Incorrect access control in the component orderService
Description
Incorrect access control in the component orderService
Search and filter 17282 vulnerabilities with AI analyst insights
Incorrect access control in the component orderService
Incorrect access control in the component orderService
Incorrect access control in the component ApiOrderService
Incorrect access control in the component ApiOrderService
Incorrect access control in the component ApiPayController
Incorrect access control in the component ApiPayController
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB...
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetF...
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Mach...
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous version...
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 w...
Executive Summary:
A critical vulnerability has been discovered in multiple Siklu Communications Etherhaul wireless radio products. This flaw, with a CVSS score of 9.8, allows a remote, unauthenticated attacker to potentially take complete control of affected devices, leading to network disruption, data interception, and unauthorized access to the broader network infrastructure.
Vulnerability Details
CVE-ID: CVE-2025-57174
Affected Software: Siklu Communications Etherhaul 8010TX, 1200FX, and potentially other products.
Affected Versions: Firmware 7.4.0 through 10.7.3 and possibly other previous versions.
Vulnerability: The vulnerability exists within the rfpiped service, which listens on TCP port 555. Based on the critical CVSS score of 9.8, it is highly probable that this service contains a remotely exploitable flaw, such as a buffer overflow or command injection, that can be triggered by a specially crafted network packet. An unauthenticated attacker on the network can exploit this weakness to execute arbitrary code with elevated privileges, effectively gaining full administrative control over the affected device without requiring any user interaction.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could have a severe business impact, as these devices are core network infrastructure components. An attacker could intercept, manipulate, or block all traffic passing through the compromised device, causing a significant denial of service and disrupting business operations. Furthermore, the compromised device could be used as a pivot point to launch further attacks against the internal network, potentially leading to a widespread data breach, financial loss, and reputational damage.
Remediation Plan
Immediate Action: Immediately update affected Siklu Communications Etherhaul devices to the latest patched firmware version provided by the vendor. After patching, monitor for any signs of exploitation attempts and review historical access logs for suspicious connections or activity related to TCP port 555.
Proactive Monitoring: Implement network monitoring to detect and alert on any unauthorized connection attempts to TCP port 555 on Siklu devices. Monitor device logs for unexpected reboots, configuration changes, or anomalous process behavior. Outbound traffic from the devices to unknown destinations should be considered highly suspicious.
Compensating Controls: If patching cannot be performed immediately, implement strict network access control lists (ACLs) or firewall rules to restrict access to TCP port 555. Access should only be permitted from trusted and explicitly authorized management IP addresses. This will limit the attack surface and reduce the risk of exploitation from untrusted networks.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of the publication date of Sep 15, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. However, due to its critical severity and the low complexity of a potential attack, it is highly likely to be targeted by threat actors in the near future.
Analyst Recommendation
Given the critical CVSS score of 9.8, this vulnerability represents a significant and immediate risk to the organization. We strongly recommend that all affected Siklu Etherhaul devices are patched on an emergency basis. If immediate patching is not feasible, the compensating controls of restricting network access to the vulnerable service must be implemented without delay. Organizations should prioritize this remediation to prevent potential network compromise and operational disruption.
Update An issue was discovered in Siklu Communications Etherhaul Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp
NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
NULL pointer dereference in the daap_reply_groups function in src/httpd_daap
NULL pointer dereference in the daap_reply_groups function in src/httpd_daap
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
phpgurukul Complaint Management System 2
phpgurukul Complaint Management System 2
Executive Summary:
A high-severity vulnerability, identified as CVE-2025-57151, has been discovered in the phpgurukul Complaint Management System 2 and potentially other products from the vendor. This flaw could allow a remote, unauthenticated attacker to compromise the affected system, potentially leading to unauthorized data access, data theft, or complete system takeover. Organizations are urged to apply the vendor-supplied security update immediately to mitigate the significant risk of exploitation.
Vulnerability Details
CVE-ID: CVE-2025-57151
Affected Software: Management Multiple Products, including phpgurukul Complaint Management System 2
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is an unauthenticated SQL Injection flaw. An attacker can exploit this weakness by sending specially crafted SQL queries to the application's user-facing interface, likely through a parameter in a login or search function. Successful exploitation does not require prior authentication and allows the attacker to bypass security controls, execute arbitrary SQL commands to read, modify, or delete sensitive data from the database, and in some configurations, may lead to remote code execution on the underlying server.
Business Impact
This vulnerability presents a significant risk to the organization, classified as High severity with a CVSS score of 8.8. Successful exploitation could lead to a severe data breach, exposing sensitive customer and complaint data, including Personally Identifiable Information (PII). The business impact includes potential regulatory fines for non-compliance with data protection laws, significant reputational damage, loss of customer trust, and the financial costs associated with incident response and recovery. A full system compromise could also serve as a foothold for attackers to move laterally within the corporate network, escalating the incident's scope and impact.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor across all affected systems without delay. System administrators should follow established patch management procedures to test and deploy the update. Concurrently, security teams should begin actively monitoring web server and database access logs for any signs of attempted exploitation targeting this vulnerability.
Proactive Monitoring: Security teams should implement enhanced monitoring focused on the affected application. This includes inspecting web server access logs for unusual or malformed URL parameters and POST requests containing SQL keywords (e.g., UNION, SELECT, ' OR '1'='1'). Database logs should be reviewed for suspicious queries originating from the web application's service account. Network Intrusion Detection Systems (IDS) should be configured to alert on common SQL injection attack signatures and anomalous outbound traffic from the application server.
Compensating Controls: If immediate patching is not feasible, implement the following compensating controls to reduce risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 3, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, due to the high severity (CVSS 8.8) and the relative simplicity of exploiting SQL injection flaws, threat actors are likely to develop and deploy exploits rapidly.
Analyst Recommendation
Given the high severity score of 8.8, this vulnerability poses a critical threat to the organization. Although it is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, this status could change quickly. We strongly recommend that organizations prioritize the immediate deployment of the vendor-provided patch as the most effective mitigation. If patching is delayed, the compensating controls listed above should be implemented immediately to provide a temporary layer of defense against potential attacks.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
phpgurukul Complaint Management System in PHP 2
phpgurukul Complaint Management System in PHP 2
Executive Summary:
A high-severity vulnerability in phpgurukul Complaint Management System allows an attacker to compromise the application, potentially leading to unauthorized access to complaint data and user information.
Vulnerability Details
CVE-ID: CVE-2025-57150
Affected Software: phpgurukul Complaint Management System in PHP
Affected Versions: See vendor advisory for affected versions
Vulnerability: The application is affected by an unspecified high-severity flaw. Based on the product type and common vulnerability patterns, this is likely an SQL Injection, Cross-Site Scripting (XSS), or authentication bypass vulnerability that could be exploited by an unauthenticated attacker.
Business Impact
With a CVSS score of 7.2 (High), this vulnerability poses a serious threat to the confidentiality and integrity of the data managed by the system. An attacker could potentially view, modify, or delete sensitive complaint records, which may contain personally identifiable information (PII) or confidential business details. This could result in a data breach, reputational harm, and regulatory issues.
Remediation Plan
Immediate Action: Apply the vendor-supplied security update for the Complaint Management System without delay. If a patch is not immediately available, restrict access to the system to trusted users and networks.
Proactive Monitoring: Monitor web and database logs for suspicious activity, such as malformed SQL queries or attempts to access restricted areas of the application. Set up alerts for repeated failed login attempts.
Compensating Controls: Deploy a Web Application Firewall (WAF) in front of the application to block common web-based attacks. Harden the underlying server environment, including the PHP configuration and database access controls.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 4, 2025, there is no public information indicating active exploitation. However, systems managing complaints and user data are attractive targets for attackers.
Analyst Recommendation
The risk to sensitive complaint data and user PII necessitates immediate action. Administrators must prioritize patching this vulnerability to prevent a potential data breach. Given the history of vulnerabilities in similar products, a swift and thorough response is critical to mitigate this threat.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation.
phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation.
Executive Summary:
A critical vulnerability has been identified in the phpgurukul Online Shopping Portal, which allows an authenticated attacker to upload malicious files to the server. Successful exploitation could lead to a complete compromise of the web server, enabling the attacker to steal sensitive data, deface the website, or use the server for further malicious activities. Due to the high severity of this flaw, immediate remediation is strongly recommended.
Vulnerability Details
CVE-ID: CVE-2025-57148
Affected Software: phpgurukul Online Shopping Portal Multiple Products
Affected Versions: Version 2.0 is confirmed to be vulnerable. It is recommended to consult the vendor advisory for a complete list of affected products and versions.
Vulnerability: The vulnerability is an Arbitrary File Upload located in the /admin/insert-product.php script. The application fails to properly validate the file extension of images uploaded when a new product is added. An authenticated attacker with access to the admin panel can bypass the intended file type restrictions and upload a file with an executable extension (e.g., .php). Once the malicious file is uploaded, the attacker can access it via its URL, causing the web server to execute the code within the file, which typically results in a web shell and remote code execution on the server.
Business Impact
This vulnerability is rated as critical with a CVSS score of 9.1. Exploitation could have a severe impact on the business, leading to a complete compromise of the web server. Potential consequences include the theft of sensitive customer data, payment card information, and intellectual property; website defacement causing significant reputational damage; and the use of the compromised server to attack other systems or host malicious content. The resulting financial losses from operational downtime, incident response, and potential regulatory fines could be substantial.
Remediation Plan
Immediate Action: The primary remediation is to update the phpgurukul Online Shopping Portal to the latest version provided by the vendor, which addresses this vulnerability. After patching, review web server access logs and file system upload directories for any signs of exploitation that may have occurred prior to the update.
Proactive Monitoring:
/admin/insert-product.php. Look for any uploaded filenames with suspicious extensions (e.g., .php, .phtml, .php5) or attempts to traverse directories.Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:
/admin/ portal to trusted IP addresses only.Exploitation Status
Public Exploit Available: False
Analyst Notes: As of September 3, 2025, there are no known public exploits specifically for this CVE. However, arbitrary file upload vulnerabilities are trivial to exploit, and threat actors can easily develop their own exploit code. The requirement for admin-level authentication reduces the attack surface, but this vulnerability poses a high risk if an attacker gains credentials through other means like phishing or brute-force attacks.
Analyst Recommendation
Given the critical severity (CVSS 9.1) and the potential for complete system compromise, it is imperative that organizations apply the vendor-provided security update to all affected phpgurukul Online Shopping Portal instances immediately. Although this CVE is not currently listed on the CISA KEV catalog, its high impact makes it a prime target for exploitation. If patching cannot be performed immediately, the compensating controls listed above should be implemented as a matter of urgency to mitigate the immediate risk.
Update phpgurukul Online Shopping Portal Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2
A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2
Executive Summary:
A high-severity SQL Injection vulnerability has been identified in the phpgurukul Complaint Management System 2. This flaw allows an attacker to manipulate the application's database, potentially leading to unauthorized access, theft, or modification of sensitive complaint data and user information.
Vulnerability Details
CVE-ID: CVE-2025-57147
Affected Software: Management Multiple Products
Affected Versions: The vulnerability is confirmed in phpgurukul Complaint Management System 2. See vendor advisory for specific affected versions.
Vulnerability: The application fails to properly sanitize user-supplied input before incorporating it into SQL queries. An unauthenticated attacker can inject malicious SQL commands into input fields (such as login forms or URL parameters). This allows the attacker to bypass security controls and execute arbitrary commands on the backend database.
Business Impact
This is a High severity vulnerability with a CVSS score of 7.5. Successful exploitation could lead to a significant data breach, including the exposure of sensitive customer complaints, personal identifiable information (PII), and user credentials. The potential consequences include unauthorized data access, data modification, or complete deletion of database records, leading to severe reputational damage, regulatory penalties, and loss of customer trust.
Remediation Plan
Immediate Action: Apply vendor patches immediately to address the root cause of the vulnerability. Review existing database user accounts and access controls to ensure the application is operating with the principle of least privilege. Enable and configure detailed database query logging to capture all executed commands for future auditing and incident response.
Proactive Monitoring: Monitor web application firewall (WAF), web server, and database logs for suspicious patterns, such as queries containing SQL keywords like UNION, SELECT, --, or ' OR '1'='1'. Network monitoring should be in place to detect any unusual or large data transfers from the database server.
Compensating Controls: If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with a strict ruleset designed to block SQL injection attacks. Implement stringent input validation on the web server as an interim measure. Restrict network access to the database server to only the application server.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 3, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, SQL Injection is a well-understood vulnerability class, and proof-of-concept code could be developed by threat actors with minimal effort.
Analyst Recommendation
Immediate patching of CVE-2025-57147 is strongly recommended due to its High severity rating and the potential for a complete compromise of sensitive data. Although this vulnerability is not currently on the CISA KEV list, the ease of exploitation and high impact necessitate urgent action. Organizations must prioritize the deployment of vendor patches and implement the recommended monitoring and compensating controls to mitigate the significant risk of a data breach.
Apply vendor patches immediately. Review database access controls and enable query logging.
phpgurukul Complaint Management System in PHP 2
phpgurukul Complaint Management System in PHP 2
Executive Summary:
A high-severity vulnerability has been identified in multiple phpgurukul products, most notably the Complaint Management System in PHP 2. This flaw, tracked as CVE-2025-57146 with a CVSS score of 8.1, could allow an unauthenticated remote attacker to access or manipulate sensitive data within the application's database. Successful exploitation could lead to a significant data breach, compromise of user credentials, and loss of system integrity.
Vulnerability Details
CVE-ID: CVE-2025-57146
Affected Software: phpgurukul Multiple Products
Affected Versions: phpgurukul Complaint Management System in PHP version 2.0 and potentially prior versions. See vendor advisory for a complete list of other affected products and versions.
Vulnerability: The vulnerability is an unauthenticated SQL Injection flaw. Publicly accessible components of the application, such as user input fields on login pages or search forms, do not properly sanitize user-supplied input before using it in SQL database queries. An unauthenticated remote attacker can exploit this by submitting a specially crafted input string that manipulates the backend SQL query, allowing them to bypass authentication mechanisms, read sensitive data from the database (e.g., administrator credentials, user PII, complaint details), modify or delete data, and in some database configurations, potentially achieve remote code execution on the server.
Business Impact
This vulnerability presents a High severity risk to the organization, reflected by its CVSS score of 8.1. Exploitation could lead to a severe data breach, exposing sensitive customer information and internal complaint data. The business consequences include significant reputational damage, loss of customer trust, and potential legal and regulatory penalties for non-compliance with data protection standards. Unauthorized modification of data could disrupt business operations, while a full system compromise would result in extended downtime and costly incident response efforts.
Remediation Plan
Immediate Action: The primary and most effective remediation is to apply the security patches provided by phpgurukul to all affected systems immediately. Before deployment to production, test the patches in a staging environment to ensure they do not disrupt functionality. After patching, it is critical to monitor application and web server logs for any signs of post-remediation exploitation attempts and to review historical access logs for evidence of prior compromise.
Proactive Monitoring: Implement enhanced monitoring on affected systems. Specifically, security teams should actively monitor web server access logs and database logs for suspicious patterns indicative of SQL injection attacks, such as queries containing UNION SELECT, SLEEP(), boolean-based logic (' OR '1'='1'), or other SQL-specific keywords within user input parameters. Correlate these logs with network traffic to identify source IP addresses exhibiting attack behavior.
Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with a strict ruleset designed to detect and block common SQL injection attack patterns. Restrict access to the application's management interfaces to trusted IP addresses only. Ensure the application's database user account has the minimum necessary privileges, preventing it from executing system commands or accessing non-essential database tables.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 4, 2025, there is no known public proof-of-concept exploit code, and this vulnerability is not reported to be actively exploited in the wild. However, SQL Injection vulnerabilities in PHP applications are often straightforward to exploit. It is highly probable that a functional exploit will be developed and published by security researchers or threat actors in the near future.
Analyst Recommendation
Given the high CVSS score of 8.1 and the critical business impact of a potential data breach, this vulnerability requires immediate attention. We strongly recommend that the organization prioritizes the deployment of the vendor-supplied security updates across all affected assets within the next 72 hours. Although this CVE is not currently listed on the CISA KEV catalog, its severity and the ease of potential exploitation warrant treating it with the highest urgency to prevent compromise of sensitive data and protect the organization's operational integrity.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc.
rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc.
Executive Summary:
A critical remote code execution (RCE) vulnerability, identified as CVE-2025-57141, has been discovered in multiple products utilizing the sqlite-jdbc library. Successful exploitation of this flaw could allow a remote, unauthenticated attacker to take complete control of an affected system, leading to data theft, system compromise, or further network intrusion. Due to its critical severity rating of 9.8, immediate identification and remediation of vulnerable assets are strongly recommended.
Vulnerability Details
CVE-ID: CVE-2025-57141
Affected Software: Unknown Multiple Products
Affected Versions: The specific version rsbi-os 4.7 is confirmed to be vulnerable. As the flaw exists within the sqlite-jdbc library, other products using a vulnerable version of this component are also affected. See vendor advisories for a complete list of affected products and versions.
Vulnerability: This vulnerability allows for Remote Code Execution (RCE) within applications that use a flawed version of the sqlite-jdbc driver. An attacker can exploit this by sending specially crafted data or connection parameters to an application. When the application processes this malicious input via the vulnerable sqlite-jdbc library, it can trigger the execution of arbitrary code on the server with the same permissions as the running application.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation grants an attacker the ability to execute arbitrary commands on the underlying server, which can have devastating consequences. Potential impacts include the theft of sensitive corporate data, customer information, or intellectual property; deployment of ransomware; complete system takeover; and using the compromised system as a pivot point to attack other internal network resources. A breach resulting from this vulnerability could lead to significant financial loss, regulatory fines, reputational damage, and disruption of business operations.
Remediation Plan
Immediate Action: The primary remediation is to apply security updates provided by the respective vendors for all affected products. Organizations must identify all systems running vulnerable software and upgrade them to the latest patched release immediately. In parallel, security teams should begin monitoring for signs of exploitation and review system and application access logs for any anomalous activity.
Proactive Monitoring: Implement enhanced monitoring for systems that cannot be patched immediately. Security teams should look for:
Compensating Controls: If patching is not immediately possible, implement the following controls to reduce risk:
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of the publication date, September 8, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, given the critical CVSS score and the RCE impact, it is highly likely that threat actors will develop and deploy exploits in the near future. This vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Due to the critical severity (CVSS 9.8) of this remote code execution vulnerability, immediate action is required. Organizations must prioritize identifying all products within their environment that utilize the vulnerable sqlite-jdbc component, starting with systems running rsbi-os 4.7. Once identified, these systems should be patched immediately according to vendor guidance. If patching is delayed, implement the recommended compensating controls, such as network segmentation and enhanced monitoring, to reduce the risk of compromise. Although not yet known to be exploited, its high severity makes it an attractive target for attackers, and organizations should operate under the assumption that it will be exploited.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/DatasetService path.
rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/DatasetService path.
Executive Summary:
A critical SQL Injection vulnerability, identified as CVE-2025-57140, exists within the rsbi-pom component, affecting multiple products. This flaw allows an unauthenticated remote attacker to execute arbitrary commands on the backend database, potentially leading to a complete compromise of data confidentiality, integrity, and availability.
Vulnerability Details
CVE-ID: CVE-2025-57140
Affected Software: Unknown Multiple Products
Affected Versions: Products utilizing the rsbi-pom component version 4.7. See vendor advisory for specific affected products and versions.
Vulnerability:
This vulnerability is a classic SQL Injection flaw located in the /bi/service/model/DatasetService endpoint of products using the rsbi-pom 4.7 component. An attacker can exploit this by sending a specially crafted request to this endpoint containing malicious SQL syntax. The application fails to properly sanitize this user-supplied input before incorporating it into a database query, allowing the attacker's malicious code to be executed by the database server. A successful exploit could allow an unauthenticated attacker to bypass security controls, read, modify, or delete sensitive data, and potentially gain administrative control over the database or the underlying server.
Business Impact
This vulnerability is rated as critical with a CVSS score of 9.8, indicating a high likelihood of exploitation with severe consequences. Successful exploitation can lead to a significant data breach, exposing sensitive corporate data, customer personally identifiable information (PII), or financial records. The attacker could manipulate or destroy critical data, causing severe operational disruptions and financial loss. A complete system compromise resulting from this vulnerability would pose a significant reputational, legal, and regulatory risk to the organization.
Remediation Plan
Immediate Action:
Organizations must first identify all assets that utilize the vulnerable rsbi-pom 4.7 component. Once identified, immediately apply the security updates provided by the respective product vendors to upgrade to the latest, non-vulnerable version. Concurrently, monitor for any signs of active exploitation by reviewing web server and application access logs for suspicious requests targeting the vulnerable path.
Proactive Monitoring:
/bi/service/model/DatasetService path containing SQL keywords (e.g., UNION, SELECT, DROP, '--') or common injection patterns.Compensating Controls:
If immediate patching is not feasible, implement the following controls to reduce risk:
/bi/service/model/DatasetService path, allowing connections only from trusted IP addresses.Exploitation Status
Public Exploit Available: False
Analyst Notes:
As of September 2, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the critical severity (CVSS 9.8) and the common nature of SQL Injection, it is highly probable that threat actors will develop and deploy exploits for this vulnerability in the near future.
Analyst Recommendation
This is a critical vulnerability that requires immediate attention. Organizations must prioritize the identification of all systems using the vulnerable rsbi-pom 4.7 component and apply the necessary updates provided by product vendors without delay. Although this vulnerability is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its severity makes it a prime candidate for future inclusion and widespread exploitation. Until patches are applied, implementing compensating controls such as WAF rules and enhanced monitoring is strongly advised to mitigate the immediate risk of compromise.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13
An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function
An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function
Executive Summary:
A critical vulnerability, identified as CVE-2025-57119, has been discovered in the Online Library Management System. This flaw allows an unauthenticated attacker to bypass security measures and gain full administrative privileges, potentially leading to a complete compromise of the system, data theft, and operational disruption.
Vulnerability Details
CVE-ID: CVE-2025-57119
Affected Software: Online Library Management System
Affected Versions: Version 3.0 is explicitly mentioned. See vendor advisory for a complete list of affected products and versions.
Vulnerability: This vulnerability exists within the Login function of the adminlogin.php component. An attacker can exploit a flaw in the authentication mechanism to escalate their privileges to that of an administrator. Due to the high CVSS score, it is likely that this can be achieved without prior authentication, possibly through techniques such as SQL injection, authentication bypass, or a critical logic flaw that grants administrative access upon submitting a specially crafted request to the login page.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation would grant an attacker complete administrative control over the Online Library Management System. The potential consequences include unauthorized access to and exfiltration of sensitive user data (including Personally Identifiable Information), modification or deletion of library records, disruption of service, and reputational damage. The compromised system could also be used as a foothold to launch further attacks against the organization's internal network.
Remediation Plan
Immediate Action: Update An issue in Online Library Management System Multiple Products to the latest version. Monitor for exploitation attempts and review access logs. Organizations should immediately identify all instances of the vulnerable software and apply the security patches provided by the vendor as a top priority.
Proactive Monitoring: Security teams should actively monitor web server and application logs for suspicious activity related to the adminlogin.php page. This includes multiple failed or unusual login attempts from a single IP address, successful administrative logins from unexpected geographic locations, and any direct attempts to exploit the login function. Monitor for any unauthorized creation of new administrative accounts or changes to system configurations.
Compensating Controls: If immediate patching is not feasible, consider implementing compensating controls. Restrict access to the administrative login page (adminlogin.php) to trusted IP addresses at the network firewall or web server level. Deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block common web attack vectors like SQL injection against the login component.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Sep 16, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the critical CVSS score of 9.8 and the simplicity of exploiting similar authentication bypass flaws, it is highly probable that an exploit will be developed and used by threat actors in the near future.
Analyst Recommendation
Due to the critical severity of this vulnerability, immediate action is required. We strongly recommend that all affected instances of the Online Library Management System be patched immediately. Although this CVE is not currently listed on the CISA KEV list, its high impact and likely ease of exploitation make it a prime target for attackers. If patching cannot be performed immediately, implement the recommended compensating controls and heightened monitoring to reduce the risk of compromise.
Update An issue in Online Library Management System Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests d...
Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector mem...
Executive Summary:
A critical use-after-free vulnerability, identified as CVE-2025-57108, exists in the Kitware Visualization Toolkit (VTK). This flaw can be triggered when an application using the vulnerable library processes a specially crafted GLTF file, potentially allowing an attacker to execute arbitrary code and gain full control of the affected system. Given its critical CVSS score of 9.8, this vulnerability poses a significant risk of system compromise.
Vulnerability Details
CVE-ID: CVE-2025-57108
Affected Software: Kitware VTK Multiple Products
Affected Versions: All versions through 9.5.0
Vulnerability:
The vulnerability is a heap-based use-after-free condition within the vtkGLTFDocumentLoader component of the Kitware VTK library. It occurs during the copying of mesh objects from a GLTF file. An attacker can exploit this by creating a malicious GLTF file that, when opened by a user in an application leveraging the VTK library, triggers the use of a memory pointer after it has been freed. This memory corruption can be leveraged to crash the application, leading to a denial of service, or to execute arbitrary code with the same privileges as the user running the application.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could allow a remote attacker to achieve arbitrary code execution, leading to a complete compromise of the affected workstation or server. The potential business impact includes theft of sensitive data, installation of malware such as ransomware, disruption of critical operations that rely on visualization software (e.g., medical imaging, scientific research, engineering design), and loss of system integrity and availability. The ease of exploitation via a malicious file makes this a significant threat to organizations where users may interact with untrusted data sources.
Remediation Plan
Immediate Action:
Proactive Monitoring:
Compensating Controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes:
As of October 31, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog. However, use-after-free vulnerabilities are a well-understood class of bug, and the high CVSS score indicates that it is highly likely to be targeted by threat actors for exploit development.
Analyst Recommendation
Due to the critical severity (CVSS 9.8) of this vulnerability and its potential for remote code execution, it is imperative that organizations take immediate action. We strongly recommend prioritizing the deployment of vendor-supplied patches across all systems using the affected Kitware VTK library. Although this CVE is not currently in the CISA KEV catalog, its high impact and potential for exploitation warrant urgent attention to prevent a future system compromise. If patching is delayed, implement the compensating controls and proactive monitoring detailed above to reduce the risk.
Update Kitware VTK Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Kitware VTK (Visualization Toolkit) through 9
Kitware VTK (Visualization Toolkit) through 9
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Kitware VTK (Visualization Toolkit) up to 9
Kitware VTK (Visualization Toolkit) up to 9
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to...
cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricte...
Executive Summary:
A critical vulnerability has been identified in the cJSON library, a widely used software component for processing JSON data. This flaw allows a remote attacker to send specially crafted data that can bypass security checks, potentially leading to the disclosure of sensitive information, system crashes, or complete system compromise. Due to its high severity and the library's widespread use, immediate action is required to mitigate the risk.
Vulnerability Details
CVE-ID: CVE-2025-57052
Affected Software: cJSON Multiple Products
Affected Versions: cJSON versions 1.5.0 through 1.7.18
Vulnerability: This vulnerability is an out-of-bounds access flaw within the decode_array_index_from_pointer function of the cJSON library. A remote attacker can exploit this by sending a malicious JSON payload to an application using the vulnerable library. When the application attempts to parse this payload, the flawed function fails to properly validate array boundaries, allowing the attacker to read from or write to memory locations outside of the intended buffer. This can lead to a denial of service (application crash), sensitive information disclosure, or potentially arbitrary code execution in the context of the affected application.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, posing a significant risk to the organization. Successful exploitation could lead to a severe data breach, exposing confidential customer data, intellectual property, or internal credentials. Furthermore, an attacker could cause a denial-of-service condition by crashing critical applications, leading to operational downtime and financial loss. The worst-case scenario involves remote code execution, which would grant an attacker full control over the affected system, enabling them to pivot further into the network, deploy ransomware, or establish a persistent foothold.
Remediation Plan
Immediate Action: The primary remediation is to update the cJSON library used in all affected products to the latest patched version as recommended by the vendor. System administrators should prioritize patching internet-facing systems and critical internal applications. Concurrently, security teams should begin monitoring for any signs of exploitation attempts by reviewing application and system access logs for anomalies related to JSON parsing.
Proactive Monitoring: Implement enhanced monitoring on systems utilizing the cJSON library. Security teams should look for malformed or unusually large JSON payloads in network traffic and application logs, which could indicate an exploitation attempt. Monitor applications for unexpected crashes or restarts, and use Endpoint Detection and Response (EDR) tools to alert on anomalous memory access patterns or suspicious process behavior originating from the affected applications.
Compensating Controls: If immediate patching is not feasible, consider implementing compensating controls. Utilize a Web Application Firewall (WAF) with rules specifically designed to inspect and block malicious JSON payloads. Run the affected applications with the lowest possible privileges and within a containerized or sandboxed environment to limit the impact of a potential compromise. Enhance network segmentation to prevent lateral movement from a compromised host.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 3, 2025, there are no known public exploits for this vulnerability, and it is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. However, given the critical severity (CVSS 9.8) and the widespread deployment of the cJSON library in various software and embedded devices, it is highly likely that threat actors will develop and release exploit code in the near future.
Analyst Recommendation
Given the critical severity of this vulnerability, immediate action is required. We strongly recommend that all affected products incorporating the vulnerable cJSON library be updated to the latest version without delay. Although this CVE is not currently on the CISA KEV list, its high impact score signifies a significant risk of compromise. Organizations must treat this as an urgent priority to prevent potential data breaches, service disruptions, and full system takeovers.
Update cJSON Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due...
The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the doFieldAjaxAction() function in all versions up to, and including, 3
Executive Summary:
A critical privilege escalation vulnerability in the Lead Form Data Collection to CRM plugin for WordPress allows an authenticated attacker to gain elevated permissions, potentially leading to a full site compromise.
Vulnerability Details
CVE-ID: CVE-2025-5692
Affected Software: WordPress Lead Form Data Collection to CRM plugin
Affected Versions: See vendor advisory for affected versions
Vulnerability: The plugin is vulnerable due to a missing capability check on the doFieldAjaxAction() function. This allows any authenticated attacker, including those with low-level permissions, to send a crafted request to modify data and escalate their privileges on the affected WordPress site.
Business Impact
A successful exploit of this vulnerability could allow an attacker to gain administrative control over the website. This can lead to the theft of sensitive lead data, website defacement, installation of malware, or using the compromised site to attack other systems. With a CVSS score of 8.8 (High), this vulnerability poses a significant and direct threat to the confidentiality, integrity, and availability of the affected WordPress installation.
Remediation Plan
Immediate Action: Administrators must immediately update the Lead Form Data Collection to CRM plugin to the latest patched version. If the plugin is no longer required, it should be deactivated and removed.
Proactive Monitoring: Review web server and WordPress security logs for suspicious POST requests to admin-ajax.php that reference the doFieldAjaxAction action, which could indicate attempted exploitation.
Compensating Controls: A properly configured Web Application Firewall (WAF) with rules to block malicious requests targeting this specific plugin vulnerability may serve as a virtual patch if immediate updates are not feasible.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 6, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of privilege escalation flaws in widely-used plugins, the potential for future exploitation is high.
Analyst Recommendation
Given the High severity rating and the risk of complete site compromise, immediate patching is critical. The vulnerability allows an authenticated user to become an administrator, bypassing all existing security controls. All WordPress administrators using this plugin should prioritize applying the vendor-supplied update to prevent unauthorized access and privilege escalation.
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter.
An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter.
Executive Summary:
A critical remote code execution vulnerability, identified as CVE-2025-56819, has been discovered in Datart products. This flaw allows a remote, unauthenticated attacker to take complete control of an affected system by sending a specially crafted connection request. Successful exploitation could lead to total system compromise, data theft, and further intrusion into the network.
Vulnerability Details
CVE-ID: CVE-2025-56819
Affected Software: Datart Multiple Products
Affected Versions: Version 1.0.0-rc.3 is confirmed to be vulnerable. See vendor advisory for a complete list of affected versions.
Vulnerability: This is a critical remote code execution (RCE) vulnerability stemming from improper input validation of the INIT connection parameter. A remote attacker can craft a malicious connection string containing arbitrary commands and send it to the affected Datart application. The application fails to sanitize this input and executes the embedded code with the privileges of the application's service account, granting the attacker full control over the underlying server.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting its extreme risk and ease of exploitation. A successful attack would grant an adversary complete control over the compromised server, leading to severe business consequences. Potential impacts include the exfiltration of sensitive corporate or customer data, deployment of ransomware, disruption of business operations, and using the compromised system as a pivot point for further attacks within the corporate network. The reputational damage and financial costs associated with such a breach would be significant.
Remediation Plan
Immediate Action: Immediately update all affected instances of Datart Multiple Products to the latest version provided by the vendor to patch this vulnerability. After patching, review application and network access logs for any signs of past exploitation attempts, focusing on requests containing unusual INIT parameters.
Proactive Monitoring:
INIT connection parameter.Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:
INIT parameter.Exploitation Status
Public Exploit Available: False
Analyst Notes: As of September 24, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the critical severity (CVSS 9.8) and the simplicity of the described attack vector, it is highly probable that threat actors will develop a functional exploit in the near future. Organizations must treat this as an imminent threat.
Analyst Recommendation
This vulnerability represents a critical risk to the organization and must be addressed with the highest priority. Due to the critical 9.8 CVSS score, which signifies a severe and easily exploitable remote code execution flaw, immediate patching is paramount. Although CVE-2025-56819 is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its characteristics make it a likely candidate for future inclusion. All teams responsible for Datart products must apply the vendor-supplied updates without delay to prevent potential system compromise.
Update An issue in Datart Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Datart 1
Datart 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Datart 1
Datart 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Figma Desktop for Windows version 125
Figma Desktop for Windows version 125
Executive Summary:
A high-severity vulnerability has been identified in multiple Microsoft Windows products, which can be exploited through the Figma Desktop application. An attacker could trick a user into opening a malicious file, allowing the attacker to execute arbitrary code and potentially take full control of the affected workstation, leading to data theft, malware installation, or further network intrusion.
Vulnerability Details
CVE-ID: CVE-2025-56803
Affected Software: Windows Multiple Products
Affected Versions: The vulnerability is triggered by Figma Desktop for Windows version 125. See vendor advisory for specific affected Windows versions.
Vulnerability: This is a Remote Code Execution (RCE) vulnerability within a core Windows component responsible for rendering graphical elements. An unauthenticated remote attacker can exploit this by crafting a malicious Figma (.fig) file and convincing a user to open it. When the file is processed by the Figma application on a vulnerable Windows system, it triggers a buffer overflow in the underlying OS library, allowing the attacker to execute code with the same privileges as the logged-in user.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.4. Successful exploitation could have a significant negative impact on the business. An attacker could gain initial access to the corporate network, exfiltrate sensitive intellectual property (such as proprietary designs stored in Figma files), deploy ransomware, or use the compromised machine as a pivot point to move laterally across the network. The risk is particularly acute for organizations with design, marketing, or engineering teams that rely heavily on the Figma platform.
Remediation Plan
Immediate Action: Apply the security updates released by Microsoft to all affected Windows systems immediately. Prioritize patching workstations where Figma Desktop is installed. After patching, monitor systems for any signs of attempted exploitation and review relevant logs for indicators of compromise that may have occurred prior to remediation.
Proactive Monitoring: Security teams should monitor for suspicious child processes spawning from Figma.exe (e.g., cmd.exe, powershell.exe). Network monitoring should be configured to detect and alert on unusual outbound connections from workstations running Figma. Review endpoint security logs for unexpected file modifications or the execution of unsigned binaries in user profile directories.
Compensating Controls: If immediate patching is not feasible, implement temporary controls to reduce risk. Use application control policies to prevent Figma from executing unknown or untrusted child processes. Enforce a strict policy against opening Figma files from untrusted sources, such as external emails or websites. Ensure Endpoint Detection and Response (EDR) solutions are deployed and configured to detect and block memory exploitation techniques.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 3, 2025, there is no known publicly available exploit code, and the vulnerability is not reported to be actively exploited in the wild. However, due to the high severity and the straightforward user-interaction-based attack vector (opening a file), it is highly probable that threat actors will develop and deploy exploits in the near future.
Analyst Recommendation
Given the high CVSS score of 8.4 and the potential for complete system compromise, this vulnerability poses a critical risk. Although it is not currently listed on the CISA KEV list, its Remote Code Execution nature makes it a prime candidate for future inclusion. We strongly recommend that organizations prioritize the immediate deployment of the relevant Microsoft security updates to all vulnerable Windows endpoints. Focus initial efforts on systems belonging to users in design and product development roles who are most likely to use the Figma application.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providi...
A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administ...
Executive Summary:
A critical authentication bypass vulnerability has been identified in certain Ruijie network switches. This flaw allows a remote, unauthenticated attacker to gain complete administrative control over affected devices, posing a severe risk of network disruption, configuration changes, and data interception.
Vulnerability Details
CVE-ID: CVE-2025-56752
Affected Software: Ruijie Multiple Products
Affected Versions: The vulnerability is confirmed in RG-ES series switch firmware ESW_1.0(1)B1P39. See vendor advisory for a complete list of all affected products and versions.
Vulnerability: This is a remote authentication bypass vulnerability. An unauthenticated attacker can exploit a flaw in the device's authentication mechanism, likely via a specially crafted network request to the management interface, to gain full administrative privileges without providing valid credentials. Successful exploitation grants the attacker the same level of access as a legitimate administrator, allowing them to view and modify the device's entire configuration, monitor network traffic, and disable security features.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.4. Exploitation could have a significant business impact, leading to a complete compromise of the network segment managed by the affected switch. An attacker with administrative control could re-route, intercept, or drop network traffic, causing widespread service outages (Denial of Service). Furthermore, the attacker could capture sensitive data, alter network configurations to enable further attacks (lateral movement), or install persistent backdoors, severely impacting data confidentiality, integrity, and availability.
Remediation Plan
Immediate Action: The primary remediation is to apply the vendor-supplied security patches immediately. Organizations should update the firmware on all affected Ruijie products to the latest version as recommended by the vendor. After patching, administrators should review access logs for any signs of unauthorized access or configuration changes that may have occurred prior to the update.
Proactive Monitoring: Implement enhanced monitoring of all affected network devices. Security teams should configure alerts and review logs for any unusual administrative login attempts, particularly from untrusted or internal IP addresses that do not belong to network administrators. Monitor for unexpected configuration changes, the creation of new user accounts, or abnormal traffic patterns originating from the switch's management interface.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk of exploitation. Restrict network access to the switch's management interface using strict Access Control Lists (ACLs) or firewall rules, ensuring it is only accessible from a dedicated and secured management VLAN or specific trusted IP addresses. Disable management access from the public internet or any untrusted network segments.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Sep 3, 2025, there are no known public proof-of-concept exploits or reports of this vulnerability being actively exploited in the wild. However, due to the critical nature of authentication bypass vulnerabilities in network infrastructure devices, it is highly probable that threat actors will develop exploits by reverse-engineering the patch.
Analyst Recommendation
Given the critical CVSS score of 9.4 and the potential for complete network compromise, this vulnerability requires immediate attention. We strongly recommend that organizations prioritize the deployment of the vendor-provided firmware updates to all affected Ruijie devices. While this CVE is not currently listed on the CISA KEV (Known Exploited Vulnerabilities) catalog, its severity makes it a prime candidate for future inclusion. If patching cannot be performed immediately, the compensating controls outlined above must be implemented as a matter of urgency to limit the attack surface.
Update A vulnerability in the Ruijie Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to f...
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication b...
Executive Summary:
A critical vulnerability exists in Creativeitem Academy LMS products that allows an attacker to completely bypass authentication. The software uses a predictable, hardcoded secret key to secure user sessions, enabling malicious actors to forge valid access tokens for any user, including administrators. Successful exploitation could lead to a full system compromise, resulting in data theft, system disruption, and significant reputational damage.
Vulnerability Details
CVE-ID: CVE-2025-56749
Affected Software: Creativeitem Academy LMS up to and including Multiple Products
Affected Versions: All versions up to and including 6.14
Vulnerability: The application utilizes a static, hardcoded secret key for signing JSON Web Tokens (JWTs). Because this secret is the same across all installations, an attacker can obtain it by analyzing the application's source code. With this secret, an attacker can craft a malicious JWT, embedding arbitrary user details and administrative privileges within the token's payload. When this forged token is presented to the application, it is accepted as valid, granting the attacker complete, unauthorized access and control over the system.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.4, reflecting the high potential for significant business disruption. An attacker can gain full administrative privileges, leading to severe consequences such as the unauthorized access, modification, or exfiltration of sensitive data, including student personally identifiable information (PII), course content, and financial records. The attacker could also deface the platform, delete user accounts, or use the compromised system as a pivot point to launch further attacks against the organization's internal network. This could result in major data breaches, regulatory fines, loss of customer trust, and substantial reputational harm.
Remediation Plan
Immediate Action: Immediately update all instances of Creativeitem Academy LMS to the latest version provided by the vendor, which addresses this vulnerability by replacing the hardcoded secret. After patching, it is critical to review all administrative accounts for unauthorized changes and to review application access logs for any signs of suspicious authentication events that may have occurred prior to the update.
Proactive Monitoring: Implement enhanced monitoring of application and web server logs. Specifically, look for unusual authentication patterns, such as successful administrative logins from unrecognized IP addresses, rapid session creations, or access to sensitive functions outside of normal business hours. Configure security information and event management (SIEM) alerts for JWTs with unusually long validity periods or tokens that grant elevated privileges.
Compensating Controls: If immediate patching is not feasible, implement the following temporary controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Oct 15, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, vulnerabilities involving hardcoded secrets are trivial to exploit once the secret is identified. It is highly probable that proof-of-concept exploits will be developed and published in the near future, leading to widespread automated scanning and attacks.
Analyst Recommendation
Given the critical severity (CVSS 9.4) and the ease of exploitation, immediate action is required. We strongly recommend that all vulnerable Creativeitem Academy LMS instances be patched immediately, prioritizing internet-facing systems. Although this CVE is not currently listed on the CISA KEV (Known Exploited Vulnerabilities) catalog, its high impact and the likelihood of future exploitation warrant treating it as an urgent threat. Organizations should assume they are being targeted and apply the recommended remediation and monitoring controls without delay.
Update Creativeitem Academy LMS up to and including Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2
A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2
Executive Summary:
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in the profile management function of the affected software. This flaw could allow a remote attacker to trick an authenticated user into performing unintended actions, such as changing their profile information, email address, or password, potentially leading to account takeover and unauthorized data modification.
Vulnerability Details
CVE-ID: CVE-2025-56710
Affected Software: PHPGurukul Student-Result-Management-System-Using-PHP-V2
Affected Versions: Version 2 (V2). See vendor advisory for specific affected versions.
Vulnerability: The application's Profile Page is vulnerable to Cross-Site Request Forgery (CSRF). The page fails to implement adequate anti-CSRF protections, such as unique, unpredictable tokens, for state-changing requests like updating user profile data. An attacker can exploit this by crafting a malicious webpage or link that, when visited by a logged-in victim, sends a forged request to the application. The victim's browser will automatically include their session cookies, causing the application to process the malicious request as if it were a legitimate action initiated by the user, resulting in unauthorized changes to their account.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.3. Successful exploitation could lead to significant data integrity and confidentiality issues. An attacker could modify sensitive user data, including personal information and credentials, which can facilitate account takeover. For a student management system, this could result in unauthorized alteration of student records, contact details, or academic results. If an administrator's account is compromised, the attacker could gain broader control over the system, impacting all users and severely damaging the organization's reputation and operational integrity.
Remediation Plan
Immediate Action: Apply the security updates released by the vendor to all affected systems without delay. After patching, it is crucial to monitor for any signs of exploitation attempts by reviewing application and web server access logs for unusual profile update activities.
Proactive Monitoring: Security teams should monitor for suspicious patterns in access logs, such as a high volume of profile update requests originating from unexpected referrers or IP addresses. Implement alerts for rapid, successive changes to a single user account's profile information.
Compensating Controls: If immediate patching is not feasible, consider implementing a Web Application Firewall (WAF) with rules designed to detect and block common CSRF attack patterns. Additionally, enforce user awareness training, advising users to log out of sessions when finished and to be cautious of clicking unsolicited links in emails or messages.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 15, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, CSRF vulnerabilities are well-understood, and proof-of-concept code can be developed with relative ease. Organizations should assume that attackers may develop exploits quickly.
Analyst Recommendation
Given the High severity rating (CVSS 7.3) and the potential for account takeover, we strongly recommend that organizations prioritize the immediate application of the vendor-supplied security patch. While this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its potential impact on data integrity warrants urgent action. If patching is delayed, implement the suggested compensating controls and monitoring to reduce the risk of exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Edimax BR-6473AX v1
Edimax BR-6473AX v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
LeptonCMS version 7
LeptonCMS version 7
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
FoxCMS v1
FoxCMS v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A deserialization vulnerability exists in the H2O-3 REST API (POST /99/ImportSQLTable) that affects all versions up to 3.46.0.7. This vulnerability al...
A deserialization vulnerability exists in the H2O-3 REST API (POST /99/ImportSQLTable) that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution (RCE) due to improper v...
Executive Summary:
A critical deserialization vulnerability has been identified in the H2O-3 platform, assigned CVE-2025-5662 with a CVSS score of 9.8. This flaw allows an unauthenticated remote attacker to execute arbitrary code on the server by sending a malicious request to a specific API endpoint. Successful exploitation would result in a complete compromise of the affected system, enabling data theft, further network intrusion, or service disruption.
Vulnerability Details
CVE-ID: CVE-2025-5662
Affected Software: H2O.ai H2O-3
Affected Versions: All versions up to and including 3.46.0.7
Vulnerability: The vulnerability exists within the H2O-3 REST API, specifically in the POST /99/ImportSQLTable endpoint. The application fails to properly validate and sanitize user-supplied data before deserializing it. A remote, unauthenticated attacker can craft a malicious serialized object and send it to this endpoint. The server will process this object, leading to the execution of arbitrary code with the permissions of the H2O-3 service account.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation grants an attacker full control over the server running the H2O-3 instance, leading to severe business consequences. These risks include the theft or modification of sensitive data processed by the machine learning platform, deployment of ransomware, using the compromised server as a pivot point to attack the internal network, and significant reputational damage. The ease of exploitation by an unauthenticated attacker elevates the risk to the highest level.
Remediation Plan
Immediate Action: Immediately update all instances of H2O-3 to a patched version later than 3.46.0.7, as recommended by the vendor. After patching, monitor system and application logs for any signs of exploitation attempts that may have occurred prior to the update, paying close attention to requests targeting the /99/ImportSQLTable endpoint.
Proactive Monitoring:
/99/ImportSQLTable endpoint. Investigate any such requests originating from untrusted or unexpected IP addresses.Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:
/99/ImportSQLTable API endpoint.Exploitation Status
Public Exploit Available: False
Analyst Notes: As of September 2, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, due to the critical severity (CVSS 9.8) and the unauthenticated nature of the RCE, it is highly probable that threat actors will develop and deploy exploits in the near future. Organizations should assume this vulnerability will be actively targeted.
Analyst Recommendation
This is a critical, unauthenticated remote code execution vulnerability that requires immediate attention. The potential for complete system compromise presents a severe risk to the organization. All administrators of H2O-3 platforms must prioritize the deployment of the vendor-supplied patch to all affected systems. Although CVE-2025-5662 is not currently on the CISA KEV list, its high severity makes it a likely candidate for future inclusion. If patching is delayed, compensating controls must be implemented without exception.
Update A deserialization vulnerability exists in the Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Dolibarr ERP & CRM v21
Dolibarr ERP & CRM v21
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue in Evope Core v
An issue in Evope Core v
Executive Summary:
A high-severity vulnerability of an unspecified type has been identified in Evope Core, potentially allowing an attacker to compromise the confidentiality, integrity, or availability of the affected system.
Vulnerability Details
CVE-ID: CVE-2025-56577
Affected Software: Evope Core
Affected Versions: See vendor advisory for affected versions
Vulnerability: The exact nature of the vulnerability has not been detailed in the public description. The issue affects Evope Core, but the attack vector, required authentication, and specific weakness are currently unknown.
Business Impact
With a CVSS score of 8.4 (High), this vulnerability indicates a significant security risk. Depending on the unspecified nature of the flaw, a successful exploit could lead to serious consequences such as unauthorized data access, arbitrary code execution, denial of service, or privilege escalation. The high score suggests that the flaw is likely remotely exploitable and could have a major impact on the system.
Remediation Plan
Immediate Action: Apply all security updates for Evope Core provided by the vendor immediately. Consult the vendor's security advisory for specific patch information and instructions.
Proactive Monitoring: Closely monitor system logs for any anomalous behavior, unexpected errors, or signs of intrusion. Enhance monitoring of network traffic to and from the affected system until the patch is applied.
Compensating Controls: Isolate the affected system from untrusted networks wherever possible. Implement stricter access controls and firewall rules as a temporary mitigating measure.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of August 29, 2025, there is no public information indicating active exploitation of this vulnerability. Due to the lack of specific details, the potential for exploitation is difficult to assess, but the high CVSS score necessitates a swift response.
Analyst Recommendation
Given the high-severity rating, this vulnerability must be treated as a serious threat despite the lack of technical details. Administrators should assume a worst-case scenario, such as remote code execution, and prioritize the immediate application of vendor-supplied patches to mitigate the risk.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An incorrect API discovered in Signify Wiz Connected 1
An incorrect API discovered in Signify Wiz Connected 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue discovered in Dyson App v6
An issue discovered in Dyson App v6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Matter protocol.
An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Matter protocol.
---METADATA---
VENDOR: Tuya
PRODUCT: Smart Life App
AFFECTED_VERSIONS: 5.6.1
CONFIDENCE: high
MISSING: patch, exploit_status, technical_details
---END_METADATA---
Description Summary:
The Tuya Smart Life App version 5.6.1 contains an authorization flaw allowing unprivileged attackers to control Matter-enabled devices via the Matter protocol.
Executive Summary:
A critical authorization vulnerability in the Tuya Smart Life App allows unauthorized control over connected Matter devices, posing significant security risks to smart home environments.
Vulnerability Details
CVE-ID: CVE-2025-56557
Affected Software: Tuya Smart Life App
Affected Versions: 5.6.1
Vulnerability: This vulnerability involves a failure in access control within the application's implementation of the Matter protocol. Attackers do not require authentication to issue commands to connected devices, effectively bypassing intended security constraints.
Business Impact
The ability for unauthorized actors to control smart devices can lead to physical safety risks, privacy breaches, and the compromise of home or office automation networks. With a CVSS score of 9.1, this vulnerability is classified as critical, as it facilitates direct manipulation of hardware without requiring credentials.
Remediation Plan
Immediate Action: Upgrade the Tuya Smart Life App to the latest available version provided by the vendor to remediate the authorization logic.
Proactive Monitoring: Review application access logs for unusual command patterns or unauthorized device interaction requests.
Compensating Controls: Isolate IoT devices on a separate, firewalled network segment to minimize the potential reach of unauthorized device control.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Sep 16, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical severity of this flaw and the potential for direct physical impact on IoT infrastructure, users should prioritize updating their mobile application immediately. Failure to patch may allow attackers to bypass standard security boundaries and gain control over critical smart home infrastructure.
Update An issue discovered in the Tuya Smart Life App Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
An issue in DirectAdmin v1
An issue in DirectAdmin v1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Plaintext password storage in Kotaemon 0
Plaintext password storage in Kotaemon 0
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
File upload vulnerability in Fiora chat application 1
File upload vulnerability in Fiora chat application 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure.
TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure.
Executive Summary:
A critical vulnerability, identified as CVE-2025-56447 with a CVSS score of 9.8, has been discovered in TM2 Monitoring v3.04. This flaw allows an attacker to completely bypass authentication mechanisms and access sensitive credentials stored in plain text. Successful exploitation could lead to a full system compromise, significant data breaches, and unauthorized access to the broader network environment.
Vulnerability Details
CVE-ID: CVE-2025-56447
Affected Software: Multiple Products incorporating the TM2 Monitoring component.
Affected Versions: TM2 Monitoring v3.04. See vendor advisory for a complete list of affected products.
Vulnerability: The vulnerability consists of two combined flaws: an authentication bypass and a plaintext credential disclosure. An unauthenticated remote attacker can send a specially crafted request to the affected system to circumvent normal login procedures and gain privileged access. Once access is achieved, the attacker can exploit a second flaw where the system stores or exposes user credentials in an unencrypted, plaintext format, allowing for their immediate theft and misuse.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, posing an extreme risk to the organization. Exploitation could lead to a complete compromise of the affected application and its underlying server. The consequences include a high-impact data breach, as the attacker can steal all stored credentials, which may be reused to access other corporate systems (lateral movement). This could result in the loss of sensitive company data, customer information, and intellectual property, leading to severe financial penalties, operational disruption, and significant reputational damage.
Remediation Plan
Immediate Action: Organizations must immediately identify all instances of products running TM2 Monitoring v3.04 and update them to the latest patched version as recommended by the vendor. After patching, it is crucial to review access logs for any signs of unauthorized entry or suspicious activity that may have occurred prior to the update.
Proactive Monitoring: Security teams should actively monitor for indicators of compromise. This includes reviewing web server and application logs for direct URL access to administrative pages, unusual API requests from unknown IP addresses, and any successful logins that did not originate from a legitimate source. Network traffic should be monitored for scanning activity against the affected application and any unusual outbound data transfers.
Compensating Controls: If immediate patching is not feasible, implement the following compensating controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of October 22, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the critical severity and the straightforward nature of an authentication bypass, it is highly probable that threat actors will develop and release exploit code in the near future. The vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the critical CVSS score of 9.8, this vulnerability requires immediate attention. The combination of an authentication bypass and credential disclosure represents a worst-case scenario, providing attackers with an easy path to full system compromise and lateral movement. We strongly recommend that organizations prioritize the deployment of vendor-supplied patches across all affected systems without delay. If patching is not immediately possible, the compensating controls outlined above must be implemented as a temporary but urgent measure to reduce the attack surface.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Directory Traversal vulnerability in ComposioHQ v
Directory Traversal vulnerability in ComposioHQ v
An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a craft...
An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a crafted script
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server.
A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server.
---METADATA---
VENDOR: LimeSurvey
PRODUCT: LimeSurvey
AFFECTED_VERSIONS: before v6.15.0+250623
CONFIDENCE: high
MISSING: none
---END_METADATA---
Description Summary:
A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote, unauthenticated attacker to execute arbitrary code on the server.
Executive Summary:
LimeSurvey contains a critical deserialization vulnerability that enables remote code execution, posing an immediate threat to server integrity and data confidentiality.
Vulnerability Details
CVE-ID: CVE-2025-56422
Affected Software: LimeSurvey
Affected Versions: Before v6.15.0+250623
Vulnerability: This is an insecure deserialization vulnerability that allows remote attackers to supply malicious serialized objects. When processed by the application, this results in arbitrary code execution on the underlying server.
Business Impact
Remote code execution (RCE) is one of the most severe security risks, granting attackers full control over the host server. A CVSS score of 9.8 reflects the extreme potential for total system compromise, data theft, and the establishment of persistent backdoors within the environment.
Remediation Plan
Immediate Action: Update the LimeSurvey installation to version 6.15.0+250623 or later immediately.
Proactive Monitoring: Review server logs for suspicious process execution, unexpected file modifications, or unauthorized outbound network connections from the web server.
Compensating Controls: If immediate patching is not feasible, restrict external access to the application and implement WAF rules that filter serialized objects in HTTP requests.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Mar 10, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the severity of this remote code execution flaw, this update must be treated with the highest urgency. Administrators should verify their current version and apply the update immediately to prevent potential system-wide compromise.
Update LimeSurvey before Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
OS Command injection vulnerability in function OperateSSH in 1panel 2
OS Command injection vulnerability in function OperateSSH in 1panel 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in HuangDou UTCMS V9 and classified as critical
A vulnerability has been found in HuangDou UTCMS V9 and classified as critical
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
ZIRA Group WBRM 7
ZIRA Group WBRM 7
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6
Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: AVTECH SECURITY Corporation
PRODUCT: DGM1104 FullImg-1015-1004-1006-1003
AFFECTED_VERSIONS: AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003
---END_METADATA---
Description Summary:
An authenticated command injection vulnerability in the SMB server function of the AVTECH DGM1104 allows remote attackers to execute arbitrary system commands.
Executive Summary:
An authenticated command injection flaw in the AVTECH DGM1104 SMB server function permits remote command execution, posing a critical risk to device integrity.
Vulnerability Details
CVE-ID: CVE-2025-57201
Affected Software: AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003
Affected Versions: AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003
Vulnerability: The vulnerability is an authenticated command injection flaw located in the device's SMB server function. By providing crafted input, an attacker with valid credentials can execute arbitrary commands on the underlying operating system.
Business Impact
The CVSS score of 8.8 reflects the high severity of this issue. Because the exploit is relatively easy to perform remotely, an attacker could gain complete control over the affected device, leading to full system compromise and potential lateral movement within the network.
Remediation Plan
Immediate Action: Check the AVTECH support site for firmware updates and apply them immediately to mitigate command injection risks.
Proactive Monitoring: Monitor network traffic for unusual SMB communication patterns and check system logs for unauthorized command execution attempts.
Compensating Controls: Restrict access to the SMB service to authorized internal IP addresses and disable the service if it is not strictly required for business operations.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 2, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the ease of remote exploitation for this command injection vulnerability, it is imperative that users of the AVTECH DGM1104 apply all available security updates. Disable the SMB service if it is not necessary for current operations to minimize the attack surface.