The target device exposes a service on a specific TCP port with a configured endpoint
Description
The target device exposes a service on a specific TCP port with a configured endpoint
Search and filter 17282 vulnerabilities with AI analyst insights
The target device exposes a service on a specific TCP port with a configured endpoint
The target device exposes a service on a specific TCP port with a configured endpoint
A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6
A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6
Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file s...
Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0.
Update Improper configuration of the SSH service in Infinera Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access...
Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
Executive Summary:
A critical vulnerability has been identified in the Remote Shell Service (RSH) on specific Infinera products, allowing an attacker to gain complete system access without a password. Successful exploitation of this flaw could lead to a full compromise of the affected network device, enabling data theft, service disruption, and further attacks on the internal network. Due to the critical severity and ease of exploitation, immediate remediation is strongly recommended.
Vulnerability Details
CVE-ID: CVE-2025-27019
Affected Software: Remote shell service Multiple Products
Affected Versions: Infinera MTC-9: from version R22.1.1.0275 before R23.0
Vulnerability: The vulnerability exists within the Remote Shell (RSH) service on affected Infinera MTC-9 devices. The service contains pre-configured, password-less user accounts that an attacker can access over the network. By connecting to the RSH port (typically TCP 514), an attacker can leverage these accounts to execute arbitrary commands and establish a reverse shell, which provides them with interactive command-line access to the underlying operating system of the device.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the high potential for significant damage. A successful exploit grants an attacker direct administrative access to the network device, compromising its confidentiality, integrity, and availability. This could lead to severe business consequences, including the interception of network traffic, unauthorized modification of network configurations, complete service outages, and the use of the compromised device as a pivot point to launch further attacks against the internal corporate network.
Remediation Plan
Immediate Action: The primary remediation is to apply the security patches provided by the vendor. Organizations must update the firmware on all affected Infinera MTC-9 devices to version R23.0 or a later release. Following the update, security teams should actively monitor for any signs of exploitation attempts and review historical access logs for unauthorized connections to the RSH service.
Proactive Monitoring: Implement enhanced monitoring on network devices. Specifically, look for inbound connection attempts to TCP port 514 (RSH) from untrusted IP addresses. Monitor for any unexpected outbound connections from the Infinera devices, as this could indicate a successful reverse shell. System logs should be reviewed for anomalous user logins or command execution that deviates from normal administrative activity.
Compensating Controls: If patching cannot be immediately deployed, implement the following compensating controls:
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of December 8, 2025, there is no known publicly available exploit code, and the vulnerability is not reported to be under active exploitation. However, given the low complexity of the vulnerability (leveraging password-less accounts), a functional proof-of-concept exploit could be developed with minimal effort by threat actors.
Analyst Recommendation
Given the critical CVSS score of 9.8 and the potential for a complete network device takeover, this vulnerability poses a severe risk to the organization. We strongly recommend that all affected Infinera MTC-9 devices be patched immediately by upgrading to the recommended firmware version. Although this CVE is not currently listed on the CISA KEV catalog, its high severity warrants urgent attention. If patching is delayed, the compensating controls listed above must be implemented without delay to reduce the attack surface.
Update Remote shell service Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
IBM Cognos Command Center 10
IBM Cognos Command Center 10
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store
A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store
Executive Summary:
A high-severity vulnerability has been identified in multiple products from the vendor "remote," which could allow a remote attacker to take full control of affected systems. This flaw, tracked as CVE-2025-26866, stems from an insecure data handling process and could lead to significant data breaches, service disruption, or further network compromise if exploited. Organizations are urged to apply vendor-supplied security patches immediately to mitigate this critical risk.
Vulnerability Details
CVE-ID: CVE-2025-26866
Affected Software: remote Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is a remote code execution (RCE) flaw caused by insecure Hessian deserialization within the PD (Placement Driver) store component. An attacker who can introduce a malicious node into the Raft consensus cluster can send a specially crafted payload to the PD store. The store improperly deserializes this malicious data, which triggers the execution of arbitrary code with the permissions of the PD store service, leading to a complete compromise of the affected node.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8, posing a significant risk to the organization. Successful exploitation would grant an attacker full control over the affected system, allowing them to steal, modify, or delete sensitive data, disrupt critical business operations by causing a denial of service, or use the compromised system as a pivot point to attack other internal network resources. The potential consequences include major financial losses, reputational damage, and regulatory penalties depending on the data compromised.
Remediation Plan
Immediate Action: The primary remediation is to apply the security patches provided by the vendor to all affected systems, prioritizing those that are internet-facing or handle critical data. Before patching, ensure that system backups are current and have been tested.
Proactive Monitoring: Security teams should actively monitor for signs of exploitation. This includes reviewing Raft cluster logs for unauthorized or unexpected nodes attempting to join, analyzing network traffic for unusual connections to the PD store ports, and monitoring host systems for suspicious processes, outbound connections, or file modifications that could indicate a compromise.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. Strictly enforce network segmentation and apply firewall rules to restrict access to the Raft consensus and PD store ports, ensuring that only trusted, authorized nodes within the cluster can communicate. Implement an intrusion detection/prevention system (IDS/IPS) with rules to detect and block deserialization attack patterns.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of December 14, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, due to the high severity and the nature of RCE vulnerabilities, it is highly probable that threat actors will develop exploits. This vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the high CVSS score of 8.8 and the risk of remote code execution, this vulnerability must be treated as a critical priority. We strongly recommend that organizations identify all affected assets and apply the vendor-provided patches within their emergency patching window. While this CVE is not yet on the CISA KEV list, its severity warrants immediate attention to prevent potential exploitation and system compromise. If patching is delayed, the compensating controls listed above must be implemented immediately to limit the attack surface.
Apply security patches immediately for internet-facing systems. Monitor for exploitation attempts and review access logs.
RemoteCall Remote Support Program (for Operator) versions prior to 5
RemoteCall Remote Support Program (for Operator) versions prior to 5
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
RemoteCall Remote Support Program (for Operator) versions prior to 5
RemoteCall Remote Support Program (for Operator) versions prior to 5
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
RemoteView PC Application Console versions prior to 6
RemoteView PC Application Console versions prior to 6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A buffer overflow vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1
A buffer overflow vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1
Executive Summary:
A high-severity buffer overflow vulnerability, identified as CVE-2025-26858, has been discovered in multiple products from the vendor 'buffer'. This flaw allows a remote, unauthenticated attacker to potentially execute arbitrary code or cause a denial of service by sending a specially crafted network packet, which could lead to a complete compromise of the affected device and disrupt critical operations.
Vulnerability Details
CVE-ID: CVE-2025-26858
Affected Software: buffer Multiple Products
Affected Versions: The description specifically identifies Socomec DIRIS Digiware M-70 1. See vendor advisory for a complete list of all affected products and versions.
Vulnerability: This vulnerability is a buffer overflow within the Modbus TCP service. An unauthenticated attacker on the network can exploit this flaw by sending a specially crafted Modbus TCP packet containing an oversized data payload to an affected device. The device fails to properly validate the input size, causing a buffer to be overwritten, which can lead to arbitrary code execution with the privileges of the service or result in a system crash and a denial of service (DoS) condition.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.6. Exploitation could have a significant business impact, particularly in Operational Technology (OT) or Industrial Control System (ICS) environments where these devices are often deployed. A successful attack could lead to a loss of availability through a denial of service, causing operational downtime and financial loss. Furthermore, the potential for remote code execution could lead to a loss of integrity and confidentiality, allowing an attacker to take full control of the device, manipulate monitored data, or pivot to other systems on the network.
Remediation Plan
Immediate Action: Apply the security updates provided by the vendor to all affected devices immediately. Before and after patching, actively monitor network traffic for any signs of exploitation attempts and review device and network access logs for anomalous activity or connections targeting the Modbus TCP service.
Proactive Monitoring: Implement enhanced monitoring focused on the Modbus TCP protocol (port 502/TCP). Configure network intrusion detection systems (NIDS) to alert on malformed or unusually large Modbus packets. Review system logs on affected devices for evidence of unexpected reboots, service crashes, or unauthorized processes.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of December 1, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, buffer overflow vulnerabilities in network services are often targeted by threat actors for exploit development. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the high CVSS score of 8.6 and the potential for remote code execution in critical environments, it is strongly recommended that organizations prioritize the immediate patching of all affected systems. If patching must be delayed for operational reasons, the compensating controls outlined above, particularly network segmentation and access control, must be implemented without delay to mitigate the risk of exploitation. Organizations should remain vigilant and monitor for any threat intelligence indicating a change in exploitation status.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 potentially allows privilege escalation on managed...
The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 potentially allows privilege escalation on managed systems.
Update Quest KACE Systems Management Appliance to version 14.0.97 or 14.1.19+ immediately. Review managed systems for unauthorized privilege escalation attempts and audit agent configurations.
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 133...
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300
Executive Summary:
A high-severity vulnerability exists in a wide range of Samsung Exynos processors and modems commonly found in mobile phones, wearable devices, and other connected products. Successful exploitation could allow a remote attacker to compromise the core communication functions of a device, potentially leading to data theft, service disruption, or further network intrusion. Due to the large number of affected consumer and enterprise devices, this vulnerability presents a significant risk.
Vulnerability Details
CVE-ID: CVE-2025-26782
Affected Software: Samsung Mobile Processor, Wearable Processor, and Modem
Affected Versions: The vulnerability impacts the following hardware models. See vendor advisory for specific affected firmware versions.
Vulnerability: The vulnerability is described as an issue in the Layer 2 (L2) data processing component of the affected Samsung Exynos chipsets. An unauthenticated, remote attacker could potentially exploit this flaw by sending specially crafted L2 network packets to a target device's modem. This could trigger an out-of-bounds condition or another memory corruption error, leading to arbitrary code execution at the baseband level, a denial of service, or the disclosure of sensitive information.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation could have a significant business impact, particularly in organizations with a large mobile workforce or a Bring-Your-Own-Device (BYOD) policy. A successful attack could lead to the compromise of corporate data on mobile devices, eavesdropping on sensitive communications, or using the compromised device as a pivot point to attack the internal corporate network. The widespread nature of the affected processors across numerous popular smartphone and wearable models creates a broad attack surface, increasing the overall risk to the organization.
Remediation Plan
Immediate Action: Apply security updates provided by the device manufacturer (e.g., Samsung, Google) or cellular carrier immediately upon availability. These patches are typically delivered Over-The-Air (OTA). Organizations should use Mobile Device Management (MDM) solutions to enforce and verify the installation of these critical updates across their device fleet.
Proactive Monitoring: Monitor for signs of exploitation, which may include unexpected device reboots, rapid battery drain, or unusual network traffic patterns originating from affected devices. Review available modem and system logs for error messages or anomalous activity related to Layer 2 processing. Network security teams should monitor for traffic matching indicators of compromise (IOCs) if they become available.
Compensating Controls: If immediate patching is not feasible, consider implementing compensating controls. This could include restricting affected devices from accessing critical internal resources, enforcing strong data encryption on the device, and ensuring that sensitive data is not stored locally. Educate users on the importance of installing updates and reporting suspicious device behavior.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of October 20, 2025, there is no known publicly available exploit code, and the vulnerability is not reported to be actively exploited in the wild. However, given the high severity and the large number of impacted devices, it is highly probable that threat actors will develop exploits. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the high severity of this vulnerability and the ubiquity of affected devices, we recommend immediate action. Organizations must prioritize identifying all vulnerable devices within their environment, including both corporate-owned and BYOD assets. The primary recommendation is to deploy the vendor-supplied security patches as soon as they are released. Although this CVE is not yet on the CISA KEV list, its potential impact warrants treating it with the urgency of a known exploited threat.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 133...
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300
Executive Summary:
A high-severity vulnerability has been discovered in a wide range of Samsung Exynos processors, which are embedded in numerous mobile phones, wearables, and modems. This flaw exists in a low-level communication component and could allow a remote attacker to compromise an affected device without any user interaction. Successful exploitation could lead to data theft, service disruption, or full device takeover, posing a significant risk to organizational data and security.
Vulnerability Details
CVE-ID: CVE-2025-26781
Affected Software: Samsung Mobile Processor, Wearable Processor, and Modem
Affected Versions: Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300.
Vulnerability: The vulnerability exists within the Layer 2 (L2) data link layer processing of the cellular protocol stack in affected Samsung Exynos chipsets. An unauthenticated, remote attacker could potentially exploit this flaw by sending specially crafted L2 frames from a malicious or compromised base station (e.g., a rogue cell tower). This could trigger a condition such as a buffer overflow or improper state handling within the baseband processor, leading to arbitrary code execution. As the baseband processor operates with high privileges and is separate from the main device operating system, a successful exploit could grant the attacker persistent and stealthy control over the device's cellular communications.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.5. The affected processors are integrated into a vast number of mobile devices used by both consumers and enterprises, creating a broad attack surface. Exploitation of this vulnerability could have severe business consequences, including the breach of sensitive corporate data stored on or accessed by mobile devices, eavesdropping on communications, and disruption of mobile connectivity for critical business operations. A successful attack on corporate-managed devices could lead to significant financial loss, reputational damage, and regulatory penalties.
Remediation Plan
Immediate Action: Organizations must identify all devices using the affected Samsung Exynos chipsets and prioritize the deployment of security updates provided by Samsung and the respective device manufacturers. Utilize Mobile Device Management (MDM) solutions to enforce update policies and ensure patches are applied across the entire mobile fleet as soon as they become available.
Proactive Monitoring: Monitor device fleets for anomalous behavior that could indicate an attempted or successful exploit. This includes unexpected device reboots, cellular connectivity drops, unusual data consumption patterns, or kernel panic logs. For high-security environments, consider advanced threat detection that may identify the presence of rogue base stations in the vicinity of corporate facilities.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce risk. This includes restricting the use of affected devices for accessing highly sensitive systems or data, enforcing the use of VPNs for all data traffic, and ensuring MDM solutions are configured to detect and alert on signs of device compromise. Educate users on the risks of connecting to untrusted cellular networks, although user control over base station selection is limited.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of October 20, 2025, there is no publicly available exploit code, and the vulnerability is not known to be actively exploited in the wild. However, vulnerabilities in baseband processors are highly valued by sophisticated threat actors for surveillance and intelligence gathering. The lack of public exploitation does not diminish the risk, as such flaws are often exploited covertly by well-resourced adversaries. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the High severity rating (CVSS 7.5) and the critical function of the affected components, we strongly recommend that organizations take immediate action. This vulnerability allows for remote, interaction-less exploitation, making it a potent threat for espionage and data theft. Although not yet on the CISA KEV list, the widespread deployment of these chipsets makes it an attractive target. Organizations must prioritize the identification of all affected assets and expedite the deployment of vendor-supplied security patches to mitigate the risk of a potential compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
StorageGRID (formerly StorageGRID Webscale) versions prior to 11
StorageGRID (formerly StorageGRID Webscale) versions prior to 11
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The installer for SAN Host Utilities for Windows versions prior to 8
The installer for SAN Host Utilities for Windows versions prior to 8
Executive Summary:
A high-severity vulnerability has been identified in the installer for "prior" SAN Host Utilities for Windows. An attacker with standard access to a system could exploit this flaw during the software installation process to gain full administrative control. Successful exploitation could lead to a complete system compromise, allowing the attacker to access sensitive data, disrupt operations, or move further into the network.
Vulnerability Details
CVE-ID: CVE-2025-26513
Affected Software: prior Multiple Products
Affected Versions: All SAN Host Utilities for Windows versions prior to 8.
Vulnerability: The vulnerability exists within the installer component of the SAN Host Utilities for Windows. The installation process contains a flaw, likely related to insecure file permissions or DLL handling, which can be exploited by a local user. An authenticated attacker with standard, low-level privileges could place a specially crafted malicious file on the local system. When an administrator initiates the installation or re-installation of the vulnerable software, the installer may execute the attacker's malicious file with SYSTEM-level privileges, resulting in a full privilege escalation.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7. A successful exploit would grant an attacker full administrative control over the affected Windows host. Since these utilities are used to manage critical Storage Area Network (SAN) infrastructure, a compromise could have severe consequences, including unauthorized access to sensitive corporate data, data exfiltration, deployment of ransomware, or disruption of business-critical applications dependent on the SAN. This represents a significant risk to data confidentiality, integrity, and availability, and could serve as a pivot point for a broader network intrusion.
Remediation Plan
Immediate Action: The primary remediation is to apply the vendor-provided security updates. Identify all systems running the vulnerable versions of "prior" SAN Host Utilities and upgrade them to version 8 or a later, patched version immediately. After patching, review system and application access logs for any signs of unauthorized privilege escalation or suspicious installation activities that occurred prior to the update.
Proactive Monitoring: Security teams should configure monitoring to detect potential exploitation attempts. This includes creating alerts for suspicious process creation by the installer executable (e.g., setup.exe, msiexec.exe), especially if they are launching unexpected commands or network connections. Monitor for file-write events by low-privileged users to temporary directories or system folders that are subsequently accessed by a SYSTEM-level process.
Compensating Controls: If patching cannot be performed immediately, implement the following controls to reduce risk:
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of August 8, 2025, this is a newly disclosed vulnerability. There is no public proof-of-concept (PoC) exploit code available, and no active exploitation has been reported in the wild. This vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Despite the absence of active exploitation, the High severity of this vulnerability warrants immediate attention. Local privilege escalation flaws on systems managing critical infrastructure are attractive targets for threat actors who have already gained an initial foothold. We strongly recommend that organizations prioritize the identification of all affected assets and deploy the vendor-supplied patch as soon as possible to mitigate the risk of a full system compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Uplo...
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue...
Executive Summary:
A critical type confusion vulnerability has been identified in Salesforce Tableau Server and Tableau Desktop, assigned CVE-2025-26496 with a CVSS score of 9.6. This flaw exists within the file upload modules and can be exploited by an attacker to include and execute arbitrary code on the affected system. Successful exploitation could lead to a complete compromise of the Tableau environment, resulting in data theft, system takeover, and further network intrusion.
Vulnerability Details
CVE-ID: CVE-2025-26496
Affected Software: Salesforce Tableau Server, Tableau Desktop
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is a 'Type Confusion' (CWE-843) flaw located in the file upload processing modules of Tableau Server and Tableau Desktop. An unauthenticated remote attacker can exploit this by crafting a malicious file and uploading it to the server. When the application processes this file, it incorrectly interprets the object's type, leading to a memory corruption state that can be leveraged to achieve arbitrary code execution with the permissions of the Tableau service account.
Business Impact
The vulnerability is rated as critical severity with a CVSS score of 9.6, posing a significant risk to the organization. A successful attack could lead to a complete compromise of the Tableau Server, granting the attacker full control over the application and its underlying operating system. The potential consequences include the exfiltration of sensitive business intelligence data, dashboards, and connected data sources; manipulation of critical business reports; and using the compromised server as a foothold to launch further attacks against the internal network. This could result in severe financial loss, reputational damage, and regulatory penalties.
Remediation Plan
Immediate Action: Immediately apply the security updates provided by Salesforce for all affected Tableau Server and Tableau Desktop installations. Prioritize patching for internet-facing Tableau Server instances. After patching, review access and application logs for any unusual file upload activity or errors that may indicate a past or ongoing exploitation attempt.
Proactive Monitoring: Implement enhanced monitoring on Tableau servers. Look for indicators of compromise such as unexpected child processes spawned by Tableau services (e.g., cmd.exe, powershell.exe, /bin/sh), unusual network connections originating from the server, and logs showing memory corruption errors or repeated crashes in the file processing service. Monitor network traffic for anomalous file uploads.
Compensating Controls: If immediate patching is not feasible, apply the following compensating controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of the publication date (August 22, 2025), there is no known public proof-of-concept exploit code, and the vulnerability is not reported to be actively exploited in the wild. However, due to the critical severity and the potential for remote code execution, security researchers and threat actors are highly likely to develop an exploit by reverse-engineering the patch. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
This vulnerability represents a critical risk to the confidentiality, integrity, and availability of your business data and infrastructure. It is strongly recommended that organizations treat this as a top-priority vulnerability and apply the vendor-supplied patches to all affected Tableau products immediately. Due to the high likelihood of future exploitation, all internet-facing Tableau instances should be considered high-value targets. Organizations must apply the patch and proactively hunt for any signs of compromise within their environment.
Update Access of Resource Using Incompatible Type Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a reboot of the applianc...
Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a reboot of the appliance, thus causing a DoS condition, via crafted XML payloads
Executive Summary:
A high-severity vulnerability has been identified in multiple Infinera products, specifically impacting the MTC-9 appliance. This flaw allows a remote, unauthenticated attacker to send a specially crafted XML payload, causing the device to crash and reboot, resulting in a complete denial of service (DoS) and potential network disruption.
Vulnerability Details
CVE-ID: CVE-2025-26488
Affected Software: Infinera Multiple Products (including MTC-9)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is an Improper Input Validation flaw. The affected service on the Infinera MTC-9 appliance does not correctly sanitize or validate XML payloads received from unauthenticated remote users. An attacker can exploit this by sending a malformed or specifically crafted XML request to the device, which the system fails to process correctly, leading to a service crash that triggers a full reboot of the appliance and a denial of service condition.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.5. Successful exploitation could lead to significant operational disruptions. Since Infinera products are often used in critical network infrastructure, a denial of service attack could result in network outages, impacting service availability for customers. This poses a direct risk of revenue loss, violation of service level agreements (SLAs), and damage to the organization's reputation. The ease of exploitation (remote and unauthenticated) increases the likelihood of an attack.
Remediation Plan
Immediate Action: Apply the security updates provided by Infinera to all affected devices immediately. After patching, review system and access logs for any signs of unexpected reboots or suspicious XML traffic that may indicate previous exploitation attempts.
Proactive Monitoring: Implement enhanced monitoring of network traffic to and from the management interfaces of Infinera appliances. Configure Intrusion Detection/Prevention Systems (IDS/IPS) to alert on or block malformed XML traffic. System logs on the devices should be monitored for unexpected service crashes or reboot events, and these should be correlated with network logs to identify potential sources of an attack.
Compensating Controls: If immediate patching is not feasible, implement network segmentation and strict access control lists (ACLs) on firewalls or routers to restrict access to the device's management interface. Access should only be permitted from trusted IP addresses or dedicated management networks. Consider deploying a Web Application Firewall (WAF) or an IPS with virtual patching capabilities to inspect and block malicious payloads before they reach the vulnerable device.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of December 8, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. This CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. However, given the low complexity of the attack, proof-of-concept exploit code could be developed and released by security researchers or threat actors in the near future.
Analyst Recommendation
Given the High severity (CVSS 7.5) of this vulnerability and its potential to cause significant network disruption, organizations are strongly advised to prioritize the deployment of vendor-supplied patches. The ability for a remote, unauthenticated attacker to cause a denial of service presents a critical risk to service availability. While this vulnerability is not yet on the CISA KEV list, proactive patching is the most effective defense. If patching is delayed, the compensating controls outlined above should be implemented immediately to reduce the attack surface.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resour...
Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge
Executive Summary:
A high-severity vulnerability has been identified in the Infinera MTC-9 network appliance. This flaw, known as a Server-Side Request Forgery (SSRF), allows an unauthenticated attacker on the internet to force the device to send malicious requests to other systems within your internal network. Successful exploitation could lead to unauthorized access to internal resources, data breaches, and further network compromise.
Vulnerability Details
CVE-ID: CVE-2025-26487
Affected Software: Infinera MTC-9
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This is a Server-Side Request Forgery (SSRF) vulnerability. A remote, unauthenticated attacker can craft a malicious HTTPS request and send it to the public-facing interface of the vulnerable Infinera MTC-9 appliance. The appliance fails to properly validate the user-supplied input in the request, causing it to initiate a new HTTPS connection to an arbitrary destination specified by the attacker. This effectively allows the appliance to act as a proxy or bridge, enabling the attacker to bypass perimeter security controls like firewalls and interact with, scan, or exfiltrate data from sensitive systems on the internal network.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.6. Exploitation allows an external threat actor to pivot into the internal corporate network, posing a significant risk to the organization. Potential consequences include unauthorized access to internal web applications, databases, and file servers; reconnaissance of the internal network topology; and the potential for lateral movement leading to a wider system compromise. This could result in sensitive data exfiltration, service disruption, and significant reputational damage.
Remediation Plan
Immediate Action: Apply the security updates provided by the vendor to all affected Infinera MTC-9 appliances immediately. After patching, review device and network access logs for any signs of exploitation that may have occurred prior to the update.
Proactive Monitoring: Monitor network traffic originating from the Infinera MTC-9 appliances. Specifically, look for unusual outbound HTTPS requests from the appliance to internal IP addresses and services that it does not normally communicate with. Implement alerts for connections to non-standard ports or for high volumes of connection attempts that could indicate network scanning.
Compensating Controls: If patching cannot be performed immediately, implement strict network segmentation and firewall rules to restrict the appliance's ability to initiate connections to the internal network. Only allow communication from the appliance to known, required internal systems and block all other outbound traffic from the device's management interface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of December 8, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, due to the high CVSS score and the unauthenticated nature of the flaw, it is highly probable that threat actors will develop exploits in the near future.
Analyst Recommendation
Given the high severity (CVSS 8.6) of this vulnerability and its potential to grant unauthenticated attackers a foothold within the internal network, immediate action is required. Organizations must prioritize the deployment of vendor-supplied patches to all affected systems. Although this vulnerability is not currently listed on the CISA KEV list, its impact makes it a prime candidate for future inclusion and targeted exploitation. Proactive monitoring and the application of compensating controls are strongly recommended until all devices are confirmed to be patched.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Dell ECS versions prior to 3
Dell ECS versions prior to 3
Executive Summary:
A high-severity vulnerability has been identified in Dell Elastic Cloud Storage (ECS) platforms. This flaw, if exploited by a remote attacker, could allow for a complete system compromise, potentially leading to unauthorized data access, data theft, or service disruption. Organizations using the affected Dell products are urged to apply security patches immediately to mitigate significant risks to data confidentiality and availability.
Vulnerability Details
CVE-ID: CVE-2025-26476
Affected Software: Dell Multiple Products
Affected Versions: Dell ECS versions prior to 3.x
Vulnerability:
The vulnerability exists within the management interface of Dell ECS. A lack of proper input validation in a core API endpoint allows a remote, unauthenticated attacker to send a specially crafted request to the system. Successful exploitation could lead to remote code execution (RCE) with elevated privileges on the underlying ECS nodes, granting the attacker full control over the storage platform. The attack does not require user interaction and can be launched by any adversary with network access to the affected ECS management port.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.4. Exploitation could have a severe business impact, as Dell ECS platforms are often used to store large volumes of critical and sensitive enterprise data. A successful attack could result in the complete loss of data confidentiality, integrity, and availability. Specific risks include large-scale data breaches, deployment of ransomware across the storage environment, manipulation or destruction of critical data, and extended service outages, leading to significant financial and reputational damage.
Remediation Plan
Immediate Action:
Organizations must prioritize the deployment of security updates provided by Dell across all affected ECS instances. Before applying the patch, validate system health and ensure a valid backup and rollback plan is in place. After patching, review system and access logs for any indicators of compromise that may have occurred prior to the update.
Proactive Monitoring:
Implement enhanced monitoring of ECS management interfaces. Security teams should look for:
Compensating Controls:
If immediate patching is not feasible, implement the following compensating controls to reduce the attack surface:
Exploitation Status
Public Exploit Available: False
Analyst Notes:
As of August 4, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, given the high CVSS score and the criticality of the affected systems, it is highly probable that threat actors will reverse-engineer the patch to develop a functional exploit within a short timeframe.
Analyst Recommendation
Due to the high severity (CVSS 8.4) and the risk of remote code execution on a critical data storage platform, this vulnerability represents a significant threat to the organization. Although CVE-2025-26476 is not currently listed on the CISA KEV catalog, its characteristics make it a prime candidate for future inclusion. We strongly recommend that system administrators treat this as a critical priority and apply the vendor-supplied patches within the organization's emergency change window. In parallel, access to the ECS management plane should be immediately audited and restricted according to the principle of least privilege.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A s...
An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentia...
Executive Summary:
A critical vulnerability has been identified in MedDream PACS Premium software, assigned CVE-2025-26469 with a CVSS score of 9.3. This flaw stems from incorrect default permissions that allow a local attacker to run a specially crafted application to decrypt and steal sensitive credentials. Successful exploitation could lead to a complete system compromise, unauthorized access to patient data, and significant disruption to healthcare operations.
Vulnerability Details
CVE-ID: CVE-2025-26469
Affected Software: An incorrect default permissions vulnerability exists in the Multiple Products
Affected Versions: MedDream PACS Premium version 7.3.3.840 is confirmed to be affected. See vendor advisory for a specific list of all affected products and versions.
Vulnerability: The vulnerability exists within the CServerSettings::SetRegistryValues function of the MedDream PACS software. This function writes configuration data, including credentials, to the Windows Registry with overly permissive access controls. A low-privileged attacker with local access to the system can therefore read these registry entries, and by using a specially crafted application, can decrypt the stored credentials. This grants the attacker access to sensitive accounts, potentially leading to privilege escalation and unauthorized access to the PACS system and associated data.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.3. The primary business impact is the high risk of a data breach involving Protected Health Information (PHI) due to credential theft. Exploitation could allow an attacker to gain unauthorized access to medical images and patient records, leading to severe regulatory fines (e.g., under HIPAA), legal liability, and irreparable reputational damage. Furthermore, compromised credentials could be used to pivot to other critical systems on the network, potentially causing widespread operational disruption in a healthcare environment.
Remediation Plan
Immediate Action: Update An incorrect default permissions vulnerability exists in the Multiple Products to the latest version. The vendor has released patches to correct the improper permissions. After patching, monitor for any exploitation attempts that may have occurred and review system and application access logs for any anomalous activity.
Proactive Monitoring: Implement enhanced monitoring on systems running MedDream PACS software. Specifically, monitor for unusual processes reading from MedDream-related registry hives. Use an Endpoint Detection and Response (EDR) solution to alert on suspicious command-line executions or applications attempting to decrypt credential data. Review authentication logs for successful logins from unusual sources or at odd hours, which could indicate the use of stolen credentials.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce risk. Use application whitelisting tools (like AppLocker) to prevent the execution of unauthorized "specially crafted applications." Restrict interactive logon rights to the server, allowing only necessary administrative accounts. If the specific vulnerable registry keys are known, their permissions could be manually hardened as a temporary mitigation.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Jul 28, 2025, there is no known public proof-of-concept exploit code available, and the vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. However, given the low complexity of exploiting incorrect permissions, it is highly likely that threat actors will develop an exploit. Organizations should assume it is a matter of when, not if, this vulnerability will be actively exploited.
Analyst Recommendation
Due to the critical severity (CVSS 9.3) of this vulnerability and its potential to expose highly sensitive patient data, we strongly recommend that organizations apply the vendor-supplied security update immediately. The risk of credential theft and subsequent data breach represents a significant threat to business operations and regulatory compliance. Although not currently under active exploitation, the simplicity of the attack vector makes it an attractive target, and immediate remediation should be treated as the highest priority.
Update An incorrect default permissions vulnerability exists in the Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra
Executive Summary:
A high-severity vulnerability has been discovered in Apache Cassandra that allows for privilege escalation due to unsafe actions being definable within user privileges. Successful exploitation could allow a low-privileged attacker to gain full administrative control over the database, leading to potential data theft, modification, or complete system compromise.
Vulnerability Details
CVE-ID: CVE-2025-26467
Affected Software: Apache Privilege Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability, identified as "Privilege Defined With Unsafe Actions," exists within the privilege management system of Apache Cassandra. It allows for the creation of custom user-defined privileges that can include inherently insecure or dangerous system-level actions, such as arbitrary command execution or file system manipulation. An authenticated attacker with permissions to create or modify roles could craft a malicious privilege, assign it to an account under their control, and execute it to escalate their privileges from a standard user to a high-level administrator, effectively gaining complete control over the database node.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8, posing a significant threat to the organization. Successful exploitation could grant an attacker administrative control over the Apache Cassandra database, leading to severe consequences such as unauthorized access, modification, or exfiltration of sensitive data, including customer information, financial records, and proprietary business logic. The potential business impact includes major data breaches, operational disruption, significant reputational damage, and potential regulatory fines for non-compliance with data protection standards.
Remediation Plan
Immediate Action: Organizations must apply the security updates provided by Apache for all affected Cassandra installations immediately. After patching, it is crucial to review access logs for any signs of suspicious activity preceding the update and monitor systems for any post-patch exploitation attempts.
Proactive Monitoring: Implement enhanced monitoring on Cassandra nodes. Security teams should actively review audit logs for the creation or modification of user roles and privileges, especially those with unusual or overly permissive actions. Monitor for anomalous query patterns, unexpected system commands being executed by the Cassandra process, and unusual outbound network traffic from database servers, which could indicate data exfiltration.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. Strictly enforce the principle of least privilege by revoking all permissions related to role and privilege management from non-essential user accounts. Enhance network segmentation to isolate the Cassandra cluster, restricting access to only trusted application servers. Deploy a Database Activity Monitoring (DAM) solution to detect and block malicious queries attempting to create or modify privileges.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of August 25, 2025, there are no known public exploits available for this vulnerability. However, given the high severity score and the detailed nature of the vulnerability, it is highly probable that threat actors will develop and deploy exploits in the near future.
Analyst Recommendation
Given the high severity (CVSS 8.8) of this vulnerability, immediate action is required to prevent potential system compromise. Although CVE-2025-26467 is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its potential for privilege escalation makes it an attractive target for attackers. We strongly recommend that organizations prioritize the deployment of the vendor-supplied patches across all vulnerable Apache Cassandra instances without delay to mitigate this critical risk.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In executeAppFunction of AppSearchManagerService
In executeAppFunction of AppSearchManagerService
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In AccessibilityServiceConnection
In AccessibilityServiceConnection
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In multiple functions of LocationProviderManager
In multiple functions of LocationProviderManager
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In multiple functions of NdkMediaCodec
In multiple functions of NdkMediaCodec
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In validateUriSchemeAndPermission of DisclaimersParserImpl
In validateUriSchemeAndPermission of DisclaimersParserImpl
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In loadDrawableForCookie of ResourcesImpl
In loadDrawableForCookie of ResourcesImpl
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In onInputEvent of IInputMethodSessionWrapper
In onInputEvent of IInputMethodSessionWrapper
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In onHandleForceStop of VoiceInteractionManagerService
In onHandleForceStop of VoiceInteractionManagerService
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In multiple functions of CameraService
In multiple functions of CameraService
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In getComponentName of AccessibilitySettingsUtils
In getComponentName of AccessibilitySettingsUtils
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In smp_process_secure_connection_oob_data of smp_act
In smp_process_secure_connection_oob_data of smp_act
Executive Summary:
A high-severity vulnerability exists in the SMP (Security Manager Protocol) implementation of multiple products, potentially allowing an attacker to bypass security mechanisms or cause a denial of service.
Vulnerability Details
CVE-ID: CVE-2025-26438
Affected Software: In Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: An unspecified vulnerability exists within the smp_process_secure_connection_oob_data function. This suggests a flaw in the handling of out-of-band data during the Bluetooth pairing process, which could be exploited by an attacker within radio range to compromise the secure connection establishment.
Business Impact
Exploitation of this flaw could allow an attacker to bypass authentication, pair with a device without authorization, or potentially inject malicious data, leading to information disclosure or a denial-of-service condition. The CVSS score of 8.8 (High) indicates a critical flaw in a core security function that could undermine the confidentiality and integrity of communications for affected devices.
Remediation Plan
Immediate Action: Apply the security updates provided by the vendor immediately to patch the vulnerable component.
Proactive Monitoring: Monitor Bluetooth communication logs, if available, for anomalous pairing attempts or connection failures. Investigate any reports of unexpected device behavior during pairing.
Compensating Controls: If patching is not immediately possible, disable Bluetooth functionality on affected devices or restrict pairing to physically secure environments to limit the attack surface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 4, 2025, there is no public information indicating active exploitation of this vulnerability. However, flaws in widely used protocols like Bluetooth are attractive targets for security researchers and attackers alike.
Analyst Recommendation
The high severity of this vulnerability warrants immediate attention. The potential for an attacker to compromise secure communications represents a significant risk. Organizations must prioritize the deployment of vendor patches to all affected systems to prevent potential exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In clearAllowBgActivityStarts of PendingIntentRecord
In clearAllowBgActivityStarts of PendingIntentRecord
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In updateState of ContentProtectionTogglePreferenceController
In updateState of ContentProtectionTogglePreferenceController
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In setupAccessibilityServices of AccessibilityFragment
In setupAccessibilityServices of AccessibilityFragment
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In getDestinationForApp of SpaAppBridgeActivity, there is a possible cross-user file reveal due to a logic error in the code
In getDestinationForApp of SpaAppBridgeActivity, there is a possible cross-user file reveal due to a logic error in the code
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote esca...
In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution p...
Executive Summary:
A critical heap buffer overflow vulnerability, identified as CVE-2025-26416, has been discovered in multiple products. This flaw, with a CVSS score of 9.8, can be exploited by a remote, unauthenticated attacker by tricking the system into processing a malicious BMP image file. Successful exploitation could lead to arbitrary code execution, allowing an attacker to take full control of the affected system.
Vulnerability Details
CVE-ID: CVE-2025-26416
Affected Software: In initializeSwizzler of Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is a heap-based buffer overflow that occurs in the initializeSwizzler function within the SkBmpStandardCodec.cpp source file. The function fails to properly validate the size of input data from a BMP image file before copying it to a memory buffer on the heap. A remote attacker can craft a malicious BMP file that, when processed by an affected application, will cause a write operation to exceed the boundaries of the allocated buffer. This memory corruption can be leveraged by the attacker to execute arbitrary code with the same privileges as the application processing the image, leading to a full system compromise.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, posing a significant and immediate risk to the organization. A successful exploit could grant an attacker complete control over the affected system, leading to severe consequences. These include the theft of sensitive corporate or customer data, deployment of ransomware, disruption of critical business services, and the potential for the compromised system to be used as a foothold to launch further attacks against the internal network. The lack of required authentication or user interaction for exploitation drastically increases the likelihood of a successful attack.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately. Organizations must identify all affected products and update them to the latest patched version to resolve the vulnerability. Following the update, security teams should actively monitor for any signs of exploitation attempts and review system and application logs for indicators of compromise.
Proactive Monitoring: Implement enhanced monitoring for systems running the affected software. Security teams should look for unusual application crashes or memory-related errors in logs, especially those related to BMP image processing. Monitor network traffic for anomalous outbound connections from affected servers, which could signal a successful compromise. Endpoint Detection and Response (EDR) solutions should be configured to alert on suspicious process behavior, such as an image processing service spawning a command shell.
Compensating Controls: If immediate patching is not feasible, implement the following compensating controls to reduce the risk of exploitation:
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of September 2, 2025, there are no known public exploits available for this vulnerability. However, given the critical CVSS score of 9.8 and the potential for remote code execution, it is highly probable that both security researchers and malicious actors will actively work to develop a functional exploit. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, but its severity makes it a prime candidate for future inclusion.
Analyst Recommendation
Due to the critical severity (CVSS 9.8) of this vulnerability and its potential for remote code execution without user interaction, it is imperative that organizations treat this as a top priority. We strongly recommend that all affected systems are patched immediately. If patching must be delayed, the compensating controls outlined above should be implemented without delay to mitigate risk. Given the high likelihood of future exploitation, organizations must assume this vulnerability will be actively targeted and take decisive action to protect their assets.
Update In initializeSwizzler of Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if expl...
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on ...
Executive Summary:
A critical remote code execution vulnerability has been identified in SolarWinds Web Help Desk, designated CVE-2025-26399. This flaw allows an unauthenticated attacker to execute arbitrary commands on the server, potentially leading to a complete system compromise. Due to the ease of exploitation and severe impact, this vulnerability poses a significant and immediate risk to affected organizations.
Vulnerability Details
CVE-ID: CVE-2025-26399
Affected Software: SolarWinds Web Help Desk
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is an unauthenticated remote code execution flaw resulting from insecure deserialization in the AjaxProxy component. An attacker can send a specially crafted request containing a malicious serialized object to the AjaxProxy endpoint. The application deserializes this object without proper validation, leading to the execution of embedded code with the permissions of the Web Help Desk service, which could grant the attacker full control over the underlying server.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the affected server, allowing an attacker to steal sensitive data, deploy ransomware, disrupt help desk operations, or use the compromised system as a pivot point to attack other internal network resources. The potential business impact includes significant data breaches, financial loss from operational downtime, reputational damage, and regulatory penalties.
Remediation Plan
Immediate Action: Update all instances of SolarWinds Web Help Desk to the latest version provided by the vendor to patch this vulnerability. Prioritize patching for systems that are exposed to the internet. After patching, monitor for any signs of exploitation attempts by reviewing access logs for suspicious activity.
Proactive Monitoring: Security teams should actively monitor for indicators of compromise. This includes reviewing web server and application logs for unusual or malformed requests to the AjaxProxy endpoint, monitoring for unexpected processes spawned by the Web Help Desk service, and scrutinizing outbound network traffic from the server for connections to unknown or malicious destinations.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. Restrict network access to the Web Help Desk application to only trusted IP addresses using a firewall. Deploy a Web Application Firewall (WAF) with rules designed to detect and block deserialization attack patterns.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Sep 23, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the critical severity (CVSS 9.8) and the fact that it is an unauthenticated RCE, it is highly probable that a functional exploit will be developed and used by threat actors in the near future.
Analyst Recommendation
Given the critical severity of this vulnerability, immediate action is required. We strongly recommend that all organizations using the affected SolarWinds Web Help Desk product apply the vendor-supplied patches immediately, starting with internet-facing systems. Although this CVE is not currently on the CISA KEV list, its characteristics make it a prime target for widespread exploitation. Organizations should not wait for confirmed exploitation in the wild before taking decisive remediation action.
Update SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Deadline: March 11, 2026
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability
SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability
Update to patched version immediately. Review user permissions and access controls.
Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execu...
Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
TechAdvisor versions 2
TechAdvisor versions 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvre!UDecStrToNum that may result in information disclosure or arbit...
Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvre!UDecStrToNum that may result in information disclosure or arbitrary code execution
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A prototype pollution in the lib
A prototype pollution in the lib
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An Cross-Site Scripting (XSS) vulnerability in DeepSeek R1 through V3.1 allows a remote attacker to execute arbitrary code via unspecified input field...
An Cross-Site Scripting (XSS) vulnerability in DeepSeek R1 through V3.1 allows a remote attacker to execute arbitrary code via unspecified input fields.
Executive Summary:
A critical vulnerability has been identified in multiple products from the vendor "An," designated as CVE-2025-26210. This flaw, rated with a CVSS score of 9.8, allows a remote attacker to execute arbitrary code on affected systems, potentially leading to a full system compromise. Organizations are urged to apply the necessary updates immediately to prevent data breaches, service disruption, and further network intrusion.
Vulnerability Details
CVE-ID: CVE-2025-26210
Affected Software: An Multiple Products
Affected Versions: The vulnerability is confirmed in the DeepSeek component, versions R1 through V3.1. This component may be present in multiple products; see vendor advisory for a specific list of affected products.
Vulnerability: This is a severe Cross-Site Scripting (XSS) vulnerability that leads to Remote Code Execution (RCE). An unauthenticated, remote attacker can inject a malicious script into unspecified input fields of the application. When the application processes this malicious input, it results in the execution of arbitrary code on the underlying server, granting the attacker control over the system.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could have a devastating business impact, including a complete compromise of the affected server. Potential consequences include theft of sensitive corporate or customer data, deployment of ransomware, complete disruption of services running on the host, and the ability for an attacker to pivot and launch further attacks against the internal network. This poses significant financial, reputational, and operational risks to the organization.
Remediation Plan
Immediate Action:
Proactive Monitoring:
<script>, onerror=, onload=) in request parameters.Compensating Controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes:
As of September 3, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, the high CVSS score and the RCE impact make it a very attractive target for threat actors. The classification as "Cross-Site Scripting" may be misleading; given the CVSS score of 9.8, this vulnerability must be treated with the same urgency as a critical Remote Code Execution (RCE) flaw.
Analyst Recommendation
Given the critical severity (CVSS 9.8) of this vulnerability and its potential for full system compromise, we strongly recommend that organizations prioritize the immediate patching of all affected systems. Although CVE-2025-26210 is not currently listed on the CISA KEV catalog, its high impact makes it a prime candidate for future exploitation. All remediation and monitoring actions should be executed without delay to mitigate the significant risk to the organization.
Update An Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
SQL Injection vulnerability in openSIS v
SQL Injection vulnerability in openSIS v
Apply vendor patches immediately. Review database access controls and enable query logging.
Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.
Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.
Executive Summary:
A critical remote code execution (RCE) vulnerability in Orkes Conductor allows an unauthenticated remote attacker to execute arbitrary commands, leading to a complete compromise of the affected system.
Vulnerability Details
CVE-ID: CVE-2025-26074
Affected Software: Orkes Conductor Multiple Products
Affected Versions: Version 3.21.11 is confirmed vulnerable. See vendor advisory for a complete list of affected products.
Vulnerability: The vulnerability permits an unauthenticated remote attacker to execute arbitrary operating system commands on the server. This is caused by a flaw that provides unrestricted access to Java classes, which can be leveraged for remote code execution.
Business Impact
A successful exploit would grant an attacker full control over the underlying server, resulting in a complete system compromise. This could lead to sensitive data exfiltration, deployment of ransomware, or the use of the compromised system to launch further attacks within the network. The Critical CVSS score of 9.8 reflects the maximum potential impact on confidentiality, integrity, and availability.
Remediation Plan
Immediate Action:
Administrators must immediately update all affected Orkes Conductor instances to the latest patched version provided by the vendor to mitigate this vulnerability.
Proactive Monitoring:
Review server and application logs for any unusual or unauthorized command execution or unexpected Java class loading. Monitor network traffic for anomalous outbound connections originating from the Conductor server.
Compensating Controls:
Implement a Web Application Firewall (WAF) with rules designed to inspect and block suspicious Java class manipulations or command injection patterns. This can provide a layer of defense if immediate patching is not feasible.
Exploitation Status
Public Exploit Available: Not specified in source data.
Analyst Notes: As of Jun 30, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the critical nature of the flaw, the potential for exploitation is extremely high and proof-of-concept code could emerge quickly.
Analyst Recommendation
Given the critical severity (CVSS 9.8) and the potential for complete system compromise by an unauthenticated attacker, this vulnerability represents an immediate and severe risk. We strongly recommend prioritizing the deployment of the vendor-supplied update across all vulnerable systems without delay to prevent potential exploitation.
Update Orkes Conductor Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2
A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2
A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into...
An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into the ESSID name when creating a network.
Executive Summary:
A critical vulnerability has been identified in multiple Intelbras router models, assigned CVE-2025-26063 with a CVSS score of 9.8. This flaw allows an unauthenticated attacker to gain complete control of an affected device by simply creating a Wi-Fi network with a specially crafted name. Successful exploitation could lead to network traffic interception, denial of service, or further attacks on the internal network.
Vulnerability Details
CVE-ID: CVE-2025-26063
Affected Software: An issue in Intelbras Multiple Products
Affected Versions: Intelbras RX1500 v2.2.9 and RX3000 v1.0.11
Vulnerability: This vulnerability is a command injection flaw within the function that processes the Extended Service Set Identifier (ESSID), or Wi-Fi network name. An unauthenticated attacker with access to the device's network creation interface can submit a crafted ESSID containing arbitrary system commands. The device's software fails to properly sanitize this input, causing it to execute the injected commands with the privileges of the system, leading to remote code execution and a full compromise of the router.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the ease of exploitation and the maximum potential impact. An attacker who successfully exploits this flaw can gain complete administrative control over the network device. This could lead to severe business disruptions, including the theft of sensitive data by sniffing all network traffic, launching denial-of-service attacks that take down the network, using the compromised router as a pivot point to attack other critical systems within the organization, or incorporating the device into a botnet for larger-scale attacks. The risk to data confidentiality, integrity, and availability is exceptionally high.
Remediation Plan
Immediate Action: The primary remediation step is to update the firmware on all affected Intelbras devices to the latest version provided by the vendor, which addresses this vulnerability. After patching, it is crucial to monitor systems for any signs of prior exploitation and to review device access and system logs for any anomalous activity related to network creation.
Proactive Monitoring: Security teams should implement monitoring rules to detect exploitation attempts. This includes scrutinizing logs for events related to the creation of new Wi-Fi networks, specifically looking for ESSID names that are unusually long or contain shell metacharacters (e.g., ;, |, &, $(, `). Monitor network traffic for unexpected outbound connections from the routers to unknown IP addresses, which could indicate a successful compromise.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of the publication date of Jul 31, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, given the critical CVSS score and the straightforward nature of the attack vector, it is highly probable that a functional exploit will be developed and released by threat actors in the near future. This vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the critical severity (CVSS 9.8) and the ability for an unauthenticated attacker to achieve remote code execution, this vulnerability poses an immediate and significant threat to the organization. We strongly recommend that all affected Intelbras RX1500 and RX3000 devices be patched immediately. Due to the high likelihood of future exploitation, this remediation effort should be treated as a top priority. If patching cannot be performed immediately, the compensating controls listed above must be implemented without delay to mitigate the risk of a full network compromise.
Update An issue in Intelbras Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to access the router's settings file and obtain...
An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to access the router's settings file and obtain potentially sensitive information from the curren...
Executive Summary:
A critical access control vulnerability has been identified in multiple Intelbras router models. This flaw allows an unauthenticated attacker to remotely download the device's configuration file, exposing highly sensitive information such as administrative passwords and network settings. Successful exploitation could lead to a complete compromise of the network's security and integrity.
Vulnerability Details
CVE-ID: CVE-2025-26062
Affected Software: Intelbras Multiple Products
Affected Versions: RX1500 v2.2.9, RX3000 v1.0.11, and potentially other versions. See vendor advisory for a complete list.
Vulnerability: The vulnerability is an improper access control flaw within the web management interface of affected Intelbras routers. An unauthenticated attacker, with network access to the device, can bypass authentication mechanisms and directly access and download the router's settings file. This is likely achieved by navigating to a specific, unprotected URL that serves the configuration file, requiring no special privileges or user interaction. The exposed file contains sensitive data in a readable or easily decipherable format, including Wi-Fi SSIDs, pre-shared keys (passwords), and administrator credentials for the router itself.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation could have a severe and direct impact on the organization's security posture. An attacker who obtains the router's configuration file can gain administrative control over the network gateway, enabling them to monitor, redirect, or block all network traffic. Specific risks include eavesdropping on sensitive communications, launching man-in-the-middle attacks, pivoting to other internal network devices, and using the compromised network to launch attacks against external targets. This could result in significant data breaches, operational disruption, and reputational damage.
Remediation Plan
Immediate Action: Immediately apply the security patches provided by Intelbras to all affected devices. Organizations should identify all vulnerable Intelbras RX1500 and RX3000 routers and upgrade their firmware to the latest version that addresses this flaw. After patching, verify that the vulnerability has been successfully remediated.
Proactive Monitoring: Security teams should actively monitor web server access logs on affected routers for any direct, unauthenticated requests to configuration file paths (e.g., requests for files ending in .cfg, .bin, or containing config in the URL). Monitor for unusual outbound traffic from the routers or signs of internal network scanning originating from the router's IP address, which could indicate a successful compromise.
Compensating Controls: If immediate patching is not feasible, implement the following controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Jul 31, 2025, this vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, and there are no known public exploits available. However, given the critical CVSS score and the likely simplicity of exploitation, it is highly probable that a functional exploit will be developed and published by security researchers or malicious actors.
Analyst Recommendation
Due to the critical severity (9.8) of this vulnerability, we strongly recommend that organizations take immediate action. The risk of complete network compromise is substantial. All affected Intelbras devices must be patched on an emergency basis. While this CVE is not yet on the CISA KEV list, its high impact and low-complexity nature make it a prime target for future exploitation. Until patches are fully deployed, access to the device's management interface should be strictly limited using compensating controls as a temporary mitigation.
Update An access control issue in Intelbras Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Executive Summary:
A critical vulnerability has been discovered in multiple Infinera products, specifically affecting the MTC-9 platform. This flaw stems from an improper configuration of the SSH service, which allows an unauthenticated remote attacker to bypass security controls, execute arbitrary commands, and access sensitive data on the underlying file system, potentially leading to a complete system compromise.
Vulnerability Details
CVE-ID: CVE-2025-27020
Affected Software: Infinera MTC-9
Affected Versions: MTC-9: from R22.1.1.0275 before R23.0
Vulnerability: The vulnerability is an improper configuration within the SSH service on affected Infinera devices. This misconfiguration allows an attacker to connect to the device without providing valid credentials. Upon successful connection, the attacker can execute arbitrary commands with the privileges of the SSH service, granting them unauthorized control over the device and access to the entire file system.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could have a severe impact on business operations, leading to a complete loss of confidentiality, integrity, and availability of the affected device. An attacker could exfiltrate sensitive network configuration data, disrupt network services by modifying or deleting critical files, or use the compromised device as a pivot point to launch further attacks against the internal network.
Remediation Plan
Immediate Action: Immediately apply the vendor-supplied security update to upgrade affected Infinera MTC-9 devices to version R23.0 or a later release. After patching, it is crucial to review SSH access logs for any signs of compromise that may have occurred prior to the update.
Proactive Monitoring: Implement continuous monitoring of network traffic to and from affected devices. Specifically, monitor for unusual or unauthorized SSH connection attempts (port 22) from unknown IP addresses. Review system and audit logs for unexpected command execution or file modifications that could indicate a successful exploit.
Compensating Controls: If immediate patching is not feasible, implement network-level access controls as a temporary mitigation. Use a firewall or Access Control Lists (ACLs) to restrict SSH access to the affected devices, allowing connections only from a trusted management network or specific, authorized IP addresses.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Dec 8, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the critical severity and the low complexity required for exploitation (unauthenticated access), it is highly likely that threat actors will develop and deploy exploits rapidly.
Analyst Recommendation
Given the critical CVSS score of 9.8, this vulnerability represents a significant and immediate risk to the organization. We strongly recommend that the vendor's patch be applied to all affected Infinera MTC-9 devices with the highest priority. Although this CVE is not currently on the CISA KEV list, its characteristics make it a prime target for exploitation, and it should be remediated as an emergency change.