Executive Summary:
A critical vulnerability has been identified in the SandboxJS library, a tool designed to safely execute untrusted JavaScript code. This flaw allows an attacker to bypass the library's security restrictions and execute arbitrary code on the underlying server. Successful exploitation could lead to a complete system compromise, resulting in data theft, service disruption, or further network intrusion.

Vulnerability Details

CVE-ID: CVE-2026-25142

Affected Software: SandboxJS library

Affected Versions: Versions prior to 0.8.27

Vulnerability: The SandboxJS library fails to properly restrict access to the __lookupGetter__ JavaScript object method. An attacker can craft malicious JavaScript code that leverages this method to access and modify object prototypes. By manipulating the prototype chain, the attacker can gain access to powerful, unrestricted functions outside of the sandbox environment, such as the Function constructor, ultimately leading to a sandbox escape and remote code execution (RCE) on the host system.

Business Impact

This vulnerability is rated as critical severity with a CVSS score of 10. A successful exploit would grant an attacker the ability to execute commands on the server with the same privileges as the application running the SandboxJS library. This could lead to a complete loss of confidentiality, integrity, and availability of the affected system and its data. Potential consequences include theft of sensitive data, deployment of ransomware, manipulation of application data, or using the compromised server as a pivot point to attack other systems within the organization's network.

Remediation Plan

Immediate Action: All systems utilizing the SandboxJS library must be immediately updated to version 0.8.27 or later, which contains the fix for this vulnerability. After patching, review application and system logs for any signs of exploitation that may have occurred prior to the update.

Proactive Monitoring: Implement enhanced monitoring on affected systems. Security teams should look for suspicious patterns in logs, such as unexpected process creation by the application, unusual network connections, or logs of user-submitted JavaScript containing strings like __lookupGetter__, prototype, or constructor.

Compensating Controls: If immediate patching is not feasible, consider implementing the following compensating controls:

• Run the application utilizing SandboxJS within a heavily restricted, isolated environment (e.g., a minimal Docker container with no unnecessary privileges or network access).
• Implement a Web Application Firewall (WAF) with rules designed to detect and block malicious JavaScript patterns attempting to exploit this vulnerability.
• Enhance input validation to sanitize or reject any user-supplied code before it is passed to the SandboxJS library.

Exploitation Status

Public Exploit Available: false

Analyst Notes: As of February 2, 2026, there are no known public exploits targeting this vulnerability. However, given the critical CVSS score of 10 and the public disclosure of the vulnerability's technical details, it is highly probable that proof-of-concept exploits will be developed and released by security researchers or malicious actors in the near future.

Analyst Recommendation

Due to the critical severity (CVSS 10) of this vulnerability and the high risk of complete system compromise, immediate remediation is strongly recommended. Organizations must prioritize applying the update to version 0.8.27 or later across all affected applications without delay. Although this CVE is not currently on the CISA KEV list, its characteristics make it a prime candidate for widespread exploitation, and it should be treated with the highest urgency.

Executive Summary:
A critical command injection vulnerability has been identified in the Dokploy PaaS, affecting versions prior to 0.26.6. This flaw allows an authenticated attacker to execute arbitrary commands on the underlying server, potentially leading to a complete system compromise, data theft, and service disruption. Due to the high severity (CVSS 9.9), immediate patching is required to prevent a full takeover of the host environment.

Vulnerability Details

CVE-ID: CVE-2026-24841

Affected Software: Dokploy is a Multiple Products

Affected Versions: All versions prior to 0.26.6

Vulnerability: The vulnerability is a command injection flaw within the /docker-container-terminal WebSocket endpoint. The endpoint accepts containerId and activeWay parameters which are insecurely passed to a shell command on the host server without proper sanitization or validation. An authenticated attacker can manipulate these parameters to inject and execute arbitrary shell commands with the privileges of the Dokploy service, leading to remote code execution (RCE) on the host.

Business Impact

This vulnerability is rated as critical severity with a CVSS score of 9.9. Successful exploitation would result in a complete compromise of the server hosting Dokploy, granting the attacker full control. The potential business impact includes theft or modification of sensitive data, deployment of ransomware, complete disruption of all applications managed by Dokploy, and the ability for an attacker to use the compromised server as a pivot point to attack other systems within the internal network. This represents a total loss of confidentiality, integrity, and availability for the affected system and its hosted services.

Remediation Plan

Immediate Action: Immediately upgrade all Dokploy instances to version 0.26.6 or later, which contains the fix for this vulnerability. After patching, review system and application logs for any signs of compromise or suspicious activity preceding the update.

Proactive Monitoring:

• Monitor WebSocket connection logs for unusual or malformed requests to the /docker-container-terminal endpoint.
• Implement host-based monitoring to detect anomalous process execution, especially unexpected shell commands spawned by the Dokploy user/service.
• Analyze outbound network traffic from the Dokploy server for connections to unknown or malicious destinations.
• Review Dokploy access logs for unauthorized or suspicious authentication events.

Compensating Controls: If patching cannot be performed immediately, implement the following controls:

• Restrict network access to the Dokploy management interface and API endpoints to trusted IP addresses using a firewall.
• Deploy a Web Application Firewall (WAF) with rules specifically designed to inspect and block malicious WebSocket payloads targeting command injection.
• Enforce the principle of least privilege for all user accounts with access to Dokploy, and ensure multi-factor authentication is enabled.

Exploitation Status

Public Exploit Available: true

Analyst Notes: As of Jan 28, 2026, there are no widespread reports of active exploitation in the wild. However, command injection vulnerabilities of this nature are trivial to exploit once discovered. It is highly probable that functional proof-of-concept (PoC) exploit code will become publicly available shortly, significantly increasing the risk. The only mitigating factor is the requirement for the attacker to be authenticated.

Analyst Recommendation

Given the critical CVSS score of 9.9 and the risk of complete system compromise, it is imperative that organizations treat this vulnerability with the highest priority. The provided remediation to upgrade to version 0.26.6 or later should be applied immediately across all affected systems. Although this vulnerability is not currently listed on the CISA KEV list, its severity makes it a prime candidate for future inclusion. Do not delay patching.

Executive Summary:
A high-severity vulnerability has been discovered in multiple Docker products, specifically related to the Runtipi homeserver orchestrator. Successful exploitation could allow an attacker to escape container environments, gain elevated privileges on the host server, and execute arbitrary code. This could lead to a complete system compromise, resulting in data theft, service disruption, and unauthorized access to the underlying infrastructure.

Vulnerability Details

CVE-ID: CVE-2026-24129

Affected Software: Docker Multiple Products

Affected Versions: See vendor advisory for specific affected versions

Vulnerability: This vulnerability exists within the Runtipi orchestration layer that interacts with the Docker engine. A flaw in how Runtipi processes and manages container configurations can be exploited by a malicious actor, potentially with low-level access to a container or by tricking an administrator into deploying a specially crafted service. By exploiting this flaw, an attacker can break out of the intended container isolation, gaining root-level access to the host operating system, thereby compromising all other services and data on that server.

Business Impact

This vulnerability is rated as High severity with a CVSS score of 8. Exploitation could lead to a complete compromise of the server hosting the Docker environment. The potential business impact includes the theft of sensitive corporate or customer data, deployment of ransomware, disruption of critical business applications, and the use of the compromised system as a launchpad for further attacks within the corporate network. The reputational damage and financial costs associated with a breach of this nature are significant.

Remediation Plan

Immediate Action: Apply the security updates provided by the vendor across all affected systems immediately. After patching, review system and container access logs for any anomalous activity or indicators of compromise that may have occurred prior to the update.

Proactive Monitoring: Security teams should actively monitor for unusual process execution originating from the Docker daemon or containers, unexpected network connections to or from the host server, and unauthorized modifications to container configurations. Scrutinize Docker API logs for suspicious commands or unauthorized access attempts.

Compensating Controls: If immediate patching is not feasible, organizations should implement compensating controls. These include applying stricter security profiles (e.g., AppArmor, SELinux) to limit container capabilities, enforcing the principle of least privilege for users managing the Docker environment, and using network segmentation to isolate vulnerable hosts from critical network segments.

Exploitation Status

Public Exploit Available: false

Analyst Notes: As of January 23, 2026, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, given the high-severity rating and the widespread deployment of Docker, it is highly probable that threat actors will develop exploits in the near future.

Analyst Recommendation

Given the high severity of this vulnerability, immediate action is required. Organizations must prioritize the deployment of vendor-supplied patches to all affected systems. Although this CVE is not currently listed on the CISA KEV list, its potential for complete system compromise warrants treating it with the highest urgency. If patching is delayed, the compensating controls listed above should be implemented as a temporary mitigation measure while a patching schedule is finalized.

Executive Summary:
A high-severity vulnerability has been discovered in Tugtainer, a self-hosted application used for automating Docker container updates. This flaw could allow a remote, unauthenticated attacker to execute arbitrary code on the server hosting the application, potentially leading to a complete compromise of the container environment. Successful exploitation could result in significant data breaches, service disruption, and unauthorized access to the underlying infrastructure.

Vulnerability Details

CVE-ID: CVE-2026-23846

Affected Software: Docker Multiple Products (via the Tugtainer application)

Affected Versions: See vendor advisory for specific affected versions

Vulnerability: The vulnerability exists within the API of the Tugtainer application. A lack of proper input sanitization in a specific API endpoint allows an unauthenticated remote attacker to craft a malicious request that results in arbitrary command injection. An attacker can exploit this by sending a specially crafted HTTP request to the vulnerable endpoint, which the application then executes with the privileges of the Tugtainer service account, leading to remote code execution (RCE) on the host system.

Business Impact

This vulnerability is rated as High severity with a CVSS score of 8.1. A successful exploit would grant an attacker full control over the Tugtainer instance and, by extension, the Docker host it manages. This could lead to severe consequences, including the theft or destruction of sensitive data within containers, deployment of malicious containers (e.g., for cryptomining), disruption of critical business applications, and using the compromised host as a pivot point to attack other systems on the internal network. The potential business impact includes significant operational downtime, financial loss, reputational damage, and regulatory penalties related to a data breach.

Remediation Plan

Immediate Action: Apply the security updates provided by the vendor immediately to all affected Tugtainer instances. After patching, review system and application access logs for any signs of compromise or unusual activity preceding the update.

Proactive Monitoring:

• Monitor web server access logs for the Tugtainer application for unusual or malformed API requests, particularly from unknown IP addresses.
• Audit Docker daemon logs for unexpected container start, stop, or modification events that do not correlate with legitimate administrative actions.
• Monitor for suspicious outbound network connections originating from the Tugtainer host or its containers.
• Look for unexpected processes being spawned by the Tugtainer service user on the host operating system.

Compensating Controls: If immediate patching is not feasible, implement the following controls:

• Restrict network access to the Tugtainer web interface and API to a limited set of trusted IP addresses using a firewall.
• Place the application behind a Web Application Firewall (WAF) with rules designed to detect and block command injection attempts.
• Ensure the Tugtainer service runs with the lowest possible privileges to limit the impact of a potential compromise.

Exploitation Status

Public Exploit Available: false

Analyst Notes: As of January 20, 2026, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the high severity score and the potential for remote code execution, it is highly probable that threat actors will develop exploits in the near future.

Analyst Recommendation

Given the high CVSS score of 8.1 and the critical nature of the systems managed by Tugtainer, this vulnerability poses a significant risk to the organization. We strongly recommend prioritizing the immediate deployment of vendor-supplied patches to all affected systems. Although this CVE is not currently listed on the CISA KEV catalog, its high impact makes it a prime candidate for future inclusion and exploitation. Organizations should assume it will be targeted and act decisively to mitigate the risk.

Executive Summary:
A critical sandbox escape vulnerability has been identified in vm2, a widely used Node.js library. This flaw allows an attacker to bypass security restrictions and execute arbitrary code on the underlying server, potentially leading to a full system compromise. Organizations using applications that rely on vulnerable versions of vm2 are at high risk of data theft, service disruption, and further network intrusion.

Vulnerability Details

CVE-ID: CVE-2026-22709

Affected Software: Unknown Multiple Products (due to the vulnerability existing in the third-party library vm2)

Affected Versions: Products using vm2 versions prior to 3.10.2 are affected.

Vulnerability: The vulnerability is a sandbox escape within the vm2 Node.js library. The library fails to properly sanitize promise callbacks returned by async functions. While the sandbox correctly handles promises created within its own context (localPromise), it does not apply the same security controls to native promises (globalPromise) that are returned by asynchronous functions. An attacker can craft malicious code within the sandbox that uses an async function to return a native promise. The callback function attached to this promise (via .then() or .catch()) will then execute outside the sandbox's security context, granting the attacker arbitrary code execution on the host machine.

Business Impact

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation allows an attacker to completely bypass the intended security isolation of the sandbox environment. This could lead to a full compromise of the application server, enabling the attacker to steal sensitive data, install malware or ransomware, disrupt critical services, or use the compromised system as a pivot point to attack other resources on the internal network. The potential for complete system takeover poses a direct and severe risk to business operations, data confidentiality, and system integrity.

Remediation Plan

Immediate Action: Identify all applications and systems utilizing the vm2 Node.js library and update it to the patched version 3.10.2 or later. After patching, monitor affected systems for any signs of post-exploitation activity and review historical access and application logs for indicators of compromise.

Proactive Monitoring: Implement enhanced monitoring on servers running applications with the vm2 library. Look for anomalous behavior from the Node.js process, such as unexpected child processes (e.g., /bin/sh, powershell.exe), outbound network connections to unfamiliar IP addresses, or modifications to sensitive system files. Application-level logging should be reviewed for suspicious inputs that may be attempting to trigger the exploit.

Compensating Controls: If immediate patching is not feasible, apply compensating controls to reduce risk. Run the application in a minimal, hardened container (e.g., Docker) with restricted user permissions and no unnecessary tools. Implement strict network egress filtering to block potential command-and-control (C2) communications. A Web Application Firewall (WAF) may also be configured to block patterns associated with known exploit attempts.

Exploitation Status

Public Exploit Available: False

Analyst Notes: As of the publication date, Jan 26, 2026, there are no public reports of active, widespread exploitation of this vulnerability. However, sandbox escape vulnerabilities in popular libraries are highly sought after by threat actors. It is highly probable that proof-of-concept (PoC) exploits will be developed and made public, significantly increasing the risk of exploitation.

Analyst Recommendation

Immediate and decisive action is required to mitigate this critical vulnerability. All development and security teams must prioritize the identification of any product using the vm2 library and immediately update it to a patched version (3.10.2 or newer). Although this vulnerability is not yet on the CISA KEV list, its critical CVSS score of 9.8 signifies the highest level of risk. Due to the potential for complete system compromise, remediation of this flaw should be treated as an emergency security priority.

Executive Summary:
A critical sandbox escape vulnerability has been identified in multiple products from the vendor 'Using'. This flaw allows an attacker to bypass security restrictions within the application's Python execution environment, enabling them to run arbitrary code on the underlying server, which could lead to a complete system compromise, data theft, or further network intrusion.

Vulnerability Details

CVE-ID: CVE-2026-0863

Affected Software: Using Multiple Products

Affected Versions: See vendor advisory for specific affected versions

Vulnerability: The vulnerability exists within the n8n python-task-executor, which is designed to run user-supplied Python code in a restricted sandbox environment. An attacker can craft a malicious Python script that leverages a combination of specific string formatting techniques and exception handling. This specially crafted input exploits a flaw in the sandbox's validation logic, allowing the code to break out of the intended restrictions and execute arbitrary commands with the permissions of the application service on the host operating system.

Business Impact

This vulnerability is rated as High severity with a CVSS score of 8.5. Successful exploitation results in remote code execution (RCE) on the server hosting the affected application. This could allow an attacker to steal sensitive data processed by the application, install ransomware or other malware, modify or delete critical system files, and use the compromised server as a pivot point to attack other systems within the corporate network. The potential consequences include significant data breaches, operational downtime, financial loss, and reputational damage.

Remediation Plan

Immediate Action: Organizations must apply the security updates provided by the vendor across all affected products immediately. The vendor's patch directly addresses the sandbox escape flaw, preventing the execution of unauthorized code. After patching, review application and system logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Security teams should actively monitor for signs of exploitation. This includes reviewing application logs for unusually complex or obfuscated Python code submissions, monitoring for unexpected processes spawned by the application service (e.g., shells, network utilities like curl or wget), and scrutinizing network traffic for anomalous outbound connections from the application server.

Compensating Controls: If immediate patching is not feasible, the following controls can help reduce risk:

• Restrict network access to the application interface, allowing connections only from trusted IP addresses.
• Run the application in a hardened, isolated environment (e.g., a minimal Docker container with strict egress filtering) to limit the impact of a potential compromise.
• Implement a Web Application Firewall (WAF) with custom rules to detect and block code patterns associated with sandbox escape techniques.

Exploitation Status

Public Exploit Available: false

Analyst Notes: As of January 19, 2026, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, given the high severity and the direct path to remote code execution, it is highly likely that threat actors will develop a functional exploit in the near future.

Analyst Recommendation
This is a high-severity vulnerability that exposes the organization to the risk of a full system compromise. The primary and most effective mitigation is to apply the vendor-provided security patches immediately. Although CVE-2026-0863 is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its critical impact necessitates an urgent response. Organizations must prioritize patching this vulnerability to prevent potential exploitation and protect critical systems and data.

Executive Summary:
A critical server-side request forgery (SSRF) vulnerability has been identified in LibreChat, a popular open-source AI chat platform. This flaw allows an authenticated user to force the application's server to make unauthorized requests to internal network services, potentially leading to sensitive data exposure and further network compromise. Due to the high severity and the vulnerability's presence in the default configuration, immediate remediation is strongly advised.

Vulnerability Details

CVE-ID: CVE-2025-69222

Affected Software: LibreChat is a ChatGPT clone with additional Multiple Products

Affected Versions: Versions prior to 0.8.1-rc2

Vulnerability: The vulnerability is a Server-Side Request Forgery (SSRF) within the "Actions" feature of LibreChat. This feature allows users to configure agents that can interact with external services through OpenAPI specifications. The default configuration lacks restrictions on which URLs or IP addresses these actions can target. An attacker with the ability to configure an agent can create a malicious action pointing to an internal, non-public service (e.g., http://127.0.0.1/api or an internal corporate server). When this action is triggered, the LibreChat server will execute the request, effectively bypassing firewall rules and allowing the attacker to interact with, scan, and potentially exfiltrate data from sensitive internal systems like the RAG API.

Business Impact

This vulnerability is rated as critical severity with a CVSS score of 9.1, posing a significant risk to the organization. Successful exploitation could lead to unauthorized access to internal network resources, theft of confidential data from internal databases and APIs, and comprehensive reconnaissance of the internal network architecture. An attacker could leverage this access to pivot to other systems, potentially leading to a more widespread network compromise, loss of intellectual property, and reputational damage.

Remediation Plan

Immediate Action: Immediately upgrade all instances of LibreChat to the fixed version (0.8.1-rc2) or the latest available version as recommended by the vendor. After patching, review server access logs and application logs for any signs of exploitation, such as unexpected requests originating from the LibreChat server to internal IP addresses.

Proactive Monitoring: Monitor all outbound network traffic from the LibreChat server. Specifically, look for and alert on any HTTP/S requests destined for internal or loopback IP address ranges (e.g., 127.0.0.1, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). Regularly audit agent configurations within LibreChat for any actions that point to suspicious or internal endpoints.

Compensating Controls: If immediate patching is not feasible, implement the following controls:

• Apply strict network egress filtering rules on the host firewall of the LibreChat server to block all outbound connections to internal network segments.
• If possible within the application's configuration, disable the "Actions" feature for all non-administrative or untrusted users.
• Place the LibreChat instance behind a Web Application Firewall (WAF) with rules designed to detect and block common SSRF attack patterns.

Exploitation Status

Public Exploit Available: false

Analyst Notes: As of Jan 7, 2026, there is no known public proof-of-concept exploit or active exploitation in the wild for this vulnerability. However, SSRF is a well-understood vulnerability class, and the flaw exists in the default configuration, making it a high-value target for threat actors. Organizations should assume that an exploit could be developed and weaponized quickly.

Analyst Recommendation

Given the critical CVSS score of 9.1 and the potential for direct access to internal network resources, this vulnerability requires immediate attention. We strongly recommend that all affected LibreChat instances be patched to version 0.8.1-rc2 or newer without delay. Although this CVE is not currently listed on the CISA KEV list, its severity and the ease of exploitation in a default setup make it a critical risk that should be prioritized for remediation.

Executive Summary:
A critical remote code execution vulnerability exists in the Coolify management tool. An attacker can gain complete control of the server running Coolify by tricking a user into deploying an application from a malicious code repository. Successful exploitation allows the attacker to execute commands as the root user, leading to a full system compromise.

Vulnerability Details

CVE-ID: CVE-2025-64419

Affected Software: Coolify is an Multiple Products

Affected Versions: All versions prior to 4.0.0-beta.445

Vulnerability: The vulnerability is a command injection flaw due to improper sanitization of input from docker-compose.yaml files. When a user configures Coolify to build an application from a Git repository using the "docker compose" build pack, Coolify parses the docker-compose.yaml file and uses parameters from it to construct system commands. An attacker can craft a malicious docker-compose.yaml file with specially designed parameters that break out of the intended command and inject arbitrary new commands, which are then executed on the Coolify host with root privileges.

Business Impact

This vulnerability is rated as critical severity with a CVSS score of 9.6, posing a severe risk to the organization. A successful exploit grants an attacker full administrative (root) access to the server hosting Coolify. This can lead to the theft or destruction of all data on the server, including application source code, databases, and sensitive credentials. Furthermore, the compromised server can be used as a pivot point to launch further attacks against the internal network, disrupt critical services managed by Coolify, or be used in botnets for malicious activities.

Remediation Plan

Immediate Action: Immediately upgrade all instances of Coolify to version 4.0.0-beta.445 or a later version, which contains the fix for this vulnerability. After patching, carefully review system and application access logs for any signs of compromise, such as unusual commands being executed or deployments from untrusted repositories.

Proactive Monitoring: Implement enhanced logging and monitoring on the Coolify host. Specifically, monitor for suspicious child processes spawned by the Coolify service, unexpected outbound network connections, and review Coolify's own deployment logs for any applications created from unfamiliar or suspicious source code repositories.

Compensating Controls: If immediate patching is not feasible, implement strict access controls to limit which users can deploy new applications. Enforce a policy that only allows deployments from vetted, internal code repositories. Additionally, consider running the Coolify instance behind a firewall with strict egress filtering rules to block potential command-and-control (C2) communication from a compromised host.

Exploitation Status

Public Exploit Available: false

Analyst Notes: As of Jan 5, 2026, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. However, due to the simplicity of the attack vector and the high impact, it is likely to be targeted by threat actors in the near future.

Analyst Recommendation

Given the critical severity (CVSS 9.6) and the potential for complete system compromise, we strongly recommend that organizations prioritize patching this vulnerability immediately. All instances of Coolify should be upgraded to version 4.0.0-beta.445 or newer without delay. Due to the high risk of root-level remote code execution, this vulnerability should be treated as an imminent threat, even in the absence of current public exploits or its inclusion in the CISA KEV catalog.

Executive Summary:
A critical Server-Side Template Injection (SSTI) vulnerability has been identified in the mailcow: dockerized email suite. This flaw allows a remote attacker to execute arbitrary code on the server by injecting malicious content into a notification template, potentially leading to a complete system compromise, data theft, and disruption of email services.

Vulnerability Details

CVE-ID: CVE-2025-53909

Affected Software: mailcow: dockerized

Affected Versions: All versions prior to 2025-07

Vulnerability: The vulnerability is a Server-Side Template Injection (SSTI) within the notification template system of mailcow: dockerized. An attacker with privileges to modify these templates can inject template syntax that is improperly sanitized and executed directly on the server. By crafting a malicious payload, an attacker can escape the template sandbox and execute arbitrary commands with the permissions of the web application, leading to Remote Code Execution (RCE).

Business Impact

This vulnerability is rated as critical severity with a CVSS score of 9.1. Successful exploitation would grant an attacker full control over the mail server, posing a severe risk to the organization. Potential consequences include the theft of sensitive communications and credentials, loss of data integrity as the attacker could modify or delete emails, and loss of availability of the email service. The compromised server could also be used as a pivot point to attack other internal network resources or be leveraged for malicious activities such as phishing campaigns, further damaging the organization's reputation.

Remediation Plan

Immediate Action: Immediately update all instances of mailcow: dockerized to version 2025-07 or a later version, which contains the patch for this vulnerability. After patching, it is crucial to review system and application logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Security teams should actively monitor application logs for suspicious input in fields related to notification templates, specifically looking for common template syntax such as {{...}}, {%...%}, or ${...}. Monitor for unexpected processes being spawned by the mailcow web server and any unusual outbound network connections from the mailcow containers, as these could indicate a successful compromise.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Restrict administrative access to the mailcow UI to a limited set of trusted IP addresses.
• Utilize a Web Application Firewall (WAF) with rules designed to detect and block SSTI attack patterns.
• If the custom notification feature is not in use, disable it to remove the attack vector.

Exploitation Status

Public Exploit Available: false

Analyst Notes: As of Jul 17, 2025, there are no known public proof-of-concept exploits or reports of this vulnerability being actively exploited in the wild. However, SSTI vulnerabilities are well-understood, and it is highly likely that a reliable exploit will be developed and published by security researchers or malicious actors in the near future due to the critical severity.

Analyst Recommendation

Given the critical CVSS score of 9.1 and the high potential for full system compromise, this vulnerability requires immediate attention. Although not currently listed on the CISA KEV catalog, its severity warrants treating it as an urgent threat. We strongly recommend that organizations prioritize the deployment of the security update for all affected mailcow: dockerized instances without delay. If patching is not immediately possible, the compensating controls outlined above should be implemented as a temporary measure to reduce the attack surface.

Executive Summary:
A critical remote code execution vulnerability exists in the Keras machine learning framework. An attacker can exploit this flaw by tricking a user or an automated system into loading a maliciously crafted model file, which could result in a complete compromise of the host system. Due to the high severity (CVSS 9.8), immediate patching is necessary to prevent potential data breaches, service disruption, and further network intrusion.

Vulnerability Details

CVE-ID: CVE-2025-49655

Affected Software: Keras Framework

Affected Versions: 3.11.0 up to (but not including) 3.11.3

Vulnerability:
This vulnerability is an insecure deserialization of untrusted data. The Keras framework fails to properly sanitize user-supplied data when loading a .keras model file that utilizes the PyTorch backend. An attacker can craft a malicious model file containing a serialized PyTorch module (TorchModule) with an embedded payload. When a vulnerable version of Keras attempts to deserialize and load this model, the payload is executed with the permissions of the application, leading to remote code execution (RCE) on the target system.

Business Impact

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation allows an unauthenticated attacker to execute arbitrary code on the server where the Keras model is being loaded. The business impact includes the potential for complete system compromise, leading to sensitive data exfiltration, deployment of ransomware, or the use of the compromised system as a pivot point for further attacks within the network. Any application or service that loads Keras models from potentially untrusted sources is at immediate risk of a full security breach.

Remediation Plan

Immediate Action:
Update the affected Keras framework to the latest secure version (3.11.3 or later) as recommended by the vendor. After patching, monitor systems for any signs of post-exploitation activity, such as unusual processes or network connections, and review historical access logs for evidence of malicious file uploads.

Proactive Monitoring:

• Monitor application logs for errors or warnings related to model deserialization.
• Scrutinize system logs for suspicious child processes being spawned by the Python application responsible for loading Keras models (e.g., sh, bash, curl, powershell).
• Monitor outbound network traffic from application servers for connections to unusual IP addresses or domains, which could indicate a C2 channel.

Compensating Controls:
If immediate patching is not feasible, implement the following controls to mitigate risk:

• Input Sanitization: Only allow model files to be loaded from trusted and verified internal sources. Do not process Keras models uploaded by external or unauthenticated users.
• Sandboxing: Run the model-loading process within a heavily restricted, containerized environment (e.g., Docker) with no network access and minimal file system permissions.
• Code Signing: Implement a process to cryptographically sign all legitimate models and verify the signature before loading them.

Exploitation Status

Public Exploit Available: false

Analyst Notes:
As of October 17, 2025, there is no known publicly available exploit code, and the vulnerability is not reported to be under active exploitation. However, deserialization vulnerabilities are well-understood, and proof-of-concept exploits can be developed with relative ease. Organizations should assume that attackers will develop and deploy exploits for this vulnerability shortly.

Analyst Recommendation
Given the critical CVSS score of 9.8 and the risk of remote code execution, this vulnerability poses a severe threat to the organization. We recommend that all systems running affected versions of the Keras framework be patched immediately. While this CVE is not currently listed on the CISA KEV list, its critical nature demands that it be treated with the highest priority. If patching cannot be performed immediately, the compensating controls outlined above, particularly sandboxing and restricting model sources, must be implemented without delay.

Executive Summary:
A critical remote command injection vulnerability has been identified in Shiguangwu sgwbox products. This flaw allows a remote, unauthenticated attacker to execute arbitrary commands on an affected device by sending a specially crafted request, potentially leading to a full system compromise, data theft, or further network intrusion.

Vulnerability Details

CVE-ID: CVE-2025-14707

Affected Software: A security flaw has been discovered in Shiguangwu sgwbox Multiple Products

Affected Versions: Shiguangwu sgwbox N3 version 2.0.25 is confirmed to be affected. Other products and versions may also be vulnerable. See vendor advisory for specific affected versions.

Vulnerability: The vulnerability is a command injection flaw within the DOCKER Feature component. Specifically, an unknown function in the /usr/sbin/http_eshell_server binary fails to properly sanitize user-supplied input to the params argument. A remote, unauthenticated attacker can craft a malicious request containing arbitrary OS commands within this argument. When the server processes this request, the injected commands are executed on the underlying operating system with the privileges of the server process, leading to a full system compromise.

Business Impact

This vulnerability is rated as critical severity with a CVSS score of 9.8, indicating a high risk to the organization. Successful exploitation could lead to a complete compromise of the affected sgwbox device, allowing an attacker to steal sensitive data, disrupt critical services, or install malicious software. The compromised device could then be used as a foothold to launch further attacks against the internal network, significantly expanding the scope of the breach and potentially leading to substantial financial and reputational damage.

Remediation Plan

Immediate Action: The primary recommendation is to update affected Shiguangwu sgwbox products to the latest version that addresses this vulnerability. If a patch is available, apply it immediately. Following any update, continue to monitor for exploitation attempts and review access logs for signs of compromise.

Proactive Monitoring: Actively monitor logs associated with the /usr/sbin/http_eshell_server process for any unusual or malformed requests, specifically focusing on the contents of the params argument for shell metacharacters (e.g., |, &, ;, $). Implement network traffic analysis to detect anomalous outbound connections from affected devices. Monitor for unexpected shell processes (e.g., sh, bash, wget, curl) being spawned by the server process.

Compensating Controls: If patching cannot be performed immediately, or if a patch is not available due to the vendor's lack of response, implement the following controls:

• Restrict network access to the device's management interface to a minimal set of trusted IP addresses using a firewall or Access Control Lists (ACLs).
• If possible, disable the DOCKER Feature or the http_eshell_server service if it is not essential for business operations.
• Place the device behind a Web Application Firewall (WAF) with rules specifically designed to detect and block command injection attempts.

Exploitation Status

Public Exploit Available: true

Analyst Notes: As of December 15, 2025, a proof-of-concept exploit for this vulnerability has been publicly released. The availability of this exploit code significantly increases the likelihood of widespread, automated attacks. The vendor's unresponsiveness further elevates the risk, as a timely patch is not guaranteed.

Analyst Recommendation

Due to the critical severity (CVSS 9.8), remote exploitability, and the public availability of an exploit, immediate action is required. We strongly recommend that all affected Shiguangwu sgwbox devices be patched or have compensating controls applied immediately. Given the lack of vendor response, organizations should prioritize isolating these devices from the internet and prepare for the possibility that a patch will not be forthcoming. Although this vulnerability is not currently listed on the CISA KEV catalog, its characteristics make it a prime candidate for future inclusion, and it should be treated with the highest priority.

Executive Summary:
A high-severity vulnerability has been identified in the Fluent Bit component used by "The Multiple Products." The flaw allows an attacker who can control Docker container names to cause a buffer overflow, which could crash the logging service or, in a worst-case scenario, allow the attacker to execute arbitrary code and take control of the affected system. This presents a significant risk of service disruption and potential system compromise.

Vulnerability Details

CVE-ID: CVE-2025-12970

Affected Software: The Multiple Products

Affected Versions: See vendor advisory for specific affected versions

Vulnerability: The vulnerability is a stack-based buffer overflow within the extract_name function of the Fluent Bit in_docker input plugin. This function is responsible for processing Docker container names for logging purposes. It copies the container name into a fixed-size buffer on the stack without first verifying that the name's length does not exceed the buffer's capacity. An attacker with privileges to create or rename Docker containers on a monitored host can exploit this by creating a container with an exceptionally long name, causing the buffer to overflow. This can lead to a denial of service by crashing the Fluent Bit process or, if the oversized name is specially crafted, could overwrite critical control data on the stack, enabling arbitrary code execution with the permissions of the Fluent Bit service.

Business Impact

This is a high-severity vulnerability with a CVSS score of 8.8, posing a significant risk to the organization. Successful exploitation could lead to two primary outcomes. First, a denial-of-service attack would disrupt critical log collection and monitoring capabilities, potentially blinding security teams to other ongoing attacks and impacting compliance requirements. Second, and more severe, successful remote code execution would grant an attacker a foothold on the underlying infrastructure, potentially leading to data theft, lateral movement across the network, deployment of ransomware, or a complete compromise of the host system.

Remediation Plan

Immediate Action: Apply vendor security updates immediately. The vendor has released patches to address this vulnerability, and they should be deployed on all affected systems as a top priority. In the interim, monitor for any signs of exploitation attempts and review Docker and system access logs for unusual activity.

Proactive Monitoring: Security teams should monitor for Fluent Bit service crashes or unexpected restarts, which could indicate exploitation attempts. Review Docker daemon logs for the creation of containers with unusually long or malformed names. Monitor network traffic for any anomalous outbound connections from hosts running Fluent Bit, as this could signal a successful compromise.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. Strictly limit user and service permissions to create or rename Docker containers on monitored hosts. If possible, use policy enforcement tools like container admission controllers to enforce a maximum length and character set for all container names, preventing the exploit condition from being triggered.

Exploitation Status

Public Exploit Available: false

Analyst Notes: As of November 24, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, stack-based buffer overflows are a well-understood vulnerability class, and it is highly probable that a functional proof-of-concept exploit will be developed by security researchers. Organizations must assume that this vulnerability is exploitable and act accordingly.

Analyst Recommendation

Given the high severity (CVSS 8.8) and the potential for remote code execution, this vulnerability requires immediate attention. It is strongly recommended that organizations identify all affected instances of "The Multiple Products" and prioritize the immediate application of the vendor-supplied security patches. Although this vulnerability is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its severity and the potential for severe impact make proactive remediation essential to defend against future exploitation.