Month: November 2025

Posted on

@RISK: The Consensus Security Vulnerability Alert: Vol. 25, Num. 44

CONTENTS:
=========================================================
INTERNET STORM CENTER SPOTLIGHT
OTHER INTERNET STORM CENTER ENTRIES
RECENT CVEs
=========================================================

INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Microsoft Patch Tuesday for November 2025
Published: 2025-11-11
Last Updated: 2025-11-11 19:24:30 UTC
by Johannes Ullrich (Version: 1)

Today’s Microsoft Patch Tuesday offers fixes for 80 different vulnerabilities. One of the vulnerabilities is already being exploited, and five are rated as critical.

Notable Vulnerabilities:

CVE-2025-62215: This vulnerability is already being exploited. It is a privilege escalation vulnerability in the Windows Kernel. These types of vulnerabilities are often exploited as part of a more complex attack chain; however, exploiting this specific vulnerability is likely to be relatively straightforward, given the existence of prior similar vulnerabilities.

CVE-2025-60724: A critical GDI+ remote execution vulnerability. GDI+ parses various graphics files. The attack surface is likely huge, as anything in Windows (Browsers, email, and Office Documents) will use this library at some point to display images. We also have a critical vulnerability in Direct-X CVE-2025-60716. Microsoft classifies this as a privilege escalation issue, yet still rates it as critical.

CVE-2025-62199: A code execution vulnerability in Microsoft Office. Another component with a huge attack surface that is often exploited.

Given the number and type of vulnerabilities, I would consider this patch Tuesday “lighter than normal”. There are no “Patch Now” vulnerabilities, and I suggest applying these vulnerabilities in accordance with your vulnerability management program …

Read the full entry: https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+for+November+2025/32468/

It isn’t always defaults: Scans for 3CX usernames
Published: 2025-11-10
Last Updated: 2025-11-10 15:23:31 UTC
by Johannes Ullrich (Version: 1)

Today, I noticed scans using the username “FTP_3cx” showing up in our logs. 3CX is a well-known maker of business phone system software. My first guess was that this was a default user for one of their systems. But Google came up empty for this particular string. The 3CX software does not appear to run an FTP server, but it offers a feature to back up configurations to an FTP server. The example user used in the documentation is “3cxftpuser”, not “FTP_3cx”. Additionally, the documentation notes that the FTP server can run on a different system from the 3CX software. For a backup, it would not make much sense to have it all run on the same system.

The scans we are seeing likely target FTP servers users set up to back up 3CX configurations, and not the 3CX software itself. I am not familiar enough with 3CX to know precisely what the backup contains, but it most likely includes sufficient information to breach the 3CX installation.

The credentials we observe with our Cowrie-based honeypots are collected for telnet and ftp. In particular, on Linux systems, you often use a system user to connect via FTP. Any credentials working via FTP will also work for telnet or SSH. Keep that in mind when configuring a user for FTP access, and of course, FTP should not be your first choice for backing up sensitive data, but we all know it does happen ,,,

Read the full entry: https://isc.sans.edu/diary/It+isnt+always+defaults+Scans+for+3CX+usernames/32464/

Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell
[Guest Diary]
Published: 2025-11-05
Last Updated: 2025-11-06 02:27:25 UTC
by David Hammond (Version: 1)

[This is a Guest Diary by David Hammond, an ISC intern as part of the SANS.edu BACS program]

My last college credit on my way to earning a bachelor’s degree was an internship opportunity at the Internet Storm Center. A great opportunity, but one that required the care and feeding of a honeypot. The day it arrived I plugged the freshly imaged honeypot into my home router and happily went about my day. I didn’t think too much about it until the first attack observation was due. You see, I travel often, but my honeypot does not. Furthermore, the administrative side of the honeypot was only accessible through the internal network. I wasn’t about to implement a whole remote solution just to get access while on the road. Instead, I followed some very good advice. I started downloading regular backups of the honeypot logs on a Windows laptop I frequently had with me.

The internship program encouraged us to at least initially review our honeypot logs with command line utilities, such as jq and all its flexibility with filtering. Combined with other standard Unix-like operating system tools, such as wc (word count), less, head, and cut, it was possible to extract exactly what I was looking for. I initially tried using more graphical tools but found I enjoy “living” in the command line better. When I first start looking at logs, I was not always sure of what I’m looking for. Command line tools allow me to quickly look for outliers in the data. I can see what sticks out by negating everything that looks the same.

So, what’s the trouble? None of these tools were available on my Windows laptop. Admittedly, most of what I mention above are available for Windows, but my ability to install software was restricted on this machine, and I knew that native alternatives existed. At the time I had several directories of JSON logs, and a long list of malware hash values corresponding to an attack I was interested in understanding better. Here’s how a few lines of PowerShell can transform scattered honeypot logs into a clear picture of what really happened …

Read the full entry: https://isc.sans.edu/diary/Binary+Breadcrumbs+Correlating+Malware+Samples+with+Honeypot+Logs+Using+PowerShell+Guest+Diary/32454/

OTHER INTERNET STORM CENTER ENTRIES

Honeypot: Requests for (Code) Repositories (2025.11.08)
https://isc.sans.edu/diary/Honeypot+Requests+for+Code+Repositories/32460/

Apple Patches Everything, Again (2025.11.04)
https://isc.sans.edu/diary/Apple+Patches+Everything+Again/32448/

RECENT CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-59396 – WatchGuard Firebox devices have a vulnerability that allows administrative access through SSH on port 4118 using the readwrite password for the admin account until 2025-09-10.
Product: WatchGuard Firebox devices
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59396
ISC Podcast: https://isc.sans.edu/podcastdetail/9694

CVE-2025-12480 – Triofox is vulnerable to an Improper Access Control flaw, allowing access to initial setup pages post-completion in versions before 16.7.10368.56560.
Product: Triofox
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12480
ISC Podcast: https://isc.sans.edu/podcastdetail/9696
NVD References:
https://access.triofox.com/releases_history/
https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.md

CVE-2025-60724 – Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
Product: Microsoft Graphics Component
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60724
ISC Diary: https://isc.sans.edu/diary/32468
ISC Podcast: https://isc.sans.edu/podcastdetail/9696
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60724

CVE-2025-54863 – Radiometrics VizAir is vulnerable to remote exposure of its REST API key, enabling attackers to manipulate weather data, disrupt airport operations, and engage in denial-of-service attacks.
Product: Radiometrics VizAir
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54863
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04

CVE-2025-61945 – Radiometrics VizAir is vulnerable to remote attackers through unauthorized access to the admin panel, allowing manipulation of critical weather parameters and potentially endangering aircraft safety.
Product: Radiometrics VizAir
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61945
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04

CVE-2025-61956 – Radiometrics VizAir lacks authentication mechanisms, enabling attackers to manipulate settings, mislead air traffic control, pilots, and forecasters.
Product: Radiometrics VizAir
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61956
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04

CVE-2025-47776 – Mantis Bug Tracker (MantisBT) is vulnerable to a type juggling issue in authentication code, allowing attackers to login without knowing the victim’s password in versions 2.27.1 and below.
Product: MantisBT
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47776

CVE-2025-52910 – Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1330, 1380, 1480, 2400 are vulnerable to a Use-After-Free leading to privilege escalation.
Product: Samsung Exynos 1280
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52910

CVE-2025-12735 – The expr-eval library is vulnerable to arbitrary code execution due to insufficient input validation in the evaluate() function.
Product: expr-eval library JavaScript expression parser
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12735

CVE-2025-55108 – Control-M/Agent is vulnerable to unauthenticated remote code execution and unauthorized file access if mutual SSL/TLS authentication is not enabled.
Product: BMC Control-M/Agent
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55108

CVE-2025-47151 – Entr’ouvert Lasso 2.5.1 and 2.8.2 are vulnerable to type confusion, allowing attackers to execute arbitrary code through specially crafted SAML responses.
Product: Entrouvert Lasso
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47151

CVE-2025-64459 – Django is vulnerable to SQL injection in versions 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8 due to a flaw in QuerySet methods and the class Q().
Product: Djangoproject
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64459

CVE-2025-61304 – OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address.
Product: Dynatrace ActiveGate ping extension
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61304

CVE-2025-63601 – Snipe-IT is vulnerable to authenticated remote attackers uploading and executing system commands via a malicious backup file prior to version 8.3.3.
Product: Snipe-IT app
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-63601

CVE-2025-20354 – Cisco Unified CCX is vulnerable to arbitrary file upload and command execution due to inadequate authentication mechanisms, enabling an attacker to gain root access on affected systems.
Product: Cisco Unified Contact Center Express
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20354
NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ

CVE-2025-20358 – Cisco Unified CCX Contact Center Express Editor application is vulnerable to authentication bypass, granting unauthenticated attackers administrative permissions for script creation and execution.
Product: Cisco Unified Contact Center Express
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20358
NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ

CVE-2025-45378 – Dell CloudLink versions 8.0 through 8.1.2 are vulnerable to unauthorized access and privilege escalation through a restricted shell exploit.
Product: Dell CloudLink
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45378
NVD References: https://www.dell.com/support/kbdoc/en-us/000384363/dsa-2025-374-security-update-for-dell-cloudlink-multiple-security-vulnerabilities

CVE-2025-46364 – Dell CloudLink versions prior to 8.1.1 are vulnerable to a privilege escalation attack via CLI Escape Vulnerability.
Product: Dell CloudLink
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46364
NVD References: https://www.dell.com/support/kbdoc/en-us/000384363/dsa-2025-374-security-update-for-dell-cloudlink-multiple-security-vulnerabilities

CVE-2025-56231 – Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass update protections.
Product: Tonec Internet Download Manager
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-56231

CVE-2025-55343 – Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks in multiple parameters.
Product: Quipux 4.0.1 through e1774ac
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55343

CVE-2025-63416 – SelfBest platform 2023.3 has a Stored Cross-Site Scripting vulnerability in its chat functionality that allows attackers to execute arbitrary JavaScript in other users’ sessions, leading to privilege escalation and sensitive data compromise.
Product: SelfBest
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-63416

CVE-2025-63334 – PocketVJ CP version 3.9.1 is susceptible to unauthenticated remote code execution via the opacityValue POST parameter in submit_opacity.php.
Product: PocketVJ-CP-v3 pvj
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-63334

CVE-2025-62161 – Youki is vulnerable to a container escape attack in versions 0.5.6 and below due to insufficient validation of the source /dev/null, fixed in version 0.5.7.
Product: Youki-Dev
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62161

CVE-2025-62596 – Youki is vulnerable to a write-target validation flaw in versions 0.5.6 and below, allowing for writes to unintended procfs locations through shared-mount race exploitation.
Product: Youki-Dev
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62596

CVE-2025-64163 – DataEase has an SSRF vulnerability in versions 2.10.14 and below due to omission of protection for the dns:// protocol, but it is fixed in version 2.10.15.
Product: DataEase
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64163

CVE-2025-64164 – DataEase version 2.10.14 and below is vulnerable to JNDI injection when establishing JDBC connections to Oracle.
Product: DataEase
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64164

CVE-2025-27918 – AnyDesk before 9.0.0 is vulnerable to a heap-based buffer overflow due to an integer overflow in UDP packet processing.
Product: Anydesk
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27918

CVE-2025-64180 – Manager-io/Manager accounting software is vulnerable to unauthorized access to internal network resources due to a flaw in its DNS validation mechanism, allowing attackers to bypass network isolation and access internal services and protected network segments.
Product: Manager-io Manager
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64180
NVD References: https://github.com/Manager-io/Manager/security/advisories/GHSA-j2xj-xhph-p74j

CVE-2025-63689 – Ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) is vulnerable to multiple SQL injection attacks, enabling remote attackers to execute arbitrary code through the orderby parameter.
Product: ycf1998 money-pos system
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-63689

CVE-2025-63690 – Pig-mesh Pig versions 3.8.2 and below suffer from a remote code execution vulnerability due to insecure handling of scheduled tasks in the Quartz management function.
Product: pig-mesh Pig
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-63690

CVE-2025-63691 – In pig-mesh In Pig version 3.8.2 and below, there is an improper permission verification vulnerability in the Token Management function, allowing ordinary users to gain administrator access and takeover the system.
Product: pig-mesh Pig
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-63691

CVE-2025-10230 – Samba is vulnerable to remote code execution due to unsanitized NetBIOS name data being passed to a shell command without proper validation.
Product: Samba Active Directory Domain Controller
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10230

CVE-2025-12866 – EIP Plus developed by Hundred Plus is vulnerable to a Weak Password Recovery Mechanism, allowing remote attackers to predict or brute-force the ‘forgot password’ link and reset any user’s password.
Product: Hundred Plus EIP Plus
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12866
NVD References: https://www.twcert.org.tw/en/cp-139-10491-004b0-2.html

CVE-2025-12868 – New Site Server developed by CyberTutor is vulnerable to unauthenticated remote attackers exploiting a Use of Client-Side Authentication flaw to gain administrator privileges on the website.
Product: CyberTutor New Site Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12868
NVD References: https://www.twcert.org.tw/en/cp-139-10492-84a10-2.html

CVE-2025-64689 – In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure of the global Junie token
Product: JetBrains YouTrack
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64689
NVD References: https://www.jetbrains.com/privacy-security/issues-fixed/

CVE-2025-64522 – Soft Serve 0.11.1 and earlier versions are vulnerable to SSRF attacks due to inadequate validation of webhook URLs, enabling repository admins to target internal services and cloud metadata endpoints.
Product: Soft Serve Git server
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64522

CVE-2025-42887 – SAP Solution Manager is vulnerable to code injection by authenticated attackers through remote-enabled function modules, potentially granting full system control and severely impacting confidentiality, integrity, and availability.
Product: SAP Solution Manager
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42887

CVE-2025-42890 – SQL Anywhere Monitor (Non-GUI) has baked credentials into the code, allowing unintended users to access resources and potentially execute arbitrary code, posing a high risk to system security.
Product: SAP SQL Anywhere Monitor
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42890

CVE-2025-8324 – Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.
Product: Zohocorp ManageEngine Analytics Plus
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8324

CVE-2025-13032 – Avast/AVG Antivirus <25.3 on Windows is vulnerable to a double fetch in the sandbox kernel driver, allowing local attackers to escalate privileges via pool overflow.
Product: Avast AVG Antivirus
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-13032

CVE-2025-60716 – Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows DirectX
CVSS Score: 7.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60716
ISC Diary: https://isc.sans.edu/diary/32468
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60716

CVE-2025-62199 – Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Product: Microsoft Office
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62199
ISC Diary: https://isc.sans.edu/diary/32468
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62199

CVE-2025-62215 – Windows Kernel is vulnerable to race conditions that can be exploited by an authorized attacker to locally elevate privileges.
Product: Microsoft Windows Kernel
CVSS Score: 7.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62215
ISC Diary: https://isc.sans.edu/diary/32468
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215

CVE-2025-11007 & CVE-2025-11008 – The CE21 Suite plugin for WordPress allows unauthenticated attackers to update API settings and create new admin accounts (CVE-2025-11007) and is vulnerable to Sensitive Information Exposure through the log file, allowing unauthenticated attackers to extract sensitive data and potentially take over a site (CVE-2025-11008).
Product: WordPress CE21 Suite plugin
Active Installations: This plugin has been closed as of October 30, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11007
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11008
NVD References:
https://www.wordfence.com/threat-intel/vulnerabilities/id/5e24feac-1812-45d7-b3c3-27787eed1cf1?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/91aa86d9-8e42-4deb-b6ca-c3b388fefcb1?source=cve

CVE-2025-12158 – The Simple User Capabilities plugin for WordPress allows unauthenticated attackers to elevate user roles to administrator due to missing capability checks.
Product: WordPress Simple User Capabilities plugin
Active Installations: This plugin has been closed as of October 30, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12158
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/dd75b8ec-1961-4a7a-92e6-1517e638974b?source=cve

CVE-2025-12493 – The ShopLentor plugin for WordPress is vulnerable to Local File Inclusion up to version 3.2.5, allowing unauthenticated attackers to execute arbitrary .php files on the server.
Product: ShopLentor WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor)
Active Installations: 100,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12493
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/12bb4bb9-e908-43ad-8fb1-59418580f5e1?source=cve

CVE-2025-12682 – The Easy Upload Files During Checkout plugin for WordPress allows unauthenticated attackers to upload arbitrary JavaScript files, leading to potential remote code execution.
Product: WordPress Easy Upload Files During Checkout plugin
Active Installations: 600+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12682
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/6a050764-0ba6-49a4-bd71-f79e3129fc4c?source=cve

CVE-2025-11749 – The AI Engine plugin for WordPress up to version 3.1.3 is vulnerable to Sensitive Information Exposure via the /mcp/v1/ REST API endpoint, allowing attackers to extract and misuse the bearer token for privilege escalation.
Product: WordPress AI Engine plugin
Active Installations: 100,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11749
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/06eaf624-aedf-453d-8457-d03a572fac0d?source=cve

CVE-2025-12674 – The KiotViet Sync plugin for WordPress allows unauthenticated attackers to upload arbitrary files and potentially achieve remote code execution.
Product: KiotViet Sync plugin for WordPress
Active Installations: This plugin has been closed as of November 4, 2025 and is not available for download. This closure is permanent. Reason: Author Request.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12674
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/7fdd670f-2a71-4c1d-af46-f0fd05352f7e?source=cve

CVE-2025-32222 – Widget Logic plugin for Widgetlogic.org allows attackers to inject malicious code, impacting versions from n/a to <= 6.0.5.
Product: Widgetlogic.org Widget Logic
Active Installations: 100,000+
Update to version 6.0.6 or later.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32222
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/widget-logic/vulnerability/wordpress-widget-logic-6-0-5-remote-code-execution-rce-vulnerability

CVE-2025-39463 – Select-Themes Dessau dessau PHP Local File Inclusion vulnerability allows for improper control of filename for include/require statement in PHP program.
Product: Select-Themes Dessau
Active Installations: Unknown. Update to version 1.9 or later.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39463
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/dessau/vulnerability/wordpress-dessau-theme-1-9-local-file-inclusion-vulnerability

CVE-2025-39466 – Mikado-Themes Dør dor allows PHP Local File Inclusion due to an Improper Control of Filename for Include/Require Statement in PHP Program vulnerability.
Product: Mikado-Themes Dør
Active Installations: Unknown. Update to version 2.4.1 or later.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39466
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/dor/vulnerability/wordpress-doer-2-4-local-file-inclusion-vulnerability

CVE-2025-39467 – Mikado-Themes Wanderland <= 1.7.1 is vulnerable to Path Traversal allowing PHP Local File Inclusion from n/a.
Product: Mikado-Themes Wanderland
Active Installations: Unknown. Update to version 1.7.2 or later.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39467
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/wanderland/vulnerability/wordpress-wanderland-1-7-1-local-file-inclusion-vulnerability

CVE-2025-39468 – Modal Survey in pantherius is vulnerable to PHP Remote File Inclusion from n/a through <= 2.0.2.0.1.
Product: Pantherius Modal Survey
Active Installations: Unknown.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39468
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/modal-survey/vulnerability/wordpress-modal-survey-plugin-2-0-2-0-1-local-file-inclusion-vulnerability

CVE-2025-47588 – Aco-woo-dynamic-pricing plugin allows code injection in versions from n/a through <= 4.5.9.
Product: Acowebs Dynamic Pricing With Discount Rules for WooCommerce
Active Installations: 6,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47588
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/aco-woo-dynamic-pricing/vulnerability/wordpress-dynamic-pricing-with-discount-rules-for-woocommerce-plugin-4-5-9-arbitrary-code-execution-vulnerability

CVE-2025-48086 – Ajax Search Lite plugin is vulnerable to deserialization of untrusted data, allowing object injection from versions n/a to 4.13.3.
Product: wpdreams Ajax Search Lite
Active Installations: 80,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48086
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/ajax-search-lite/vulnerability/wordpress-ajax-search-lite-plugin-4-13-3-php-object-injection-vulnerability

CVE-2025-48089 – Rainbow-Themes Education WordPress Theme | HiStudy histudy is vulnerable to SQL Injection allowing attackers to execute malicious code.
Product: Rainbow-Themes Education WordPress Theme | HiStudy
Active Installations: Unknown. Update to version 3.1.0 or later.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48089
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/histudy/vulnerability/wordpress-education-wordpress-theme-histudy-theme-3-1-0-sql-injection-vulnerability

CVE-2025-48290 – bslthemes Kinsley allows remote attackers to include and execute arbitrary files via the filename parameter in a PHP include/require statement, potentially leading to unauthorized access or code execution.
Product: bslthemes Kinsley
Active Installations: Unknown. Update to version 3.4.5 or later.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48290
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/kinsley/vulnerability/wordpress-kinsley-theme-3-4-4-local-file-inclusion-vulnerability

CVE-2025-48330 – Real Time Validation for Gravity Forms <= 1.7.0 allows PHP Local File Inclusion via an improper control of filename for include/require statement vulnerability.
Product: Daman Jeet Real Time Validation for Gravity Forms
Active Installations: 2,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48330
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/real-time-validation-for-gravity-forms/vulnerability/wordpress-real-time-validation-for-gravity-forms-1-7-0-local-file-inclusion-vulnerability

CVE-2025-49386 – Preserve Code Formatting is vulnerable to Object Injection via Deserialization of Untrusted Data in versions n/a through 4.0.1.
Product: Scott Reilly Preserve Code Formatting
Active Installations: 500+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49386
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/preserve-code-formatting/vulnerability/wordpress-preserve-code-formatting-plugin-4-0-1-php-object-injection-vulnerability

CVE-2025-49393 – Fetch Designs Sign-up Sheets is vulnerable to Object Injection through deserialization of untrusted data, affecting versions from n/a through <= 2.3.2.
Product: Fetch Designs Sign-up Sheets
Active Installations: 1,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49393
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/sign-up-sheets/vulnerability/wordpress-sign-up-sheets-plugin-2-3-2-php-object-injection-vulnerability

CVE-2025-53242 – Deserialization of Untrusted Data vulnerability in VictorThemes Seil seil allows Object Injection.This issue affects Seil: from n/a through <= 1.7.1.
Product: VictorThemes Seil
Active Installations: Unknown.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53242
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/seil/vulnerability/wordpress-seil-theme-1-7-1-deserialization-of-untrusted-data-vulnerability

CVE-2025-53252 – Zegen allows PHP Local File Inclusion, presenting a vulnerability in versions from n/a through 1.1.9.
Product: zozothemes Zegen
Active Installations: Unknown.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53252
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/zegen/vulnerability/wordpress-zegen-theme-1-1-9-local-file-inclusion-vulnerability

CVE-2025-53283 – Drop Uploader for CF7 – Drag&Drop File Uploader Addon allows for unrestricted upload of files with dangerous types, potentially enabling the upload of a web shell to a web server.
Product: borisolhor Drop Uploader for CF7 – Drag&Drop File Uploader Addon
Active Installations: Unknown.
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53283
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/drop-uploader-for-contact-form-7-dragdrop-file-uploader-addon/vulnerability/wordpress-drop-uploader-for-cf7-drag-drop-file-uploader-addon-plugin-2-4-1-arbitrary-file-upload-vulnerability

CVE-2025-53586 – Deserialization of Untrusted Data vulnerability in NooTheme WeMusic noo-wemusic allows Object Injection.This issue affects WeMusic: from n/a through <= 1.9.1.
Product: NooTheme WeMusic
Active Installations: Unknown. Update to version 1.9.2 or later.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53586
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/noo-wemusic/vulnerability/wordpress-wemusic-theme-1-9-1-php-object-injection-vulnerability

CVE-2025-58595 – All In One Login allows identity spoofing due to an authentication bypass vulnerability in the Saad Iqbal All In One Login change-wp-admin-login plugin, impacting versions from n/a through 2.0.8.
Product: Saad Iqbal All In One Login
Active Installations: 70,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58595
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/change-wp-admin-login/vulnerability/wordpress-all-in-one-login-plugin-2-0-8-bypass-vulnerability-vulnerability

CVE-2025-60195 – Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a through <= 4.2.
Product: Vito Peleg Atarim
Active Installations: Unknown.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60195
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/atarim-visual-collaboration/vulnerability/wordpress-atarim-plugin-4-2-privilege-escalation-vulnerability

CVE-2025-62016 – Unrestricted Upload of File with Dangerous Type vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through <= 4.22.0.
Product: hogash Kallyas
Active Installations: Unknown. Update to version 4.23.0 or later.
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62016
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/kallyas/vulnerability/wordpress-kallyas-theme-4-22-0-arbitrary-file-upload-vulnerability

CVE-2025-62047 – Case Addons is vulnerable to unrestricted upload of files with dangerous types in versions from n/a through < 1.3.0.
Product: Case-Themes Case Addons
Active Installations: Unknown. Update to version 1.3.0 or later.
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62047
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/case-addons/vulnerability/wordpress-case-addons-plugin-1-3-0-arbitrary-file-upload-vulnerability

CVE-2025-62064 – Elated-Themes Search & Go allows password recovery exploitation through an alternate path or channel, affecting versions from n/a through 2.7.
Product: Elated-Themes Search & Go
Active Installations: Unknown. Update to version 2.8 or later.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62064
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/search-and-go/vulnerability/wordpress-search-go-theme-2-7-broken-authentication-vulnerability

CVE-2025-62065 – Unrestricted Upload of File with Dangerous Type vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affects RTMKit: from n/a through <= 1.6.5.
Product: Rometheme RTMKit
Active Installations: 40,000+
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62065
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/rometheme-for-elementor/vulnerability/wordpress-rtmkit-plugin-1-6-5-arbitrary-file-upload-vulnerability

CVE-2025-6325 & CVE-2025-6327 – King Addons for Elementor KingAddons.com allows Privilege Escalation due to Incorrect Privilege Assignment vulnerability, affecting versions from n/a through 51.1.36 (CVE-2025-6325) and also allows the unrestricted upload of dangerous files, potentially allowing a web shell to be uploaded to a web server (CVE-2025-6327).
Product: KingAddons.com King Addons for Elementor
Active Installations: 10,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6325
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6327
NVD References:
https://vdp.patchstack.com/database/Wordpress/Plugin/king-addons/vulnerability/wordpress-king-addons-for-elementor-plugin-51-1-36-privilege-escalation-vulnerability
https://vdp.patchstack.com/database/Wordpress/Plugin/king-addons/vulnerability/wordpress-king-addons-for-elementor-plugin-51-1-36-arbitrary-file-upload-vulnerability

CVE-2025-12352 – The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads allowing unauthenticated attackers to potentially execute remote code.
Product: WordPress Gravity Forms
Active Installations: Unknown. Update to version 2.9.21, or a newer patched version
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12352
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/42525101-6196-40b9-90e7-c7f1886ef247?source=cve

CVE-2025-11170 – The cpi-wp-migration plugin for WordPress allows unauthenticated attackers to upload arbitrary files on the server, potentially leading to remote code execution.
Product: cpi-wp-migrationCPI plugin for WordPress
Active Installations: This plugin has been closed as of November 7, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11170
NVD References:
https://wordpress.org/plugins/cpi-wp-migration/
https://www.wordfence.com/threat-intel/vulnerabilities/id/8a96d6d5-a5e3-4648-902b-f9d1f8e57e5c?source=cve

CVE-2025-12813 – The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution up to version 7.1 through the ‘contents’ parameter, allowing unauthenticated attackers to execute code on the server.
Product: WordPress Holiday class post calendar plugin
Active Installations: This plugin has been closed as of November 7, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12813
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/7f7968c4-589c-4949-9f69-4a0ba4db4ea9?source=cve

CVE-2025-12539 – The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure due to storing cPanel API credentials in unprotected files, allowing attackers to compromise the hosting environment.
Product: TNC Toolbox Web Performance plugin for WordPress
Active Installations: 800+
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12539
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/2eaa5a5c-c11f-40d0-be69-c3ec8029a819?source=cve

Posted on

@RISK: The Consensus Security Vulnerability Alert: Vol. 25, Num. 43

CONTENTS:
=========================================================
INTERNET STORM CENTER SPOTLIGHT
OTHER INTERNET STORM CENTER ENTRIES
RECENT CVEs
=========================================================

INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Apple Patches Everything, Again
Published: 2025-11-04
Last Updated: 2025-11-04 12:10:29 UTC
by Johannes Ullrich (Version: 1)

Apple released its expected set of operating system upgrades. This is a minor feature upgrade that also includes fixes for 110 different vulnerabilities. As usual for Apple, many of the vulnerabilities affect multiple operating systems. None of the vulnerabilities is marked as already exploited. Apple only offers very sparse vulnerability descriptions. Here are some vulnerabilities that may be worth watching:

CVE-2025-43338, CVE-2025-43372: A memory corruption vulnerability in ImageIO. ImageIO is responsible for rendering images, and vulnerabilities like this have been exploited in the past for remote code execution. CVE-2025-43400, a vulnerability affecting FontParser, could have a similar impact.

CVE-2025-43431: A memory corruption issue in WebKit. This could be used to execute code via Safari …

Read the full entry: https://isc.sans.edu/diary/Apple+Patches+Everything+Again/32448/

XWiki SolrSearch Exploit Attempts (CVE-2025-24893) with link to Chicago Gangs/Rappers
Published: 2025-11-03
Last Updated: 2025-11-03 14:20:05 UTC
by Johannes Ullrich (Version: 1)

XWiki describes itself as “The Advanced Open-Source Enterprise Wiki” and considers itself an alternative to Confluence and MediaWiki. In February, XWiki released an advisory (and patch) for an arbitrary remote code execution vulnerability. Affected was the SolrSearch component, which any user, even with minimal “Guest” privileges, can use. The advisory included PoC code, so it is a bit odd that it took so long for the vulnerability to be widely exploited.

NIST added the vulnerability to its “Known Exploited Vulnerabilities” list this past Friday. Our data shows some reconnaissance scans starting in July, but actual exploit attempts did not commence until yesterday …

Read the full entry: https://isc.sans.edu/diary/XWiki+SolrSearch+Exploit+Attempts+CVE202524893+with+link+to+Chicago+GangsRappers/32444/

Updates to Domainname API
Published: 2025-11-05
Last Updated: 2025-11-05 16:17:17 UTC
by Johannes Ullrich (Version: 1)

For several years, we have offered a “new domain” list of recently registered (or, more accurately, recently discovered) domains. This list is offered via our API (https://isc.sans.edu/api). However, the size of the list has been causing issues, resulting in a “cut-off” list being returned. To resolve this issue, I updated the API call. It is sort of backward compatible, but it will not allow you to retrieve the full list. Additionally, we offer a simple “static file” containing the complete list. This file should be used whenever possible instead of the API …

I have not decided yet how long to keep these historic lists. The same data can be retrieved via the API request below. Likely, I will keep the last week as a “precompiled” list.

For the API, you may now retrieve partial copies of the list …

Read the full entry: https://isc.sans.edu/diary/Updates+to+Domainname+API/32452/

OTHER INTERNET STORM CENTER ENTRIES

Scans for Port 8530/8531 (TCP). Likely related to WSUS Vulnerability CVE-2025-59287 (2025.11.02)
https://isc.sans.edu/diary/Scans+for+Port+85308531+TCP+Likely+related+to+WSUS+Vulnerability+CVE202559287/32440/

X-Request-Purpose: Identifying “research” and bug bounty related scans? (2025.10.30)
https://isc.sans.edu/diary/XRequestPurpose+Identifying+research+and+bug+bounty+related+scans/32436/

RECENT CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-59287 – Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Product: Microsoft Windows Server Update Service
CVSS Score: 0
** KEV since 2025-10-24 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59287
ISC Diary: https://isc.sans.edu/diary/32440
ISC Podcast: https://isc.sans.edu/podcastdetail/9682

CVE-2025-24893 – XWiki Platform is vulnerable to arbitrary remote code execution through a request to `SolrSearch`, impacting the confidentiality, integrity, and availability of the installation.
Product: XWiki Platform
CVSS Score: 0
** KEV since 2025-10-30 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24893
ISC Diary: https://isc.sans.edu/diary/32444
ISC Podcast: https://isc.sans.edu/podcastdetail/9684

CVE-2023-20198 – Cisco IOS XE Web UI Privilege Escalation Vulnerability
Product: Cisco IOS XE
CVSS Score: 0
** KEV since 2023-10-16 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-20198
ISC Podcast: https://isc.sans.edu/podcastdetail/9682

CVE-2025-48703 – CWP Control Web Panel OS Command Injection Vulnerability. CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
Product: CWP Control Web Panel
CVSS Score: 9.0
** KEV since 2025-11-04 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48703
ISC Podcast: https://isc.sans.edu/podcastdetail/9506
NVD References: https://fenrisk.com/rce-centos-webpanel

CVE-2025-12380 – Firefox versions prior to 144.0.2 are vulnerable to a use-after-free exploit in the GPU or browser process, triggered by compromised child processes using WebGPU-related IPC calls.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12380
NVD References:
https://bugzilla.mozilla.org/show_bug.cgi?id=1993113
https://www.mozilla.org/security/advisories/mfsa2025-86/

CVE-2025-61043 – Monkey’s Audio 11.31 is susceptible to an out-of-bounds read vulnerability in CAPECharacterHelper::GetUTF16FromUTF8 function which could lead to a crash or data exposure.
Product: Monkey’s Audio 11.31
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61043
NVD References: https://tzh00203.notion.site/Monkey-s-Audio-Out-of-Bounds-Read-Vulnerability-Report-version-11-31-249b5c52018a80739852d0d9660994c9?source=copy_link

CVE-2025-61128 – WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730 and other models have a stack-based buffer overflow vulnerability allowing attackers to execute arbitrary code through a crafted POST request to login.cgi.
Product: WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61128
NVD References: https://gist.github.com/shinobu-alpha/6dd5ad7f83c16360f6564db0bc121e99

CVE-2025-36386 – IBM Maximo Application Suite versions 9.0.0 through 9.1.4 could allow remote attackers to bypass authentication and gain unauthorized access.
Product: IBM Maximo Application Suite
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-36386
NVD References: https://www.ibm.com/support/pages/node/7249416

CVE-2025-60355 – zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
Product: zhangyd-c OneBlog
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60355

CVE-2025-61235 – Dataphone A920 v2025.07.161103 allows a custom crafted packet to bypass authentication and trigger functionality due to lack of validation.
Product: Dataphone A920
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61235
NVD References: https://github.com/stuxve/poc-dataphone-crafted-packet

CVE-2025-62368 – Taiga is vulnerable to remote code execution in versions 6.8.3 and earlier due to unsafe data deserialization, with a fix available in version 6.9.0.
Product: Taiga API
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62368
NVD References: https://github.com/taigaio/taiga-back/security/advisories/GHSA-cpcf-9276-fwc5

CVE-2025-64095 – DNN (formerly DotNetNuke) version prior to 10.1.1 allows unauthenticated file uploads and images to overwrite existing files, leading to possible website defacement and XSS injection vulnerabilities.
Product: DNNsoftware (DotNetNuke)
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64095
NVD References: https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jqvw

CVE-2024-45162 – A stack-based buffer overflow issue was discovered in the phddns client in Blu-Castle BCUM221E 1.0.0P220507 via the password field.
Product: Blu-Castle BCUM221E
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45162
NVD References:
https://blu-castle.com/
https://www.gruppotim.it/it/footer/red-team/2024/CVE-2024-45162-Blu-Castle_BCUM221E1.html

CVE-2025-10932 – Progress MOVEit Transfer (AS2 module) versions before 2025.0.3, 2024.1.7, and 2023.1.16 are prone to uncontrolled resource consumption.
Product: Progress MOVEit Transfer
CVSS Score: 8.2
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10932
ISC Podcast: https://isc.sans.edu/podcastdetail/9680
NVD References: https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-10932-October-29-2025

CVE-2025-63622 – Online Complaint Site 1.0 is vulnerable to SQL injection through the manipulation of the argument category in /cms/admin/subcategory.php.
Product: Fabian Online Complaint Site
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-63622
NVD References:
https://github.com/xmqaq/cve/issues/2
https://github.com/xmqaq/cve/issues/2

CVE-2025-64102 – Zitadel prior to versions 4.6.0, 3.4.3, and 2.71.18 allows online brute-force attacks on OTP, TOTP, and passwords, with mitigation strategies not fully implemented in recent APIs.
Product: Zitadel
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64102
NVD References:
https://github.com/zitadel/zitadel/commit/b8db8cdf9cc8ea13f461758aef12457f8b7d972a
https://github.com/zitadel/zitadel/security/advisories/GHSA-xrw9-r35x-x878

CVE-2025-64103 – Zitadel prior to version 4.6.0, 3.4.3, and 2.71.18 does not properly enforce multi factor authentication which allows attackers to bypass the more secure factor with a targeted TOTP code attack.
Product: Zitadel
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64103
NVD References:
https://github.com/zitadel/zitadel/commit/b284f8474eed0cba531905101619e7ae7963156b
https://github.com/zitadel/zitadel/security/advisories/GHSA-cfjq-28r2-4jv5

CVE-2025-11200 – MLflow Weak Password Requirements Authentication Bypass Vulnerability allows remote attackers to bypass authentication by exploiting weak password requirements in MLflow installations.
Product: LFprojects MLflow
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11200
NVD References:
https://github.com/mlflow/mlflow/commit/1f74f3f24d8273927b8db392c23e108576936c54
https://www.zerodayinitiative.com/advisories/ZDI-25-932/

CVE-2025-11201 – MLflow Tracking Server allows remote attackers to execute arbitrary code by exploiting a directory traversal vulnerability in model creation, without requiring authentication.
Product: LFprojects MLflow
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11201
NVD References:
https://github.com/B-Step62/mlflow/commit/2e02bc7bb70df243e6eb792689d9b8eba0013161
https://www.zerodayinitiative.com/advisories/ZDI-25-931/

CVE-2025-54469 – NeuVector vulnerability was identified due to unvalidated environment variables allowing for potential command injection within the enforcer container.
Product: NeuVector enforcer container
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54469
NVD References:
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54469
https://github.com/neuvector/neuvector/security/advisories/GHSA-c8g6-qrwh-m3vp

CVE-2025-50739 – iib0011 omni-tools v0.4.0 is vulnerable to remote code execution via unsafe JSON deserialization.
Product: iib0011 omni-tools
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50739
NVD References:
https://github.com/fai1424/Vulnerability-Research/tree/main/CVE-2025-50739
https://omnitools.app/json/stringify

CVE-2025-43027 – Security Center’s ALPR Manager role has a critical vulnerability that may grant attackers administrative access to the Genetec Security Center system.
Product: Genetec Security Center
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43027
NVD References:
https://resources.genetec.com/security-advisories/critical-security-vulnerability-affecting-the-alpr-manager-role-of-security-center
https://ressources.genetec.com/avis-de-securite/faille-de-securite-critique-affectant-le-role-gestionnaire-rapi-de-security-center

CVE-2025-62712 – JumpServer versions prior to v3.10.20-lts and v4.10.11-lts allow an authenticated, non-privileged user to retrieve connection tokens of other users, potentially leading to unauthorized access and privilege escalation.
Product: JumpServer
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62712
NVD References:
https://github.com/jumpserver/jumpserver/commit/453ad331eec9d9667a38de735d6612608e558491
https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6ghx-6vpv-3wg7

CVE-2025-48983 – Veeam Backup & Replication is vulnerable to remote code execution on Backup infrastructure hosts by authenticated domain users through the Mount service.
Product: Veeam Backup & Replication
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48983
NVD References: https://www.veeam.com/kb4771

CVE-2025-52665 – UniFi Access Application (Version 3.3.22 through 3.4.31) exposed a management API without proper authentication, allowing malicious actors to exploit a misconfiguration until fixed in Version 4.0.21.
Product: UniFi Access
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52665
NVD References: https://community.ui.com/releases/Security-Advisory-Bulletin-056/ce97352d-91cd-40a7-a2f4-2c73b3b30191

CVE-2025-6520 – Abis Technology BAPSIS software before 202510271606 allows Blind SQL Injection via improper neutralization of special elements in SQL commands.
Product: Abis Technology BAPSIS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6520
NVD References: https://www.usom.gov.tr/bildirim/tr-25-0365

CVE-2025-57108 – Kitware VTK through 9.5.0 has a heap use-after-free vulnerability in vtkGLTFDocumentLoader, triggered by accessing freed memory during mesh object copy operations with corrupted GLTF files.
Product: Kitware VTK (Visualization Toolkit)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57108
NVD References: https://gitlab.kitware.com/vtk/vtk/-/issues/19736

CVE-2025-29270 – Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 are vulnerable to incorrect access control in the realtime.cgi endpoint, enabling unauthorized access to the admin panel and device control by attackers.
Product: Deep Sea Electronics DSE855
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-29270
NVD References: https://blog.byteray.co.uk/shadow-entry-discovery-of-authentication-bypass-vulnerability-in-dse855-communications-device-938e35d4b361

CVE-2025-0987 – CVLand is vulnerable to authorization bypass through user-controlled key, allowing parameter injection from version 2.1.0 through 20251103.
Product: CB Project Ltd. Co. CVLand
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0987
NVD References: https://www.usom.gov.tr/bildirim/tr-25-0371

CVE-2025-63451, CVE-2025-63452, & CVE-2025-63453 – Car-Booking-System-PHP v.1.0 SQL Injection vulnerabilities.
Product: Car-Booking-System-PHP carlux
CVSS Scores: 9.4 – 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-63451
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-63452
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-63453
NVD References:
https://github.com/sanin-s1r3n/CVE-Research/blob/main/CVE-12
https://github.com/sanin-s1r3n/CVE-Research/blob/main/CVE-13
https://github.com/sanin-s1r3n/CVE-Research/blob/main/CVE-14

CVE-2025-11953 – The Metro Development Server, opened by the React Native Community CLI, is vulnerable to OS command injection through an exposed endpoint, allowing for unauthenticated network attackers to run arbitrary executables and shell commands on Windows.
Product: React Native Community Metro Development Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11953
NVD References:
https://github.com/react-native-community/cli/commit/15089907d1f1301b22c72d7f68846a2ef20df547
https://jfrog.com/blog/cve-2025-11953-critical-react-native-community-cli-vulnerability

CVE-2025-12463 – Geutebruck G-Cam E-Series Cameras are vulnerable to unauthenticated SQL Injection via the `Group` parameter in the `/uapi-cgi/viewer/Param.cgi` script on EFD-2130 cameras with firmware version 1.12.0.19.
Product: Geutebruck G-Cam E-Series Cameras
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12463
NVD References: https://blog.blacklanternsecurity.com/p/cve-2025-12463-98-unauthenticated

CVE-2025-54863 – Radiometrics VizAir is vulnerable to remote exposure of its REST API key, enabling attackers to manipulate weather data, disrupt airport operations, and engage in denial-of-service attacks.
Product: Radiometrics VizAir
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54863
NVD References:
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-04.json
https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04

CVE-2025-61945 – Radiometrics VizAir is vulnerable to remote attackers through unauthorized access to the admin panel, allowing manipulation of critical weather parameters and potentially endangering aircraft safety.
Product: Radiometrics VizAir
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61945
NVD References:
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-04.json
https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04

CVE-2025-61956 – Radiometrics VizAir lacks authentication mechanisms, enabling attackers to manipulate settings, mislead air traffic control, pilots, and forecasters.
Product: Radiometrics VizAir
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61956
NVD References:
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-04.json
https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04

CVE-2025-43338 – macOS Sonoma 14.8.2, iOS 26, and iPadOS 26 are susceptible to unexpected app termination or corrupt process memory due to an out-of-bounds access issue when processing malicious media files.
Product: Multiple Apple products
CVSS Score: 7.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43338
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43372 – Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory in ImageIO
Product: ImageIO
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43372
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+Again/32448/
ISC Podcast: https://isc.sans.edu/podcastdetail/9686

CVE-2025-43431 – Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1, iPadOS 26.1, and tvOS 26.1 are vulnerable to memory corruption via processing maliciously crafted web content, fixed with improved memory handling.
Product: Multiple Apple products
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43431
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43350 – iOS 26.1 and iPadOS 26.1 addressed a permissions issue, but an attacker may still access restricted content from the lock screen.
Product: Apple iOS and iPadOS
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43350
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43361 – macOS Sequoia 15.7.2 is vulnerable to a malicious app potentially able to read kernel memory due to an out-of-bounds read issue fixed in the latest update.
Product: Multiple Apple products
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43361
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43364 – macOS Sonoma and macOS Sequoia versions 14.8 and 15.7 fix a race condition vulnerability that could allow an app to break out of its sandbox.
Product: Apple macOS
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43364
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43373 – macOS Sonoma and macOS Sequoia versions 14.8.2 and 15.7.2 have fixed a vulnerability where an app could cause unexpected system termination or corrupt kernel memory.
Product: Apple macOS
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43373
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43387 – macOS Sequoia 15.7.2 fixed a permissions issue allowing a malicious app to gain root privileges.
Product: Apple macOS
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43387
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43389 – iOS 26.1, iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, and visionOS 26.1 fixed a privacy issue allowing apps to access sensitive user data by removing vulnerable code.
Product: Multiple Apple Products
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43389
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43399 – macOS Sequoia 15.7.2 is vulnerable to data exposure due to inadequate redaction of sensitive information, allowing an app to access protected user data.
Product: Apple macOS
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43399
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43401 – macOS Sonoma 14.8.2 and macOS Sequoia 15.7.2 allow remote attackers to cause a denial-of-service due to a validated denial-of-service issue.
Product: Apple macOS
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43401
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43405 – macOS Sonoma 14.8.2 and macOS Sequoia 15.7.2 contain a vulnerability where an app may access user-sensitive data due to an addressed permissions issue with additional sandbox restrictions.
Product: Apple macOS
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43405
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43407 – visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1, iPadOS 26.1, and tvOS 26.1 are now protected against an app potentially breaking out of its sandbox through improved entitlements.
Product: Multiple Apple products
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43407
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43409 – macOS Sequoia 15.7.2 fixed a permissions issue with additional sandbox restrictions, preventing apps from accessing sensitive user data.
Product: Apple macOS
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43409
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43413 – visionOS, macOS, watchOS, iOS, iPadOS, and tvOS were vulnerable to sandboxed apps potentially being able to observe system-wide network connections, but the issue is fixed in the latest updates.
Product: Multiple Apple products
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43413
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43424 – iOS and iPadOS 26.1 are vulnerable to unexpected process crashes caused by a malicious HID device due to lack of proper bounds checks.
Product: Apple iOS and iPadOS
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43424
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43436 – watchOS, iOS, iPadOS, tvOS, visionOS 26.1 had a permissions issue where an app was able to enumerate a user’s installed apps but this has been fixed with additional restrictions.
Product: Multiple Apple products
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43436
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43439 – iOS 26.1, iPadOS 26.1, and visionOS 26.1 have fixed a privacy issue where an app could potentially fingerprint the user.
Product: Multiple Apple products
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43439
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43442 – iOS and iPadOS versions prior to 26.1 may allow apps to identify other apps installed by the user due to a permissions issue that has been resolved.
Product: Apple iOS and iPadOS
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43442
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43449 – iOS and iPadOS versions 26.1 fixed a vulnerability where a malicious app could track users between installs by improving cache handling.
Product: Apple iOS and iPadOS
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43449
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43450 – iOS and iPadOS versions prior to 26.1 allowed an app to learn information about the current camera view before being granted camera access.
Product: Apple iOS and iPadOS
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43450
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43452 – iOS 26.1 and iPadOS 26.1 display sensitive keyboard suggestions on the lock screen.
Product: Apple iOS and iPadOS
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43452
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43454 – iOS and iPadOS versions 26.1 may allow a device to persistently fail to lock due to improved state management.
Product: Apple iOS and iPadOS
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43454
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43462 – watchOS 26.1, iOS 26.1, iPadOS 26.1, tvOS 26.1, and visionOS 26.1 are vulnerable to an issue that could allow an app to cause unexpected system termination or corrupt kernel memory.
Product: Multiple Apple products
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43462
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43468 – Intel-based Mac computers may have a vulnerability that allows apps to access sensitive user data.
Product: Apple macOS
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43468
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43469 – macOS Sonoma 14.8.2 and macOS Sequoia 15.7.2 have fixed a permissions issue allowing apps to potentially access sensitive user data.
Product: Apple macOS
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43469
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43472 – macOS was vulnerable to an issue that allowed an app to gain root privileges, fixed in versions 14.8.2 and 15.7.2 with improved input sanitization.
Product: Apple macOS
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43472
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43474 – macOS is vulnerable to an out-of-bounds read which may allow an app to cause unexpected system termination or read kernel memory.
Product: Apple macOS
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43474
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43476 – macOS Sonoma 14.8.2 and macOS Sequoia 15.7.2 may allow an app to break out of its sandbox due to a permissions issue that has been fixed with additional restrictions.
Product: Apple macOS
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43476
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43480 – Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1, iPadOS 26.1, and tvOS 26.1 are now protected from data exfiltration by malicious websites with improved checks.
Product: Multiple Apple products
CVSS Score: 8.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43480
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43496 – watchOS, iOS, iPadOS, macOS, and visionOS versions prior to 26.1, 15.7.2, and 26.1, respectively, allow remote content loading despite ‘Load Remote Images’ being disabled.
Product: Multiple Apple products
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43496
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43500 – watchOS 26.1, iOS 26.1, iPadOS 26.1, and visionOS 26.1 allow an app to access sensitive user data due to improved handling of user preferences.
Product: Multiple Apple products
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43500
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43502 – Safari 26.1 addressed a privacy issue by removing sensitive data, fixing the problem in iOS 26.1 and iPadOS 26.1 as well, but an app could still bypass certain privacy preferences.
Product: Apple Safari
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43502
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43505 – Xcode 26.1 is vulnerable to an out-of-bounds write issue that could lead to heap corruption when processing a maliciously crafted file.
Product: Apple Xcode
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43505
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-43400 – macOS, visionOS, iOS, and iPadOS were affected by an out-of-bounds write issue when processing maliciously crafted fonts, potentially leading to unexpected app termination or memory corruption.
Product: Multiple Apple products
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43400
ISC Diary: https://isc.sans.edu/diary/32448

CVE-2025-4665 – WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 is vulnerable to pre-authentication SQL injection and insecure deserialization, allowing for remote exploitation without authentication through crafted input.
Product: WordPress Contact Form CFDB7
Active Installations: 600,000+
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4665
NVD References: https://wordpress.org/plugins/contact-form-cfdb7

CVE-2025-5397 – The Noo JobMonster theme for WordPress is vulnerable to authentication bypass, allowing unauthenticated attackers to access administrative user accounts.
Product: Noo JobMonster theme for WordPress
Active Installations: Unknown. Update to version 4.8.2, or a newer patched version
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5397
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/6fa4aa8d-d7f1-4e91-bb2c-c9f80a4bb216?source=cve

CVE-2025-8489 – The King Addons for Elementor plugin for WordPress allows privilege escalation from versions 24.12.92 to 51.1.14 by not properly restricting user roles, enabling unauthenticated attackers to register as administrators.
Product: King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor
Active Installations: 10,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8489
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/a1bb2b06-9a3b-4428-8624-26a1202fe3b0?source=cve

CVE-2025-11833 – The Post SMTP plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the __construct function.
Product: Post SMTP Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin
Active Installations: 400,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11833
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/491f44fc-712c-4f67-b5c2-a7396941afc1?source=cve

CVE-2025-11499 – The Tablesome Table plugin for WordPress is vulnerable to arbitrary file uploads, enabling unauthenticated attackers to potentially execute remote code on the affected site’s server.
Product: Tablesome Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin
Active Installations: 9,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11499
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/2be770c7-7aa2-430b-981d-5d81fe068bef?source=cve

CVE-2025-8900 – The Doccure Core plugin for WordPress allows unauthenticated attackers to gain elevated privileges through privilege escalation in versions up to, but not including, 1.5.4.
Product: Doccure WordPress plugin
Active Installations: Unknown. Update to version 1.5.4, or a newer patched version.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8900
NVD References:
https://themeforest.net/item/doccure-medical-wordpress-theme/34329202
https://www.wordfence.com/threat-intel/vulnerabilities/id/49e133c9-5d3b-4a2a-8385-e2db44baa217?source=cve

CVE-2025-11007 & CVE-2025-11008 – The CE21 Suite plugin for WordPress allows unauthenticated attackers to update API settings and create new admin accounts (CVE-2025-11007) and is vulnerable to Sensitive Information Exposure through the log file, allowing unauthenticated attackers to extract sensitive data and potentially take over a site (CVE-2025-11008).
Product: WordPress CE21 Suite plugin
Active Installations: This plugin has been closed as of October 30, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11007
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11008
NVD References:
https://www.wordfence.com/threat-intel/vulnerabilities/id/5e24feac-1812-45d7-b3c3-27787eed1cf1?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/91aa86d9-8e42-4deb-b6ca-c3b388fefcb1?source=cve

CVE-2025-12158 – The Simple User Capabilities plugin for WordPress allows unauthenticated attackers to elevate user roles to administrator due to missing capability checks.
Product: WordPress Simple User Capabilities plugin
Active Installations: This plugin has been closed as of October 30, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12158
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/dd75b8ec-1961-4a7a-92e6-1517e638974b?source=cve

CVE-2025-12493 – The ShopLentor plugin for WordPress is vulnerable to Local File Inclusion up to version 3.2.5, allowing unauthenticated attackers to execute arbitrary .php files on the server.
Product: ShopLentor WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor)
Active Installations: 100,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12493
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/12bb4bb9-e908-43ad-8fb1-59418580f5e1?source=cve

CVE-2025-12682 – The Easy Upload Files During Checkout plugin for WordPress allows unauthenticated attackers to upload arbitrary JavaScript files, leading to potential remote code execution.
Product: WordPress Easy Upload Files During Checkout plugin
Active Installations: 600+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12682
NVD References:
https://plugins.trac.wordpress.org/changeset/3384711/
https://www.wordfence.com/threat-intel/vulnerabilities/id/6a050764-0ba6-49a4-bd71-f79e3129fc4c?source=cve

Wildcard SSL