPSS: 0.09%

updated 2025-02-07T12:31:26

2 posts

Missing Authorization vulnerability in blackandwhitedigital BookPress – For Book Authors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BookPress – For Book Authors: from n/a through 1.2.7.

CVE-2025-25140
(7.1 HIGH)

EPSS: 0.04%

updated 2025-02-07T12:31:26

2 posts

Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile allows Stored XSS. This issue affects Simple User Profile: from n/a through 1.9.

CVE-2025-25151
(8.5 HIGH)

EPSS: 0.04%

updated 2025-02-07T12:31:26

2 posts

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes uListing allows SQL Injection. This issue affects uListing: from n/a through 2.1.6.

CVE-2025-25152
(7.1 HIGH)

EPSS: 0.04%

updated 2025-02-07T12:31:26

2 posts

Cross-Site Request Forgery (CSRF) vulnerability in LukaszWiecek Smart DoFollow allows Stored XSS. This issue affects Smart DoFollow: from n/a through 1.0.2.

CVE-2025-25148
(7.1 HIGH)

EPSS: 0.04%

updated 2025-02-07T12:31:26

2 posts

Cross-Site Request Forgery (CSRF) vulnerability in ElbowRobo Read More Copy Link allows Stored XSS. This issue affects Read More Copy Link: from n/a through 1.0.2.

CVE-2025-25159
(7.1 HIGH)

EPSS: 0.04%

updated 2025-02-07T12:31:26

2 posts

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robert_kolatzek WP doodlez allows Stored XSS. This issue affects WP doodlez: from n/a through 1.0.10.

CVE-2025-25160
(7.1 HIGH)

EPSS: 0.05%

updated 2025-02-07T12:31:26

2 posts

Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker allows Stored XSS. This issue affects Style Tweaker: from n/a through 0.11.

CVE-2025-25168
(7.1 HIGH)

EPSS: 0.05%

updated 2025-02-07T12:31:25

2 posts

Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigital BookPress – For Book Authors allows Cross-Site Scripting (XSS). This issue affects BookPress – For Book Authors: from n/a through 1.2.7.

CVE-2025-25166
(7.1 HIGH)

EPSS: 0.05%

updated 2025-02-07T12:31:25

2 posts

Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation allows Stored XSS. This issue affects InLocation: from n/a through 1.8.

CVE-2025-25153
(7.1 HIGH)

EPSS: 0.04%

updated 2025-02-07T12:31:25

2 posts

Cross-Site Request Forgery (CSRF) vulnerability in djjmz Simple Auto Tag allows Stored XSS. This issue affects Simple Auto Tag: from n/a through 1.1.

CVE-2025-25147
(7.1 HIGH)

EPSS: 0.04%

updated 2025-02-07T12:31:25

2 posts

Cross-Site Request Forgery (CSRF) vulnerability in Phillip.Gooch Auto SEO allows Stored XSS. This issue affects Auto SEO: from n/a through 2.5.6.

CVE-2025-25149
(7.1 HIGH)

EPSS: 0.04%

updated 2025-02-07T12:31:25

2 posts

Cross-Site Request Forgery (CSRF) vulnerability in Danillo Nunes Login-box allows Stored XSS. This issue affects Login-box: from n/a through 2.0.4.

CVE-2025-25163
(7.5 HIGH)

EPSS: 0.09%

updated 2025-02-07T12:31:25

2 posts

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer allows Path Traversal. This issue affects Plugin A/B Image Optimizer: from n/a through 3.3.

CVE-2025-1083
(3.1 LOW)

EPSS: 0.05%

updated 2025-02-07T03:32:09

4 posts

A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has

CVE-2025-21342
(8.8 HIGH)

EPSS: 0.13%

updated 2025-02-07T03:32:09

1 posts

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

screaminggoat@infosec.exchange at 2025-02-07T02:32:28.000Z ##

Microsoft Security Response Center (MSRC) security advisories 06 February 2025:

  • CVE-2025-21177 (8.7 high) Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability (cloud service CVE)
  • CVE-2025-21253 (5.3 medium) Microsoft Edge for IOS and Android Spoofing Vulnerability
  • CVE-2025-21408 (8.8 high) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (exploitation unlikely)
  • CVE-2025-21404 (4.3 medium) Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • CVE-2025-21342 (8.8 high) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21283 (6.5 medium) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21279 (6.5 medium) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21267 (4.4 medium) Microsoft Edge (Chromium-based) Spoofing Vulnerability

There are an additional three CVEs patched, first announced by Google Chrome 2 days ago. All of these are Not Exploited, Not Publicly Disclosed, and Exploitability Assessment: Exploitation Less Likely, except for the Dynamics 365 CVE (N/A) and 21408 which actually says UNLIKELY. 🤔

#microsoft #vulnerability #dynamics365 #cve #edge #chromium #chrome #infosec #cybersecurity

##

CVE-2025-21283
(6.5 MEDIUM)

EPSS: 0.13%

updated 2025-02-07T03:32:09

1 posts

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

screaminggoat@infosec.exchange at 2025-02-07T02:32:28.000Z ##

Microsoft Security Response Center (MSRC) security advisories 06 February 2025:

  • CVE-2025-21177 (8.7 high) Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability (cloud service CVE)
  • CVE-2025-21253 (5.3 medium) Microsoft Edge for IOS and Android Spoofing Vulnerability
  • CVE-2025-21408 (8.8 high) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (exploitation unlikely)
  • CVE-2025-21404 (4.3 medium) Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • CVE-2025-21342 (8.8 high) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21283 (6.5 medium) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21279 (6.5 medium) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21267 (4.4 medium) Microsoft Edge (Chromium-based) Spoofing Vulnerability

There are an additional three CVEs patched, first announced by Google Chrome 2 days ago. All of these are Not Exploited, Not Publicly Disclosed, and Exploitability Assessment: Exploitation Less Likely, except for the Dynamics 365 CVE (N/A) and 21408 which actually says UNLIKELY. 🤔

#microsoft #vulnerability #dynamics365 #cve #edge #chromium #chrome #infosec #cybersecurity

##

CVE-2025-21408
(8.8 HIGH)

EPSS: 0.13%

updated 2025-02-07T03:32:09

1 posts

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

screaminggoat@infosec.exchange at 2025-02-07T02:32:28.000Z ##

Microsoft Security Response Center (MSRC) security advisories 06 February 2025:

  • CVE-2025-21177 (8.7 high) Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability (cloud service CVE)
  • CVE-2025-21253 (5.3 medium) Microsoft Edge for IOS and Android Spoofing Vulnerability
  • CVE-2025-21408 (8.8 high) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (exploitation unlikely)
  • CVE-2025-21404 (4.3 medium) Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • CVE-2025-21342 (8.8 high) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21283 (6.5 medium) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21279 (6.5 medium) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21267 (4.4 medium) Microsoft Edge (Chromium-based) Spoofing Vulnerability

There are an additional three CVEs patched, first announced by Google Chrome 2 days ago. All of these are Not Exploited, Not Publicly Disclosed, and Exploitability Assessment: Exploitation Less Likely, except for the Dynamics 365 CVE (N/A) and 21408 which actually says UNLIKELY. 🤔

#microsoft #vulnerability #dynamics365 #cve #edge #chromium #chrome #infosec #cybersecurity

##

CVE-2025-21177
(8.7 HIGH)

EPSS: 0.09%

updated 2025-02-07T03:32:09

1 posts

Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network.

screaminggoat@infosec.exchange at 2025-02-07T02:32:28.000Z ##

Microsoft Security Response Center (MSRC) security advisories 06 February 2025:

  • CVE-2025-21177 (8.7 high) Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability (cloud service CVE)
  • CVE-2025-21253 (5.3 medium) Microsoft Edge for IOS and Android Spoofing Vulnerability
  • CVE-2025-21408 (8.8 high) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (exploitation unlikely)
  • CVE-2025-21404 (4.3 medium) Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • CVE-2025-21342 (8.8 high) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21283 (6.5 medium) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21279 (6.5 medium) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21267 (4.4 medium) Microsoft Edge (Chromium-based) Spoofing Vulnerability

There are an additional three CVEs patched, first announced by Google Chrome 2 days ago. All of these are Not Exploited, Not Publicly Disclosed, and Exploitability Assessment: Exploitation Less Likely, except for the Dynamics 365 CVE (N/A) and 21408 which actually says UNLIKELY. 🤔

#microsoft #vulnerability #dynamics365 #cve #edge #chromium #chrome #infosec #cybersecurity

##

CVE-2025-21253
(5.3 MEDIUM)

EPSS: 0.06%

updated 2025-02-07T03:32:09

1 posts

Microsoft Edge for IOS and Android Spoofing Vulnerability

screaminggoat@infosec.exchange at 2025-02-07T02:32:28.000Z ##

Microsoft Security Response Center (MSRC) security advisories 06 February 2025:

  • CVE-2025-21177 (8.7 high) Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability (cloud service CVE)
  • CVE-2025-21253 (5.3 medium) Microsoft Edge for IOS and Android Spoofing Vulnerability
  • CVE-2025-21408 (8.8 high) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (exploitation unlikely)
  • CVE-2025-21404 (4.3 medium) Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • CVE-2025-21342 (8.8 high) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21283 (6.5 medium) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21279 (6.5 medium) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21267 (4.4 medium) Microsoft Edge (Chromium-based) Spoofing Vulnerability

There are an additional three CVEs patched, first announced by Google Chrome 2 days ago. All of these are Not Exploited, Not Publicly Disclosed, and Exploitability Assessment: Exploitation Less Likely, except for the Dynamics 365 CVE (N/A) and 21408 which actually says UNLIKELY. 🤔

#microsoft #vulnerability #dynamics365 #cve #edge #chromium #chrome #infosec #cybersecurity

##

CVE-2025-0674
(9.8 CRITICAL)

EPSS: 0.04%

updated 2025-02-07T03:32:09

1 posts

Multiple Elber products are affected by an authentication bypass vulnerability which allows unauthorized access to the password management functionality. Attackers can exploit this issue by manipulating the endpoint to overwrite any user's password within the system. This grants them unauthorized administrative access to protected areas of the application, compromising the device's system sec

screaminggoat@infosec.exchange at 2025-02-06T15:21:39.000Z ##

CISA: Elber Communications Equipment
With the bullshit occurring yesterday, this was less of a priority: ICS advisories are sometimes a juicy nugget and one of these two vulnerabilities (CVE-2025-0674 (9.8 critical) authentication bypass or CVE-2025-0675 (7.5 high) unauthenticated device configuration and client-side hidden functionality disclosure) in Elbers Communications products (communication equipment) has a public exploit (zero day).

Elber does not plan to mitigate these vulnerabilities because this equipment is either end of life or almost end of life.

The fuck you mean you're not going to patch your product that's still on the market?? Never buy their products again.

#elbers #vulnerability #cve #infosec #cybersecurity #ics

##

CVE-2025-0675
(7.5 HIGH)

EPSS: 0.04%

updated 2025-02-07T03:32:09

1 posts

Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure.

screaminggoat@infosec.exchange at 2025-02-06T15:21:39.000Z ##

CISA: Elber Communications Equipment
With the bullshit occurring yesterday, this was less of a priority: ICS advisories are sometimes a juicy nugget and one of these two vulnerabilities (CVE-2025-0674 (9.8 critical) authentication bypass or CVE-2025-0675 (7.5 high) unauthenticated device configuration and client-side hidden functionality disclosure) in Elbers Communications products (communication equipment) has a public exploit (zero day).

Elber does not plan to mitigate these vulnerabilities because this equipment is either end of life or almost end of life.

The fuck you mean you're not going to patch your product that's still on the market?? Never buy their products again.

#elbers #vulnerability #cve #infosec #cybersecurity #ics

##

CVE-2025-1082
(3.5 LOW)

EPSS: 0.07%

updated 2025-02-07T03:32:08

4 posts

A vulnerability classified as problematic has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected is an unknown function of the file /api/admin/question/edit of the component Exam Edit Handler. The manipulation of the argument title/content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor wa

CVE-2025-21279
(6.5 MEDIUM)

EPSS: 0.13%

updated 2025-02-07T03:32:08

1 posts

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

screaminggoat@infosec.exchange at 2025-02-07T02:32:28.000Z ##

Microsoft Security Response Center (MSRC) security advisories 06 February 2025:

  • CVE-2025-21177 (8.7 high) Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability (cloud service CVE)
  • CVE-2025-21253 (5.3 medium) Microsoft Edge for IOS and Android Spoofing Vulnerability
  • CVE-2025-21408 (8.8 high) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (exploitation unlikely)
  • CVE-2025-21404 (4.3 medium) Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • CVE-2025-21342 (8.8 high) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21283 (6.5 medium) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21279 (6.5 medium) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21267 (4.4 medium) Microsoft Edge (Chromium-based) Spoofing Vulnerability

There are an additional three CVEs patched, first announced by Google Chrome 2 days ago. All of these are Not Exploited, Not Publicly Disclosed, and Exploitability Assessment: Exploitation Less Likely, except for the Dynamics 365 CVE (N/A) and 21408 which actually says UNLIKELY. 🤔

#microsoft #vulnerability #dynamics365 #cve #edge #chromium #chrome #infosec #cybersecurity

##

CVE-2025-21267
(4.4 MEDIUM)

EPSS: 0.06%

updated 2025-02-07T03:32:08

1 posts

Microsoft Edge (Chromium-based) Spoofing Vulnerability

screaminggoat@infosec.exchange at 2025-02-07T02:32:28.000Z ##

Microsoft Security Response Center (MSRC) security advisories 06 February 2025:

  • CVE-2025-21177 (8.7 high) Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability (cloud service CVE)
  • CVE-2025-21253 (5.3 medium) Microsoft Edge for IOS and Android Spoofing Vulnerability
  • CVE-2025-21408 (8.8 high) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (exploitation unlikely)
  • CVE-2025-21404 (4.3 medium) Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • CVE-2025-21342 (8.8 high) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21283 (6.5 medium) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21279 (6.5 medium) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • CVE-2025-21267 (4.4 medium) Microsoft Edge (Chromium-based) Spoofing Vulnerability

There are an additional three CVEs patched, first announced by Google Chrome 2 days ago. All of these are Not Exploited, Not Publicly Disclosed, and Exploitability Assessment: Exploitation Less Likely, except for the Dynamics 365 CVE (N/A) and 21408 which actually says UNLIKELY. 🤔

#microsoft #vulnerability #dynamics365 #cve #edge #chromium #chrome #infosec #cybersecurity

##

benzogaga33@mamot.fr at 2025-02-07T10:40:02.000Z ##

Microsoft Outlook : cette faille critique est désormais exploitée dans des cyberattaques (CVE-2024-21413) it-connect.fr/outlook-faille-c #ActuCybersécurité #Cybersécurité #Microsoft #Outlook #Office

##

jos1264@social.skynetcloud.site at 2025-02-06T22:15:01.000Z ##

Critical Microsoft Outlook Vulnerability (CVE-2024-21413) Actively Exploited in Attacks – CISA Warns cybersecuritynews.com/critical #CyberSecurityNews #VulnerabilityNews #cybersecuritynews #CyberSecurity #cybersecurity #vulnerability #Exploit

##

verbrecher@mastodon.social at 2025-02-06T20:31:02.000Z ##

New - CVE-2024-21413
Score: 9.8 CRITICAL

The flaw is caused by improper input validation when opening emails with malicious links using vulnerable Outlook versions.

www-bleepingcomputer-com.cdn.a

##

screaminggoat@infosec.exchange at 2025-02-06T17:21:53.000Z ##

CISA: CISA Adds Five Known Exploited Vulnerabilities to Catalog
Hot off the press!

  • CVE-2020-15069 (9.8 critical) Sophos XG Firewall Buffer Overflow Vulnerability
  • CVE-2020-29574 (9.8 critical) CyberoamOS (CROS) SQL Injection Vulnerability
  • CVE-2024-21413 (9.8 critical) Microsoft Outlook Improper Input Validation Vulnerability
  • CVE-2022-23748 (7.8 high) Dante Discovery Process Control Vulnerability
  • CVE-2025-0411 (7.0 high) 7-Zip Mark of the Web Bypass Vulnerability

#cisa #cisakev #kev #vulnerability #eitw #activeexploitation #infosec #cybersecurity #knownexploitedvulnerabilitiescatalog

##

cisakevtracker@mastodon.social at 2025-02-06T17:01:29.000Z ##

CVE ID: CVE-2024-21413
Vendor: Microsoft
Product: Office Outlook
Date Added: 2025-02-06
Vulnerability: Microsoft Outlook Improper Input Validation Vulnerability
Notes: msrc.microsoft.com/update-guid ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2025-02-06T16:44:41.000Z ##

CISA has updated the KEV catalogue:

- CVE-2025-0411: 7-Zip Mark of the Web Bypass Vulnerability cve.org/CVERecord?id=CVE-2025-

-CVE-2022-23748: Dante Discovery Process Control Vulnerability cve.org/CVERecord?id=CVE-2022-

- CVE-2024-21413: Microsoft Outlook Improper Input Validation Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2020-29574: CyberoamOS (CROS) SQL Injection Vulnerability cve.org/CVERecord?id=CVE-2020-

CVE.org link updated today: CVE-2020-15069: Sophos XG Firewall Buffer Overflow Vulnerability cve.org/CVERecord?id=CVE-2020- @cisagov #cybersecurity #infosec #CISA

##

CVE-2025-0725
(7.3 HIGH)

EPSS: 0.04%

updated 2025-02-06T21:32:10

3 posts

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.

xeiaso.net@bsky.brid.gy at 2025-02-05T15:41:01.365Z ##

"No way to prevent this" say users of only language where this regularly happens https://xeiaso.net/shitposts/no-way-to-prevent-this/CVE-2025-0725/

"No way to prevent this" say u...

##

cadey@pony.social at 2025-02-05T15:41:01.000Z ##

"No way to prevent this" say users of only language where this regularly happens

xeiaso.net/shitposts/no-way-to

##

bagder@mastodon.social at 2025-02-05T09:58:52.000Z ##

Embrace. This is the new #curl CVE I expect I will get a fair amount of... "traffic" about: curl.se/docs/CVE-2025-0725.html

##

CVE-2025-1081
(3.1 LOW)

EPSS: 0.05%

updated 2025-02-06T21:15:23.120000

4 posts

A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has been rated as problematic. This issue affects some unknown processing of the component WiFi Password Handler. The manipulation leads to use of weak credentials. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has be

CVE-2025-0158
(5.5 MEDIUM)

EPSS: 0.04%

updated 2025-02-06T21:15:21.923000

4 posts

IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation.

CVE-2024-27137
(5.3 MEDIUM)

EPSS: 0.04%

updated 2025-02-06T21:15:20.997000

1 posts

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorized operations. This is same vulne

cR0w@infosec.exchange at 2025-02-04T14:07:31.000Z ##

A couple Apache Cassandra advisories are out this morning. Well, yesterday afternoon for me, but I missed them then.

CVE-2025-24860: lists.apache.org/thread/yjo5on

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer.

Users with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions.

This issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer.

Operators using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer on affected versions should review data access rules for potential breaches. Users are recommended to upgrade to versions 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

CVE-2024-27137: lists.apache.org/thread/jsk87d

In Apache Cassandra it is possible for a local attacker without access
to the Apache Cassandra process or configuration files to manipulate
the RMI registry to perform a man-in-the-middle attack and capture usernames and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorized operations.

This is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10.

This issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11.

Operators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue.

##

CVE-2025-24860
(5.4 MEDIUM)

EPSS: 0.04%

updated 2025-02-06T20:15:41.030000

1 posts

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions. This issue affects Apache Cassandra: from 4.0.0 t

cR0w@infosec.exchange at 2025-02-04T14:07:31.000Z ##

A couple Apache Cassandra advisories are out this morning. Well, yesterday afternoon for me, but I missed them then.

CVE-2025-24860: lists.apache.org/thread/yjo5on

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer.

Users with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions.

This issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer.

Operators using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer on affected versions should review data access rules for potential breaches. Users are recommended to upgrade to versions 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

CVE-2024-27137: lists.apache.org/thread/jsk87d

In Apache Cassandra it is possible for a local attacker without access
to the Apache Cassandra process or configuration files to manipulate
the RMI registry to perform a man-in-the-middle attack and capture usernames and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorized operations.

This is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10.

This issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11.

Operators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue.

##

CVE-2022-23748
(7.8 HIGH)

EPSS: 0.29%

updated 2025-02-06T18:32:07

3 posts

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.

screaminggoat@infosec.exchange at 2025-02-06T17:21:53.000Z ##

CISA: CISA Adds Five Known Exploited Vulnerabilities to Catalog
Hot off the press!

  • CVE-2020-15069 (9.8 critical) Sophos XG Firewall Buffer Overflow Vulnerability
  • CVE-2020-29574 (9.8 critical) CyberoamOS (CROS) SQL Injection Vulnerability
  • CVE-2024-21413 (9.8 critical) Microsoft Outlook Improper Input Validation Vulnerability
  • CVE-2022-23748 (7.8 high) Dante Discovery Process Control Vulnerability
  • CVE-2025-0411 (7.0 high) 7-Zip Mark of the Web Bypass Vulnerability

#cisa #cisakev #kev #vulnerability #eitw #activeexploitation #infosec #cybersecurity #knownexploitedvulnerabilitiescatalog

##

cisakevtracker@mastodon.social at 2025-02-06T17:01:44.000Z ##

CVE ID: CVE-2022-23748
Vendor: Audinate
Product: Dante Discovery
Date Added: 2025-02-06
Vulnerability: Dante Discovery Process Control Vulnerability
Notes: getdante.com/support/faq/audin ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2025-02-06T16:44:41.000Z ##

CISA has updated the KEV catalogue:

- CVE-2025-0411: 7-Zip Mark of the Web Bypass Vulnerability cve.org/CVERecord?id=CVE-2025-

-CVE-2022-23748: Dante Discovery Process Control Vulnerability cve.org/CVERecord?id=CVE-2022-

- CVE-2024-21413: Microsoft Outlook Improper Input Validation Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2020-29574: CyberoamOS (CROS) SQL Injection Vulnerability cve.org/CVERecord?id=CVE-2020-

CVE.org link updated today: CVE-2020-15069: Sophos XG Firewall Buffer Overflow Vulnerability cve.org/CVERecord?id=CVE-2020- @cisagov #cybersecurity #infosec #CISA

##

CVE-2025-1078
(5.3 MEDIUM)

EPSS: 0.04%

updated 2025-02-06T18:31:11

4 posts

A vulnerability has been found in AppHouseKitchen AlDente Charge Limiter up to 1.29 on macOS and classified as critical. This vulnerability affects the function shouldAcceptNewConnection of the file com.apphousekitchen.aldente-pro.helper of the component XPC Service. The manipulation leads to improper authorization. It is possible to launch the attack on the local host. The exploit has been disclo

CVE-2024-7595
(6.5 MEDIUM)

EPSS: 0.04%

updated 2025-02-06T18:31:05

1 posts

GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.

2 repos

https://github.com/PapayaJackal/ipeeyoupeewepee

https://github.com/GustavoHGP/ipeeyoupeewepee

cR0w@infosec.exchange at 2025-02-05T17:39:35.000Z ##

This seems... Known? Expected? Is that the word?

cve.org/CVERecord?id=CVE-2024-

GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.

##

CVE-2020-29574
(9.8 CRITICAL)

EPSS: 5.32%

updated 2025-02-06T18:30:59

3 posts

An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.

screaminggoat@infosec.exchange at 2025-02-06T17:21:53.000Z ##

CISA: CISA Adds Five Known Exploited Vulnerabilities to Catalog
Hot off the press!

  • CVE-2020-15069 (9.8 critical) Sophos XG Firewall Buffer Overflow Vulnerability
  • CVE-2020-29574 (9.8 critical) CyberoamOS (CROS) SQL Injection Vulnerability
  • CVE-2024-21413 (9.8 critical) Microsoft Outlook Improper Input Validation Vulnerability
  • CVE-2022-23748 (7.8 high) Dante Discovery Process Control Vulnerability
  • CVE-2025-0411 (7.0 high) 7-Zip Mark of the Web Bypass Vulnerability

#cisa #cisakev #kev #vulnerability #eitw #activeexploitation #infosec #cybersecurity #knownexploitedvulnerabilitiescatalog

##

cisakevtracker@mastodon.social at 2025-02-06T17:01:13.000Z ##

CVE ID: CVE-2020-29574
Vendor: Sophos
Product: CyberoamOS
Date Added: 2025-02-06
Vulnerability: CyberoamOS (CROS) SQL Injection Vulnerability
Notes: support.sophos.com/support/s/a ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2025-02-06T16:44:41.000Z ##

CISA has updated the KEV catalogue:

- CVE-2025-0411: 7-Zip Mark of the Web Bypass Vulnerability cve.org/CVERecord?id=CVE-2025-

-CVE-2022-23748: Dante Discovery Process Control Vulnerability cve.org/CVERecord?id=CVE-2022-

- CVE-2024-21413: Microsoft Outlook Improper Input Validation Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2020-29574: CyberoamOS (CROS) SQL Injection Vulnerability cve.org/CVERecord?id=CVE-2020-

CVE.org link updated today: CVE-2020-15069: Sophos XG Firewall Buffer Overflow Vulnerability cve.org/CVERecord?id=CVE-2020- @cisagov #cybersecurity #infosec #CISA

##

CVE-2020-15069
(9.8 CRITICAL)

EPSS: 7.51%

updated 2025-02-06T18:30:59

3 posts

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.

screaminggoat@infosec.exchange at 2025-02-06T17:21:53.000Z ##

CISA: CISA Adds Five Known Exploited Vulnerabilities to Catalog
Hot off the press!

  • CVE-2020-15069 (9.8 critical) Sophos XG Firewall Buffer Overflow Vulnerability
  • CVE-2020-29574 (9.8 critical) CyberoamOS (CROS) SQL Injection Vulnerability
  • CVE-2024-21413 (9.8 critical) Microsoft Outlook Improper Input Validation Vulnerability
  • CVE-2022-23748 (7.8 high) Dante Discovery Process Control Vulnerability
  • CVE-2025-0411 (7.0 high) 7-Zip Mark of the Web Bypass Vulnerability

#cisa #cisakev #kev #vulnerability #eitw #activeexploitation #infosec #cybersecurity #knownexploitedvulnerabilitiescatalog

##

cisakevtracker@mastodon.social at 2025-02-06T17:00:57.000Z ##

CVE ID: CVE-2020-15069
Vendor: Sophos
Product: XG Firewall
Date Added: 2025-02-06
Vulnerability: Sophos XG Firewall Buffer Overflow Vulnerability
Notes: community.sophos.com/b/securit ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2025-02-06T16:44:41.000Z ##

CISA has updated the KEV catalogue:

- CVE-2025-0411: 7-Zip Mark of the Web Bypass Vulnerability cve.org/CVERecord?id=CVE-2025-

-CVE-2022-23748: Dante Discovery Process Control Vulnerability cve.org/CVERecord?id=CVE-2022-

- CVE-2024-21413: Microsoft Outlook Improper Input Validation Vulnerability cve.org/CVERecord?id=CVE-2024-

- CVE-2020-29574: CyberoamOS (CROS) SQL Injection Vulnerability cve.org/CVERecord?id=CVE-2020-

CVE.org link updated today: CVE-2020-15069: Sophos XG Firewall Buffer Overflow Vulnerability cve.org/CVERecord?id=CVE-2020- @cisagov #cybersecurity #infosec #CISA

##

CVE-2025-25181
(5.8 MEDIUM)

EPSS: 0.04%

updated 2025-02-06T18:15:33.030000

3 posts

A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.

CVE-2024-57968
(9.9 CRITICAL)

EPSS: 0.04%

updated 2025-02-06T18:15:32.287000

3 posts

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.

CVE-2023-5878
(9.1 CRITICAL)

EPSS: 0.04%

updated 2025-02-06T15:33:54

1 posts

Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading to a command injection. Honeywell recommends updating to R322.3, R330.2 or the most recent versi

cR0w@infosec.exchange at 2025-02-06T14:51:13.000Z ##

Go hack some Honeywell Wireless Device Managers. Old vuln, new sev:CRIT CVE so I'm sure it's patched everywhere by now...

nvd.nist.gov/vuln/detail/CVE-2

Wireless Device Manager (WDM) for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. An attacker who is authenticated could use the firmware update process to potentially exploit the vulnerability, leading to a command injection.

##

CVE-2024-53104
(7.8 HIGH)

EPSS: 0.14%

updated 2025-02-06T02:00:02.120000

6 posts

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.

cisakevtracker@mastodon.social at 2025-02-05T16:01:13.000Z ##

CVE ID: CVE-2024-53104
Vendor: Linux
Product: Kernel
Date Added: 2025-02-05
Vulnerability: Linux Kernel Out-of-Bounds Write Vulnerability
Notes: lore.kernel.org/linux-cve-anno ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

screaminggoat@infosec.exchange at 2025-02-05T15:26:22.000Z ##

CISA: CISA Adds One Known Exploited Vulnerability to Catalog
Hot off the press! (In fact, it was so hot that I beat the CISA media team to starting the announcement) CVE-2024-53104 (7.8 high) Linux Kernel Out-of-Bounds Write Vulnerability.

#cisa #cisakev #kev #vulnerability #eitw #activeexploitation #infosec #cybersecurity #knownexploitedvulnerabilitiescatalog

##

ClubTeleMatique@mstdn.social at 2025-02-04T21:15:42.000Z ##

Hacker News: Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 thehackernews.com/2025/02/goog #news #IT

##

jbhall56@infosec.exchange at 2025-02-04T13:04:07.000Z ##

The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver. thehackernews.com/2025/02/goog

##

jos1264@social.skynetcloud.site at 2025-02-04T07:15:01.000Z ##

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 thehackernews.com/2025/02/goog

##

jos1264@social.skynetcloud.site at 2025-02-04T06:55:01.000Z ##

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 thehackernews.com/2025/02/goog

##

CVE-2025-23419
(4.3 MEDIUM)

EPSS: 0.04%

updated 2025-02-05T21:33:37

4 posts

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ng

screaminggoat at 2025-02-07T20:30:45.764Z ##

Cloudflare: Resolving a Mutual TLS session resumption vulnerability
Cloudflare voluntarily provides vulnerability details for CVE-2025-23419 (CVSSv4: 5.3/v3.1: 4.3 medium) TLS Session Resumption Vulnerability which they were notified about 2 weeks ago. There's no exploitation in the wild.

##

RedPacketSecurity@mastodon.social at 2025-02-06T15:14:17.000Z ##

CVE Alert: CVE-2025-23419 - redpacketsecurity.com/cve_aler

#OSINT #ThreatIntel #CyberSecurity #cve_2025_23419

##

screaminggoat@infosec.exchange at 2025-02-07T20:30:45.000Z ##

Cloudflare: Resolving a Mutual TLS session resumption vulnerability
Cloudflare voluntarily provides vulnerability details for CVE-2025-23419 (CVSSv4: 5.3/v3.1: 4.3 medium) TLS Session Resumption Vulnerability which they were notified about 2 weeks ago. There's no exploitation in the wild.

#cloudflare #vulnerability #infosec #cybersecurity #CVE_2025_23419

##

RedPacketSecurity@mastodon.social at 2025-02-06T15:14:17.000Z ##

CVE Alert: CVE-2025-23419 - redpacketsecurity.com/cve_aler

#OSINT #ThreatIntel #CyberSecurity #cve_2025_23419

##

CVE-2024-56135
(8.5 HIGH)

EPSS: 0.04%

updated 2025-02-05T18:34:52

1 posts

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12 (inclusive)    7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)

screaminggoat@infosec.exchange at 2025-02-11T12:11:15.000Z ##

Progress security advisory "05" February 2024: LoadMaster Security Vulnerability CVE-2024-56131 / CVE-2024-56132 / CVE-2024-56133 / CVE-2024-56134 / CVE-2024-56135

  • CVE-2024-56131 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56132 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56133 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56134 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56135 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection

Remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate could issue a carefully crafted HTTP request that allows arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed.  

We have not received any reports that these vulnerabilities have been exploited and we are not aware of any direct impact on customers.

#progress #loadmaster #infosec #cve #cybersecurity

##

CVE-2024-56134
(8.5 HIGH)

EPSS: 0.04%

updated 2025-02-05T18:34:52

1 posts

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12 (inclusive)    7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior ver

screaminggoat@infosec.exchange at 2025-02-11T12:11:15.000Z ##

Progress security advisory "05" February 2024: LoadMaster Security Vulnerability CVE-2024-56131 / CVE-2024-56132 / CVE-2024-56133 / CVE-2024-56134 / CVE-2024-56135

  • CVE-2024-56131 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56132 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56133 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56134 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56135 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection

Remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate could issue a carefully crafted HTTP request that allows arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed.  

We have not received any reports that these vulnerabilities have been exploited and we are not aware of any direct impact on customers.

#progress #loadmaster #infosec #cve #cybersecurity

##

CVE-2024-56132
(8.5 HIGH)

EPSS: 0.04%

updated 2025-02-05T18:34:52

1 posts

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12 (inclusive)    7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)

screaminggoat@infosec.exchange at 2025-02-11T12:11:15.000Z ##

Progress security advisory "05" February 2024: LoadMaster Security Vulnerability CVE-2024-56131 / CVE-2024-56132 / CVE-2024-56133 / CVE-2024-56134 / CVE-2024-56135

  • CVE-2024-56131 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56132 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56133 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56134 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56135 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection

Remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate could issue a carefully crafted HTTP request that allows arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed.  

We have not received any reports that these vulnerabilities have been exploited and we are not aware of any direct impact on customers.

#progress #loadmaster #infosec #cve #cybersecurity

##

CVE-2024-56133
(8.5 HIGH)

EPSS: 0.04%

updated 2025-02-05T18:34:52

1 posts

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12 (inclusive)    7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)

screaminggoat@infosec.exchange at 2025-02-11T12:11:15.000Z ##

Progress security advisory "05" February 2024: LoadMaster Security Vulnerability CVE-2024-56131 / CVE-2024-56132 / CVE-2024-56133 / CVE-2024-56134 / CVE-2024-56135

  • CVE-2024-56131 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56132 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56133 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56134 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56135 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection

Remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate could issue a carefully crafted HTTP request that allows arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed.  

We have not received any reports that these vulnerabilities have been exploited and we are not aware of any direct impact on customers.

#progress #loadmaster #infosec #cve #cybersecurity

##

CVE-2025-20124
(9.9 CRITICAL)

EPSS: 0.05%

updated 2025-02-05T18:34:52

2 posts

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object to an affected API. A successful exploit

AAKL@infosec.exchange at 2025-02-06T16:47:57.000Z ##

CVE-2025-20124 and CVE-2025-20125.

Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity #cybersecurity #infosec

##

screaminggoat@infosec.exchange at 2025-02-05T16:37:04.000Z ##

Cisco security advisories (PatchTuesday-ishing @shellsharks):

"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."

#cisco #vulnerability #cve #infosec #cybersecurity

##

CVE-2025-20175
(7.7 HIGH)

EPSS: 0.04%

updated 2025-02-05T18:34:52

1 posts

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the

screaminggoat@infosec.exchange at 2025-02-05T16:37:04.000Z ##

Cisco security advisories (PatchTuesday-ishing @shellsharks):

"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."

#cisco #vulnerability #cve #infosec #cybersecurity

##

CVE-2025-20179
(6.1 MEDIUM)

EPSS: 0.05%

updated 2025-02-05T18:34:52

1 posts

A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the

screaminggoat@infosec.exchange at 2025-02-05T16:37:04.000Z ##

Cisco security advisories (PatchTuesday-ishing @shellsharks):

"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."

#cisco #vulnerability #cve #infosec #cybersecurity

##

CVE-2025-20176
(7.7 HIGH)

EPSS: 0.04%

updated 2025-02-05T18:34:52

1 posts

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the

screaminggoat@infosec.exchange at 2025-02-05T16:37:04.000Z ##

Cisco security advisories (PatchTuesday-ishing @shellsharks):

"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."

#cisco #vulnerability #cve #infosec #cybersecurity

##

CVE-2025-20170
(7.7 HIGH)

EPSS: 0.04%

updated 2025-02-05T18:34:52

1 posts

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the

screaminggoat@infosec.exchange at 2025-02-05T16:37:04.000Z ##

Cisco security advisories (PatchTuesday-ishing @shellsharks):

"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."

#cisco #vulnerability #cve #infosec #cybersecurity

##

CVE-2024-56131
(8.5 HIGH)

EPSS: 0.04%

updated 2025-02-05T18:34:46

1 posts

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12 (inclusive)    7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior ver

screaminggoat@infosec.exchange at 2025-02-11T12:11:15.000Z ##

Progress security advisory "05" February 2024: LoadMaster Security Vulnerability CVE-2024-56131 / CVE-2024-56132 / CVE-2024-56133 / CVE-2024-56134 / CVE-2024-56135

  • CVE-2024-56131 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56132 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56133 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56134 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
  • CVE-2024-56135 (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection

Remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate could issue a carefully crafted HTTP request that allows arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed.  

We have not received any reports that these vulnerabilities have been exploited and we are not aware of any direct impact on customers.

#progress #loadmaster #infosec #cve #cybersecurity

##

CVE-2025-20204
(4.8 MEDIUM)

EPSS: 0.04%

updated 2025-02-05T18:34:46

1 posts

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.&nbsp; This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulner

screaminggoat@infosec.exchange at 2025-02-05T16:37:04.000Z ##

Cisco security advisories (PatchTuesday-ishing @shellsharks):

"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."

#cisco #vulnerability #cve #infosec #cybersecurity

##

CVE-2025-20207
(4.3 MEDIUM)

EPSS: 0.04%

updated 2025-02-05T18:34:46

1 posts

A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to obtain confidential information about the underlying operating system. This vulnerability exists because the appliances do not protect confidential information at rest in response to

screaminggoat@infosec.exchange at 2025-02-05T16:37:04.000Z ##

Cisco security advisories (PatchTuesday-ishing @shellsharks):

"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."

#cisco #vulnerability #cve #infosec #cybersecurity

##

CVE-2025-20205
(4.8 MEDIUM)

EPSS: 0.04%

updated 2025-02-05T18:34:46

1 posts

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.&nbsp; This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulner

screaminggoat@infosec.exchange at 2025-02-05T16:37:04.000Z ##

Cisco security advisories (PatchTuesday-ishing @shellsharks):

"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."

#cisco #vulnerability #cve #infosec #cybersecurity

##

CVE-2025-20125
(9.1 CRITICAL)

EPSS: 0.04%

updated 2025-02-05T18:34:45

2 posts

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request t

AAKL@infosec.exchange at 2025-02-06T16:47:57.000Z ##

CVE-2025-20124 and CVE-2025-20125.

Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity #cybersecurity #infosec

##

screaminggoat@infosec.exchange at 2025-02-05T16:37:04.000Z ##

Cisco security advisories (PatchTuesday-ishing @shellsharks):

"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."

#cisco #vulnerability #cve #infosec #cybersecurity

##

CVE-2025-20173
(7.7 HIGH)

EPSS: 0.04%

updated 2025-02-05T18:34:45

1 posts

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the

screaminggoat@infosec.exchange at 2025-02-05T16:37:04.000Z ##

Cisco security advisories (PatchTuesday-ishing @shellsharks):

"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."

#cisco #vulnerability #cve #infosec #cybersecurity

##

CVE-2025-20174
(7.7 HIGH)

EPSS: 0.04%

updated 2025-02-05T18:34:45

1 posts

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the

screaminggoat@infosec.exchange at 2025-02-05T16:37:04.000Z ##

Cisco security advisories (PatchTuesday-ishing @shellsharks):

"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."

#cisco #vulnerability #cve #infosec #cybersecurity

##

CVE-2025-20171
(7.7 HIGH)

EPSS: 0.04%

updated 2025-02-05T18:34:45

1 posts

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the

screaminggoat@infosec.exchange at 2025-02-05T16:37:04.000Z ##

Cisco security advisories (PatchTuesday-ishing @shellsharks):

"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."

#cisco #vulnerability #cve #infosec #cybersecurity

##

CVE-2025-20172
(7.7 HIGH)

EPSS: 0.04%

updated 2025-02-05T18:34:45

1 posts

A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IO

screaminggoat@infosec.exchange at 2025-02-05T16:37:04.000Z ##

Cisco security advisories (PatchTuesday-ishing @shellsharks):

"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."