The web application is susceptible to cross-site-scripting attacks
Description
The web application is susceptible to cross-site-scripting attacks
Search and filter 17282 vulnerabilities with AI analyst insights
The web application is susceptible to cross-site-scripting attacks
The web application is susceptible to cross-site-scripting attacks
HTML injection in Project Release in Altium Enterprise Server (AES) 7
HTML injection in Project Release in Altium Enterprise Server (AES) 7
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied
Apply vendor patches immediately. Review database access controls and enable query logging.
TRUfusion Enterprise through 7
TRUfusion Enterprise through 7
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitiz...
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing ...
Update TRUfusion Enterprise through Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
TRUfusion Enterprise through 7
TRUfusion Enterprise through 7
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
TRUfusion Enterprise through 7
TRUfusion Enterprise through 7
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP App...
A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope.
---METADATA---
VENDOR: Ubiquiti
PRODUCT: UISP Application
AFFECTED_VERSIONS: See vendor advisory
CONFIDENCE: medium
MISSING: versions, patch, exploit_status
---END_METADATA---
Description Summary:
The UISP Application contains a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated users to make unauthorized requests outside the application's intended scope.
Executive Summary:
An SSRF vulnerability in the Ubiquiti UISP Application allows malicious actors with specific permissions to perform unauthorized requests, potentially exposing internal network resources.
Vulnerability Details
CVE-ID: CVE-2025-27217
Affected Software: Ubiquiti UISP Application
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This is a Server-Side Request Forgery (SSRF) vulnerability where an authenticated attacker with specific permissions can force the application to make requests to unintended internal or external destinations.
Business Impact
This vulnerability could be leveraged to bypass network segmentation, probe internal services, or interact with sensitive APIs that are not exposed to the public internet. With a CVSS score of 9.1, the vulnerability is highly critical as it facilitates unauthorized access to internal resources, potentially leading to data theft or further network compromise.
Remediation Plan
Immediate Action: Update the UISP Application to the latest version provided by Ubiquiti to address the SSRF flaw.
Proactive Monitoring: Audit application logs for unusual outbound requests from the UISP server to internal subnets or unauthorized external endpoints.
Compensating Controls: Implement strict egress filtering on the server hosting the UISP application to prevent it from initiating connections to sensitive internal network segments.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Aug 21, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The ability for an authenticated user to perform SSRF attacks significantly expands the attack surface of the internal network. Administrators should apply the latest security updates provided by the vendor to remediate this vulnerability and limit the potential for lateral movement.
Update A Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate pr...
Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported ch...
An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent...
A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset. ...
---METADATA---
VENDOR: Ubiquiti
PRODUCT: UniFi Connect EV Station Pro
AFFECTED_VERSIONS: See vendor advisory
CONFIDENCE: medium
MISSING: versions, patch, exploit_status
---END_METADATA---
Description Summary:
A missing authentication vulnerability in the UniFi Connect EV Station Pro allows unauthorized parties with physical or adjacent network access to perform a factory reset.
Executive Summary:
A critical missing authentication vulnerability in the Ubiquiti UniFi Connect EV Station Pro poses a significant risk of unauthorized factory reset by attackers with physical or adjacent access.
Vulnerability Details
CVE-ID: CVE-2025-27214
Affected Software: Ubiquiti UniFi Connect EV Station Pro
Affected Versions: See vendor advisory
Vulnerability: This vulnerability is categorized as a Missing Authentication for Critical Function flaw. It permits an attacker with physical or adjacent network access to trigger a factory reset without requiring prior authentication.
Business Impact
The ability for an unauthorized actor to perform a factory reset on critical infrastructure like an EV charging station can lead to complete service disruption and downtime. Given the CVSS score of 9.8, the potential for intentional sabotage and the associated costs of reconfiguring and restoring network-connected hardware present a high operational risk to the organization.
Remediation Plan
Immediate Action: Identify all deployed UniFi Connect EV Station Pro units and apply the latest firmware updates provided by Ubiquiti as soon as they become available.
Proactive Monitoring: Monitor network traffic for unusual access attempts or unauthorized management commands directed at EV Station hardware.
Compensating Controls: Restrict physical access to the device management interfaces and ensure that the equipment is isolated on a segmented network to limit the scope of potential adjacent access.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Aug 21, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The severity of this vulnerability necessitates immediate attention to prevent unauthorized disruption of hardware services. Organizations should prioritize updating their firmware to the latest secure version once released by the vendor to eliminate this authentication bypass risk.
Update A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access manageme...
An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Affected Products: UniFi Acce...
---METADATA---
VENDOR: Ubiquiti
PRODUCT: UniFi Access
AFFECTED_VERSIONS: See vendor advisory
CONFIDENCE: medium
MISSING: versions, patch, exploit_status
---END_METADATA---
Description Summary:
A command injection vulnerability in UniFi Access devices due to improper input validation allows unauthorized command execution via the management network.
Executive Summary:
A critical command injection vulnerability in Ubiquiti UniFi Access devices poses a severe risk of unauthorized remote code execution for attackers with management network access.
Vulnerability Details
CVE-ID: CVE-2025-27212
Affected Software: Ubiquiti UniFi Access
Affected Versions: See vendor advisory
Vulnerability: This vulnerability stems from improper input validation within the management interface, enabling command injection. An attacker with access to the UniFi Access management network can execute arbitrary commands on the underlying system.
Business Impact
Successful exploitation of this flaw allows an attacker to gain full control over affected UniFi Access hardware. Given the CVSS score of 9.8, the business impact includes total system compromise, potential lateral movement into the broader network, and significant operational disruption.
Remediation Plan
Immediate Action: Identify and update all UniFi Access hardware to the latest firmware version released by Ubiquiti to patch the underlying input validation flaw.
Proactive Monitoring: Review management network traffic for unusual patterns and monitor system logs for signs of unauthorized command execution attempts.
Compensating Controls: Restrict access to the UniFi Access management interface to known, trusted IP addresses using network-level firewalls or VLAN isolation.
Exploitation Status
Public Exploit Available: Not specified
Analyst Notes: As of Aug 4, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw—allowing command injection—the potential for exploitation is high.
Analyst Recommendation
This vulnerability represents a critical security risk to infrastructure integrity. Administrators should prioritize the verification of device firmware versions and apply the latest vendor patches immediately to mitigate the threat of remote exploitation.
Update An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1
An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution...
Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does re...
Executive Summary:
A critical vulnerability has been identified in Adobe Connect, rated 9.6 out of 10.0 in severity. This flaw, a Deserialization of Untrusted Data, allows a remote, unauthenticated attacker to execute arbitrary code on the server. Successful exploitation could lead to a complete system compromise, enabling attackers to steal sensitive data, disrupt services, or use the server to launch further attacks on the internal network.
Vulnerability Details
CVE-ID: CVE-2025-27203
Affected Software: Adobe Connect
Affected Versions: 24.0 and earlier
Vulnerability: This vulnerability is a Deserialization of Untrusted Data flaw. The Adobe Connect application fails to properly validate data it receives before deserializing it (the process of restoring a data stream to an object). An unauthenticated remote attacker can craft a malicious serialized object and send it to the application. When the application processes this malicious object, it can trigger the execution of arbitrary code with the privileges of the Adobe Connect service account, leading to a full compromise of the server.
Business Impact
This vulnerability is rated as critical with a CVSS score of 9.6. Successful exploitation would have a severe business impact, leading to Remote Code Execution (RCE) on the underlying server. Potential consequences include a complete compromise of the Adobe Connect server, theft of sensitive information such as user credentials, meeting recordings, and proprietary documents, and service disruption. A compromised server could also serve as a pivot point for attackers to gain access to the broader corporate network, escalating the incident significantly.
Remediation Plan
Immediate Action: Organizations must immediately apply the security updates provided by Adobe. All instances of Adobe Connect version 24.0 and earlier should be upgraded to the latest patched version as specified in the vendor's security advisory.
Proactive Monitoring: Monitor Adobe Connect application logs and underlying web server logs for unusual or malformed requests, especially those containing serialized data patterns. System administrators should monitor for unexpected processes spawned by the Adobe Connect service, unusual outbound network connections from the server, and high CPU or memory utilization that could indicate malicious activity.
Compensating Controls: If immediate patching is not feasible, consider implementing a Web Application Firewall (WAF) with rules specifically designed to detect and block deserialization attack payloads. Additionally, restrict network access to the Adobe Connect server's management interfaces and application ports to only trusted IP addresses and network segments.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of the publication date (2025-07-08), there are no known public exploits for this vulnerability. However, deserialization vulnerabilities are a well-understood class of bug, and proof-of-concept (PoC) exploit code is often developed quickly by security researchers and threat actors. Organizations should assume this vulnerability will be actively targeted in the near future due to its high severity and potential for reliable exploitation.
Analyst Recommendation
Given the critical CVSS score of 9.6 and the high potential for full system compromise, this vulnerability poses a significant risk to the organization. We strongly recommend that all system owners apply the vendor-provided patches to affected Adobe Connect instances with the utmost urgency. Although this CVE is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its severity makes it a prime candidate for future inclusion. Prioritize patching these systems immediately to prevent potential data breaches and unauthorized access to your network.
Update Adobe Connect versions Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP reque...
An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attack...
---METADATA---
VENDOR: Tenda
PRODUCT: AC6
AFFECTED_VERSIONS: V5.0 V02.03.01.110
CONFIDENCE: high
MISSING: patch, exploit_status
---END_METADATA---
Description Summary:
An authentication bypass vulnerability in Tenda AC6 allows remote attackers to execute arbitrary code via specially crafted HTTP requests.
Executive Summary:
An authentication bypass vulnerability in Tenda AC6 allows unauthenticated remote attackers to execute arbitrary code on the device.
Vulnerability Details
CVE-ID: CVE-2025-27129
Affected Software: Tenda AC6
Affected Versions: V5.0 V02.03.01.110
Vulnerability: An authentication bypass exists in the HTTP authentication functionality of the affected device. This allows an unauthenticated attacker to send crafted requests that bypass security checks and lead to arbitrary code execution.
Business Impact
The CVSS score of 9.8 reflects the high risk associated with remote code execution on networking equipment. Exploitation allows an attacker to gain administrative control over the router, potentially intercepting network traffic, modifying configurations, or using the device as a pivot point for further network infiltration.
Remediation Plan
Immediate Action: Update the firmware of the Tenda AC6 to the latest available version provided by the manufacturer.
Proactive Monitoring: Monitor network traffic for anomalous HTTP requests directed at the management interface of the router.
Compensating Controls: Restrict administrative access to the router to trusted internal IP addresses only, and disable remote management interfaces if they are not strictly necessary.
Exploitation Status
Public Exploit Available: Not specified
Analyst Notes: As of Aug 20, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the ease with which this vulnerability can be exploited and the critical nature of network hardware, it is imperative to apply the relevant firmware update immediately. Failure to patch may allow attackers to compromise the perimeter and gain unauthorized access to the internal network.
Update An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
in OpenHarmony v5
in OpenHarmony v5
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing message in guest VM
Memory corruption while processing message in guest VM
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing simultaneous requests via escape path
Memory corruption while processing simultaneous requests via escape path
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host
Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing a GP command response
Memory corruption while processing a GP command response
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Transient DOS while creating NDP instance
Transient DOS while creating NDP instance
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing specific files in Powerline Communication Firmware
Memory corruption while processing specific files in Powerline Communication Firmware
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while performing encryption and decryption commands
Memory corruption while performing encryption and decryption commands
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing DDI command calls
Memory corruption while processing DDI command calls
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing an IOCTL command with an arbitrary address
Memory corruption while processing an IOCTL command with an arbitrary address
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing DDI call with invalid buffer
Memory corruption while processing DDI call with invalid buffer
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Transient DOS while processing an ANQP message
Transient DOS while processing an ANQP message
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Transient DOS while processing a frame with malformed shared-key descriptor
Transient DOS while processing a frame with malformed shared-key descriptor
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption during video playback when video session open fails with time out error
Memory corruption during video playback when video session open fails with time out error
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while handling client exceptions, allowing unauthorized channel access
Memory corruption while handling client exceptions, allowing unauthorized channel access
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware
Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while performing SCM call with malformed inputs
Memory corruption while performing SCM call with malformed inputs
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while performing SCM call
Memory corruption while performing SCM call
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing packet data with exceedingly large packet
Memory corruption while processing packet data with exceedingly large packet
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption during sub-system restart while processing clean-up to free up resources
Memory corruption during sub-system restart while processing clean-up to free up resources
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption during the image encoding process
Memory corruption during the image encoding process
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing a malformed license file during reboot
Memory corruption while processing a malformed license file during reboot
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption during PlayReady APP usecase while processing TA commands
Memory corruption during PlayReady APP usecase while processing TA commands
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing data packets in diag received from Unix clients
Memory corruption while processing data packets in diag received from Unix clients
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing command message in WLAN Host
Memory corruption while processing command message in WLAN Host
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing event close when client process terminates abruptly
Memory corruption while processing event close when client process terminates abruptly
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing camera platform driver IOCTL calls
Memory corruption while processing camera platform driver IOCTL calls
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing the TESTPATTERNCONFIG escape path
Memory corruption while processing the TESTPATTERNCONFIG escape path
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing multiple simultaneous escape calls
Memory corruption while processing multiple simultaneous escape calls
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while executing timestamp video decode command with large input values
Memory corruption while executing timestamp video decode command with large input values
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing manipulated payload in video firmware
Memory corruption while processing manipulated payload in video firmware
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing video packets received from video firmware
Memory corruption while processing video packets received from video firmware
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers
Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Memory corruption while selecting the PLMN from SOR failed list.
Memory corruption while selecting the PLMN from SOR failed list.
Executive Summary:
A critical remote code execution vulnerability, identified as CVE-2025-27034, exists in the cellular communication components of multiple mobile products. This flaw can be exploited remotely by an attacker without any user interaction, potentially allowing them to take full control of an affected device, intercept communications, or cause a permanent denial of service. Due to its critical severity (CVSS 9.8), this vulnerability poses a severe risk to organizational data security and operational continuity.
Vulnerability Details
CVE-ID: CVE-2025-27034
Affected Software: Mobile device baseband or modem firmware affecting multiple downstream products.
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is a memory corruption flaw that occurs within the cellular modem's firmware. It is triggered when a device processes a malformed list of failed Public Land Mobile Networks (PLMNs) as part of the Steering of Roaming (SOR) protocol. An attacker can exploit this by setting up a rogue base station (cell tower) that broadcasts a specially crafted SOR message to nearby vulnerable devices. When the device attempts to process this malicious message, the memory corruption is triggered, which can be leveraged by the attacker to execute arbitrary code on the device's baseband processor, a highly privileged and isolated component.
Business Impact
The exploitation of this vulnerability would have a critical business impact, reflected by its CVSS score of 9.8. A successful attack could lead to the complete compromise of corporate mobile devices, resulting in the theft of sensitive data, including emails, contacts, and confidential documents. Attackers could also perform espionage by intercepting calls and text messages or tracking the device's location. Furthermore, the vulnerability could be used to cause a widespread denial-of-service, rendering the organization's mobile fleet inoperable and disrupting critical business communications. This poses a significant risk of financial loss, reputational damage, and regulatory penalties related to data breaches.
Remediation Plan
Immediate Action: Organizations must immediately identify all affected mobile devices and deploy the security patches provided by the relevant hardware or device manufacturers. Patching should be prioritized for devices used by executives, system administrators, and employees with access to sensitive corporate data. In parallel, security teams must actively monitor for any signs of exploitation by reviewing network and device logs for anomalous behavior.
Proactive Monitoring: Security teams should monitor Mobile Device Management (MDM) logs for unexpected device crashes, reboots, or policy violations. Network monitoring should focus on identifying unusual cellular roaming activity or connections to un-trusted cell towers, if such visibility is available. Mobile Threat Defense (MTD) solutions should be configured to detect signs of baseband compromise or anomalous network traffic originating from mobile devices.
Compensating Controls: If immediate patching is not feasible, organizations should implement compensating controls to reduce the attack surface. This includes using MDM policies to disable cellular roaming for all devices, especially during international travel. Encourage employees to prioritize trusted Wi-Fi networks and use Wi-Fi calling features to minimize reliance on the cellular radio for communication.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 24, 2025, there is no known public proof-of-concept exploit code for this vulnerability. However, given the critical severity (9.8) and the fact that it can be exploited remotely over-the-air, it is highly likely that sophisticated threat actors are actively researching and developing private exploits. Vulnerabilities of this nature in baseband processors are high-value targets for nation-state actors for intelligence gathering and espionage.
Analyst Recommendation
This vulnerability represents a critical and immediate threat to the organization. The ability for a remote, unauthenticated attacker to execute code on the baseband processor without user interaction is a worst-case scenario for mobile device security. We recommend that all affected devices be patched on an emergency basis. While CVE-2025-27034 is not currently on the CISA KEV list, its characteristics warrant treating it with the highest priority. If patching is delayed for any reason, the compensating controls listed above should be implemented immediately to mitigate risk.
Update Memory corruption while selecting the PLMN from SOR failed Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency
memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Executive Summary:
A critical vulnerability exists in multiple TRUfusion Enterprise products that allows for an unauthenticated file upload. This flaw could be exploited by a remote attacker to upload a malicious file, leading to arbitrary code execution on the server. Successful exploitation would result in a complete compromise of the affected system, allowing an attacker to steal data, disrupt services, and gain a foothold into the broader network.
Vulnerability Details
CVE-ID: CVE-2025-27224
Affected Software: TRUfusion Enterprise through Multiple Products
Affected Versions: All versions up to and including 7.10.4.0
Vulnerability: The TRUfusion Enterprise software contains an unrestricted file upload vulnerability in the
/trufusionPortal/fileuploadendpoint. The application fails to properly validate or sanitize the types of files being uploaded, allowing an unauthenticated remote attacker to upload a malicious file, such as a web shell (e.g., a.jspor.phpfile). After a successful upload, the attacker can navigate to the file's location on the server and execute arbitrary code with the permissions of the web server's user account, leading to a full system compromise.Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation could lead to severe business consequences, including the complete compromise of the TRUfusion server. An attacker could exfiltrate sensitive corporate or customer data, cause significant service disruption, or use the compromised server as a pivot point to launch further attacks against the internal network. The potential for data breaches carries significant risks, including reputational damage, financial loss, and regulatory penalties.
Remediation Plan
Immediate Action: The primary remediation is to immediately apply the vendor-supplied security patches. Organizations should update all instances of TRUfusion Enterprise to a version later than 7.10.4.0. Before and after patching, it is crucial to review web server access logs for any suspicious POST requests to the
/trufusionPortal/fileuploadendpoint to identify potential signs of compromise.Proactive Monitoring: Implement enhanced monitoring of the TRUfusion server. Security teams should look for an increase in POST requests to the
/trufusionPortal/fileuploadendpoint, especially those originating from unknown IP addresses or containing suspicious file extensions (e.g.,.jsp,.php,.aspx,.sh). Monitor for any outbound network connections from the server to untrusted destinations and for the creation of unexpected files or processes in the web application's directories.Compensating Controls: If immediate patching is not feasible, implement the following compensating controls to reduce risk:
/trufusionPortal/fileuploadendpoint.Exploitation Status
Public Exploit Available: false
Analyst Notes: As of October 27, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the critical severity (CVSS 9.8) and the relative simplicity of exploiting unrestricted file upload vulnerabilities, it is highly probable that threat actors will develop exploits in the near future. The vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the critical CVSS score of 9.8, this vulnerability represents a significant and immediate threat to the organization. We strongly recommend that all affected TRUfusion Enterprise instances be patched immediately to prevent potential system compromise. Although this CVE is not yet on the CISA KEV list, its high severity makes it an attractive target for attackers. Organizations must prioritize the deployment of the vendor's patch and implement the recommended monitoring and compensating controls without delay.