CVE-2025-25710

2025-03-13 01:01:09.321579 (UTC +09:00)

[mitre] n/a

An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/re...

Assigner: mitre Published: 2025-03-12T00:00:00.000Z Updated: 2025-03-12T15:49:57.512Z Score: 8.8 (HIGH) [cvssV3 1]

CWE: n/a

Affected. (1) n/a: n/a All

References. (1) https://github.com/z5jt/vulnerability-research/tree/main/CVE-2025-25710

Interesting. Remote Attack

[redhat] Smallrye-fault-tolerance: smallrye fault tolerance

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is exter...

Assigner: redhat Published: 2025-03-12T14:55:15.889Z Updated: 2025-03-12T14:55:15.889Z Score: 7.5 (HIGH) [cvssV3 1]

CWE: CWE-1325 Improperly Controlled Sequential Memory Allocation

Affected. (1) Red Hat: Red Hat build of Apache Camel 4 for Quarkus 3 affected (2) Red Hat: Red Hat build of Apache Camel 4 for Quarkus 3 affected (3) Red Hat: Red Hat build of Apache Camel for Spring Boot 4 affected (4) Red Hat: Red Hat build of Apicurio Registry 2 affected (5) Red Hat: Red Hat build of Quarkus affected (6) Red Hat: Red Hat build of Quarkus affected (7) Red Hat: Red Hat Fuse 7 unknown (8) Red Hat: Red Hat Integration Camel K 1 affected (9) Red Hat: Red Hat JBoss Enterprise Application Platform 7 affected (10) Red Hat: Red Hat JBoss Enterprise Application Platform 8 affected (11) Red Hat: Red Hat JBoss Enterprise Application Platform Expansion Pack affected

References. (1) https://access.redhat.com/security/cve/CVE-2025-2240 (2) https://bugzilla.redhat.com/show bug.cgi?id=2351452

Interesting. Denial of service

[1E] Symbolic Link Exploit in Nomad module allows Arbitrary File Deletion

Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with l...

Assigner: 1E Published: 2025-03-12T15:25:27.765Z Updated: 2025-03-12T15:56:46.491Z Score: 7.8 (HIGH) [cvssV3 1]

CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

Affected. (1) 1E: 1E Client 24 <= 24.5, 25 <= 25.1, 25.3

References. (1) https://nvd.nist.gov/vuln/detail/CVE-2025-1683 (2) https://www.1e.com/trust-security-compliance/cve-info/ (3) https://cwe.mitre.org/data/definitions/59.html (4) https://capec.mitre.org/data/definitions/27.html

[OpenText] Privilege Escalation vulnerability has been discovered in OpenText™ Service Manager.

Unquoted Search Path or Element vulnerability in OpenText™ Service Manager. The vulnerability could allow a user to gain SYSTEM privile...

Assigner: OpenText Published: 2025-03-12T15:24:31.859Z Updated: 2025-03-12T15:24:31.859Z Score: 7.3 (HIGH) [cvssV4 0]

CWE: CWE-428 Unquoted Search Path or Element

Affected. (1) OpenText™: Service Manager 9.70, 9.71, 9.72

References. (1) https://portal.microfocus.com/s/article/KM000036731?language=en US

Interesting. Privilege Escalation