#1 · PT-2025-40791 · Oracle · Bi Publisher
Inkmoro
+3
·
Published
2025-10-04
·
Updated
2025-10-15
·
CVE-2025-61882
10
Critical
Base
AV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions
Oracle E-Business Suite versions 12.2.3 through 12.2.14
Description
Oracle E-Business Suite contains a critical vulnerability (CVE-2025-61882) in the Concurrent Processing product, specifically within the BI Publisher Integration component. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the system, potentially leading to remo...
MoreExploit
Fix
RCE
XXE
HTTP Request/Response Smuggling
SSRF
Improper Authentication
Improper Access Control
Path traversal
X.com
393 Posts
1.4 KReposts
868.1 K Audience
Related posts · 484
🚨 Critical zero-day tagged as CVE-2025-61882 (CVSS 9.8) affecting Oracle E-Business Suite
🥳Nuclei Vulnerability Detection Script:
https://github.com/rxerium/CVE-2025-61882
🟢This vulnerability is remotely exploitable without authentication.
2025-10-15 10:27:23
Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today:
-
📝 In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
-
📅 Published: 04/09/2025
-
📈 CVSS: 5.5
-
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
-
📣 Mentions: 2
-
⚠️ Priority: 4
-
📝 Analysis: A side channel information disclosure vulnerability exists in multiple locations, potentially allowing local data exposure without requiring additional execution privileges or user interaction. No known exploits have been detected in the wild. Given the low Exploitability Score (EPSS) and CVSS score of 5.5, this is classified as a priority 4 issue, indicating a low risk at this time.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A BitLocker security bypass vulnerability has been identified, enabling remote attackers to compromise sensitive data with moderate exploitability and high impact. While no in-the-wild activity has been confirmed yet, it is a priority 2 issue due to its high CVSS score.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A Windows BitLocker Security Feature Bypass vulnerability has been identified (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C). Currently, no known exploits are active in the wild. Given the high CVSS score and pending analysis, it's crucial to assess potential impact on affected systems.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A Windows BitLocker Security Feature Bypass vulnerability has been identified. This issue allows unauthorized access with potential data compromise. No known exploits have been detected in the wild, but due to its high impact and moderate exploitability, it is a priority 2 vulnerability requiring attention.
-
📝 Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
-
📅 Published: 30/06/2025
-
📈 CVSS: 9.3
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-
📣 Mentions: 75
-
⚠️ Priority: 1+
-
📝 Analysis: A local privilege escalation vulnerability exists in Sudo before 1.9.17p1, enabling local users to gain root access due to improper handling of user-controlled directories with the --chroot option. Currently, no known exploits are active in the wild, making this a priority 4 issue according to our scoring system. Please update affected systems to the latest version.
-
📝 No description available.
-
📅 Published: 05/10/2025
-
📈 CVSS: 9.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📣 Mentions: 38
-
⚠️ Priority: 1+
-
📝 Analysis: A critical (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) vulnerability has been identified, with no description available. As of now, no known in-the-wild activity has been reported (CISA KEV). Due to its high severity and currently low exploitability, it is classified as a priority 2 vulnerability.
-
📝 n/a
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📝 Analysis: Debian Linux - 7zip
-
📝 n/a
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📝 Analysis: Debian Linux - 7zip
-
📝 No description available.
-
📅 Published: 12/10/2025
-
📈 CVSS: 7.5
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-
📣 Mentions: 13
-
⚠️ Priority: 2
-
📝 Analysis: A remote code execution vulnerability in version-unspecified software module allows attackers to execute commands; currently no exploits detected in the wild, making it a priority 2 issue due to high CVSS score but low Exploitability Scoring System (ESS) score.
10. CVE-2025-38001
-
📝 In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to determine whether it is the first insertion or not [2], but this field is only incremented by init_vf [3]. By using HFSC_RSC (which uses init_ed) [4], it is possible to bypass the check and insert the class twice in the eltree. Under normal conditions, this would lead to an infinite loop in hfsc_dequeue for the reasons we already explained in this report [5]. However, if TBF is added as root qdisc and it is configured with a very low rate, it can be utilized to prevent packets from being dequeued. This behavior can be exploited to perform subsequent insertions in the HFSC eltree and cause a UAF. To fix both the UAF and the infinite loop, with netem as an hfsc child, check explicitly in hfsc_enqueue whether the class is already in the eltree whenever the HFSC_RSC flag is set. [1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=141d34391abbb315d68556b7c67ad97885407547 [2] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1572 [3] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L677 [4] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1574 [5] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/T/#u
-
📅 Published: 06/06/2025
-
📈 CVSS: 0
-
🧭 Vector: n/a
-
📣 Mentions: 12
-
⚠️ Priority: 4
-
📝 Analysis: A UAF vulnerability has been identified in Linux kernel's net_sched when utilizing HFSC with NETEM. The patch (141d3439) can be bypassed, causing a UAF under specific conditions involving TBF and low rates. To mitigate, explicitly check for class presence during hfsc_enqueue if the HFSC_RSC flag is set. Currently, this vulnerability has low exploitability and activity in the wild (CISA KEV: Priority 4).
Let us know if you're tracking any of these or if you find any issues with the provided details.
2025-10-15 10:05:41
CVE-2025-61882 Explained: The Oracle Zero-Day Breach That Hit Enterprises Hard https://t.co/QZ8KfhtWHa
2025-10-15 04:40:07
#2 · PT-2025-28847 · Fortinet · Fortiweb
0Xbigshaq
·
Published
2025-07-08
·
Updated
2025-10-14
·
CVE-2025-25257
10
Critical
Base
AV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions
Fortinet FortiWeb versions 7.0.0 through 7.6.3, 7.4.0 through 7.4.7, and 7.2.0 through 7.2.10
Description
Fortinet FortiWeb contains a critical SQL injection vulnerability that allows unauthenticated attackers to execute unauthorized SQL code or commands via crafted HTTP or HTTPS requests. This vulnerability, identified as CVE-2025-25257, has a CVSS score of 9.6 to 9.8. Expl...
MoreExploit
Fix
RCE
SQL injection
X.com
214 Posts
799Reposts
8.9 M Audience
Related posts · 268
Actor mass exploiting CVE-2025-25257 (Critical FortiWeb SQLi) from 213.138.72.10 ( Limited Liability Company TTK-Svyaz )
VirusTotal Detections: 0/95 🟢
The actor exploited multiple honeypots across a short timeframe (1 hour) https://t.co/wUayMUnVan
2025-10-14 16:15:22
A Few Exploits Captured Over the Weekend 🧨
95.143.193.150 ( Internetport Sweden AB ) 🇸🇪 Exploiting CVE-2025-25257 (FortiWeb SQLi)
146.56.116.119 ( ORACLE-BMC-31898 ) 🇰🇷 Exploiting CVE-2025-5777 (CitrixBleed 2)
146.70.166.212 ( M247 Europe SRL ) 🇺🇸 Exploiting CVE-2025-61882 (Oracle E-Business RCE)
All 0/95 on VirusTotal 🟢
2025-10-12 16:44:23
Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today:
- 📝 7zip
- 📈 CVSS: 9.8
- 🧭 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- ⚠️ Priority: 1
- 📝 Analysis: Pending NVD publication
- 📝 7zip
- 📈 CVSS: 9.8
- 🧭 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- ⚠️ Priority: 1
- 📝 Analysis: Pending NVD publication
- 📝 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
- 📈 CVSS: 9.8
- 🛡️ CISA KEV: True
- 🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- ⚠️ Priority: 1+
- 📝 Analysis: Confirmed Exploitation in the Wild
-
📝 Microsoft SharePoint Server Remote Code Execution Vulnerability
-
📅 Published: 20/07/2025
-
📈 CVSS: 9.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C
-
📣 Mentions: 13
-
⚠️ Priority: 1+
-
📝 Analysis: A critical Remote Code Execution vulnerability has been identified in Microsoft SharePoint Server, with high impact and exploitability through network access. No known in-the-wild activity reported, but priority is 4 due to low EPSS and CVSS scores. Verify against versions mentioned in the description.
-
📝 Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a targets device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
-
📅 Published: 29/08/2025
-
📈 CVSS: 8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
-
📣 Mentions: 12
-
⚠️ Priority: 1+
-
📝 Analysis: Unauthorized linked device synchronization messages in WhatsApp for iOS prior v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 may have been exploited in targeted attacks, leveraging CVE-2025-43300 on Apple platforms. This is a priority 2 vulnerability due to high CVSS score and potential for sophistication, despite no confirmed exploits detected.
-
📝 Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the applications confidentiality, integrity, and availability.
-
📅 Published: 09/09/2025
-
📈 CVSS: 10
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-
📣 Mentions: 28
-
⚠️ Priority: 2
-
📝 Analysis: Unauthenticated attacker can exploit SAP NetWeaver via deserialization in RMI-P4 module, leading to arbitrary OS command execution, posing a high impact on confidentiality, integrity, and availability. No confirmed exploits detected; prioritize due to high CVSS score and low EPSS.
-
📝 No description available.
-
📅 Published: 05/10/2025
-
📈 CVSS: 9.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📣 Mentions: 38
-
⚠️ Priority: 1+
-
📝 Analysis: A critical (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) vulnerability has been identified, with no description available. As of now, no known in-the-wild activity has been reported (CISA KEV). Due to its high severity and currently low exploitability, it is classified as a priority 2 vulnerability.
-
📝 The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a users cookie value prior to logging them in through the service_finder_switch_back() function. This makes it possible for unauthenticated attackers to login as any user including admins.
-
📅 Published: 01/08/2025
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📣 Mentions: 14
-
⚠️ Priority: 2
-
📝 Analysis: Unauthenticated attackers can escalate privileges in Service Finder Bookings for WordPress (up to version 6.0). This is due to insufficient cookie validation during login through service_finder_switch_back(). No known exploits have been detected, but the high CVSS score and potential impact on administrative permissions make this a priority 2 vulnerability. Verify versions before taking action.
-
📝 In Progress Telerik UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.
-
📅 Published: 14/05/2025
-
📈 CVSS: 7.5
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
-
📣 Mentions: 8
-
⚠️ Priority: 2
-
📝 Analysis: Unsafe reflection vulnerability discovered in In Progress® Telerik® UI for AJAX versions 2011.2.712 to 2025.1.218 can lead to a hosting process crash, causing denial of service. No known exploits detected; prioritize accordingly as a level 2 vulnerability due to high CVSS score and currently low exploit potential.
10. CVE-2025-11371
-
📝 In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including16.7.10368.56560
-
📅 Published: 09/10/2025
-
📈 CVSS: 6.2
-
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-
📣 Mentions: 10
-
⚠️ Priority: 4
-
📝 Analysis: Unauthenticated Local File Inclusion flaw found in Gladinet CentreStack and TrioFox (prior to v16.7.10368.56560). Exploitation observed in the wild. This vulnerability has a CVSS score of 6.2, with a priority score of 4 due to low EPSS and low CVSS.
Let us know if you're tracking any of these or if you find any issues with the provided details.
2025-10-12 10:02:43
#3 · PT-2025-36080 · Google · Android
Published
2025-09-01
·
Updated
2025-10-15
·
CVE-2025-48561
5.5
Medium
Base
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions
Android versions 13 through 16
Description
A side-channel information disclosure issue exists in the Android operating system. This flaw allows a malicious application to potentially access data displayed on the screen, including sensitive information like two-factor authentication (2FA) codes, Google Maps timelines, and data from applications such as Google Authenticator, G...
MoreFix
Side Channel Attack
X.com
6 Posts
65Reposts
55.6 K Audience
Related posts · 11
Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today:
-
📝 In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
-
📅 Published: 04/09/2025
-
📈 CVSS: 5.5
-
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
-
📣 Mentions: 2
-
⚠️ Priority: 4
-
📝 Analysis: A side channel information disclosure vulnerability exists in multiple locations, potentially allowing local data exposure without requiring additional execution privileges or user interaction. No known exploits have been detected in the wild. Given the low Exploitability Score (EPSS) and CVSS score of 5.5, this is classified as a priority 4 issue, indicating a low risk at this time.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A BitLocker security bypass vulnerability has been identified, enabling remote attackers to compromise sensitive data with moderate exploitability and high impact. While no in-the-wild activity has been confirmed yet, it is a priority 2 issue due to its high CVSS score.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A Windows BitLocker Security Feature Bypass vulnerability has been identified (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C). Currently, no known exploits are active in the wild. Given the high CVSS score and pending analysis, it's crucial to assess potential impact on affected systems.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A Windows BitLocker Security Feature Bypass vulnerability has been identified. This issue allows unauthorized access with potential data compromise. No known exploits have been detected in the wild, but due to its high impact and moderate exploitability, it is a priority 2 vulnerability requiring attention.
-
📝 Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
-
📅 Published: 30/06/2025
-
📈 CVSS: 9.3
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-
📣 Mentions: 75
-
⚠️ Priority: 1+
-
📝 Analysis: A local privilege escalation vulnerability exists in Sudo before 1.9.17p1, enabling local users to gain root access due to improper handling of user-controlled directories with the --chroot option. Currently, no known exploits are active in the wild, making this a priority 4 issue according to our scoring system. Please update affected systems to the latest version.
-
📝 No description available.
-
📅 Published: 05/10/2025
-
📈 CVSS: 9.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📣 Mentions: 38
-
⚠️ Priority: 1+
-
📝 Analysis: A critical (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) vulnerability has been identified, with no description available. As of now, no known in-the-wild activity has been reported (CISA KEV). Due to its high severity and currently low exploitability, it is classified as a priority 2 vulnerability.
-
📝 n/a
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📝 Analysis: Debian Linux - 7zip
-
📝 n/a
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📝 Analysis: Debian Linux - 7zip
-
📝 No description available.
-
📅 Published: 12/10/2025
-
📈 CVSS: 7.5
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-
📣 Mentions: 13
-
⚠️ Priority: 2
-
📝 Analysis: A remote code execution vulnerability in version-unspecified software module allows attackers to execute commands; currently no exploits detected in the wild, making it a priority 2 issue due to high CVSS score but low Exploitability Scoring System (ESS) score.
10. CVE-2025-38001
-
📝 In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to determine whether it is the first insertion or not [2], but this field is only incremented by init_vf [3]. By using HFSC_RSC (which uses init_ed) [4], it is possible to bypass the check and insert the class twice in the eltree. Under normal conditions, this would lead to an infinite loop in hfsc_dequeue for the reasons we already explained in this report [5]. However, if TBF is added as root qdisc and it is configured with a very low rate, it can be utilized to prevent packets from being dequeued. This behavior can be exploited to perform subsequent insertions in the HFSC eltree and cause a UAF. To fix both the UAF and the infinite loop, with netem as an hfsc child, check explicitly in hfsc_enqueue whether the class is already in the eltree whenever the HFSC_RSC flag is set. [1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=141d34391abbb315d68556b7c67ad97885407547 [2] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1572 [3] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L677 [4] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1574 [5] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/T/#u
-
📅 Published: 06/06/2025
-
📈 CVSS: 0
-
🧭 Vector: n/a
-
📣 Mentions: 12
-
⚠️ Priority: 4
-
📝 Analysis: A UAF vulnerability has been identified in Linux kernel's net_sched when utilizing HFSC with NETEM. The patch (141d3439) can be bypassed, causing a UAF under specific conditions involving TBF and low rates. To mitigate, explicitly check for class presence during hfsc_enqueue if the HFSC_RSC flag is set. Currently, this vulnerability has low exploitability and activity in the wild (CISA KEV: Priority 4).
Let us know if you're tracking any of these or if you find any issues with the provided details.
2025-10-15 10:05:41
"Google attempted to fix the problem (CVE-2025-48561) in the September Android update. However, researchers were able to bypass the mitigation and an effective solution is expected in the December 2025 Android security update."
https://t.co/qhuiXXClvN
2025-10-15 00:22:33
The Pixnapping vulnerability is real—a side-channel attack letting malicious Android apps steal screen data like 2FA codes via timing exploits. Affects Android 13-16 on Pixel/Samsung devices. Google patched CVE-2025-48561 partially but deems full fix infeasible.
To protect: Avoid untrusted apps, use hardware 2FA (e.g., YubiKey), and hardware wallets for crypto. More at https://t.co/15LAXyStbp.
2025-10-14 19:19:24
#4 · PT-2025-38495 · Fortra · Goanywhere Mft
Published
2025-09-11
·
Updated
2025-10-15
·
CVE-2025-10035
10
Critical
Base
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Fortra GoAnywhere MFT versions prior to 7.8.4
Description
Fortra GoAnywhere MFT contains a critical deserialization vulnerability in the License Servlet. This flaw allows an attacker with a validly forged license response signature to deserialize an arbitrary actor-controlled object, potentially leading to remote code execution. Exploitation of this vulnerability has been ob...
MoreExploit
Fix
RCE
Command Injection
Deserialization of Untrusted Data
X.com
222 Posts
505Reposts
238.3 K Audience
Related posts · 281
CVE-2025-10035 — GoAnywhere MFT под атакой Medusa Ransomware
#ransom #CVE #RCE #suricata #yara #blueteam #malw
18 сентября 2025 года Fortra опубликовала уведомление о безопасности, описывающее критическую уязвимость десериализации в License Servlet GoAnywhere MFT, отмеченную как CVE-2025-10035 с оценкой CVSS 10.0. Уязвимость может позволить злоумышленнику с корректно подделанной подписью ответа лицензии десериализовать произвольный объект, контролируемый атакующим, что потенциально ведёт к инъекции команд и удалённому выполнению кода (RCE). Группа киберпреступников, которую Microsoft Threat Intelligence отслеживает как Storm-1175 и известную развёртыванием вымогателя Medusa и эксплуатацией публично доступных приложений для начального доступа, была замечена при эксплуатации этой уязвимости.
Давайте разберёмся, что это такое)
🔗blog.poxek
🌚 @poxek | 📲 MAX |🌚 Блог | 📺 YT | 📺 RT | 📺 VK | ❤️ Мерч
2025-10-15 07:02:26
Hidden Cost of MFT Vulnerabilities: Why CVE-2025-10035 Demands a New Security Playbook https://t.co/APxNyvWY2x
2025-10-14 15:57:01
As this fall season brings a surge of newly disclosed vulnerabilities and heightened patch activity across the cybersecurity landscape, organizations are once again facing critical risks on the horizon. Following the recent disclosure of...
CVEs: CVE-2025-10035,CVE-2025-11001,CVE-2025-11002,cve-2025-11001,cve-2025-11002
Source: https://socprime.com/blog/latest-threats/cve-2025-11001-and-cve-2025-11002-in-7zip/
2025-10-14 15:01:42
#5 · PT-2025-41795 · Amd · Epyc
Published
2025-10-13
·
Updated
2025-10-14
·
CVE-2025-0033
6.0
Medium
Base
AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions
AMD EPYC and EPYC Embedded series processors versions prior to BIOS updates from OEM partners
AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) (affected versions not specified)
Description
A critical issue, dubbed RMPocalypse (CVE-2025-0033), has been identified in AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-...
MoreFix
Improper Access Control
X.com
9 Posts
23Reposts
10.7 K Audience
Related posts · 15
Dreamforce 2025 biggest surprise speaker is CVE-2025-0033
Giving a live demo:
How to Turn a Confidential Computing Demo into a Data Exfiltration Party.
Zero-day rizz
2025-10-14 20:19:32
A critical vulnerability dubbed RMPocalypse has been discovered in AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) technology, fundamentally undermining the security promises of confidential computing. The flaw, tracked as CVE-2025-0033, enables a malicious hypervisor to corrupt the Reverse Map Table (RMP) during initialization, allowing complete compromise of confidential virtual machines. This race condition in AMD's memory protection architecture represents a fundamental challenge to hardware-level security guarantees that form the foundation of modern cloud computing.
🔴 Vulnerability: Race condition during AMD Secure Processor (ASP) initialization of Reverse Map Table (RMP)
🔴 Impact: Full compromise of confidential VM integrity and confidentiality with 100% success rate
🔴 Mechanism: Single 8-byte write to RMP table during initialization voids all SEV-SNP security guarantees
🔴 Architecture Flaw: RMP entries protect other RMP entries, creating an unprotected window during VM startup
Attack Consequences
⚠️ Complete Secret Exfiltration: All encrypted data within confidential VMs can be extracted
⚠️ Arbitrary Code Execution: Attackers can manipulate VM execution without detection
⚠️ Persistence: Compromised RMP affects all subsequent VM operations
⚠️ Stealth: Attacks leave no traces in conventional security monitoring
Impacted Processors: AMD EPYC and EPYC Embedded series
Vendor Response: BIOS updates distributed to OEM partners
Cloud Impact: Microsoft Azure Confidential Computing deploying patches
Enterprise Action: Supermicro and other hardware vendors releasing firmware updates
🛡️ Mitigation
Immediate Patching: Apply BIOS/firmware updates from hardware manufacturers
VM Monitoring: Enhanced monitoring for anomalous behavior in confidential computing environments
Hypervisor Security: Strengthen hypervisor access controls and audit capabilities
Alternative Protections: Consider additional encryption layers for sensitive workloads
RMPocalypse demonstrates that hardware-level security is only as strong as its initialization sequence.
2025-10-14 17:45:09
𝗧𝗼𝗱𝗮𝘆'𝘀 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆 𝗼𝘃𝗲𝗿𝘃𝗶𝗲𝘄:
▪️ Microsoft has addressed 173 vulnerabilities, three exploited zero-days (CVE-2025-59230, CVE-2025-47827 and CVE-2025-24990) and three with PoC (CVE-2025-2884, CVE-2025-24052 and CVE-2025-0033), nine critical
▪️ Third-party: Google Chrome, Figma, Unity, Cisco, Oracle, OpenSSL, and Apple.
▪️ Microsoft has addressed 173 vulnerabilities, three exploited zero-days (CVE-2025-59230, CVE-2025-47827 and CVE-2025-24990) and three with PoC (CVE-2025-2884, CVE-2025-24052 and CVE-2025-0033), nine critical
▪️ Third-party: Google Chrome, Figma, Unity, Cisco, Oracle, OpenSSL, and Apple.
Navigate to 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗗𝗶𝗴𝗲𝘀𝘁 𝗳𝗿𝗼𝗺 𝗔𝗰𝘁𝗶𝗼𝗻𝟭 for comprehensive summary updated in real-time.
Quick summary:
▪️ 𝗚𝗼𝗼𝗴𝗹𝗲 𝗖𝗵𝗿𝗼𝗺𝗲: Actively exploited zero-day (CVE-2025-1058) in V8 JavaScript engine. Also fixed heap buffer overflow in ANGLE (CVE-2025-10502).
▪️ 𝗙𝗶𝗴𝗺𝗮: Command injection (CVE-2025-53967, CVSS 7.5) in figma-developer-mcp server; patched in version 0.6.3.
▪️ 𝗨𝗻𝗶𝘁𝘆: High-severity vulnerability (CVE-2025-59489, CVSS 8.4); affects Unity 2017.1+ on Android, Windows, macOS, Linux; no exploitation observed.
▪️ 𝗖𝗶𝘀𝗰𝗼 𝗜𝗢𝗦/𝗜𝗢𝗦 𝗫𝗘: Actively exploited zero-day (CVE-2025-20352) stack-based buffer overflow in SNMP subsystem; no workarounds.
▪️ 𝗖𝗶𝘀𝗰𝗼 𝗔𝗦𝗔/𝗙𝗧𝗗: Two actively exploited RCE vulnerabilities (CVE-2025-20333, CVE-2025-20362); 48,000+ instances exposed online; ongoing large-scale attacks.
▪️ 𝗢𝗿𝗮𝗰𝗹𝗲 𝗘-𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗦𝘂𝗶𝘁𝗲: Actively exploited zero-day (CVE-2025-61882) used in Clop ransomware data theft campaign; affects versions 12.2.3–12.2.14.
▪️ 𝗢𝗽𝗲𝗻𝗦𝗦𝗟: Medium-severity flaws (CVE-2025-9230, CVE-2025-9231, CVE-2025-9232); potential private key recovery and buffer overflows; patched in versions 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.0.2zm, 1.1.1zd.
▪️ 𝗔𝗽𝗽𝗹𝗲 𝗶𝗢𝗦/𝗺𝗮𝗰𝗢𝗦: 50+ vulnerabilities fixed; one actively exploited zero-day (CVE-2025-43300) in ImageIO targeted WhatsApp users; patches released across all major Apple platforms.
▪️ 𝗚𝗼𝗼𝗴𝗹𝗲 𝗖𝗵𝗿𝗼𝗺𝗲: Actively exploited zero-day (CVE-2025-1058) in V8 JavaScript engine. Also fixed heap buffer overflow in ANGLE (CVE-2025-10502).
▪️ 𝗙𝗶𝗴𝗺𝗮: Command injection (CVE-2025-53967, CVSS 7.5) in figma-developer-mcp server; patched in version 0.6.3.
▪️ 𝗨𝗻𝗶𝘁𝘆: High-severity vulnerability (CVE-2025-59489, CVSS 8.4); affects Unity 2017.1+ on Android, Windows, macOS, Linux; no exploitation observed.
▪️ 𝗖𝗶𝘀𝗰𝗼 𝗜𝗢𝗦/𝗜𝗢𝗦 𝗫𝗘: Actively exploited zero-day (CVE-2025-20352) stack-based buffer overflow in SNMP subsystem; no workarounds.
▪️ 𝗖𝗶𝘀𝗰𝗼 𝗔𝗦𝗔/𝗙𝗧𝗗: Two actively exploited RCE vulnerabilities (CVE-2025-20333, CVE-2025-20362); 48,000+ instances exposed online; ongoing large-scale attacks.
▪️ 𝗢𝗿𝗮𝗰𝗹𝗲 𝗘-𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗦𝘂𝗶𝘁𝗲: Actively exploited zero-day (CVE-2025-61882) used in Clop ransomware data theft campaign; affects versions 12.2.3–12.2.14.
▪️ 𝗢𝗽𝗲𝗻𝗦𝗦𝗟: Medium-severity flaws (CVE-2025-9230, CVE-2025-9231, CVE-2025-9232); potential private key recovery and buffer overflows; patched in versions 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.0.2zm, 1.1.1zd.
▪️ 𝗔𝗽𝗽𝗹𝗲 𝗶𝗢𝗦/𝗺𝗮𝗰𝗢𝗦: 50+ vulnerabilities fixed; one actively exploited zero-day (CVE-2025-43300) in ImageIO targeted WhatsApp users; patches released across all major Apple platforms.
2025-10-14 17:42:39
#6 · PT-2025-27466 · Sudo · Sudo
Rich Mirch
·
Published
2025-06-30
·
Updated
2025-10-15
·
CVE-2025-32463
9.3
Critical
Base
AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions:
Sudo versions 1.9.14 through 1.9.17
Description:
Sudo versions 1.9.14 through 1.9.17 are vulnerable to a local privilege escalation. An attacker can leverage the --chroot option to gain root access by manipulating the /etc/nsswitch.conf file within a user-controlled directory. This allows the attacker to execute arbitrary commands with root privileges. A proof-of-concept...
MoreExploit
Fix
LPE
X.com
170 Posts
1.2 KReposts
62.8 M Audience
Related posts · 238
Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today:
-
📝 In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
-
📅 Published: 04/09/2025
-
📈 CVSS: 5.5
-
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
-
📣 Mentions: 2
-
⚠️ Priority: 4
-
📝 Analysis: A side channel information disclosure vulnerability exists in multiple locations, potentially allowing local data exposure without requiring additional execution privileges or user interaction. No known exploits have been detected in the wild. Given the low Exploitability Score (EPSS) and CVSS score of 5.5, this is classified as a priority 4 issue, indicating a low risk at this time.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A BitLocker security bypass vulnerability has been identified, enabling remote attackers to compromise sensitive data with moderate exploitability and high impact. While no in-the-wild activity has been confirmed yet, it is a priority 2 issue due to its high CVSS score.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A Windows BitLocker Security Feature Bypass vulnerability has been identified (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C). Currently, no known exploits are active in the wild. Given the high CVSS score and pending analysis, it's crucial to assess potential impact on affected systems.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A Windows BitLocker Security Feature Bypass vulnerability has been identified. This issue allows unauthorized access with potential data compromise. No known exploits have been detected in the wild, but due to its high impact and moderate exploitability, it is a priority 2 vulnerability requiring attention.
-
📝 Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
-
📅 Published: 30/06/2025
-
📈 CVSS: 9.3
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-
📣 Mentions: 75
-
⚠️ Priority: 1+
-
📝 Analysis: A local privilege escalation vulnerability exists in Sudo before 1.9.17p1, enabling local users to gain root access due to improper handling of user-controlled directories with the --chroot option. Currently, no known exploits are active in the wild, making this a priority 4 issue according to our scoring system. Please update affected systems to the latest version.
-
📝 No description available.
-
📅 Published: 05/10/2025
-
📈 CVSS: 9.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📣 Mentions: 38
-
⚠️ Priority: 1+
-
📝 Analysis: A critical (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) vulnerability has been identified, with no description available. As of now, no known in-the-wild activity has been reported (CISA KEV). Due to its high severity and currently low exploitability, it is classified as a priority 2 vulnerability.
-
📝 n/a
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📝 Analysis: Debian Linux - 7zip
-
📝 n/a
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📝 Analysis: Debian Linux - 7zip
-
📝 No description available.
-
📅 Published: 12/10/2025
-
📈 CVSS: 7.5
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-
📣 Mentions: 13
-
⚠️ Priority: 2
-
📝 Analysis: A remote code execution vulnerability in version-unspecified software module allows attackers to execute commands; currently no exploits detected in the wild, making it a priority 2 issue due to high CVSS score but low Exploitability Scoring System (ESS) score.
10. CVE-2025-38001
-
📝 In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to determine whether it is the first insertion or not [2], but this field is only incremented by init_vf [3]. By using HFSC_RSC (which uses init_ed) [4], it is possible to bypass the check and insert the class twice in the eltree. Under normal conditions, this would lead to an infinite loop in hfsc_dequeue for the reasons we already explained in this report [5]. However, if TBF is added as root qdisc and it is configured with a very low rate, it can be utilized to prevent packets from being dequeued. This behavior can be exploited to perform subsequent insertions in the HFSC eltree and cause a UAF. To fix both the UAF and the infinite loop, with netem as an hfsc child, check explicitly in hfsc_enqueue whether the class is already in the eltree whenever the HFSC_RSC flag is set. [1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=141d34391abbb315d68556b7c67ad97885407547 [2] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1572 [3] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L677 [4] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1574 [5] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/T/#u
-
📅 Published: 06/06/2025
-
📈 CVSS: 0
-
🧭 Vector: n/a
-
📣 Mentions: 12
-
⚠️ Priority: 4
-
📝 Analysis: A UAF vulnerability has been identified in Linux kernel's net_sched when utilizing HFSC with NETEM. The patch (141d3439) can be bypassed, causing a UAF under specific conditions involving TBF and low rates. To mitigate, explicitly check for class presence during hfsc_enqueue if the HFSC_RSC flag is set. Currently, this vulnerability has low exploitability and activity in the wild (CISA KEV: Priority 4).
Let us know if you're tracking any of these or if you find any issues with the provided details.
2025-10-15 10:05:41
Date: 14-Oct-25
A critical vulnerability (CVE-2025-32463) in the widely used Sudo utility allows local attackers to escalate privileges to root level, impacting versions 1.9.14 through 1.9.17. Discovered by researcher Rich Mirch, the flaw exploits the chroot feature, enabling unauthorized command execution, and has a CVSS score of 9.3. Active exploitation has been reported, prompting urgent patching calls from organizations such as CISA, with patches already rolled out for affected distributions like Ubuntu and Red Hat. This incident underscores the ongoing risks associated with privilege management tools in multi-user environments, emphasizing the importance of promptly addressing vulnerabilities to protect systems from potential breaches and data exfiltration.
#IndianArmy #IndianNavy #IndianAirForce
2025-10-15 01:18:00
🔥 Detection for Sudo Chroot Privilege Escalation (CVE-2025-32463)
Deploy this behavioral KQL detection to identify exploitation attempts targeting the chroot feature in Sudo versions 1.9.14 through 1.9.17. This vulnerability allows local attackers to escalate privileges to root with minimal effort. 🛡️ Use this detection as a temporary safeguard until your Linux systems are fully patched.🫡
#Cybersecurity #SUDO #privilegeescalation
2025-10-14 13:09:29
#7 · PT-2025-41705 · Oracle · Oracle Configurator
Published
2025-10-12
·
Updated
2025-10-15
·
CVE-2025-61884
7.5
High
Base
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions
Oracle E-Business Suite versions 12.2.3 through 12.2.14
Description
An easily exploitable vulnerability exists in the Oracle Configurator product of Oracle E-Business Suite, specifically within the Runtime UI component. This flaw allows an unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful exploitation can lead to unauthorized...
MoreFix
X.com
63 Posts
224Reposts
120.1 K Audience
Related posts · 84
Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today:
-
📝 In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
-
📅 Published: 04/09/2025
-
📈 CVSS: 5.5
-
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
-
📣 Mentions: 2
-
⚠️ Priority: 4
-
📝 Analysis: A side channel information disclosure vulnerability exists in multiple locations, potentially allowing local data exposure without requiring additional execution privileges or user interaction. No known exploits have been detected in the wild. Given the low Exploitability Score (EPSS) and CVSS score of 5.5, this is classified as a priority 4 issue, indicating a low risk at this time.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A BitLocker security bypass vulnerability has been identified, enabling remote attackers to compromise sensitive data with moderate exploitability and high impact. While no in-the-wild activity has been confirmed yet, it is a priority 2 issue due to its high CVSS score.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A Windows BitLocker Security Feature Bypass vulnerability has been identified (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C). Currently, no known exploits are active in the wild. Given the high CVSS score and pending analysis, it's crucial to assess potential impact on affected systems.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A Windows BitLocker Security Feature Bypass vulnerability has been identified. This issue allows unauthorized access with potential data compromise. No known exploits have been detected in the wild, but due to its high impact and moderate exploitability, it is a priority 2 vulnerability requiring attention.
-
📝 Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
-
📅 Published: 30/06/2025
-
📈 CVSS: 9.3
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-
📣 Mentions: 75
-
⚠️ Priority: 1+
-
📝 Analysis: A local privilege escalation vulnerability exists in Sudo before 1.9.17p1, enabling local users to gain root access due to improper handling of user-controlled directories with the --chroot option. Currently, no known exploits are active in the wild, making this a priority 4 issue according to our scoring system. Please update affected systems to the latest version.
-
📝 No description available.
-
📅 Published: 05/10/2025
-
📈 CVSS: 9.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📣 Mentions: 38
-
⚠️ Priority: 1+
-
📝 Analysis: A critical (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) vulnerability has been identified, with no description available. As of now, no known in-the-wild activity has been reported (CISA KEV). Due to its high severity and currently low exploitability, it is classified as a priority 2 vulnerability.
-
📝 n/a
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📝 Analysis: Debian Linux - 7zip
-
📝 n/a
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📝 Analysis: Debian Linux - 7zip
-
📝 No description available.
-
📅 Published: 12/10/2025
-
📈 CVSS: 7.5
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-
📣 Mentions: 13
-
⚠️ Priority: 2
-
📝 Analysis: A remote code execution vulnerability in version-unspecified software module allows attackers to execute commands; currently no exploits detected in the wild, making it a priority 2 issue due to high CVSS score but low Exploitability Scoring System (ESS) score.
10. CVE-2025-38001
-
📝 In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to determine whether it is the first insertion or not [2], but this field is only incremented by init_vf [3]. By using HFSC_RSC (which uses init_ed) [4], it is possible to bypass the check and insert the class twice in the eltree. Under normal conditions, this would lead to an infinite loop in hfsc_dequeue for the reasons we already explained in this report [5]. However, if TBF is added as root qdisc and it is configured with a very low rate, it can be utilized to prevent packets from being dequeued. This behavior can be exploited to perform subsequent insertions in the HFSC eltree and cause a UAF. To fix both the UAF and the infinite loop, with netem as an hfsc child, check explicitly in hfsc_enqueue whether the class is already in the eltree whenever the HFSC_RSC flag is set. [1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=141d34391abbb315d68556b7c67ad97885407547 [2] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1572 [3] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L677 [4] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1574 [5] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/T/#u
-
📅 Published: 06/06/2025
-
📈 CVSS: 0
-
🧭 Vector: n/a
-
📣 Mentions: 12
-
⚠️ Priority: 4
-
📝 Analysis: A UAF vulnerability has been identified in Linux kernel's net_sched when utilizing HFSC with NETEM. The patch (141d3439) can be bypassed, causing a UAF under specific conditions involving TBF and low rates. To mitigate, explicitly check for class presence during hfsc_enqueue if the HFSC_RSC flag is set. Currently, this vulnerability has low exploitability and activity in the wild (CISA KEV: Priority 4).
Let us know if you're tracking any of these or if you find any issues with the provided details.
2025-10-15 10:05:41
Oracle has reportedly fixed a critical vulnerability (CVE-2025-61884) in its E-Business Suite that was exploited by the ShinyHunters group, who leaked a proof-of-concept exploit. #CyberSecurity #Oracle https://t.co/xnwf00anmb
2025-10-15 02:43:40
#Oracle released an emergency patch to address an information disclosure flaw (CVE-2025-61884) in E-Business Suite’s Runtime UI component.
#CyberSecurity #InfoSec
https://t.co/VWgO7rbqni https://t.co/fXeUrU5J9w
2025-10-15 01:29:02
#8 · PT-2025-24857 · Microsoft · Windows Smb
James Forshaw
+2
·
Published
2025-01-30
·
Updated
2025-10-15
·
CVE-2025-33073
9.0
High
Base
AV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions
Windows versions prior to June 2025 Patch Tuesday
Description
A critical vulnerability exists in the Windows SMB client that allows an attacker to elevate privileges to SYSTEM level. This is achieved through a reflective Kerberos relay attack, where authentication is coerced and relayed back to the attacker's system via SMB. The vulnerability bypasses previous NTLM reflectio...
MoreExploit
Fix
RCE
LPE
Improper Access Control
X.com
117 Posts
1.6 KReposts
13.9 M Audience
Related posts · 162
NTLM reflection is dead, long live NTLM reflection! – An in-depth analysis of CVE-2025-33073 - @yaumn_
and @wil_fri3d
https://t.co/WHuiDE0Tq8
2025-10-14 13:48:00
CVE-2025-33073 - The Reflective Kerberos Relay Attack; coerce win host to connect to our attack kali via SMB and authenticate via Kerberos; Krb Ticket is relayed back; Low-pri user becomes NT AUTHORITY\SYSTEM; wspcoerce pretender krbrelayx; 06/2025; https://t.co/s1Rx6hQv1J
2025-10-11 10:53:03
Come to see how we discovered and analyzed CVE-2025-33073 with my colleague @yaumn_ at Hexacon today !
2025-10-11 07:59:10
#9 · PT-2025-40594 · Redis · Redis
Benny Isaacs
+4
·
Published
2025-10-03
·
Updated
2025-10-15
·
CVE-2025-49844
9.9
Critical
Base
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Redis versions prior to 8.2.2
Redis versions prior to 8.0.4
Redis versions prior to 7.4.6
Redis versions prior to 7.2.11
Redis versions prior to 6.2.20
LF Projects' Valkey versions affected by CVE-2025-49844
Description
Redis is an open-source, in-memory database that persists on disk. A critical vulnerability (CVE-2025-49844), dubbed RediShell, exists due to a use-after-fre...
MoreExploit
Fix
RCE
Use After Free
X.com
99 Posts
404Reposts
216.6 K Audience
Related posts · 129
randomly watching @LowLevelTweets video about CVE-2025-49844...
"hey, do we don't use redis anywhere, right?"
"... oh yes we do - why?"
"... i'll call you in a minute"
https://t.co/WJWkZv8QJU https://t.co/W3U6FPM3Uo
2025-10-14 16:25:20
Ловите вкусные баги прошедшей недели + PoC
#CVE #Redis #Oracle #подборка
➡️Redis — RediShell (CVE-2025-49844, CVSS 10.0)
Критический use-after-free в Lua-движке Redis, присутствовавший в кодовой базе 13 лет. При наличии возможности отправлять Lua-скрипты (EVAL/EVALSHA) уязвимость позволяет разрушить изоляцию Lua VM и добиться RCE в контексте процесса redis-server. В сети обнаружено порядка 330к публичных инстансов Redis, из них 60к без аутентификации.
➡️VMware Aria Operations / VMware Tools (CVE-2025-41244, CVSS 7.8)
LPE в гостевой ОС. При установленном VMware Tools и управлении через Aria Operations с включенным Service Discovery Management Pack (SDMP) можно даже с неполными привилегиями повысить права в гостевой системе до root/Administrator. Замечены случаи эксплуатации in-the-wild.
➡️OpenSSH — ProxyCommand newline injection (CVE-2025-61984, CVSS 7.8)
Command injection при формировании ProxyCommand. Если в имя пользователя и/или внешние данные попадают управляющие символы, итоговая команда для ProxyCommand может быть интерпретирована shell-ом так, что можно добиться выполнения произвольных команд на клиенте. То есть некорректная санитизация и экранирование токенов при подстановке в шаблоны.
➡️ Zimbra Collaboration — Classic Web Client XSS через .ICS (CVE-2025-27915, CVSS 6.1).
Недостаточная санация HTML внутри iCalendar (.ICS). Встраивание HTML/JS (например, ) в событие приводит к выполнению скрипта при просмотре в классическом веб-клиенте. Позволяет украсть куки/токены, пересылать письма, менять фильтры, читать почту.
➡️3DEXPERIENCE (CVE-2025-9976, CVSS 9.0)
Интегрированная PLM-платформа от Dassault Systemes, объединяющая CAD, CAE, CAM и управление инженерными данными в единую среду разработки. Баг представляет собой OS command injection в компоненте Station Launcher. Специально сформированный параметр может быть внедрен в системный вызов и привести к выполнению произвольных команд на машине пользователя. Без PoC, зато свежак.
P.s. как вам такой формат постов? 😬 - если кайф, 🔥 - если надо еще доработать. Такой формат будет выходить по пн
🌚 @poxek | 📲 MAX |🌚 Блог | 📺 YT | 📺 RT | 📺 VK | ❤️ Мерч
2025-10-14 09:28:40
raminfp/redis_exploit
CVE-2025-49844 (RediShell)
Language: Python
Stars: 221 Issues: 1 Forks: 49
https://github.com/raminfp/redis_exploit
2025-10-13 22:00:02
#10 · PT-2025-36562 · Sap · Sap Netweaver
Published
2025-09-09
·
Updated
2025-10-15
·
CVE-2025-42944
10
Critical
Base
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver versions (affected versions not specified)
Description
SAP NetWeaver contains a critical deserialization flaw in the RMI-P4 module. This allows an unauthenticated attacker to execute arbitrary operating system commands by submitting a malicious payload to an open port. The flaw poses a high risk to the confidentiality, integrity, and availability of the applica...
MoreFix
RCE
Deserialization of Untrusted Data
X.com
29 Posts
99Reposts
59.7 K Audience
Related posts · 46
SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The vulnerability, tracked as...
CVEs: CVE-2025-42944
Source: https://thehackernews.com/2025/10/new-sap-netweaver-bug-lets-attackers.html
2025-10-15 07:01:43
SAP released security patches for 13 issues, including a critical deserialization flaw (CVE-2025-42944) in SAP NetWeaver AS Java with CVSS 10.0. Exploiting this unauthenticated vulnerability via RMI-P4 can lead to arbitrary OS command execution, risking confidentiality, integrity, and availability. The fix adds extra safeguards.
2025-10-15 06:53:09
CVE-2025-42944, -42937, -42910, and other: Multiple vulnerabilities in SAP NetWeaver, 5.3 - 10.0 🔥🔥🔥
In its October bulletin, SAP published a list of 13 new vulnerabilities affecting NetWeaver, NetWeaver AS Java, and other products. These vulnerabilities include Insecure Deserialization, Information Disclosure, etc.
Search at Netlas.io:
👉 Link: https://nt.ls/aBHGg
👉 Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html
2025-10-15 06:23:22
#11 · PT-2025-35830 · Sitecore · Sitecore Experience Manager
Andi Slok
+4
·
Published
2025-09-03
·
Updated
2025-10-14
·
CVE-2025-53690
9.0
Critical
Base
AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Sitecore Experience Manager (XM), Sitecore Experience Platform (XP), Sitecore Experience Commerce (XC), and Sitecore Managed Cloud versions prior to 9.0.
Description
A deserialization of untrusted data issue exists in Sitecore products, allowing for code injection. This vulnerability, tracked as CVE-2025-53690, is actively exploited in the wild. Attackers are leveraging expo...
MoreExploit
Fix
RCE
LPE
Deserialization of Untrusted Data
X.com
74 Posts
99Reposts
874.5 K Audience
Related posts · 91
ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690)
2025-10-14 16:30:05
#VulnerabilityReport #ASPNET CVE-2025-53690: Mandiant and Sitecore Warn of Active Exploitation in https://t.co/aMlHWIBBDB Machine Key Configurations https://t.co/gHCKsQxanM
2025-10-11 18:05:33
🐱 CVE-2025-53690 | Sitecore ViewState deserialization RCE. Exploited.
Action: Rotate keys, patch, review logs.
Refs: NVD | https://t.co/gohRfh6XHY | Sitecore Advisory | BleepingComputer
2025-10-04 04:32:29
#12 · PT-2025-41585 · Nvidia · Nvidia Gpu Display Driver For Linux
Robin Bastide
·
Published
2025-10-10
·
Updated
2025-10-14
·
CVE-2025-23280
7.0
High
Base
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
NVIDIA Display Driver for Linux (affected versions not specified)
Description
The NVIDIA Display Driver for Linux contains a use-after-free flaw. This is a type of memory corruption where software attempts to access memory after it has been freed. A successful exploit could lead to code execution, escalation of privileges, data tampering, denial of service, and information d...
MoreLPE
DoS
Use After Free
X.com
5 Posts
40Reposts
9.2 K Audience
Related posts · 6
From kernel oops to kernel exploit: How two little bugs (CVE-2025-23330, CVE-2025-23280) in #NVIDIA open GPU #Linux driver can lead to full system compromise.
Full technical breakdown inside, #vmalloc exploitation technique included!
2025-10-14 16:37:16
CVE-2025-23280
NVIDIA Linux Display Driver Use-After-Free Vulnerability Enables Privilege Escalation
2025-10-11 01:39:00
CVE-2025-23280 - NVIDIA Display Driver for Linux Use-After-Free Vulnerability
CVE ID : CVE-2025-23280
Published : Oct. 10, 2025, 6:15 p.m. | 44 minutes ago
Description : NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
2025-10-10 19:03:46
#13 · PT-2025-39834 · Vmware · Vmware Aria Operations
Maxime Thiebaut
·
Published
2025-01-01
·
Updated
2025-10-15
·
CVE-2025-41244
7.8
High
Base
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
VMware Aria Operations and VMware Tools versions prior to fixes available since October 2024
open-vm-tools versions prior to 2:11.3.0-2ubuntu0~ubuntu20.04.8+esm1
VMware Cloud Foundation 4.x and 5.x, 9.xxx, 13.xxx
vSphere Foundation 9.xxx, 13.xxx
Telco Cloud Platform 4.x and 5.x
Telco Cloud Infrastructure 2.x and 3.x
Description
VMware Aria Operations and VMware Tools contain...
MoreExploit
Fix
LPE
X.com
65 Posts
293Reposts
101.5 K Audience
Related posts · 98
Ловите вкусные баги прошедшей недели + PoC
#CVE #Redis #Oracle #подборка
➡️Redis — RediShell (CVE-2025-49844, CVSS 10.0)
Критический use-after-free в Lua-движке Redis, присутствовавший в кодовой базе 13 лет. При наличии возможности отправлять Lua-скрипты (EVAL/EVALSHA) уязвимость позволяет разрушить изоляцию Lua VM и добиться RCE в контексте процесса redis-server. В сети обнаружено порядка 330к публичных инстансов Redis, из них 60к без аутентификации.
➡️VMware Aria Operations / VMware Tools (CVE-2025-41244, CVSS 7.8)
LPE в гостевой ОС. При установленном VMware Tools и управлении через Aria Operations с включенным Service Discovery Management Pack (SDMP) можно даже с неполными привилегиями повысить права в гостевой системе до root/Administrator. Замечены случаи эксплуатации in-the-wild.
➡️OpenSSH — ProxyCommand newline injection (CVE-2025-61984, CVSS 7.8)
Command injection при формировании ProxyCommand. Если в имя пользователя и/или внешние данные попадают управляющие символы, итоговая команда для ProxyCommand может быть интерпретирована shell-ом так, что можно добиться выполнения произвольных команд на клиенте. То есть некорректная санитизация и экранирование токенов при подстановке в шаблоны.
➡️ Zimbra Collaboration — Classic Web Client XSS через .ICS (CVE-2025-27915, CVSS 6.1).
Недостаточная санация HTML внутри iCalendar (.ICS). Встраивание HTML/JS (например, ) в событие приводит к выполнению скрипта при просмотре в классическом веб-клиенте. Позволяет украсть куки/токены, пересылать письма, менять фильтры, читать почту.
➡️3DEXPERIENCE (CVE-2025-9976, CVSS 9.0)
Интегрированная PLM-платформа от Dassault Systemes, объединяющая CAD, CAE, CAM и управление инженерными данными в единую среду разработки. Баг представляет собой OS command injection в компоненте Station Launcher. Специально сформированный параметр может быть внедрен в системный вызов и привести к выполнению произвольных команд на машине пользователя. Без PoC, зато свежак.
P.s. как вам такой формат постов? 😬 - если кайф, 🔥 - если надо еще доработать. Такой формат будет выходить по пн
🌚 @poxek | 📲 MAX |🌚 Блог | 📺 YT | 📺 RT | 📺 VK | ❤️ Мерч
2025-10-14 09:28:40
#exploit #poc
CPAS audit management information system has SQL injection vulnerability(CVE-2025-57529)
#github #exploit #poc
CVE-2025-56383-Proof-of-Concept
#github #poc
Detection for CVE-2025-41244
#github #tools
CVE-2025-20281 - Cisco ISE RCE Vulnerability Checker
#github #exploit
Well, Well, Well. It’s Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882)
#分析
cve-2025-7775
#github #poc
CVE-2025-49844 – Redis Lua Parser Use-After-Free
#github #poc
CVE-2025-60880 - Stored Cross-Site Scripting (XSS) in Bagisto Admin Panel
#github #xss #exploit
More Than DoS (Progress Telerik UI for https://t.co/OpcAGrIZqU AJAX Unsafe Reflection CVE-2025-3600)
#分析 #dos
Evasion-Kit for Cobalt Strike
Blog: https://t.co/IpXhKB0goK
Soft: https://t.co/tnWQRittpU
+Info https://t.co/n34Rp4V9ub
#maldev #cs #pentest #redteam
2025-10-13 20:54:05
Actively exploited CVE : CVE-2025-41244
2025-10-12 06:00:13
#14 · PT-2025-42173 · Debian · Firmware-Nvidia-Gsp
Published
2025-01-01
·
Updated
2025-10-14
·
CVE-2025-23330
None
From kernel oops to kernel exploit: How two little bugs (CVE-2025-23330, CVE-2025-23280) in #NVIDIA open GPU #Linux driver can lead to full system compromise.
Full technical breakdown inside, #vmalloc exploitation technique included!
X.com
1 Posts
40Reposts
8.6 K Audience
Related posts · 1
From kernel oops to kernel exploit: How two little bugs (CVE-2025-23330, CVE-2025-23280) in #NVIDIA open GPU #Linux driver can lead to full system compromise.
Full technical breakdown inside, #vmalloc exploitation technique included!
2025-10-14 16:37:16
#15 · PT-2025-42018 · Microsoft · Windows Bitlocker
Published
2025-10-14
·
Updated
2025-10-15
·
CVE-2025-55333
6.1
Medium
Base
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions
Windows BitLocker (affected versions not specified)
Description
An incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature through a physical attack.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
X.com
2 Posts
26Reposts
8.3 K Audience
Related posts · 3
Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today:
-
📝 In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
-
📅 Published: 04/09/2025
-
📈 CVSS: 5.5
-
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
-
📣 Mentions: 2
-
⚠️ Priority: 4
-
📝 Analysis: A side channel information disclosure vulnerability exists in multiple locations, potentially allowing local data exposure without requiring additional execution privileges or user interaction. No known exploits have been detected in the wild. Given the low Exploitability Score (EPSS) and CVSS score of 5.5, this is classified as a priority 4 issue, indicating a low risk at this time.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A BitLocker security bypass vulnerability has been identified, enabling remote attackers to compromise sensitive data with moderate exploitability and high impact. While no in-the-wild activity has been confirmed yet, it is a priority 2 issue due to its high CVSS score.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A Windows BitLocker Security Feature Bypass vulnerability has been identified (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C). Currently, no known exploits are active in the wild. Given the high CVSS score and pending analysis, it's crucial to assess potential impact on affected systems.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A Windows BitLocker Security Feature Bypass vulnerability has been identified. This issue allows unauthorized access with potential data compromise. No known exploits have been detected in the wild, but due to its high impact and moderate exploitability, it is a priority 2 vulnerability requiring attention.
-
📝 Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
-
📅 Published: 30/06/2025
-
📈 CVSS: 9.3
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-
📣 Mentions: 75
-
⚠️ Priority: 1+
-
📝 Analysis: A local privilege escalation vulnerability exists in Sudo before 1.9.17p1, enabling local users to gain root access due to improper handling of user-controlled directories with the --chroot option. Currently, no known exploits are active in the wild, making this a priority 4 issue according to our scoring system. Please update affected systems to the latest version.
-
📝 No description available.
-
📅 Published: 05/10/2025
-
📈 CVSS: 9.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📣 Mentions: 38
-
⚠️ Priority: 1+
-
📝 Analysis: A critical (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) vulnerability has been identified, with no description available. As of now, no known in-the-wild activity has been reported (CISA KEV). Due to its high severity and currently low exploitability, it is classified as a priority 2 vulnerability.
-
📝 n/a
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📝 Analysis: Debian Linux - 7zip
-
📝 n/a
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📝 Analysis: Debian Linux - 7zip
-
📝 No description available.
-
📅 Published: 12/10/2025
-
📈 CVSS: 7.5
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-
📣 Mentions: 13
-
⚠️ Priority: 2
-
📝 Analysis: A remote code execution vulnerability in version-unspecified software module allows attackers to execute commands; currently no exploits detected in the wild, making it a priority 2 issue due to high CVSS score but low Exploitability Scoring System (ESS) score.
10. CVE-2025-38001
-
📝 In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to determine whether it is the first insertion or not [2], but this field is only incremented by init_vf [3]. By using HFSC_RSC (which uses init_ed) [4], it is possible to bypass the check and insert the class twice in the eltree. Under normal conditions, this would lead to an infinite loop in hfsc_dequeue for the reasons we already explained in this report [5]. However, if TBF is added as root qdisc and it is configured with a very low rate, it can be utilized to prevent packets from being dequeued. This behavior can be exploited to perform subsequent insertions in the HFSC eltree and cause a UAF. To fix both the UAF and the infinite loop, with netem as an hfsc child, check explicitly in hfsc_enqueue whether the class is already in the eltree whenever the HFSC_RSC flag is set. [1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=141d34391abbb315d68556b7c67ad97885407547 [2] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1572 [3] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L677 [4] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1574 [5] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/T/#u
-
📅 Published: 06/06/2025
-
📈 CVSS: 0
-
🧭 Vector: n/a
-
📣 Mentions: 12
-
⚠️ Priority: 4
-
📝 Analysis: A UAF vulnerability has been identified in Linux kernel's net_sched when utilizing HFSC with NETEM. The patch (141d3439) can be bypassed, causing a UAF under specific conditions involving TBF and low rates. To mitigate, explicitly check for class presence during hfsc_enqueue if the HFSC_RSC flag is set. Currently, this vulnerability has low exploitability and activity in the wild (CISA KEV: Priority 4).
Let us know if you're tracking any of these or if you find any issues with the provided details.
2025-10-15 10:05:41
CVE-2025-55333 Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. https://t.co/nfI5LeQaCv
2025-10-14 20:36:39
Today's Patch Tuesday includes 6 CVEs for vulnerabilities that I found in BitLocker -
CVE-2025-55330, CVE-2025-55332, CVE-2025-55333, CVE-2025-55337, CVE-2025-55338 and CVE-2025-55682.
You can check them out here 👉 https://t.co/HYrfpKwX8g https://t.co/mbpkdfkE4l
2025-10-14 17:40:45
#16 · PT-2025-42023 · Microsoft · Windows Bitlocker
Published
2025-10-14
·
Updated
2025-10-14
·
CVE-2025-55338
6.1
Medium
Base
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions
Windows BitLocker (affected versions not specified)
Description
The software has a flaw related to the inability to patch ROM code. This allows an unauthorized attacker to bypass a security feature through a physical attack.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
X.com
2 Posts
26Reposts
8.3 K Audience
Related posts · 2
CVE-2025-55338 Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. https://t.co/xVh23o9V2D
2025-10-14 20:36:38
Today's Patch Tuesday includes 6 CVEs for vulnerabilities that I found in BitLocker -
CVE-2025-55330, CVE-2025-55332, CVE-2025-55333, CVE-2025-55337, CVE-2025-55338 and CVE-2025-55682.
You can check them out here 👉 https://t.co/HYrfpKwX8g https://t.co/mbpkdfkE4l
2025-10-14 17:40:45
#17 · PT-2025-42015 · Microsoft · Windows Bitlocker
Published
2025-10-14
·
Updated
2025-10-14
·
CVE-2025-55330
6.1
Medium
Base
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions
Windows BitLocker (affected versions not specified)
Description
An issue exists in Windows BitLocker related to improper enforcement of behavioral workflow. This allows an unauthorized attacker to bypass a security feature through a physical attack.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
X.com
2 Posts
27Reposts
8.3 K Audience
Related posts · 2
CVE-2025-55330 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. https://t.co/07q79wgntp
2025-10-14 18:49:08
Today's Patch Tuesday includes 6 CVEs for vulnerabilities that I found in BitLocker -
CVE-2025-55330, CVE-2025-55332, CVE-2025-55333, CVE-2025-55337, CVE-2025-55338 and CVE-2025-55682.
You can check them out here 👉 https://t.co/HYrfpKwX8g https://t.co/mbpkdfkE4l
2025-10-14 17:40:45
#18 · PT-2025-42017 · Microsoft · Windows Bitlocker
Published
2025-10-14
·
Updated
2025-10-15
·
CVE-2025-55332
6.1
Medium
Base
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions
Windows BitLocker (affected versions not specified)
Description
An issue exists in Windows BitLocker related to improper enforcement of behavioral workflow. This allows an unauthorized attacker to bypass a security feature through a physical attack.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
X.com
2 Posts
26Reposts
8.3 K Audience
Related posts · 3
Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today:
-
📝 In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
-
📅 Published: 04/09/2025
-
📈 CVSS: 5.5
-
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
-
📣 Mentions: 2
-
⚠️ Priority: 4
-
📝 Analysis: A side channel information disclosure vulnerability exists in multiple locations, potentially allowing local data exposure without requiring additional execution privileges or user interaction. No known exploits have been detected in the wild. Given the low Exploitability Score (EPSS) and CVSS score of 5.5, this is classified as a priority 4 issue, indicating a low risk at this time.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A BitLocker security bypass vulnerability has been identified, enabling remote attackers to compromise sensitive data with moderate exploitability and high impact. While no in-the-wild activity has been confirmed yet, it is a priority 2 issue due to its high CVSS score.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A Windows BitLocker Security Feature Bypass vulnerability has been identified (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C). Currently, no known exploits are active in the wild. Given the high CVSS score and pending analysis, it's crucial to assess potential impact on affected systems.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A Windows BitLocker Security Feature Bypass vulnerability has been identified. This issue allows unauthorized access with potential data compromise. No known exploits have been detected in the wild, but due to its high impact and moderate exploitability, it is a priority 2 vulnerability requiring attention.
-
📝 Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
-
📅 Published: 30/06/2025
-
📈 CVSS: 9.3
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-
📣 Mentions: 75
-
⚠️ Priority: 1+
-
📝 Analysis: A local privilege escalation vulnerability exists in Sudo before 1.9.17p1, enabling local users to gain root access due to improper handling of user-controlled directories with the --chroot option. Currently, no known exploits are active in the wild, making this a priority 4 issue according to our scoring system. Please update affected systems to the latest version.
-
📝 No description available.
-
📅 Published: 05/10/2025
-
📈 CVSS: 9.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📣 Mentions: 38
-
⚠️ Priority: 1+
-
📝 Analysis: A critical (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) vulnerability has been identified, with no description available. As of now, no known in-the-wild activity has been reported (CISA KEV). Due to its high severity and currently low exploitability, it is classified as a priority 2 vulnerability.
-
📝 n/a
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📝 Analysis: Debian Linux - 7zip
-
📝 n/a
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📝 Analysis: Debian Linux - 7zip
-
📝 No description available.
-
📅 Published: 12/10/2025
-
📈 CVSS: 7.5
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-
📣 Mentions: 13
-
⚠️ Priority: 2
-
📝 Analysis: A remote code execution vulnerability in version-unspecified software module allows attackers to execute commands; currently no exploits detected in the wild, making it a priority 2 issue due to high CVSS score but low Exploitability Scoring System (ESS) score.
10. CVE-2025-38001
-
📝 In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to determine whether it is the first insertion or not [2], but this field is only incremented by init_vf [3]. By using HFSC_RSC (which uses init_ed) [4], it is possible to bypass the check and insert the class twice in the eltree. Under normal conditions, this would lead to an infinite loop in hfsc_dequeue for the reasons we already explained in this report [5]. However, if TBF is added as root qdisc and it is configured with a very low rate, it can be utilized to prevent packets from being dequeued. This behavior can be exploited to perform subsequent insertions in the HFSC eltree and cause a UAF. To fix both the UAF and the infinite loop, with netem as an hfsc child, check explicitly in hfsc_enqueue whether the class is already in the eltree whenever the HFSC_RSC flag is set. [1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=141d34391abbb315d68556b7c67ad97885407547 [2] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1572 [3] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L677 [4] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1574 [5] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/T/#u
-
📅 Published: 06/06/2025
-
📈 CVSS: 0
-
🧭 Vector: n/a
-
📣 Mentions: 12
-
⚠️ Priority: 4
-
📝 Analysis: A UAF vulnerability has been identified in Linux kernel's net_sched when utilizing HFSC with NETEM. The patch (141d3439) can be bypassed, causing a UAF under specific conditions involving TBF and low rates. To mitigate, explicitly check for class presence during hfsc_enqueue if the HFSC_RSC flag is set. Currently, this vulnerability has low exploitability and activity in the wild (CISA KEV: Priority 4).
Let us know if you're tracking any of these or if you find any issues with the provided details.
2025-10-15 10:05:41
CVE-2025-55332 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. https://t.co/o7gsv5QBlG
2025-10-14 18:49:07
Today's Patch Tuesday includes 6 CVEs for vulnerabilities that I found in BitLocker -
CVE-2025-55330, CVE-2025-55332, CVE-2025-55333, CVE-2025-55337, CVE-2025-55338 and CVE-2025-55682.
You can check them out here 👉 https://t.co/HYrfpKwX8g https://t.co/mbpkdfkE4l
2025-10-14 17:40:45
#19 · PT-2025-42022 · Microsoft · Windows Bitlocker
Published
2025-10-14
·
Updated
2025-10-15
·
CVE-2025-55337
6.1
Medium
Base
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions
Windows BitLocker (affected versions not specified)
Description
An issue with how behavioral workflow is enforced in Windows BitLocker can allow an unauthorized attacker to bypass a security feature through a physical attack.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
X.com
2 Posts
26Reposts
8.3 K Audience
Related posts · 3
Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today:
-
📝 In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
-
📅 Published: 04/09/2025
-
📈 CVSS: 5.5
-
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
-
📣 Mentions: 2
-
⚠️ Priority: 4
-
📝 Analysis: A side channel information disclosure vulnerability exists in multiple locations, potentially allowing local data exposure without requiring additional execution privileges or user interaction. No known exploits have been detected in the wild. Given the low Exploitability Score (EPSS) and CVSS score of 5.5, this is classified as a priority 4 issue, indicating a low risk at this time.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A BitLocker security bypass vulnerability has been identified, enabling remote attackers to compromise sensitive data with moderate exploitability and high impact. While no in-the-wild activity has been confirmed yet, it is a priority 2 issue due to its high CVSS score.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A Windows BitLocker Security Feature Bypass vulnerability has been identified (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C). Currently, no known exploits are active in the wild. Given the high CVSS score and pending analysis, it's crucial to assess potential impact on affected systems.
-
📝 Windows BitLocker Security Feature Bypass Vulnerability
-
📅 Published: 14/10/2025
-
📈 CVSS: 6.1
-
🧭 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
-
📣 Mentions: 2
-
📝 Analysis: A Windows BitLocker Security Feature Bypass vulnerability has been identified. This issue allows unauthorized access with potential data compromise. No known exploits have been detected in the wild, but due to its high impact and moderate exploitability, it is a priority 2 vulnerability requiring attention.
-
📝 Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
-
📅 Published: 30/06/2025
-
📈 CVSS: 9.3
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-
📣 Mentions: 75
-
⚠️ Priority: 1+
-
📝 Analysis: A local privilege escalation vulnerability exists in Sudo before 1.9.17p1, enabling local users to gain root access due to improper handling of user-controlled directories with the --chroot option. Currently, no known exploits are active in the wild, making this a priority 4 issue according to our scoring system. Please update affected systems to the latest version.
-
📝 No description available.
-
📅 Published: 05/10/2025
-
📈 CVSS: 9.8
-
🛡️ CISA KEV: True
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📣 Mentions: 38
-
⚠️ Priority: 1+
-
📝 Analysis: A critical (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) vulnerability has been identified, with no description available. As of now, no known in-the-wild activity has been reported (CISA KEV). Due to its high severity and currently low exploitability, it is classified as a priority 2 vulnerability.
-
📝 n/a
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📝 Analysis: Debian Linux - 7zip
-
📝 n/a
-
📈 CVSS: 9.8
-
🧭 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
📝 Analysis: Debian Linux - 7zip
-
📝 No description available.
-
📅 Published: 12/10/2025
-
📈 CVSS: 7.5
-
🧭 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-
📣 Mentions: 13
-
⚠️ Priority: 2
-
📝 Analysis: A remote code execution vulnerability in version-unspecified software module allows attackers to execute commands; currently no exploits detected in the wild, making it a priority 2 issue due to high CVSS score but low Exploitability Scoring System (ESS) score.
10. CVE-2025-38001
-
📝 In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to determine whether it is the first insertion or not [2], but this field is only incremented by init_vf [3]. By using HFSC_RSC (which uses init_ed) [4], it is possible to bypass the check and insert the class twice in the eltree. Under normal conditions, this would lead to an infinite loop in hfsc_dequeue for the reasons we already explained in this report [5]. However, if TBF is added as root qdisc and it is configured with a very low rate, it can be utilized to prevent packets from being dequeued. This behavior can be exploited to perform subsequent insertions in the HFSC eltree and cause a UAF. To fix both the UAF and the infinite loop, with netem as an hfsc child, check explicitly in hfsc_enqueue whether the class is already in the eltree whenever the HFSC_RSC flag is set. [1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=141d34391abbb315d68556b7c67ad97885407547 [2] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1572 [3] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L677 [4] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1574 [5] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/T/#u
-
📅 Published: 06/06/2025
-
📈 CVSS: 0
-
🧭 Vector: n/a
-
📣 Mentions: 12
-
⚠️ Priority: 4
-
📝 Analysis: A UAF vulnerability has been identified in Linux kernel's net_sched when utilizing HFSC with NETEM. The patch (141d3439) can be bypassed, causing a UAF under specific conditions involving TBF and low rates. To mitigate, explicitly check for class presence during hfsc_enqueue if the HFSC_RSC flag is set. Currently, this vulnerability has low exploitability and activity in the wild (CISA KEV: Priority 4).
Let us know if you're tracking any of these or if you find any issues with the provided details.
2025-10-15 10:05:41
CVE-2025-55337 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. https://t.co/kxLMfSkOYu
2025-10-14 18:49:07
Today's Patch Tuesday includes 6 CVEs for vulnerabilities that I found in BitLocker -
CVE-2025-55330, CVE-2025-55332, CVE-2025-55333, CVE-2025-55337, CVE-2025-55338 and CVE-2025-55682.
You can check them out here 👉 https://t.co/HYrfpKwX8g https://t.co/mbpkdfkE4l
2025-10-14 17:40:45
#20 · PT-2025-42032 · Microsoft · Windows Bitlocker
Published
2025-10-14
·
Updated
2025-10-14
·
CVE-2025-55682
6.1
Medium
Base
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions
Windows BitLocker (affected versions not specified)
Description
An issue with how behavioral workflow is enforced in Windows BitLocker can allow an attacker to bypass a security feature through a physical attack. The issue allows an unauthorized attacker to bypass a security feature.
Recommendations
At the moment, there is no information about a newer version that conta...
MoreX.com
2 Posts
26Reposts
8.2 K Audience
Related posts · 2
CVE-2025-55682 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. https://t.co/59xAeZi3Wr
2025-10-14 18:49:06
Today's Patch Tuesday includes 6 CVEs for vulnerabilities that I found in BitLocker -
CVE-2025-55330, CVE-2025-55332, CVE-2025-55333, CVE-2025-55337, CVE-2025-55338 and CVE-2025-55682.
You can check them out here 👉 https://t.co/HYrfpKwX8g https://t.co/mbpkdfkE4l
2025-10-14 17:40:45
#21 · PT-2025-31937 · Ictbroadcast
Valentin Lobstein
·
Published
2025-08-05
·
Updated
2025-10-15
·
CVE-2025-2611
9.3
Critical
Base
AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions
ICTBroadcast versions 7.4 and below
Description
The ICTBroadcast application improperly handles session cookie data, passing it to shell processing. This allows an attacker to inject shell commands into a session cookie, leading to unauthenticated remote code execution on the server. The issue has been observed being exploited in the wild. No information is available regardi...
MoreExploit
Fix
RCE
X.com
5 Posts
5Reposts
59.8 K Audience
Related posts · 8
Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier...
CVEs: CVE-2025-2611
Source: https://thehackernews.com/2025/10/hackers-target-ictbroadcast-servers-via.html
2025-10-15 08:01:43
🍪 A cookie that spawns a shell 💀
A critical flaw (CVE-2025-2611, CVSS 9.3) in ICTBroadcast autodialer software is under active exploitation.
Attackers inject commands via the BROADCAST session cookie for unauthenticated remote code execution.
No patch yet — check your stack → https://thehackernews.com/2025/10/hackers-target-ictbroadcast-servers-via.html
~200 servers are exposed.
2025-10-15 06:17:16
Over the long weekend, @VulnCheckAI observed in-the-wild exploitation of CVE-2025-2611, an unauthenticated command injection vuln in ICTBroadcast. Payload + attacker behavior analysis here c/o @Junior_Baines https://t.co/RLEBJ8rMIX
2025-10-14 16:34:12
#22 · PT-2025-11082 · Zimbra · Zimbra Collaboration
Published
2025-01-27
·
Updated
2025-10-14
·
CVE-2025-27915
5.5
Medium
Base
AV:N/AC:L/Au:S/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions
Zimbra Collaboration Suite (ZCS) versions 9.0, 10.0, and 10.1
Zimbra Collaboration Suite (ZCS) versions 9.0.0 Patch 44, 10.0.13 and 10.1.5
Description
A stored cross-site scripting (XSS) issue exists in the Classic Web Client of Zimbra Collaboration Suite (ZCS) due to insufficient sanitization of HTML content within ICS (iCalendar) files. When a user views an email containin...
MoreExploit
Fix
RCE
XSS
X.com
27 Posts
77Reposts
92.5 K Audience
Related posts · 44
Ловите вкусные баги прошедшей недели + PoC
#CVE #Redis #Oracle #подборка
➡️Redis — RediShell (CVE-2025-49844, CVSS 10.0)
Критический use-after-free в Lua-движке Redis, присутствовавший в кодовой базе 13 лет. При наличии возможности отправлять Lua-скрипты (EVAL/EVALSHA) уязвимость позволяет разрушить изоляцию Lua VM и добиться RCE в контексте процесса redis-server. В сети обнаружено порядка 330к публичных инстансов Redis, из них 60к без аутентификации.
➡️VMware Aria Operations / VMware Tools (CVE-2025-41244, CVSS 7.8)
LPE в гостевой ОС. При установленном VMware Tools и управлении через Aria Operations с включенным Service Discovery Management Pack (SDMP) можно даже с неполными привилегиями повысить права в гостевой системе до root/Administrator. Замечены случаи эксплуатации in-the-wild.
➡️OpenSSH — ProxyCommand newline injection (CVE-2025-61984, CVSS 7.8)
Command injection при формировании ProxyCommand. Если в имя пользователя и/или внешние данные попадают управляющие символы, итоговая команда для ProxyCommand может быть интерпретирована shell-ом так, что можно добиться выполнения произвольных команд на клиенте. То есть некорректная санитизация и экранирование токенов при подстановке в шаблоны.
➡️ Zimbra Collaboration — Classic Web Client XSS через .ICS (CVE-2025-27915, CVSS 6.1).
Недостаточная санация HTML внутри iCalendar (.ICS). Встраивание HTML/JS (например, ) в событие приводит к выполнению скрипта при просмотре в классическом веб-клиенте. Позволяет украсть куки/токены, пересылать письма, менять фильтры, читать почту.
➡️3DEXPERIENCE (CVE-2025-9976, CVSS 9.0)
Интегрированная PLM-платформа от Dassault Systemes, объединяющая CAD, CAE, CAM и управление инженерными данными в единую среду разработки. Баг представляет собой OS command injection в компоненте Station Launcher. Специально сформированный параметр может быть внедрен в системный вызов и привести к выполнению произвольных команд на машине пользователя. Без PoC, зато свежак.
P.s. как вам такой формат постов? 😬 - если кайф, 🔥 - если надо еще доработать. Такой формат будет выходить по пн
🌚 @poxek | 📲 MAX |🌚 Блог | 📺 YT | 📺 RT | 📺 VK | ❤️ Мерч
2025-10-14 09:28:40
⚠️ Attackers Exploit Zimbra Zero-Day via ICS Calendar File
A state-linked actor masquerading as the Libyan Navy delivered a malicious ICS file exploiting an XSS flaw (CVE-2025-27915) in Zimbra’s web client to steal credentials, emails, manipulate inbox filters, and exfiltrate data.
The exploit bypassed many protections by embedding JavaScript in calendar events, a stealthy route that rarely triggers conventional security tooling.
#CyberSecurity #ThreatHunting #EmailSecurity #ZeroDay
2025-10-13 20:30:12
⚠ Zimbra zero-day (CVE-2025-27915) exploited via malicious .ICS — targeted campaigns observed.
Patch Zimbra, block external .ics for now, and hunt for odd calendar opens.
#Zimbra #ZeroDay #ThreatIntel #InfoSec
2025-10-12 13:36:29
#23 · PT-2025-25212 · Microsoft · M365 Copilot
Es7Evam
+1
·
Published
2025-06-11
·
Updated
2025-10-14
·
CVE-2025-32711
9.3
Critical
Base
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Name of the Vulnerable Software and Affected Versions
Microsoft 365 Copilot (affected versions not specified)
Description
A critical zero-click AI command injection issue exists in Microsoft 365 Copilot, allowing an unauthorized attacker to disclose information over a network. This vulnerability, dubbed EchoLeak (CVE-2025-32711), enables attackers to steal sensitive data silently via email without any user interaction. The atta...
MoreCommand Injection
X.com
58 Posts
109Reposts
25.4 M Audience
Related posts · 76
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy7mM7
2025-10-14 21:50:00
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/JuJYI6Sbr2
2025-10-14 20:15:00
The #EchoLeak vulnerability (CVE-2025-32711) exposes how AI CoPilots like #Microsoft365 can become silent conduits for data theft and hybrid warfare: @SoumyaAwasthi17 https://t.co/GIyPYy6OWz
2025-10-14 13:05:00
#24 · PT-2025-41785 · Elastic · Cloud Enterprise
Published
2025-10-13
·
Updated
2025-10-14
·
CVE-2025-37729
9.1
Critical
Base
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Elastic Cloud Enterprise versions 2.5.0 through 3.8.1
Elastic Cloud Enterprise version 4.0.0 through 4.0.1
Description
An issue exists in Elastic Cloud Enterprise (ECE) related to the improper handling of special elements within its template engine. This flaw allows a malicious actor with Admin access to potentially exfiltrate sensitive information and execute commands by cr...
MoreFix
RCE
X.com
11 Posts
11Reposts
4.7 K Audience
Related posts · 14
Elastic Cloud Enterprise Flaw Enables Remote Code Execution
Elastic released a critical security update for ECE (CVE-2025-37729, CVSS 9.1) affecting versions 2.5.0-3.8.1 and 4.0.0-4.0.1. The flaw allows authenticated admins to execute arbitrary commands via template injection, risking data exfiltration. Upgrading to 3.8.2 or 4.0.2 is urgent; no workarounds exist.
Read more: https://t.co/c6gsbt1uqt
Discover the app: https://t.co/64Pz1q6d9x
#CloudSecurity #DevOps #Infrastructure #AWS #Azure #Secwiser
2025-10-14 10:06:57
Critical Elastic Cloud Flaw: CVE-2025-37729 (CVSS 9.1) Allows RCE via Jinjava Template Injection
2025-10-14 07:15:32
🚨 𝐅𝐫𝐞𝐬𝐡 𝐂𝐕𝐄 𝐚𝐥𝐞𝐫𝐭 𝐣𝐮𝐬𝐭 𝐢𝐧!
CVE-2025-37729 enables RCE in Elastic Cloud via Jinjava. Learn how to patch, monitor, and prevent exploitation of this critical flaw.
🔗 Read the full breakdown → https://t.co/tyNYbYbX2P
What’s your take? Share with us!
2025-10-14 07:01:47
#25 · PT-2025-40939 · Openbsd · Openssh
David Leadbeater
·
Published
2025-10-06
·
Updated
2025-10-15
·
CVE-2025-61984
3.6
Low
Base
AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions
OpenSSH versions prior to 10.1
Description
The software contains a flaw where control characters within usernames originating from untrusted sources can lead to code execution when a
MoreProxyCommandExploit
Fix
RCE
X.com
21 Posts
179Reposts
48.8 K Audience
Related posts · 34
Ловите вкусные баги прошедшей недели + PoC
#CVE #Redis #Oracle #подборка
➡️Redis — RediShell (CVE-2025-49844, CVSS 10.0)
Критический use-after-free в Lua-движке Redis, присутствовавший в кодовой базе 13 лет. При наличии возможности отправлять Lua-скрипты (EVAL/EVALSHA) уязвимость позволяет разрушить изоляцию Lua VM и добиться RCE в контексте процесса redis-server. В сети обнаружено порядка 330к публичных инстансов Redis, из них 60к без аутентификации.
➡️VMware Aria Operations / VMware Tools (CVE-2025-41244, CVSS 7.8)
LPE в гостевой ОС. При установленном VMware Tools и управлении через Aria Operations с включенным Service Discovery Management Pack (SDMP) можно даже с неполными привилегиями повысить права в гостевой системе до root/Administrator. Замечены случаи эксплуатации in-the-wild.
➡️OpenSSH — ProxyCommand newline injection (CVE-2025-61984, CVSS 7.8)
Command injection при формировании ProxyCommand. Если в имя пользователя и/или внешние данные попадают управляющие символы, итоговая команда для ProxyCommand может быть интерпретирована shell-ом так, что можно добиться выполнения произвольных команд на клиенте. То есть некорректная санитизация и экранирование токенов при подстановке в шаблоны.
➡️ Zimbra Collaboration — Classic Web Client XSS через .ICS (CVE-2025-27915, CVSS 6.1).
Недостаточная санация HTML внутри iCalendar (.ICS). Встраивание HTML/JS (например, ) в событие приводит к выполнению скрипта при просмотре в классическом веб-клиенте. Позволяет украсть куки/токены, пересылать письма, менять фильтры, читать почту.
➡️3DEXPERIENCE (CVE-2025-9976, CVSS 9.0)
Интегрированная PLM-платформа от Dassault Systemes, объединяющая CAD, CAE, CAM и управление инженерными данными в единую среду разработки. Баг представляет собой OS command injection в компоненте Station Launcher. Специально сформированный параметр может быть внедрен в системный вызов и привести к выполнению произвольных команд на машине пользователя. Без PoC, зато свежак.
P.s. как вам такой формат постов? 😬 - если кайф, 🔥 - если надо еще доработать. Такой формат будет выходить по пн
🌚 @poxek | 📲 MAX |🌚 Блог | 📺 YT | 📺 RT | 📺 VK | ❤️ Мерч
2025-10-14 09:28:40
Shows how control/newline characters in usernames can force shells to run extra commands via ProxyCommand, enabling RCE in some configs.
#SSH
2025-10-14 05:30:30
En el artículo, se abordan los detalles del CVE-2025-61984, una vulnerabilidad crítica que afecta a la funcionalidad de ProxyCommand en SSH. El autor explica cómo esta vulnerabilidad permite a un atacante ejecutar comandos arbitrarios en el contexto del usuario que utiliza SSH, lo que puede llevar a comprometer sistemas enteros. Se discuten las implicaciones de seguridad de esta vulnerabilidad, así como las medidas de mitigación que los administradores de sistemas deben considerar para proteger sus entornos. Además, se proporciona un análisis técnico sobre cómo se puede explotar esta vulnerabilidad y se enfatiza la importancia de aplicar parches y actualizaciones de seguridad de manera oportuna. [https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984]
2025-10-13 22:04:07
#26 · PT-2025-37259 · Microsoft · Windows 11
Published
2025-09-11
·
Updated
2025-10-15
·
CVE-2025-8061
7.0
High
Base
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Lenovo Dispatcher versions 3.0 and 3.1
Description
An insufficient access control issue exists in the Lenovo Dispatcher drivers used by some Lenovo consumer notebooks. This could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2 driver is not affected. The issue does not affect systems when the Windows feature Core Isolatio...
MoreFix
LPE
X.com
10 Posts
71Reposts
24.5 K Audience
Related posts · 13
Lenovo CVE-2025-8061: PoC for popping a system shell against the LnvMSRIO.sys driver
2025-10-15 01:51:38
A severe vulnerability in Lenovo Dispatcher drivers allows local attackers to execute arbitrary code with elevated privileges, raising concerns for unpatched devices.
Key Points:
- Vulnerability identified as CVE-2025-8061 due to insufficient access controls in Lenovo Dispatcher drivers.
- Affected systems include older Lenovo consumer notebooks with driver versions 3.0 and 3.1.
- Proof-of-concept exploit demonstrates easy exploitation by local attackers, highlighting serious security risks.
- Lenovo has released patches for the vulnerability, urging users to update to version 3.1.0.41 or later.
- Users should enable Windows Core Isolation Memory Integrity to further mitigate risks.
A critical vulnerability has been discovered in the Dispatcher drivers of Lenovo consumer notebooks, identified as CVE-2025-8061. This flaw results from inadequate access controls, potentially enabling local attackers to execute arbitrary code with elevated privileges. The affected systems predominantly include those running older versions of the Dispatcher driver, specifically versions 3.0 and 3.1. As noted, the National Vulnerability Database has rated this issue with a CVSS score of 7.3, emphasizing significant impacts on confidentiality, integrity, and availability, despite requiring local access for exploitation.
Security researchers from Quarkslab have detailed a proof-of-concept exploit that showcases how the vulnerability can be exploited to achieve privilege escalation. They highlighted the potential for attackers to leverage the driver's MSR read primitive to access kernel addresses and bypass security protections. Lenovo has responded by releasing patched drivers in September 2025 and strongly advises all users to check and update their systems promptly. For enhanced security, users are encouraged to activate Windows Core Isolation features, which can help prevent such exploitations. Organizations must remain proactive in monitoring their drivers and implementing necessary updates to protect their data and systems effectively.
What steps are you taking to ensure your devices are protected from this vulnerability?
Learn More: Cyber Security News
Want to stay updated on the latest cyber threats?
2025-10-14 07:05:40
''BYOVD to the next level (part 1) — exploiting a vulnerable driver (CVE-2025-8061) - Quarkslabs blog''
#infosec #pentest #redteam #blueteam
https://t.co/DrKqtGPANd
2025-10-12 13:28:01
#27 · PT-2025-21007 · Microsoft · Outlook
Haifei Li
·
Published
2025-05-13
·
Updated
2025-10-14
·
CVE-2025-32705
7.8
High
Base
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Microsoft Office Outlook (affected versions not specified)
Description
The issue is an out-of-bounds read in Microsoft Office Outlook, which could allow an unauthorized attacker to execute code locally. The issue can be triggered by oversized files in attachments, such as ICS calendars, leading to memory corruption. As of July 2025, updates are available to address this issu...
MoreRCE
Out of bounds Read
X.com
9 Posts
4Reposts
6.3 M Audience
Related posts · 10
Microsoft continues to patch bugs found through my Office fuzzing project. Today they have patched:
- Microsoft Word Remote Code Execution Vulnerability (CVE-2025-59221) https://t.co/xv55zoKIVm
- Microsoft Word Remote Code Execution Vulnerability (CVE-2025-59222) https://t.co/sXxQUQQqYw
These two bugs are in a new attack vector specific to Microsoft Word. It took me a really significant amount of time and energy to help MSRC reproduce the issues (see the timeline for CVE-2025-59221/97766 https://t.co/r70aJwy0BI). Despite all the HUGE effort, MSRC rated the quality as "low" (which I still personally disagree with:P).
Let me take a break and review for my year-long journey in Office bug hunting since I started this project (which I wanted to do for a long time) last October. I’m happy to report that I’ve reported approximately 28 Office bugs during this journey. Most of them have been patched and were in Microsoft Word (see the list below), few were duplicated or non-exploitable though, and there are still 7 or 8 bugs waiting to be confirmed and patched by Microsoft.
October 2025:
- Word RCE, CVE-2025-59221
- Word RCE, CVE-2025-59222
August 2025:
- Word RCE, CVE-2025-53738
- Word RCE, CVE-2025-53784
July 2025:
- Word RCE, CVE-2025-49699
- Word RCE, CVE-2025-49700
June 2025:
- Word RCE/heap-overflow, CVE-2025-32717
- Word RCE, CVE-2025-47170
- Word RCE, CVE-2025-47957
May 2025:
- Outlook RCE, CVE-2025-32705
- PowerPoint RCE, CVE-2025-29978
April 2025:
- Word RCE, CVE-2025-29820
March 2025:
- Word RCE, CVE-2025-26629
- Word RCE, CVE-2025-24077
- Word RCE, CVE-2025-24078
- Word RCE, CVE-2025-24079
- Word RCE, CVE-2025-24080
February 2025:
- Word RCE, CVE-2025-21392
- Word RCE, CVE-2025-21397
For me, this proves that my systematic, code-coverage-based bug hunting methodology is effective and powerful. By maximizing code coverage in the target application, even with mature software like Microsoft Office, you can still find a lot of bugs.
For Microsoft and the general public (Office users), I believe together we've made Office much safer by patching various bugs across different attack vectors. Thank you to all the Microsoft folks who have worked with me.
I will probably continue this journey, as I know I’ve only scratched the surface of this vast challenge. My fuzzing system still generates new code coverage (samples) every day, and there are many "adjustments" to the fuzzer to target different attack vectors and during the bug analyzing process, I continued to learn about new attack vectors. There's still a lot of work to do if I receive support. But for now, let me take some vacations first. :)
#PatchTuesday #VulnerabilityResearch #OfficeSecurity #fuzzing #codecoverage
2025-10-14 21:39:49
@MrsDrLinda Yes, oversized files in attachments like ICS calendars can exploit vulnerabilities such as CVE-2025-32705 in Outlook, leading to remote code execution via memory corruption. Update to the latest patches (as of July 2025) and avoid opening large files from untrusted sources.
2025-08-03 18:37:56
Threat Alert: Critical Microsoft Outlook Flaw Enables Remote Execution of Arbitrary Code
CVE-2025-32705
Severity: 🔴 High
Maturity: 💢 Emerging
Learn more: https://t.co/OgA8XornRn
#CyberSecurity #ThreatIntel #InfoSec
2025-05-15 10:00:11
#28 · PT-2025-21253 · Node.Js · Node.Js
Panva
+1
·
Published
2025-01-01
·
Updated
2025-10-14
·
CVE-2025-23166
7.8
High
Base
AV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions
Node.js versions 20.x through 24.x
Description
Node.js is susceptible to a remote crash issue due to a flaw in the
MoreSignTraits::DeriveBits()ThrowException()Fix
DoS
X.com
16 Posts
13Reposts
210.1 K Audience
Related posts · 20
🚨CVE-2025-23166: The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process.
CVSS: 7.5
FOFA Link: https://t.co/RYU445HCqY
FOFA Query: app="Node.js"
Results: 18,136,044
Advisory: https://t.co/ycKljZfNkg
2025-10-14 20:38:43
#NodeJS Critical Alert! CVE-2025-23166 (8.2 CVSS) lets attackers crash apps via crypto ops. Patch with:
zypper in -t patch SUSE-2025-1878=1
Details: 👉 https://t.co/efPdcmBljb #Infosec https://t.co/9s7QRtwckl
2025-06-11 20:53:23
@AzAppService When will you update the NodeJS version for AppService to mitigate CVE-2025-23166?
2025-05-20 10:45:17
#29 · PT-2025-32858 · Microsoft · Office Word
Haifei Li
·
Published
2025-08-12
·
Updated
2025-10-14
·
CVE-2025-53784
8.4
High
Base
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Microsoft Office Word (affected versions not specified)
Description
A use-after-free condition exists in Microsoft Office Word, potentially allowing an unauthorized attacker to execute code locally. This can occur when opening a specially crafted document. Multiple reports indicate this issue is part of a series of use-after-free flaws addressed in a recent Microsoft patch r...
MoreRCE
Use After Free
X.com
6 Posts
7Reposts
68.2 K Audience
Related posts · 9
Microsoft continues to patch bugs found through my Office fuzzing project. Today they have patched:
- Microsoft Word Remote Code Execution Vulnerability (CVE-2025-59221) https://t.co/xv55zoKIVm
- Microsoft Word Remote Code Execution Vulnerability (CVE-2025-59222) https://t.co/sXxQUQQqYw
These two bugs are in a new attack vector specific to Microsoft Word. It took me a really significant amount of time and energy to help MSRC reproduce the issues (see the timeline for CVE-2025-59221/97766 https://t.co/r70aJwy0BI). Despite all the HUGE effort, MSRC rated the quality as "low" (which I still personally disagree with:P).
Let me take a break and review for my year-long journey in Office bug hunting since I started this project (which I wanted to do for a long time) last October. I’m happy to report that I’ve reported approximately 28 Office bugs during this journey. Most of them have been patched and were in Microsoft Word (see the list below), few were duplicated or non-exploitable though, and there are still 7 or 8 bugs waiting to be confirmed and patched by Microsoft.
October 2025:
- Word RCE, CVE-2025-59221
- Word RCE, CVE-2025-59222
August 2025:
- Word RCE, CVE-2025-53738
- Word RCE, CVE-2025-53784
July 2025:
- Word RCE, CVE-2025-49699
- Word RCE, CVE-2025-49700
June 2025:
- Word RCE/heap-overflow, CVE-2025-32717
- Word RCE, CVE-2025-47170
- Word RCE, CVE-2025-47957
May 2025:
- Outlook RCE, CVE-2025-32705
- PowerPoint RCE, CVE-2025-29978
April 2025:
- Word RCE, CVE-2025-29820
March 2025:
- Word RCE, CVE-2025-26629
- Word RCE, CVE-2025-24077
- Word RCE, CVE-2025-24078
- Word RCE, CVE-2025-24079
- Word RCE, CVE-2025-24080
February 2025:
- Word RCE, CVE-2025-21392
- Word RCE, CVE-2025-21397
For me, this proves that my systematic, code-coverage-based bug hunting methodology is effective and powerful. By maximizing code coverage in the target application, even with mature software like Microsoft Office, you can still find a lot of bugs.
For Microsoft and the general public (Office users), I believe together we've made Office much safer by patching various bugs across different attack vectors. Thank you to all the Microsoft folks who have worked with me.
I will probably continue this journey, as I know I’ve only scratched the surface of this vast challenge. My fuzzing system still generates new code coverage (samples) every day, and there are many "adjustments" to the fuzzer to target different attack vectors and during the bug analyzing process, I continued to learn about new attack vectors. There's still a lot of work to do if I receive support. But for now, let me take some vacations first. :)
#PatchTuesday #VulnerabilityResearch #OfficeSecurity #fuzzing #codecoverage
2025-10-14 21:39:49
■ CVE-2025-53784 - Microsoft Word Remote Code Execution Vulnerability
→ Release: 2025-08-12
→ Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
2025-08-15 09:55:58
🔒 В августовском патче Microsoft исправила более 100 уязвимостей, в числе которых — 13 RCE, затрагивающие Windows и Office
Среди критических проблем, требующих немедленного исправления:
🔵 CVE‑2025‑50165 — баг в Windows Graphics Component. Атака возможна без участия пользователя: злоумышленник использует неинициализированный указатель на функцию, вызываемый при декодировании JPEG‑изображений, встроенных в документы.
🔵 CVE‑2025‑50176 — type confusion в графическом ядре Windows. Эксплуатируется локально с низкими привилегиями.
🔵 CVE‑2025‑50177 — use-after-free в Microsoft Message Queuing (MSMQ). Позволяет неаутентифицированному атакующему выполнить RCE при успешной эксплуатации race condition.
🔵 CVE‑2025‑53731, CVE‑2025‑53740, CVE‑2025‑53733, CVE‑2025‑53784 — серия use-after-free багов в Microsoft Office и Word. Вредоносный код может быть выполнен при открытии зараженного документа.
Два бага из патча, предположительно, эксплуатируются in-the-wild:
🔵 CVE‑2025‑53786 — уязвимость повышения привилегий в гибридных развертываниях Microsoft Exchange Server. При использовании общего сервис-принципала между Exchange Server и Exchange Online атакующий с доступом к локальному Exchange может незаметно перейти в Microsoft 365 и получить доступ к облачной среде почти без следов в логах.
🔵 CVE-2025-53779 — повышение привилегий через относительный обход пути (relative path traversal) в протоколе Windows Kerberos (Windows Server 2025). Атакующий с локальным доступом может эскалировать права до доменного администратора и захватить серверную инфраструктуру.
🔗 Раскладка всех багов доступна по ссылке.
#blue_team #CVE_дня
2025-08-13 15:12:23
#30 · PT-2025-10823 · Microsoft · Office
Haifei Li
·
Published
2025-03-11
·
Updated
2025-10-14
·
CVE-2025-24080
7.8
High
Base
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions
Microsoft Office (affected versions not specified)
Description
A use after free condition exists in Microsoft Office, allowing an unauthorized attacker to execute code. The issue enables remote attackers to execute arbitrary code and affect the system. The vulnerability involves the potential for using memory after it has been freed, which could allow an attacker to execute...
MoreRCE
Use After Free
X.com
5 Posts
1Reposts
59.0 K Audience
Related posts · 6
Microsoft continues to patch bugs found through my Office fuzzing project. Today they have patched:
- Microsoft Word Remote Code Execution Vulnerability (CVE-2025-59221) https://t.co/xv55zoKIVm
- Microsoft Word Remote Code Execution Vulnerability (CVE-2025-59222) https://t.co/sXxQUQQqYw
These two bugs are in a new attack vector specific to Microsoft Word. It took me a really significant amount of time and energy to help MSRC reproduce the issues (see the timeline for CVE-2025-59221/97766 https://t.co/r70aJwy0BI). Despite all the HUGE effort, MSRC rated the quality as "low" (which I still personally disagree with:P).
Let me take a break and review for my year-long journey in Office bug hunting since I started this project (which I wanted to do for a long time) last October. I’m happy to report that I’ve reported approximately 28 Office bugs during this journey. Most of them have been patched and were in Microsoft Word (see the list below), few were duplicated or non-exploitable though, and there are still 7 or 8 bugs waiting to be confirmed and patched by Microsoft.
October 2025:
- Word RCE, CVE-2025-59221
- Word RCE, CVE-2025-59222
August 2025:
- Word RCE, CVE-2025-53738
- Word RCE, CVE-2025-53784
July 2025:
- Word RCE, CVE-2025-49699
- Word RCE, CVE-2025-49700
June 2025:
- Word RCE/heap-overflow, CVE-2025-32717
- Word RCE, CVE-2025-47170
- Word RCE, CVE-2025-47957
May 2025:
- Outlook RCE, CVE-2025-32705
- PowerPoint RCE, CVE-2025-29978
April 2025:
- Word RCE, CVE-2025-29820
March 2025:
- Word RCE, CVE-2025-26629
- Word RCE, CVE-2025-24077
- Word RCE, CVE-2025-24078
- Word RCE, CVE-2025-24079
- Word RCE, CVE-2025-24080
February 2025:
- Word RCE, CVE-2025-21392
- Word RCE, CVE-2025-21397
For me, this proves that my systematic, code-coverage-based bug hunting methodology is effective and powerful. By maximizing code coverage in the target application, even with mature software like Microsoft Office, you can still find a lot of bugs.
For Microsoft and the general public (Office users), I believe together we've made Office much safer by patching various bugs across different attack vectors. Thank you to all the Microsoft folks who have worked with me.
I will probably continue this journey, as I know I’ve only scratched the surface of this vast challenge. My fuzzing system still generates new code coverage (samples) every day, and there are many "adjustments" to the fuzzer to target different attack vectors and during the bug analyzing process, I continued to learn about new attack vectors. There's still a lot of work to do if I receive support. But for now, let me take some vacations first. :)
#PatchTuesday #VulnerabilityResearch #OfficeSecurity #fuzzing #codecoverage
2025-10-14 21:39:49
🚨 CVE-2025-24080
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
🎖@cveNotify
2025-07-02 14:56:53
New post from https://t.co/uXvPWJy6tj (CVE-2025-24080 | Microsoft Office use after free (Nessus ID 232741)) has been published on https://t.co/S4GWdQeR5Q
2025-03-15 08:25:56