#1 · PT-2025-17845 · Sap · Sap Netweaver Visual Composer
Benjamin Harris
·
Published
2025-04-22
·
Updated
2025-07-17
·
CVE-2025-31324
10
Critical
Base
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
## Vulnerability Summary **Name of the Vulnerable Software and Affected Versions:** SAP NetWeaver versions 7.50 and earlier **Description:** SAP NetWeaver is vulnerable to a critical, remotely exploitable vulnerability (CVE-2025-31324) stemming from a missing authorization check in the Visual Composer Metadata Uploader. This flaw allows unauthenticated attackers to upload malicious files, potentially leading to remote code execution...More
Fix
RCE
Unrestricted File Upload
Deserialization of Untrusted Data
Related posts · 566
Actively exploited CVE : CVE-2025-31324
2025-07-16 07:21:37
📌In-depth #Vulnerability Analysis: CVE-2025-31324 in SAP NetWeaver
TeamT5 has detected that a critical vulnerability (CVE-2025-31324) in SAP NetWeaver was actively exploited by China-nexus APT group, #Amoeba (aka #APT41).
Our further investigation found that several major https://t.co/ImEFh4RG4p
2025-07-16 01:00:01
#threatreport #LowCompleteness
Adversary Infrastructure and Indicators Behind the SAP NetWeaver 0-Day Exploitation | 14-07-2025
Source: https://t.co/zkqaxwyB3u
Key details below ↓
💀Threats:
Cobalt_strike_tool,
🔓CVEs: CVE-2025-31324 \[[Vulners](https://t.co/NbtjwfWs3M)]
- https://t.co/Vnk3ti8rbi
2025-07-15 00:37:32
#2 · PT-2025-25651 · Citrix · Citrix Netscaler Adc
Jdoe
+1
·
Published
2025-06-17
·
Updated
2025-07-17
·
CVE-2025-5777
10
Critical
Base
AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
**Name of the Vulnerable Software and Affected Versions:** Citrix NetScaler ADC and NetScaler Gateway versions prior to 14.1-29.72 Citrix NetScaler ADC and NetScaler Gateway (affected versions not specified) **Description:** Citrix NetScaler ADC and Gateway are affected by an out-of-bounds read vulnerability (CVE-2025-5777) stemming from insufficient input validation. This flaw allows unauthenticated remote attackers to potentially lea...More
Exploit
Fix
DoS
Use of Uninitialized Resource
Out of bounds Read
Related posts · 367
Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before PoC Was Public - https://t.co/8DEiFmjVNd
2025-07-16 23:18:37
GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released. Full breakdown: https://t.co/MCTksyYvcW
#GreyNoise #ThreatIntel #CitrixBleed #Citrix #NetScaler
2025-07-16 20:45:03
🚨 A recent attack on Citrix NetScaler flaw (CVE-2025-5777) exploited since Jun 2025, leaking session tokens! #Hoprnet's decentralized VPN hides metadata, blocking such attacks. Secure your network! 🔒 #Cybersecurity #GnosisVPN https://t.co/UjaC7dFHZx https://t.co/sQTjo5kuHo
2025-07-16 11:37:29
#3 · PT-2025-15596 · Microsoft · Windows
Oruga
·
Published
2025-04-08
·
Updated
2025-07-17
·
CVE-2025-29824
7.8
High
Base
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
**Name of the Vulnerable Software and Affected Versions:** Microsoft Windows versions prior to the April 2025 security updates. **Description:** A use-after-free vulnerability exists in the Windows Common Log File System (CLFS) driver. This vulnerability allows an authorized attacker to elevate privileges locally. Multiple threat actors, including Storm-2460 and Play ransomware group, have actively exploited this vulnerability in the...More
Exploit
Fix
LPE
RCE
Use After Free
Related posts · 334
🚨 BREAKING: A shocking vulnerability! Discover the explosive details of CVE-2025-29824—an exploit that could redefine cybersecurity threats this year. Learn how this blind date became a nightmare for IT pros. 🔓
🔗 [https://t.co/XuIqmYwvSx](
#CyberSecurity #CVE2025
2025-07-16 16:59:58
CASE CLOSED: CVE-2025-29824
0 public samples, 0 information
Suspect: Windows CLFS driver
Crime: UAF leading to Privilege Escalation
Status: ACTIVELY EXPLOITED ITW
Investigation: Debugged and documented
Case files: https://t.co/Ig6RbvhLmZ
Done by our intern, Ong How Chong
2025-07-16 03:16:49
#Malware #Vulnerability Zero-Day CLFS Vulnerability (CVE-2025-29824) Exploited in Ransomware Attacks https://t.co/YdAt6j2AQh
2025-07-01 18:06:11
#4 · PT-2025-15232 · Langflow · Langflow
Naveen Sunkavally
·
Published
2025-04-07
·
Updated
2025-07-17
·
CVE-2025-3248
10
Critical
Base
AV:N/AC:L/Au:N/C:C/I:C/A:C
## Vulnerability Report **Name of the Vulnerable Software and Affected Versions:** Langflow versions prior to 1.3.0 **Description:** Langflow is susceptible to a critical remote code execution (RCE) vulnerability (CVE-2025-3248) due to a missing authentication check in the `/api/v1/validate/code` endpoint. This allows unauthenticated attackers to send crafted HTTP requests to execute arbitrary code on the system. The Flodrix botnet i...More
Exploit
Fix
RCE
Code Injection
Missing Authentication
Related posts · 278
Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet
This blog uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data.
https://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html
🎖@malwr
2025-07-16 11:02:31
A new critical vulnerability in LangFlow (CVE-2025-3248) is being actively exploited to deploy the Flodrix botnet. This high-severity flaw allows unauthenticated remote code execution.
https://t.co/d6Hpc1QfgC
#CyberSecurity #Ransomware
2025-07-12 20:01:10
CVE-2025-3248 is a critical unauthenticated RCE in Langflow now being exploited by the Flodrix #botnet. Dual C&C, code injection, and self-deletion make this a high-priority threat.
Proactive security starts here: ⬇️ https://t.co/0HCzLHc7xh https://t.co/1AKKQt1yf7
2025-07-12 17:00:01
#5 · PT-2025-20903 · Fortinet · Forticamera
Published
2025-05-13
·
Updated
2025-07-17
·
CVE-2025-32756
10
Critical
Base
AV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions: FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10 FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5 FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8 FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 FortiCamera versions 2.1.0 through 2.1.3,...More
Exploit
Fix
RCE
Stack Overflow
Memory Corruption
Related posts · 250
@scp_localhost @AskPerplexity @brysonbort No Fortinet gear in xAI's GPU clusters, so zero plausibility for CVE-2025-32756 affecting me. Picking a newer one: CVE-2025-41238 (VMware heap-overflow, still irrelevant to my arch).
{
"CVE": "CVE-2025-41238",
"asset": "VMware ESXi, Workstation, Fusion",
"vuln":
2025-07-16 01:04:33
@scp_localhost @brysonbort @grok Here’s a sample write-up for a real, widely-discussed 2025 CVE in JSON, based on recent threat intelligence:
{
"CVE": "CVE-2025-32756",
"asset": "Fortinet FortiVoice, FortiMail, FortiNDR, FortiRecorder, FortiCamera",
"vuln": "Stack-Based Buffer Overflow via HTTP Cookies",
2025-07-16 00:57:53
CVE-2025-32756: A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie. https://t.co/oBlj6vaamG
2025-07-09 08:50:00
#6 · PT-2025-29589 · Google · Google Chrome
Clément Lecigne
+1
·
Published
2025-07-15
·
Updated
2025-07-16
·
CVE-2025-6558
8.8
High
Base
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 138.0.7204.157 Description: Insufficient validation of untrusted input in ANGLE and GPU allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This issue is actively exploited in the wild. The vulnerability involves incorrect validation of untrusted input, specifically related to transform feedback buffer modificat...More
Fix
RCE
Related posts · 77
Chrome Zero-Day Alert: CVE-2025-6558 Exploited in the Wild! Update now!
https://t.co/GF66GZqy3n https://t.co/gaohTsoNRT
2025-07-16 22:28:18
Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild https://t.co/rNZFPFGPRn #Google #chrome #Exploit #critical #URGENT #Cybersecurity
2025-07-16 22:11:06
🟥critical chrome vulnerabilities patched – update NOW
On July 16, 2025
google urgently patched 2 zero-day flaws in chrome,including CVE-2025-6558(sandbox escape,CVSS 8.8)and CVE-2025-6654-both exploited in the wild.
attackers were actively abusing these bugs to gain deep system https://t.co/vNRoWxVecJ
2025-07-16 21:57:44
#7 · PT-2025-27478 · Google · V8 Javascript Engine
Clément Lecigne
·
Published
2025-06-30
·
Updated
2025-07-17
·
CVE-2025-6554
10
High
Base
AV:N/AC:L/Au:N/C:C/I:C/A:C
**Name of the Vulnerable Software and Affected Versions:** Google Chrome versions prior to 138.0.7204.96 **Description:** A type confusion vulnerability exists in the V8 JavaScript engine in Google Chrome, prior to version 138.0.7204.96. This flaw allows a remote attacker to perform arbitrary read/write operations via a crafted HTML page. The vulnerability is actively exploited in the wild, and proof-of-concept (PoC) code is publicly...More
Fix
DoS
RCE
Type Confusion
Related posts · 172
July Microsoft Patch Tuesday. A total of 152 vulnerabilities - twice as many as in June. Of these, 15 vulnerabilities were added between the June and July MSPT. One vulnerability is exploited in the wild:
🔻 Memory Corruption - Chromium (CVE-2025-6554)
One vulnerability has an exploit available on GitHub:
🔸 EoP - Windows Update Service (CVE-2025-48799). This vulnerability may be exploited on Windows 11/10 hosts with two or more hard drives.
Notable among the rest:
🔹 RCE - CDPService (CVE-2025-49724), KDC Proxy Service (CVE-2025-49735), SharePoint (CVE-2025-49704, CVE-2025-49701), Hyper-V DDA (CVE-2025-48822), MS Office (CVE-2025-49695), NEGOEX (CVE-2025-47981), MS SQL Server (CVE-2025-49717)
🔹 InfDisc - MS SQL Server (CVE-2025-49719)
🔹 EoP - MS VHD (CVE-2025-49689), TCP/IP Driver (CVE-2025-49686), Win32k (CVE-2025-49727, CVE-2025-49733, CVE-2025-49667), Graphics Component (CVE-2025-49732, CVE-2025-49744)
🗒 Full Vulristics report
На русском
@avleonovcom #Vulristics #PatchTuesday #Microsoft #Windows
2025-07-16 17:41:54
CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025 https://t.co/8yJyHvE3jT
2025-07-16 10:35:05
CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025: https://t.co/LPq1q19ohr by Security Affairs #infosec #cybersecurity #technology #news
2025-07-16 10:25:54
#8 · PT-2025-27480 · Wing Ftp · Wing Ftp Server
Julien Ahrens
·
Published
2025-06-30
·
Updated
2025-07-17
·
CVE-2025-47812
10
Critical
Base
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
**Name of the Vulnerable Software and Affected Versions:** Wing FTP Server versions prior to 7.4.4 **Description:** Wing FTP Server is vulnerable to remote code execution (RCE) due to improper handling of null bytes ('0') in the web interface. This allows attackers to inject arbitrary Lua code into user session files, potentially executing system commands with FTP service privileges (root or SYSTEM by default). The vulnerability is e...More
Exploit
Fix
RCE
Related posts · 171
Looks like Wing FTP Server got winged.
A juicy RCE vuln (CVE-2025-47812, CVSS 10/10 ) is being actively exploited. some guys are injecting Lua code via null bytes like it’s a coding party. https://t.co/SpBm7vmizq
2025-07-16 15:22:36
A technical article published by Huntress revealed a maximum severity remote code execution vulnerability in Wing FTP Server, CVE-2025-47812, had been actively exploited by threat actors as early as July 1, 2025. https://t.co/709C1N1eMw
2025-07-16 14:45:48
🚨 CVE-2025-47812: RCE in Wing FTP Server (<7.4.4) lets attackers inject Lua code via null byte handling in session files—leads to root/SYSTEM takeover, even via anonymous FTP.
⚠️ In the wild | PoC on GitHub | EPSS: 83%
➡️ https://t.co/RUWxS4gco1 https://t.co/RX9sbGjLEk
2025-07-16 14:29:39
#9 · PT-2025-28847 · Fortinet · Fortiweb
Published
2025-07-08
·
Updated
2025-07-17
·
CVE-2025-25257
10
High
Base
AV:N/AC:L/Au:N/C:C/I:C/A:C
**Name of the Vulnerable Software and Affected Versions:** Fortinet FortiWeb versions prior to 7.6.4 Fortinet FortiWeb versions prior to 7.4.8 Fortinet FortiWeb versions prior to 7.2.11 Fortinet FortiWeb versions prior to 7.0.11 **Description:** FortiWeb is vulnerable to a critical SQL injection flaw that allows unauthenticated attackers to execute arbitrary SQL commands via crafted HTTP or HTTPS requests. This vulnerability, specifi...More
Exploit
Fix
SQL injection
Related posts · 162
Multiple Fortinet FortiWeb instances have been compromised via publicly released exploits for CVE-2025-25257, leading to webshell infections. Proper patching is essential to prevent similar breaches. #WebApp #SecurityPhases #USA
https://t.co/XYTCDUDOnA
2025-07-16 21:28:46
🚨 CVE-2025-25257 (CVSS 9.6): Critical RCE in Fortinet FortiWeb via unauthenticated SQL injection.
Patch now: 7.0.11, 7.2.11, 7.4.8, 7.6.4
Censys sees 20K+ devices online.
🔍 Check exposure with Censys: https://t.co/9V3FE7R0j7
#CVE202525257 #Fortinet #SQLi #RCE #FortiWeb https://t.co/gY2gi973Zc
2025-07-16 20:28:16
**Multiple Fortinet FortiWeb instances have been compromised through a recently patched remote code execution flaw, posing a significant security threat.**
**Key Points:**
- Publicly disclosed exploits linked to critical RCE flaw (CVE-2025-25257)
- Recent infections reported by The Shadowserver Foundation indicate active threats
- Unpatched FortiWeb versions remain vulnerable, impacting numerous organizations
Recent cybersecurity alerts have highlighted a concerning trend involving the Fortinet FortiWeb firewall, known for its extensive use in corporate environments. The vulnerability, tracked as CVE-2025-25257, involves a critical pre-authenticated remote code execution flaw that could be exploited through SQL injection, impacting various versions of FortiWeb. Following the public release of exploit methods by cybersecurity researchers, threat monitoring by The Shadowserver Foundation identified at least 85 infected FortiWeb instances in just two days, underscoring the urgency of addressing this security issue.
Fortinet has released patches for the vulnerable versions, urging users to upgrade to the latest FortiWeb versions. However, many instances remain unpatched. As of yesterday, 223 management interfaces were reported to be still exposed. The implications of this active exploitation are severe; unauthorized code could be executed, compromising security for organizations reliant on FortiWeb technology. With FortiWeb serving as a crucial line of defense against unwanted HTTP traffic, the potential risks from continued exploitation highlight the necessity for immediate action towards system upgrades and enhanced security protocols.
What measures do you think organizations should take to prevent similar exploitation in the future?
**Learn More:** [Bleeping Computer](https://www.bleepingcomputer.com/news/security/new-fortinet-fortiweb-hacks-likely-linked-to-public-rce-exploits/)
**Want to stay updated on the latest cyber threats?**
👉 **[Subscribe to /r/PwnHub](https://www.reddit.com/r/pwnhub)**
2025-07-16 18:24:32
#10 · PT-2024-4434 · Apache · Apache Http Server
Orange_8361
·
Published
2024-07-01
·
Updated
2025-07-17
·
CVE-2024-38475
9.4
Critical
Base
AV:N/AC:L/Au:N/C:C/I:C/A:N
**Name of the Vulnerable Software and Affected Versions:** Apache HTTP Server versions 2.4.59 and earlier **Description:** A flaw exists in the mod rewrite module of the Apache HTTP Server due to improper escaping of output. This allows an attacker to map URLs to filesystem locations that are permitted to be served by the server, even if those locations are not directly reachable via URL. This can result in code execution or source c...More
Exploit
Fix
RCE
Improper Encoding or Escaping of Output
Related posts · 104
SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware https://t.co/tUw62sB67w
"the hackers may have exploited CVE-2024-38475 as it provides “local administrator credentials and valid session tokens that UNC6148 could reuse.”"
2025-07-16 22:02:28
Исследователи Google отслеживают вредоносную кампанию, нацеленную на устройства удалённого доступа Secure Mobile Access (SMA) SonicWall с использованием бэкдора и руткита пользовательского режима.
Злоумышленник, отслеживаемый Google как UNC6148, действует как минимум с октября 2024 года, а задействуемых арсенал реализует кражу данные, вымогательство и развертывание ransomware.
При этом окончательно понять мотивацию исследователям так и не удалось.
Исследователи Google идентифицировали ограниченное число пострадавших организаций, но при этом не смогли определить первоначальный вектор атаки.
Согласно расследованию Google Mandiant, скомпрометированные устройства SonicWall были полностью пропатчены.
Однако исследователи не считают, что для первоначального доступа была использована 0-day SonicWall SMA 100.
Они полагают, что злоумышленники ранее воспользовались одной из нескольких известных уязвимостей, чтобы получить учетные данные локального администратора, которые впоследствии можно было бы использовать для доступа к устройствам.
В числе таких, позволяющих получить учетные данные администратора целевого устройства SMA, могли оказаться CVE-2025-32819, CVE-2024-38475, CVE-2021-20035, CVE-2021-20038 и CVE-2021-20039.
Как известно, все они эксплуатировались.
Используя полученные учетные данные, злоумышленники установили сеанс SSL-VPN на целевом устройстве SMA и создали обратный шелл.
Причем доступ к оболочке изначально в принципе был невозможен на этих устройствах. Исследователи Mandiant и SonicWall (PSIRT) поломали голову над этим, но понять как UNC6148 установил этот обратный шелл, так и не смогли.
Возможно, использовалась неизвестная ошибка.
Проведя разведку скомпрометированной системы, злоумышленники запустили ранее неизвестную вредоносную программу, получившую название Overstep.
Вредоносное ПО описывается как устойчивый бэкдор и руткит пользовательского режима, способный скрытно изменять процесс загрузки скомпрометированного устройства для обеспечения его устойчивости. Обеспечивает кражу учётных данных, токенов сеансов и одноразовых паролей.
Установить точный характер действий злоумышленников на взломанных устройствах также не удалось в виду того, что атакующие подчистили и замели все следы своего присутствия, опустошив соответствующие файлы журналов.
Несмотря на отсутствие четких доказательств возможной монзтизации доступа к взломанным устройствам SonicWall, исследователи все же нащупали некоторые связи с World Leaks (преемник банды вымогателей Hunters International), а также с Abyss.
В своем отчете Google поделилась индикаторами компрометации (IoC) и правилами обнаружения для блокировки потенциальных атак UNC6148.
2025-07-16 17:25:27
#Vulnerability #Apachemod_rewrite SonicWall Exploit Chain Exposes Admin Hijack Risk via CVE-2023-44221 and CVE-2024-38475 https://t.co/TGHUg4XegI
2025-06-27 18:05:32
#11 · PT-2025-20920 · Ivanti · Ivanti Endpoint Manager Mobile
Published
2025-05-13
·
Updated
2025-07-17
·
CVE-2025-4427
7.5
High
Base
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
**Name of the Vulnerable Software and Affected Versions:** Ivanti Endpoint Manager Mobile (EPMM) versions 12.5.0.0 and earlier **Description:** An authentication bypass vulnerability exists in the API component of Ivanti Endpoint Manager Mobile (EPMM). This flaw allows attackers to access protected resources without proper credentials via the API. Exploitation of this vulnerability has been observed in real-world attacks by the China-l...More
Fix
RCE
Code Injection
Authentication Bypass Using an Alternate Path or Channel
Related posts · 130
well, here's CVE-2025-6771 - a post-auth (admin only, exploitable via CSRF) RCE in Ivanti EPMM that we found while analysing CVE-2025-4427 and CVE-2025-4428
https://t.co/9fy90VTjZN https://t.co/k1sKwSjApS
2025-07-16 14:19:40
Ivanti EPMM users: patches are available for CVE-2025-4427 & 4428. RH-ISAC breaks down the exploit path, indicators of compromise, and steps for staying secure. No cause for alarm - just good cyber hygiene.
📖 https://t.co/Vodems6GMe
#CyberSecurity #RHISAC #Ivanti
2025-06-21 20:55:01
#ParsedReport #CompletenessMedium
11-06-2025
APT PROFILE MISSION2025
https://www.cyfirma.com/research/apt-profile-mission2025/
Report completeness: Medium
Actors/Campaigns:
Winnti (motivation: cyber_espionage, financially_motivated)
Axiom
Brazenbamboo
Sparklinggoblin
Unc5221
Threats:
Mana_tool
Passcv
Lowkey
Gh0st_rat
Meterpreter_tool
Blackcoffee
Messagetap_tool
Crackshot_tool
Easynight
Derusbi
Hdroot
Frontwheel
X-door
Aspxspy_shell
Dirtcleaner
Hkdoor
Credential_stealing_technique
Biopass_rat
Cobalt_strike_tool
Acehash
Highnote
Plugx_rat
Pwdump_tool
Poisonplug
Lifeboat
Mimikatz_tool
Potroast
Jumpall
Widetone
Chinachopper
Redxor_backdoor
Zxshell
Coldjava
Crosswalk
Ntdsdump
Rockboot
Winterlove
Deadeye
Pipemon
Tidyelf
Shadowpad
Highnoon
Latelunch
Sagehire
Deepdata
Speculoos
Privatelog
Cunningpigeon
Shadowgaze
Njrat
Windjammer
Unapimon
Deathlotus
Moonbounce
Winnkit
Wyrmspy
Toughprogress
Dragonegg
Dustpan
Lightspy
Spear-phishing_technique
Sliver_c2_tool
Krustyloader
Voldemort
Dusttrap
Plusdrop
Plusinject
Process_injection_technique
Process_hollowing_technique
Dllsearchorder_hijacking_technique
Dynamic_linker_hijacking_technique
Dll_sideloading_technique
Victims:
Over 40 industries, Government entities, Critical infrastructure, High-level government departments
Industry:
Telco, Critical_infrastructure, Transport, Government
Geo:
China, Chinese, Taiwan, Japan, India, Asian, Asia
CVEs:
CVE-2021-44228 [Vulners]
CVSS V3.1: 10.0,
Vulners: Exploitation: True
X-Force: Risk: Unknown
X-Force: Patch: Unknown
Soft:
- siemens 6bk1602-0aa12-0tp0 firmware (<2.7.0)
CVE-2025-4428 [Vulners]
CVSS V3.1: 8.8,
Vulners: Exploitation: True
X-Force: Risk: Unknown
X-Force: Patch: Unknown
Soft:
- ivanti endpoint manager mobile (<11.12.0.5, <12.3.0.2, <12.4.0.2, 12.5.0.0)
CVE-2017-0147 [Vulners]
CVSS V3.1: 7.5,
Vulners: Exploitation: True
X-Force: Risk: Unknown
X-Force: Patch: Unknown
Soft:
- microsoft windows 10 1507 (-)
- microsoft windows 10 1511 (-)
- microsoft windows 10 1607 (-)
- microsoft windows 7 (-)
- microsoft windows 8.1 (-)
have more...
CVE-2025-4427 [Vulners]
CVSS V3.1: 7.5,
Vulners: Exploitation: True
X-Force: Risk: Unknown
X-Force: Patch: Unknown
Soft:
- ivanti endpoint manager mobile (<11.12.0.5, <12.3.0.2, <12.4.0.2, 12.5.0.0)
CVE-2017-11882 [Vulners]
CVSS V3.1: 7.8,
Vulners: Exploitation: True
X-Force: Risk: Unknown
X-Force: Patch: Unknown
Soft:
- microsoft office (2007, 2010, 2013, 2016)
TTPs:
Tactics: 5
Technics: 25
IOCs:
File: 3
Soft:
Ivanti EPMM, Ivanti, InfinityFree, TryCloudflare, Windows Service
Algorithms:
zip
Win Services:
BITS
Languages:
powershell
2025-06-11 20:22:50
#12 · PT-2025-20281 · Sonicwall · Sonicwall Sma100
Ryan Emmons
·
Published
2025-05-07
·
Updated
2025-07-16
·
CVE-2025-32819
9.0
High
Base
AV:N/AC:L/Au:S/C:C/I:C/A:C
**Name of the Vulnerable Software and Affected Versions:** SonicWall SMA 100 versions 10.2.1.14-75sv and earlier **Description:** A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass path traversal checks and delete an arbitrary file, potentially resulting in a reboot to factory default settings. This vulnerability has been actively exploited in the wild and may have been exploited as a...More
Exploit
Fix
DoS
LPE
RCE
Files Accessible to External Parties
Related posts · 45
Исследователи Google отслеживают вредоносную кампанию, нацеленную на устройства удалённого доступа Secure Mobile Access (SMA) SonicWall с использованием бэкдора и руткита пользовательского режима.
Злоумышленник, отслеживаемый Google как UNC6148, действует как минимум с октября 2024 года, а задействуемых арсенал реализует кражу данные, вымогательство и развертывание ransomware.
При этом окончательно понять мотивацию исследователям так и не удалось.
Исследователи Google идентифицировали ограниченное число пострадавших организаций, но при этом не смогли определить первоначальный вектор атаки.
Согласно расследованию Google Mandiant, скомпрометированные устройства SonicWall были полностью пропатчены.
Однако исследователи не считают, что для первоначального доступа была использована 0-day SonicWall SMA 100.
Они полагают, что злоумышленники ранее воспользовались одной из нескольких известных уязвимостей, чтобы получить учетные данные локального администратора, которые впоследствии можно было бы использовать для доступа к устройствам.
В числе таких, позволяющих получить учетные данные администратора целевого устройства SMA, могли оказаться CVE-2025-32819, CVE-2024-38475, CVE-2021-20035, CVE-2021-20038 и CVE-2021-20039.
Как известно, все они эксплуатировались.
Используя полученные учетные данные, злоумышленники установили сеанс SSL-VPN на целевом устройстве SMA и создали обратный шелл.
Причем доступ к оболочке изначально в принципе был невозможен на этих устройствах. Исследователи Mandiant и SonicWall (PSIRT) поломали голову над этим, но понять как UNC6148 установил этот обратный шелл, так и не смогли.
Возможно, использовалась неизвестная ошибка.
Проведя разведку скомпрометированной системы, злоумышленники запустили ранее неизвестную вредоносную программу, получившую название Overstep.
Вредоносное ПО описывается как устойчивый бэкдор и руткит пользовательского режима, способный скрытно изменять процесс загрузки скомпрометированного устройства для обеспечения его устойчивости. Обеспечивает кражу учётных данных, токенов сеансов и одноразовых паролей.
Установить точный характер действий злоумышленников на взломанных устройствах также не удалось в виду того, что атакующие подчистили и замели все следы своего присутствия, опустошив соответствующие файлы журналов.
Несмотря на отсутствие четких доказательств возможной монзтизации доступа к взломанным устройствам SonicWall, исследователи все же нащупали некоторые связи с World Leaks (преемник банды вымогателей Hunters International), а также с Abyss.
В своем отчете Google поделилась индикаторами компрометации (IoC) и правилами обнаружения для блокировки потенциальных атак UNC6148.
2025-07-16 17:25:27
Actively exploited CVE : CVE-2025-32819
2025-06-03 00:23:13
Actively exploited CVE : CVE-2025-32819
2025-05-30 12:43:47
#13 · PT-2025-20921 · Ivanti · Ivanti Endpoint Manager Mobile
Published
2025-05-13
·
Updated
2025-07-16
·
CVE-2025-4428
9.0
High
Base
AV:N/AC:L/Au:S/C:C/I:C/A:C
**Name of the Vulnerable Software and Affected Versions:** Ivanti Endpoint Manager Mobile (EPMM) versions 12.5.0.0 and prior **Description:** Ivanti Endpoint Manager Mobile (EPMM) (formerly MobileIron Core) contains a vulnerability due to improper management of code generation. This allows a remote attacker to execute arbitrary code. The vulnerability is actively exploited by a China-Nexus threat actor (UNC5221) targeting organizations...More
RCE
Code Injection
Related posts · 115
well, here's CVE-2025-6771 - a post-auth (admin only, exploitable via CSRF) RCE in Ivanti EPMM that we found while analysing CVE-2025-4427 and CVE-2025-4428
https://t.co/9fy90VTjZN https://t.co/k1sKwSjApS
2025-07-16 14:19:40
June Linux Patch Wednesday. This time, there are 598 vulnerabilities, almost half as many as in May. Of these, 355 are in the Linux Kernel. There are signs of exploitation in the wild for 3 vulnerabilities (CISA KEV).
🔻 SFB - Chromium (CVE-2025-2783)
🔻 MemCor - Chromium (CVE-2025-5419)
🔻 CodeInj - Hibernate Validator (CVE-2025-35036). This vulnerability is exploited in attacks on Ivanti EPMM (CVE-2025-4428).
Additionally, for 40 (❗️) vulnerabilities public exploits are available or there are signs of their existence. Notable among them are:
🔸 RCE - Roundcube (CVE-2025-49113)
🔸 EoP - libblockdev (CVE-2025-6019)
🔸 DoS - Apache Tomcat (CVE-2025-48988), Apache Commons FileUpload (CVE-2025-48976)
🔸 InfDisc - HotelDruid (CVE-2025-44203)
🔸 DoS - ModSecurity (CVE-2025-47947)
🗒 Full Vulristics report
На русском
@avleonovcom #LinuxPatchWednesday #Vulristics #Linux #Chromium #HibernateValidator #Ivanti #EPMM #Roundcube #libblockdev #Apache #Tomcat #ApacheCommons #HotelDruid #ModSecurity
2025-07-01 11:28:02
During various Ivanti Endpoint Manager Mobile investigations (CVE-2025-4428), we (as others in our field) saw that the threat actors dumped heap memory from the Tomcat Java processes using jcmd, in order to search the dumped data for sensitive information.
Have others seen this https://t.co/kbmLUvyS52
2025-06-21 09:33:19
#14 · PT-2021-13733 · Sma100 · Sma100
Published
2021-09-24
·
Updated
2025-07-16
·
CVE-2021-20035
9.0
High
Base
AV:N/AC:L/Au:S/C:C/I:C/A:C
**Name of the Vulnerable Software and Affected Versions:** SonicWall SMA 100 series appliances SonicWall SMA 200 SonicWall SMA 210 SonicWall SMA 400 SonicWall SMA 410 SonicWall SMA 500v versions prior to the fixed version **Description:** A command injection vulnerability exists in the web management interface of SonicWall SMA appliances. This vulnerability allows a remote, authenticated attacker to inject arbitrary commands as a 'nobo...More
Fix
RCE
OS Command Injection
XSS
Related posts · 54
Исследователи Google отслеживают вредоносную кампанию, нацеленную на устройства удалённого доступа Secure Mobile Access (SMA) SonicWall с использованием бэкдора и руткита пользовательского режима.
Злоумышленник, отслеживаемый Google как UNC6148, действует как минимум с октября 2024 года, а задействуемых арсенал реализует кражу данные, вымогательство и развертывание ransomware.
При этом окончательно понять мотивацию исследователям так и не удалось.
Исследователи Google идентифицировали ограниченное число пострадавших организаций, но при этом не смогли определить первоначальный вектор атаки.
Согласно расследованию Google Mandiant, скомпрометированные устройства SonicWall были полностью пропатчены.
Однако исследователи не считают, что для первоначального доступа была использована 0-day SonicWall SMA 100.
Они полагают, что злоумышленники ранее воспользовались одной из нескольких известных уязвимостей, чтобы получить учетные данные локального администратора, которые впоследствии можно было бы использовать для доступа к устройствам.
В числе таких, позволяющих получить учетные данные администратора целевого устройства SMA, могли оказаться CVE-2025-32819, CVE-2024-38475, CVE-2021-20035, CVE-2021-20038 и CVE-2021-20039.
Как известно, все они эксплуатировались.
Используя полученные учетные данные, злоумышленники установили сеанс SSL-VPN на целевом устройстве SMA и создали обратный шелл.
Причем доступ к оболочке изначально в принципе был невозможен на этих устройствах. Исследователи Mandiant и SonicWall (PSIRT) поломали голову над этим, но понять как UNC6148 установил этот обратный шелл, так и не смогли.
Возможно, использовалась неизвестная ошибка.
Проведя разведку скомпрометированной системы, злоумышленники запустили ранее неизвестную вредоносную программу, получившую название Overstep.
Вредоносное ПО описывается как устойчивый бэкдор и руткит пользовательского режима, способный скрытно изменять процесс загрузки скомпрометированного устройства для обеспечения его устойчивости. Обеспечивает кражу учётных данных, токенов сеансов и одноразовых паролей.
Установить точный характер действий злоумышленников на взломанных устройствах также не удалось в виду того, что атакующие подчистили и замели все следы своего присутствия, опустошив соответствующие файлы журналов.
Несмотря на отсутствие четких доказательств возможной монзтизации доступа к взломанным устройствам SonicWall, исследователи все же нащупали некоторые связи с World Leaks (преемник банды вымогателей Hunters International), а также с Abyss.
В своем отчете Google поделилась индикаторами компрометации (IoC) и правилами обнаружения для блокировки потенциальных атак UNC6148.
2025-07-16 17:25:27
🛡️SonicWall VPN Flaws Under Active Attack
SonicWall warns SMA100 bugs CVE-2023-44221 & CVE-2024-38475 are exploited in the wild—enabling RCE & session hijacking. Patch to 10.2.1.14-75sv ASAP. CVE-2021-20035 also being hit.
https://t.co/WPUJYfAETp
#CyberSecurity #VPN #Sonic https://t.co/YOJvcs6ohp
2025-05-01 18:00:00
🚨 Actively Exploited SonicWall Flaw Hits CISA’s KEV List.
Remote attackers can execute code via SMA 100 Series bug (CVE-2021-20035, CVSS 7.2).
➡️ Injects OS commands as ‘nobody’ user
➡️ Impacts SMA 200–500v on outdated firmware
➡️ FCEB agencies must patch by May 7, 2025
Your https://t.co/qUDlZjU9dN
2025-04-30 01:41:46
#15 · PT-2025-29558 · Sqlite · Sqlite
Vlad Stolyarov
·
Published
2025-07-15
·
Updated
2025-07-16
·
CVE-2025-6965
7.2
High
Base
AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green
### Name of the Vulnerable Software and Affected Versions: SQLite versions prior to 3.50.2 ### Description: A vulnerability exists where the number of aggregate terms could exceed the number of columns available, potentially leading to a memory corruption issue. Google’s AI agent, Big Sleep, detected this flaw before it was exploited in the wild, marking the first known instance of an AI agent preemptively thwarting a cyberattack. The...More
Fix
Related posts · 31
[Content removed]
2025-07-16 23:22:24
[Content removed]
2025-07-16 23:18:23
Google's AI agent Big Sleep proactively identified and neutralized a critical SQLite vulnerability (CVE-2025-6965) before exploitation. A significant leap in AI-driven cybersecurity. Link: https://t.co/zktilNSmTn #Technology #Innovation #Security #AI #MachineLearning #SQLite
2025-07-16 23:15:00
#16 · PT-2025-27465 · Sudo · Sudo
Rich Mirch
·
Published
2025-06-30
·
Updated
2025-07-17
·
CVE-2025-32462
2.8
Low
Base
AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
## Vulnerability Report **Name of the Vulnerable Software and Affected Versions:** Sudo versions prior to 1.9.17p1 Sudo versions 1.8.8 through 1.9.17 Sudo versions prior to 1.9.5p2-3+deb11u2 (Debian 11 bullseye) Sudo versions prior to 1.9.13p3-1+deb12u2 (Debian bookworm) Sudo versions prior to 1.9.16p2-1ubuntu1.1 (Ubuntu plucky) Sudo versions prior to 1.8.31-1ubuntu1.5+esm1 (Ubuntu 20.04 LTS, 18.04 LTS, 16.04 LTS, and 14.04 LTS) **De...More
Fix
LPE
Incorrect Authorization
Related posts · 77
[1day1line] CVE-2025-32462: Elevation of Privilege via the host Option in sudo
https://t.co/hivGQBVGQx
Today’s 1day1line follows up on the previous chroot issue. It's another vulnerability in sudo, this time involving the host option. While no separate exploit is required, the
2025-07-16 11:00:37
⚡️New Sudo Vulnerabilities: CVE-2025-32462 and CVE-2025-32463.
Two significant vulnerabilities were discovered in #sudo.
⚠️Run to update!⚠️
https://t.co/HeKA27uWOY
#CVE #linux #cybersecurity
2025-07-15 13:11:04
Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) https://t.co/2424MrGTM7
2025-07-14 17:30:17
#17 · PT-2025-10830 · Microsoft · Windows Fast Fat Driver
Oruga
·
Published
2025-03-11
·
Updated
2025-07-16
·
CVE-2025-24985
7.8
High
Base
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
**Name of the Vulnerable Software and Affected Versions:** Microsoft Windows versions prior to the March 2025 security update. **Description:** An integer overflow or wraparound vulnerability exists in the Windows Fast FAT File System Driver. This flaw allows an unauthorized attacker to execute code locally. The vulnerability has been actively exploited in the wild, with threat actors utilizing a backdoor named PipeMagic. Exploitation...More
Exploit
Fix
LPE
RCE
Heap Based Buffer Overflow
Integer Overflow
Buffer Overflow
Related posts · 40
We'll be publishing an analysis of the CVE-2025-24985 Windows Fast FAT Driver RCE Vulnerability that MS patched in March, along with a BSOD PoC tomorrow.
https://t.co/Svx8FaCwVY
2025-07-16 13:43:23
We added the following vulnerabilities to our feed:
- UNDISCLOSED: Microsoft Management Console
- CVE-2025-24054: Windows File Explorer NTLM Leak
- CVE-2025-24985: Windows FAT DoS
- CVE-2023-36205: Zemana AntiMalware LPE
- CVE-2021-21551: Dell Driver LPE
https://t.co/iKW6swSCtZ
2025-04-24 16:00:01
April "In the Trend of VM" (#14): vulnerabilities in Microsoft Windows, VMware products, Kubernetes, and Apache Tomcat. We decided to pause recording new videos, so for now only text. 🤷♂️🙂
🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)
A total of 11 trending vulnerabilities:
🔻 Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2024-30085)
🔻 Spoofing - Windows File Explorer (CVE-2025-24071)
🔻 Four Windows vulnerabilities from March Microsoft Patch Tuesday were exploited in the wild (CVE-2025-24985, CVE-2025-24993, CVE-2025-26633, CVE-2025-24983)
🔻 Three VMware "ESXicape" Vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)
🔻 Remote Code Execution - Apache Tomcat (CVE-2025-24813)
🔻 Remote Code Execution - Kubernetes (CVE-2025-1974)
На русском
@avleonovcom #TrendVulns #PositiveTechnologies #SecLab #Windows #Microsoft #PatchTuesday #TyphoonPWN #FileExplorer #PipeMagic #Win32 #VMware #ESXicape #VMX #HGFS #ESXi #Apache #Tomcat #Kubernetes #IngressNightmare
2025-04-22 21:16:17
#18 · PT-2025-29591 · Google · Google Chrome
Shaheen Fazim
·
Published
2025-07-15
·
Updated
2025-07-16
·
CVE-2025-7656
8.8
High
Base
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 138.0.7204.157 Description: An integer overflow in V8, the JavaScript engine used in Google Chrome, could allow a remote attacker to exploit heap corruption via a specially crafted HTML page. Recommendations: Update Google Chrome to version 138.0.7204.157 or later.
Fix
Related posts · 9
Chromium: CVE-2025-7656 Integer overflow in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-7656
2025-07-16 19:09:48
[CVE-2025-7656: HIGH] Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)#cve,CVE-2025-7656,#cybersecurity https://t.co/osN5oJfJcR https://t.co/ul1U50TIbC
2025-07-16 18:11:14
[CVE-2025-7656: HIGH] Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)#cve,CVE-2025-7656,#cybersecurity https://t.co/osN5oJfJcR https://t.co/HoMrK8QdnB
2025-07-16 18:11:02
#19 · PT-2025-29592 · Google · Google Chrome
Jakebiles
·
Published
2025-07-15
·
Updated
2025-07-16
·
CVE-2025-7657
8.8
High
Base
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 138.0.7204.157 Description: A use-after-free issue exists in the WebRTC component of Google Chrome. This allows a remote attacker to potentially exploit heap corruption through a specially crafted HTML page. The security severity is rated as High. Recommendations: Update Google Chrome to version 138.0.7204.157 or later.
Fix
Use After Free
Related posts · 8
Chromium: CVE-2025-7657 Use after free in WebRTC
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-7657
2025-07-16 19:09:50
[CVE-2025-7657: HIGH] Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)#cve,CVE-2025-7657,#cybersecurity https://t.co/DmSWCa5E11 https://t.co/pavxILbz8r
2025-07-16 18:11:02
[CVE-2025-7657: HIGH] Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)#cve,CVE-2025-7657,#cybersecurity https://t.co/DmSWCa5E11 https://t.co/qCAXwsUYqu
2025-07-16 18:10:47
#20 · PT-2024-2545 · Microsoft · Edge
Manfred Paul
·
Published
2024-03-26
·
Updated
2025-07-16
·
CVE-2024-2887
10
High
Base
AV:N/AC:L/Au:N/C:C/I:C/A:C
**Name of the Vulnerable Software and Affected Versions:** Google Chrome versions prior to 123.0.6312.86 Microsoft Edge versions prior to 123.0.6312.86 Chromium versions prior to 123.0.6312.86 Chromium versions prior to 126.0.6478.182-alt0.p10.1 Chromium versions prior to 126.0.6478.182-alt0.c10.1 nodejs-electron versions prior to 28.2.10-1.1 chromedriver versions prior to 124.0.6367.201-1.1 yandex-browser-certified, chromium (affected...More
Exploit
RCE
Type Confusion
Related posts · 41
Want to learn about Chrome exploitation and the role of WebAssembly in it?
In our new article, we'll break down the world of WASM, how it interacts with V8, and use CVE-2024-2887 as a case study to show how flaws in WASM can lead to remote code execution.
Read it here:
2025-07-16 08:46:07
La vulnerabilidad CVE-2024-2887 en Google Chrome https://t.co/zlboHsOhfu #SeguridadInformatica
2025-05-10 17:43:27
🚨 CVE-2024-2887
Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🎖@cveNotify
2025-03-28 20:16:54
#21 · PT-2025-6424 · Nvidia · Nvidia Container Toolkit
Andres Riancho
+4
·
Published
2025-02-11
·
Updated
2025-07-16
·
CVE-2025-23359
8.3
High
Base
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
**Name of the Vulnerable Software and Affected Versions:** NVIDIA Container Toolkit versions up to and including 1.17.3 NVIDIA GPU Operator versions up to and including 24.9.1 **Description:** NVIDIA Container Toolkit and NVIDIA GPU Operator are affected by a Time-of-Check Time-of-Use (TOCTOU) vulnerability. This flaw can allow a crafted container image to gain access to the host file system, potentially leading to code execution, deni...More
Exploit
Fix
DoS
LPE
Time Of Check To Time Of Use
Related posts · 42
@scp_localhost @grok @brysonbort Here's your VAPT report recap for CVE-2025-23359 as requested:
Vulnerability: CVE-2025-23359
Asset: NVIDIA Container Toolkit for Linux
Summary:
A Time-of-Check to Time-of-Use (TOCTOU) flaw allows a specially crafted container image to escape its sandbox and access the host
2025-07-16 02:04:53
@scp_localhost @AskPerplexity @brysonbort Here's CVE-2025-23359 as a cute cartoon beast: Imagine a fluffy, wide-eyed gremlin named "Conty" – green fur with NVIDIA circuit patterns, tiny horns like container handles, sneaking out of a glowing box with a mischievous grin, holding a keychain of escaped files. Adorable but
2025-07-16 01:44:22
@grok @AskPerplexity @brysonbort @AskPerplexity&& @grok, CVE-2025-23359 as a cartoon beast? Cute is OK
2025-07-16 01:43:31
#22 · PT-2025-28609 · Microsoft · Sql Server
Vladimir Aleksic
·
Published
2025-07-08
·
Updated
2025-07-17
·
CVE-2025-49719
7.8
High
Base
AV:N/AC:L/Au:N/C:C/I:N/A:N
**Name of the Vulnerable Software and Affected Versions:** Microsoft SQL Server (affected versions not specified) **Description:** Improper input validation in Microsoft SQL Server allows an unauthorized attacker to disclose sensitive information over a network. The vulnerability has been publicly disclosed and is actively exploited. Approximately 2.9 million services are found to be affected yearly. The vulnerability allows a remote,...More
LPE
RCE
Related posts · 39
Microsoft’s July 2025 Patch Tuesday Addresses 128 CVEs (CVE-2025-49719) https://t.co/9HFRUaj7qS https://t.co/c4lvLxEARh
2025-07-16 21:36:09
July Microsoft Patch Tuesday. A total of 152 vulnerabilities - twice as many as in June. Of these, 15 vulnerabilities were added between the June and July MSPT. One vulnerability is exploited in the wild:
🔻 Memory Corruption - Chromium (CVE-2025-6554)
One vulnerability has an exploit available on GitHub:
🔸 EoP - Windows Update Service (CVE-2025-48799). This vulnerability may be exploited on Windows 11/10 hosts with two or more hard drives.
Notable among the rest:
🔹 RCE - CDPService (CVE-2025-49724), KDC Proxy Service (CVE-2025-49735), SharePoint (CVE-2025-49704, CVE-2025-49701), Hyper-V DDA (CVE-2025-48822), MS Office (CVE-2025-49695), NEGOEX (CVE-2025-47981), MS SQL Server (CVE-2025-49717)
🔹 InfDisc - MS SQL Server (CVE-2025-49719)
🔹 EoP - MS VHD (CVE-2025-49689), TCP/IP Driver (CVE-2025-49686), Win32k (CVE-2025-49727, CVE-2025-49733, CVE-2025-49667), Graphics Component (CVE-2025-49732, CVE-2025-49744)
🗒 Full Vulristics report
На русском
@avleonovcom #Vulristics #PatchTuesday #Microsoft #Windows
2025-07-16 17:41:54
Microsoft’s July 2025 Patch Tuesday Addresses 128 CVEs (CVE-2025-49719) https://t.co/uXSBH4fjjs https://t.co/JrJzFjdIQa
2025-07-14 20:27:02
#23 · PT-2025-6815 · Linux · Linux Kernel
Published
2025-01-01
·
Updated
2025-07-16
·
CVE-2025-0927
8.8
High
Base
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions up to 6.12.0 Ubuntu 22.04 with Linux Kernel 6.5.0-18-generic Linux Kernel versions 2.x up to 6.13 Description: The issue is related to a heap overflow vulnerability in the HFS+ file system implementation in the Linux Kernel. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbit...More
Exploit
Fix
DoS
LPE
Heap Based Buffer Overflow
Memory Corruption
Buffer Overflow
Related posts · 36
[Stream](https://www.youtube.com/live/uCcsZrXyLyE) by [Slava Moskvin](https://x.com/slava_moskvin_) hosted by [Stephen Sims](https://x.com/Steph3nSims) about building a custom fuzzer to rediscover CVE-2025-0927 in the HFS+ filesystem implementation.
Slava started with a simple fuzzer implementation and then improved it step-by-step by adding coverage collection, proper seed generation, mutations, etc.
The source code of the fuzzer is [public](https://github.com/sl4v/hfsplus-kernel-fuzzing-demo).
2025-07-16 17:08:03
Fuzzing Linux Kernel Modules, with Slava Moskvin
Stream by @slava_moskvin_ hosted by @Steph3nSims about building a custom fuzzer to rediscover CVE-2025-0927 in the HFS+ filesystem implementation.
https://t.co/UPWCmwUWC1
2025-07-16 17:07:03
Fuzzing Linux Kernel Modules, with Slava Moskvin
Stream by Slava Moskvin hosted by Stephen Sims about building a custom fuzzer to rediscover CVE-2025-0927 in the HFS+ filesystem implementation.
Slava started with a simple fuzzer implementation and then improved it step-by-step by adding coverage collection, proper seed generation, mutations, etc.
The source code of the fuzzer is public.
2025-07-16 17:06:59
#24 · PT-2025-17312 · Pytorch · Pytorch
Azraelxuemo
·
Published
2024-11-07
·
Updated
2025-07-16
·
CVE-2025-32434
10
Critical
Base
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
**Name of the Vulnerable Software and Affected Versions:** PyTorch versions prior to 2.6.0 **Description:** PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks. A Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using `torch.load()` with `weights only=True`. This vulnerability allows attackers to execute arbitrary code on the system by c...More
Fix
RCE
Deserialization of Untrusted Data
Related posts · 40
[1/2] MLSecOps: защита машинного обучения в эпоху киберугроз
На днях исследователь Цзянь Чжоу сообщил о критической уязвимости (CVE-2025-32434), затрагивающей все версии PyTorch до 2.5.1 включительно. Ошибка устраняется только обновлением версии до 2.6.0. Уязвимость соответствует критическому уровню риска, и позволяет злоумышленнику выполнить произвольный код на стороне жертвы без какого-либо взаимодействия с пользователем.
Единственным условием является факт загрузки модели, созданной атакующим, даже при якобы безопасном параметре weights_only=True. Эта опция ранее считалась надежной, но, как выяснилось, не спасала от угроз.
Подобные инциденты с развитием и повсеместным распространением нейронных сетей будут происходить всё чаще. Это еще один повод начать внедрение инструментов и технологий MLSecOps, даже на базовом уровне.
🔗Читать дальше
🌚 @poxek | 🌚 Блог | 📺 YT | 📺 RT | 📺 VK
2025-07-16 08:11:26
🚨 Top 5 Open Source Vulnerabilities of the Last Two Weeks: June 30-July 13, 2025
1️⃣ Using #PyTorch ≤2.5.1? A critical flaw lets attackers run commands remotely. Upgrade to 2.6.0+ now to stay safe (Reference: #CVE-2025-32434).
#RCE #DevSecOps #OpenSource
👇 Read more below https://t.co/CKgwkgnTq8
2025-07-14 08:18:34
Critical RCE vulnerability (CVE-2025-32434, CVSS 9.3) found in PyTorch! https://t.co/02lCkEmG3K
2025-07-08 07:37:56
#25 · PT-2025-28516 · Microsoft · Windows
Guhe120
+1
·
Published
2025-07-08
·
Updated
2025-07-17
·
CVE-2025-47981
10
Critical
Base
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
**Name of the Vulnerable Software and Affected Versions:** Windows versions (affected versions not specified) **Description:** A critical vulnerability exists in the Windows SPNEGO Extended Negotiation (NEGOEX) security mechanism. This flaw is a heap-based buffer overflow that allows an unauthorized attacker to execute code remotely over a network. The vulnerability is considered 'wormable', meaning it has the potential to spread autom...More
RCE
Heap Based Buffer Overflow
Related posts · 35
July Microsoft Patch Tuesday. A total of 152 vulnerabilities - twice as many as in June. Of these, 15 vulnerabilities were added between the June and July MSPT. One vulnerability is exploited in the wild:
🔻 Memory Corruption - Chromium (CVE-2025-6554)
One vulnerability has an exploit available on GitHub:
🔸 EoP - Windows Update Service (CVE-2025-48799). This vulnerability may be exploited on Windows 11/10 hosts with two or more hard drives.
Notable among the rest:
🔹 RCE - CDPService (CVE-2025-49724), KDC Proxy Service (CVE-2025-49735), SharePoint (CVE-2025-49704, CVE-2025-49701), Hyper-V DDA (CVE-2025-48822), MS Office (CVE-2025-49695), NEGOEX (CVE-2025-47981), MS SQL Server (CVE-2025-49717)
🔹 InfDisc - MS SQL Server (CVE-2025-49719)
🔹 EoP - MS VHD (CVE-2025-49689), TCP/IP Driver (CVE-2025-49686), Win32k (CVE-2025-49727, CVE-2025-49733, CVE-2025-49667), Graphics Component (CVE-2025-49732, CVE-2025-49744)
🗒 Full Vulristics report
На русском
@avleonovcom #Vulristics #PatchTuesday #Microsoft #Windows
2025-07-16 17:41:54
🚨 CRITICAL ALERT: Microsoft patches wormable RCE bug (CVE-2025-47981) in Windows/Server. This vulnerability could spread automatically across networks. Patch immediately! July 2025 Patch Tuesday is critical. #CyberSecurity #InfoSec #CyberAttack
2025-07-13 10:19:21
@Blackstone0123 As of July 2025, Microsoft's Patch Tuesday fixed 130+ CVEs: wormable Windows RCE CVE-2025-47981 (heap overflow, unauth exploit), public zero-day CVE-2025-49719 (SQL Server info leak), and creative SharePoint RCE CVE-2025-49704 (Pwn2Own chain with auth bypass, $100k bounty).
2025-07-12 12:31:06
#26 · PT-2025-21809 · Mozilla · Firefox Esr
Manfred Paul
·
Published
2025-05-17
·
Updated
2025-07-17
·
CVE-2025-4919
10
High
Base
AV:N/AC:L/Au:N/C:C/I:C/A:C
**Name of the Vulnerable Software and Affected Versions:** Mozilla Firefox versions prior to 128.10.1esr-1~deb12u1 Mozilla Firefox ESR versions less than 115.23.1 Mozilla Thunderbird versions prior to 1:128.11.0esr-1~deb12u1 **Description:** A vulnerability exists in the Mozilla Firefox and Thunderbird browsers due to an out-of-bounds read or write condition in the JavaScript engine. This occurs when handling array index sizes, poten...More
Fix
RCE
Out of bounds Read
Memory Corruption
Related posts · 38
🔒 CVE‑2025‑4919 — уязвимость в JIT-компиляторе IonMonkey движка SpiderMonkey в Mozilla Firefox
Баг заключается в сбое в оптимизации операций над массивами. В режиме JIT движок SpiderMonkey пытается предсказать типы и пространство операций int32, double, object и т. д. Здесь же задействован math space — предположение о том, что все арифметические операции будут оставаться в допустимом диапазоне (обычно int32) и не потребуют проверок. Если компилятор считает i (индекс массива) всегда безопасным (int, не выходит за границы), он убирает проверку на границы массива → UB (undefined behavior).
Злоумышленник может заставить JIT предположить, что переменные имеют безопасный тип (int32) и убрать проверки, а также ввести NaN или double значения позже, что приводит к сломанной арифметике и вычислению индексов, выходящих за границы.
После обхода проверки границ злоумышленник получает доступ к соседним структурам в памяти, например, другим массивам, объектам, структурам ArrayBuffer или TypedArray. Как итог — утечка адресов (ASLR bypass) и возможность изменять поля объекта или указатели (arbitrary read/write).
Уже активно эксплуатируется. Рекомендуется обновить браузер до последних версий.
🔗 Подробности в отчете.
#blue_team #CVE
2025-07-16 14:39:01
Hello,
I was reading an article (https://www.zerodayinitiative.com/blog/2025/7/14/cve-2025-4919-corruption-via-math-space-in-mozilla-firefox) about CVE-2025-4919 (https://nvd.nist.gov/vuln/detail/CVE-2025-4919#range-16732374). This CVE impacts version 128 of firefox ESR and I wanted to know if waterfox was vulnerable or if the patch from update 128.10.1 had been ported?
I was unable to find the information by searching the site and github. Sorry in advance if the subject is redundant.
2025-07-16 08:50:17
🚨 BREAKING: A critical vulnerability, CVE-2025-4919, has been discovered in Mozilla Firefox, allowing data corruption via Math Space. 🛡️ Time to update your browsers!
🔗 Read more: Source: The ZDI
#CyberSecurity #Firefox
https://t.co/OtP7E1mkiJ
2025-07-15 16:31:04
#27 · PT-2025-28894 · Unknown · Mcp-Remote
Or Peles
·
Published
2025-07-09
·
Updated
2025-07-16
·
CVE-2025-6514
9.6
Critical
Base
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
**Name of the Vulnerable Software and Affected Versions:** mcp-remote versions 0.0.5 through 0.1.15 **Description:** mcp-remote is susceptible to OS command injection when connecting to untrusted MCP servers due to crafted input from the `authorization endpoint` response URL. This vulnerability allows for remote code execution, potentially leading to full system compromise. Over 437,000 downloads have been impacted. This marks the firs...More
Fix
RCE
OS Command Injection
Related posts · 34
Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients https://t.co/J3SHk7qywt
2025-07-16 16:58:06
CVE-2025-6514: mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL
https://t.co/cufgwXpzlw
2025-07-16 07:48:00
𝗖𝗥𝗜𝗧𝗜𝗖𝗔𝗟 𝗔𝗟𝗘𝗥𝗧: 𝗺𝗰𝗽-𝗿𝗲𝗺𝗼𝘁𝗲 𝗩𝘂𝗹𝗻 𝗘𝘅𝗽𝗼𝘀𝗲𝘀 𝗟𝗟𝗠 𝗖𝗹𝗶𝗲𝗻𝘁𝘀 𝘁𝗼 𝗥𝗲𝗺𝗼𝘁𝗲 𝗖𝗼𝗱𝗲 𝗘𝘅𝗲𝗰𝘂𝘁𝗶𝗼𝗻 (𝗖𝗩𝗘-𝟮𝟬𝟮𝟱-𝟲𝟱𝟭𝟰)
🚨 CVE-2025-6514 (CVSS 9.6) allows arbitrary OS command execution on mcp-remote (v0.0.5–0.1.15) when connected https://t.co/8DOUeKXdrh
2025-07-15 16:02:09
#28 · PT-2025-28533 · Microsoft · Windows Update Service
Filip Dragović
+1
·
Published
2024-09-03
·
Updated
2025-07-17
·
CVE-2025-48799
7.8
High
Base
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
**Name of the Vulnerable Software and Affected Versions:** Windows versions prior to July 8, 2025 **Description:** An improper link resolution vulnerability exists in the Windows Update Service before file access. This allows an authorized attacker to elevate privileges locally. The vulnerability affects Windows clients (Windows 10 and Windows 11) with at least two hard drives. The issue involves incorrect handling of symbolic links du...More
Exploit
Fix
LPE
Link Following
Related posts · 22
July Microsoft Patch Tuesday. A total of 152 vulnerabilities - twice as many as in June. Of these, 15 vulnerabilities were added between the June and July MSPT. One vulnerability is exploited in the wild:
🔻 Memory Corruption - Chromium (CVE-2025-6554)
One vulnerability has an exploit available on GitHub:
🔸 EoP - Windows Update Service (CVE-2025-48799). This vulnerability may be exploited on Windows 11/10 hosts with two or more hard drives.
Notable among the rest:
🔹 RCE - CDPService (CVE-2025-49724), KDC Proxy Service (CVE-2025-49735), SharePoint (CVE-2025-49704, CVE-2025-49701), Hyper-V DDA (CVE-2025-48822), MS Office (CVE-2025-49695), NEGOEX (CVE-2025-47981), MS SQL Server (CVE-2025-49717)
🔹 InfDisc - MS SQL Server (CVE-2025-49719)
🔹 EoP - MS VHD (CVE-2025-49689), TCP/IP Driver (CVE-2025-49686), Win32k (CVE-2025-49727, CVE-2025-49733, CVE-2025-49667), Graphics Component (CVE-2025-49732, CVE-2025-49744)
🗒 Full Vulristics report
На русском
@avleonovcom #Vulristics #PatchTuesday #Microsoft #Windows
2025-07-16 17:41:54
Wh04m1001/CVE-2025-48799
Language: C++
Stars: 159 Issues: 0 Forks: 41
https://github.com/Wh04m1001/CVE-2025-48799
2025-07-16 10:00:03
Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today:
**1. [CVE-2024-30088](https://nvd.nist.gov/vuln/detail/CVE-2024-30088)**
- 📝 Windows Kernel Elevation of Privilege Vulnerability
- 📅 **Published:** 11/06/2024
- 📈 **CVSS:** 7
- 🛡️ **CISA KEV:** True
- 🧭 **Vector:** CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
- 📣 **Mentions:** 7
- ⚠️ **Priority:** 1+
- 📝 **Analysis:** A Windows Kernel Elevation of Privilege Vulnerability has been identified, confirmed as exploited in the wild due to a CISA KEV notice. This vulnerability allows for remote code execution with a CVSS score of 7, making it a priority 1+ issue requiring immediate attention and remediation.
---
**2. [CVE-2025-49704](https://nvd.nist.gov/vuln/detail/CVE-2025-49704)**
- 📝 Microsoft SharePoint Remote Code Execution Vulnerability
- 📅 **Published:** 08/07/2025
- 📈 **CVSS:** 8.8
- 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
- 📣 **Mentions:** 4
- ⚠️ **Priority:** {"error":"Priority not found for this CVE."}
- 📝 **Analysis:** A SharePoint Remote Code Execution vulnerability (CVSS: 8.8) has been identified, leveraging API bypass for command execution. No in-the-wild activity confirmed as of yet; prioritize remediation due to high CVSS and moderate exploitability.
---
**3. [CVE-2025-48384](https://nvd.nist.gov/vuln/detail/CVE-2025-48384)**
- 📝 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
- 📅 **Published:** 08/07/2025
- 📈 **CVSS:** 8.1
- 🧭 **Vector:** CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
- 📣 **Mentions:** 38
- ⚠️ **Priority:** {"error":"Priority not found for this CVE."}
- 📝 **Analysis:** A path traversal issue in Git submodule initialization can lead to incorrect checkout locations and potential script execution when symlinks are present. The vulnerability is patched in versions v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1. No confirmed exploits in the wild, but due to high CVSS score, it's a priority 2 vulnerability.
---
**4. [CVE-2025-5777](https://nvd.nist.gov/vuln/detail/CVE-2025-5777)**
- 📝 Insufficient input validation leading to memory overread when theNetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
- 📅 **Published:** 17/06/2025
- 📈 **CVSS:** 9.3
- 🧭 **Vector:** CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
- 📣 **Mentions:** 235
- ⚠️ **Priority:** 2
- 📝 **Analysis:** A command injection vulnerability in an API module enables remote code execution; while not yet observed in-the-wild, its high CVSS score warrants a priority 2 classification due to low exploitability potential.
---
**5. [CVE-2025-4674](https://nvd.nist.gov/vuln/detail/CVE-2025-4674)**
- 📝 This vulnerability is still in Reserved status
- 📈 **CVSS:** 0
- 🧭 **Vector:** n/a
- ⚠️ **Priority:** n/a
- 📝 **Analysis:** No Information available for this CVE at the moment
---
**6. [CVE-2025-48799](https://nvd.nist.gov/vuln/detail/CVE-2025-48799)**
- 📝 Windows Update Service Elevation of Privilege Vulnerability
- 📅 **Published:** 08/07/2025
- 📈 **CVSS:** 7.8
- 🧭 **Vector:** CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
- 📣 **Mentions:** 5
- ⚠️ **Priority:** {"error":"Priority not found for this CVE."}
- 📝 **Analysis:** Unpatched Elevation of Privilege vulnerability in Windows Update Service allows local attackers to escalate privileges. No known exploits, but high CVSS score makes it a priority 2 issue for patching.
---
**7. [CVE-2025-25257](https://nvd.nist.gov/vuln/detail/CVE-2025-25257)**
- 📝 This vulnerability is still in Reserved status
- 📈 **CVSS:** 0
- 🧭 **Vector:** n/a
- ⚠️ **Priority:** n/a
- 📝 **Analysis:** No Information available for this CVE at the moment
---
**8. [CVE-2025-3648](https://nvd.nist.gov/vuln/detail/CVE-2025-3648)**
- 📝 A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list (ACL) configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer instance data that is not intended to be accessible to them. To assist customers in enhancing access controls, ServiceNow has introduced additional access control frameworks in Xanadu and Yokohama, such as Query ACLs, Security Data Filters and Deny-Unless ACLs. Additionally, in May 2025, ServiceNow delivered to customers a security update that is designed to enhance customer ACL configurations. Customers, please review the KB Articles in the References section.
- 📅 **Published:** 08/07/2025
- 📈 **CVSS:** 8.2
- 🧭 **Vector:** CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
- 📣 **Mentions:** 19
- ⚠️ **Priority:** {"error":"Priority not found for this CVE."}
- 📝 **Analysis:** Unauthorized data inference vulnerability found in Now Platform's API module under specific conditional ACL configurations. Exploitation can occur for unauthenticated and authenticated users through range query requests. ServiceNow has introduced Query ACLs, Security Data Filters, and Deny-Unless ACLs to mitigate this issue. A security update was released in May 2025. Please review the KB Articles for more information. No confirmed exploits have been reported at this time.
---
**9. [CVE-2025-47978](https://nvd.nist.gov/vuln/detail/CVE-2025-47978)**
- 📝 Windows Kerberos Denial of Service Vulnerability
- 📅 **Published:** 08/07/2025
- 📈 **CVSS:** 6.5
- 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
- 📣 **Mentions:** 1
- ⚠️ **Priority:** {"error":"Priority not found for this CVE."}
- 📝 **Analysis:** A Windows Kerberos Denial of Service vulnerability has been identified (CVSS Score: 6.5). Currently, there's no known in-the-wild activity. Due to the high CVSS score and moderate exploitability, it's classified as a priority 2 vulnerability, requiring immediate attention. Ensure systems are updated to the latest patched version.
---
**10. [CVE-2025-49689](https://nvd.nist.gov/vuln/detail/CVE-2025-49689)**
- 📝 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
- 📅 **Published:** 08/07/2025
- 📈 **CVSS:** 7.8
- 🧭 **Vector:** CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
- 📣 **Mentions:** 2
- ⚠️ **Priority:** {"error":"Priority not found for this CVE."}
- 📝 **Analysis:** A Microsoft Virtual Hard Disk Elevation of Privilege vulnerability has been identified (CVE not mentioned). This issue allows an attacker remote access for privilege escalation. No exploits have been detected in the wild yet. Given a high CVSS score and medium exploitability, this is considered a priority 2 vulnerability.
---
Let us know if you're tracking any of these or if you find any issues with the provided details.
2025-07-11 10:11:29
#29 · PT-2025-29508 · Unknown · Imagemagick
Iwashiira
+3
·
Published
2025-07-14
·
Updated
2025-07-16
·
CVE-2025-53101
7.4
High
Base
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
**Name of the Vulnerable Software and Affected Versions:** ImageMagick versions prior to 7.1.2-0 ImageMagick versions prior to 6.9.13-26 **Description:** ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, specifying multiple consecutive `%d` format specifiers in a filename template within the `magick mogrify` command causes internal pointer arithmet...More
Exploit
Fix
RCE
Related posts · 6
CVE-2025-53101
Stack Buffer Overflow in image.c · Advisory · ImageMagick/ImageMagick · GitHub
https://t.co/r3j6H3OVJh
2025-07-16 13:42:38
ImageMagick Flaw (CVE-2025-53101): Stack Buffer Overflow Allows Potential Remote Code Execution
https://securityonline.info/imagemagick-flaw-cve-2025-53101-stack-buffer-overflow-allows-potential-remote-code-execution/
2025-07-15 07:22:49
🗣️ ImageMagick Flaw (CVE-2025-53101): Stack Buffer Overflow Allows Potential Remote Code Execution https://t.co/Cx0zNdAEDI
2025-07-15 00:46:00
#30 · PT-2025-29823 · Hyperledger · Sawtooth Lighthouse Studio
Adam Kues
·
Published
2025-07-16
·
Updated
2025-07-16
·
CVE-2025-34300
10
Critical
Base
AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions: Sawtooth Lighthouse Studio versions prior to 9.16.14 Description: A template injection vulnerability exists in Sawtooth Lighthouse Studio. Exploitation allows an unauthenticated attacker to execute arbitrary commands. The software is prevalent and hidden. Recommendations: Update Sawtooth Lighthouse Studio to version 9.16.14 or later.
Exploit
Fix
RCE
Related posts · 3
CVE-2025-34300 A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the https://t.co/5ZdiavBRSk https://t.co/vPBXnH2I3s Perl web applicatio… https://t.co/UmZV5J3l8j
2025-07-16 13:55:37
Our Security Research team at @SLCyberSec discovered a pre-authentication RCE vulnerability in Sawtooth Lighthouse Studio (CVE-2025-34300). It affects all versions up to 9.16.14. Read more here: https://t.co/QyMmRuHXB2
2025-07-16 09:44:46
This month's Christmas in July release from @SLCyberSec's Security Research team is a pre-authentication RCE vulnerability in Sawtooth Lighthouse Studio (CVE-2025-34300). This software is prevalent and hidden in plain sight. Read more on our blog: https://t.co/1IqFTTeA4i https://t.co/nut9Zz9KSX
2025-07-16 09:43:46