{"uuid": "b60c5021-babf-4ea5-95d2-7333499c5c6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6985", "type": "seen", "source": "https://t.me/bhhub/1168", "content": "Weekly brief \u2014 Notable vulns\n\nSSH parsing bugs in OpenSSH, a high-impact XXE in LangChain, and multiple exploitable web-app flaws dominated the week. The urgent items: a public SQLi PoC (Uniclare portal) that enables full DB takeover, an XXE in langchain-text-splitters that can leak local secrets from AI pipelines, and two OpenSSH username/NULL-byte injection issues that allow ProxyCommand command execution in affected clients. Patch or mitigate these first; many of the other findings are configuration-specific but still dangerous in education and POS ecosystems.\n\nTop highlights:\n\n\u2b50\ufe0f CVE-2025-57515 \u2014 Uniclare Student Portal (SQLi, CVSS 9.8)\nRemote, unauthenticated SQL injection with a public PoC. Threat: full DB compromise / credential theft. Action: take vulnerable endpoints offline or block inputs with WAF rules; apply vendor fix or remove the affected instance immediately.\n\n\u2b50\ufe0f CVE-2025-6985 \u2014 LangChain `langchain-text-splitters` (XXE, CVSS 7.5)\nUnsafe XSLT parsing in HTMLSectionSplitter \u2192 arbitrary file read / SSRF / secret leakage from AI pipelines that process untrusted HTML/XML. Action: disable custom XSLT, enforce safe parser flags (e.g., restrict external entity resolution / use `XSLTAccessControl`), audit ingestion pipelines for user-supplied XML.\n\n\u2b50\ufe0f CVE-2025-11344 / CVE-2025-11345 \u2014 ILIAS e-learning (RCE & insecure unserialize)\nAuthenticated upload/deserialization paths enable RCE / object injection. Action: patch to 10.2+ (or 8.24/9.14 where applicable); restrict cert upload features and sanitize serialized inputs.", "creation_timestamp": "2025-10-14T04:36:10.000000Z"}