SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 25ISSUE 14
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Microsoft April 2024 Patch Tuesday
Published: 2025-04-08
Last Updated: 2025-04-08 18:40:41 UTC
by Renato Marinho (Version: 1)
This month, Microsoft has released patches addressing a total of 125 vulnerabilities. Among these, 11 are classified as critical, highlighting the potential for significant impact if exploited. Notably, one vulnerability is currently being exploited in the wild, underscoring the importance of timely updates. While no vulnerabilities were disclosed prior to this patch release, the comprehensive updates aim to fortify systems against a range of threats, including remote code execution and privilege escalation. Users are encouraged to apply these patches promptly to enhance their security posture.
Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2025-29824)
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-29824
This is a zero-day vulnerability with a severity rating of Important and a CVSS score of 7.8, which is currently being exploited in the wild but has not been publicly disclosed. This vulnerability allows an attacker to elevate their privileges to SYSTEM level, posing a significant risk to affected systems. It specifically impacts Windows 10 for both x64-based and 32-bit systems. However, security updates to address this vulnerability are not yet available, and Microsoft plans to release them as soon as possible. Customers will be notified through a revision to the CVE information once the updates are ready.
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2025-26663)
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-26663
This critical vulnerability, CVE-2025-26663, has not been exploited in the wild nor disclosed publicly, making it a non-zero-day threat. It carries a CVSS score of 8.1, indicating a significant risk due to its potential impact of remote code execution. The vulnerability arises from a race condition that an unauthenticated attacker could exploit by sending specially crafted requests to a vulnerable LDAP server, leading to a use-after-free scenario. Although the attack complexity is high, requiring the attacker to win a race condition, the severity of the potential impact underscores the critical nature of this vulnerability. Currently, security updates for Windows 10 systems are not immediately available, but they will be released as soon as possible, with notifications provided via a revision to the CVE information.
Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability (CVE-2025-26670)
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-26670
This critical vulnerability, identified as CVE-2025-26670, has not been exploited in the wild nor disclosed publicly. It carries a CVSS score of 8.1, indicating a significant risk of remote code execution. The vulnerability arises from a race condition that can be exploited by an unauthenticated attacker sending specially crafted requests to a vulnerable LDAP server, potentially resulting in a use-after-free condition. This could be leveraged to execute arbitrary code remotely. Despite the high attack complexity (AC:H), the potential impact is severe. Currently, security updates for Windows 10 systems are not available, but Microsoft plans to release them as soon as possible, with notifications provided through a revision to the CVE information.
Windows Remote Desktop Services Remote Code Execution Vulnerability (CVE-2025-27480)
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-27480
This is a critical vulnerability with a CVSS score of 8.1, which has not been exploited in the wild nor publicly disclosed as a zero-day. This vulnerability allows for remote code execution by an attacker who connects to a system with the Remote Desktop Gateway role. The attack involves triggering a race condition to create a use-after-free scenario, which can then be leveraged to execute arbitrary code. Despite its critical severity, the attack complexity is high, requiring the attacker to successfully win a race condition to exploit the vulnerability.
Windows Remote Desktop Services Remote Code Execution Vulnerability (CVE-2025-27482)
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-27482
This is a critical vulnerability with a CVSS score of 8.1, which has not been exploited in the wild nor disclosed publicly, making it a potential zero-day threat. This vulnerability allows for remote code execution, posing a significant risk to systems with the Remote Desktop Gateway role. Exploitation requires an attacker to successfully navigate a high-complexity attack scenario, specifically by winning a race condition that leads to a use-after-free situation, ultimately enabling the execution of arbitrary code. Organizations are advised to implement robust security measures and monitor for any suspicious activities to mitigate potential risks associated with this vulnerability.
This summary highlights key vulnerabilities from Microsoft's monthly updates, focusing on those posing significant risks. The Windows Common Log File System Driver vulnerability (CVE-2025-29824) is a zero-day threat actively exploited, allowing attackers to gain SYSTEM-level privileges. Users should prioritize monitoring and applying updates once available. Other critical vulnerabilities, such as those affecting LDAP and Remote Desktop Services, involve complex attack scenarios but pose severe risks due to potential remote code execution. Microsoft Office and Excel vulnerabilities also present significant threats, often requiring user interaction through social engineering tactics. Users are advised to remain vigilant and apply security updates promptly upon release to mitigate these risks ...
Read the full entry: https://isc.sans.edu/diary/Microsoft+April+2024+Patch+Tuesday/31838/
New SSH Username Report
Published: 2025-04-06
Last Updated: 2025-04-06 19:52:07 UTC
by Johannes Ullrich (Version: 1)
As you may have noticed by some of my recent diaries, I have spent a bit more time on ssh and telnet credentials. These credentials are collected by Cowrie, the amazing full features SSH and Telnet honeypot maintained by Michel Oosterhof. Cowrie is installed as a component if you install our DShield honeypot.
One very simple way to find "interesting" things is to look at what is new. To allow you to explore yourself, I added an "SSH/Telnet Username Summary". The report lists all usernames we observed in the last 30 days, and if we saw them at least five times. These numbers may, of course, change. There is also a simple JSON formatted report you may download to play with: https://isc.sans.edu/sshallusernames.json
So let's take a quick look at "what's new":
ysoperator: Looks familiar, but can't remember where I saw it. Google is of little help here.
uery: Maybe a typo, and should be "query"?
tamatiek: Appears to be a Japanese name?
shughes: I guess this is for "S Hughes". Many systems use the first initial and last name as username. There are a few more like that that I will skip here
dbmasteruser: Something a bit more interesting. Likely supposed to refer to a database administrator account.
And there is one I think was funny: /usr/share/wordlists/logins.txt . Yes, the filename and path. I suspect the user didn't know yet how to run the brute force script and passed the filename instead of the username. There are a few I consider typos: "atascientist" (I suspect "datascientist"), "ackupadmin" (backupadmin?). Could also be a tool that swallows the first letter of the username if the username is not provided correctly.
I am working on a similar list of passwords. But there are a lot more different passwords than usernames making that a bit more challenging. Let me know if there are any additional details I should add.
Lesson: Attackers make mistakes too, and there are no real "safe" usernames ...
Read the full entry: https://isc.sans.edu/diary/New+SSH+Username+Report/31830/
Exploring Statistical Measures to Predict URLs as Legitimate or Intrusive [Guest Diary]
Published: 2025-04-02
Last Updated: 2025-04-03 00:51:32 UTC
by Guy Bruneau (Version: 1)
[This is a Guest Diary by Gregory Weber, an ISC intern as part of the SANS.edu BACS program]
For the last 5 months, as part of my BACS internship with SANS, I have monitored two deployments of a DShield Sensor, sometimes referred to as a honeypot. The DShield sensor offers multiple attack surfaces including Telnet and SSH ports but one of its features is a public-facing web server. One of my deployments sits on a cloud instance and this web server sees a large volume of traffic, making it ideal for research on web server attacks.
Many of the web "attacks" I have observed are rapid-fire URL submissions to the WordPress server meant to see if the server will reveal any of its "secrets" like encryption key files, user accounts, or back end logic. Moreover, the submissions are automated and often what appear to be "just passing by and saw you were a web server so thought I would try" type opportunity checks (like a crook pulling door handles in a parking lot to see if anything happens to open for a quick snag). As a community, information security professionals are probably more concerned with targeted attacks to their organizations but crimes of opportunity can be just as damaging -particularly where they reveal the existence of weaknesses to an attack group that may otherwise never bother with that specific organization.
While tending to my daily analysis, I have also been progressing through SEC595 "Applied Data Science and AI/Machine Learning for Cybersecurity Professionals". I enjoy the challenges of coding and I am fascinated with data driven decisions; particularly where carefully thought-out data science logic can help us separate out those things which our human problem-solving skills and expertise need to focus on versus the thousands of things they do not.
As such, I decided to experiment with applying frequency analysis to the Dshield data I had been collecting just to see whether I could write a simple classification program. I chose to focus on the web honeypot URL data to write a program that parses a URL and accurately determines if the URL represents an intrusive type request or what I call a legitimate request. The experiment differs from many other categorical URL classification programs in that those classifiers are often focused on user initiated connections to external sites. In other words, those programs attempt to determine if a URL a user is clicking/typing is malicious based on statistical metrics such as "known bad" IP address lists or name lists. This program is focused on those URLs that may get submitted to a public facing web server in attempts to scope the server's logic, perform command injection, perform server side request forgeries, or retrieve restricted files from a database or file directory that trusts the server ...
Read the full entry: https://isc.sans.edu/diary/Exploring+Statistical+Measures+to+Predict+URLs+as+Legitimate+or+Intrusive+Guest+Diary/31822/
Internet Storm Center Entries
Obfuscated Malicious Python Scripts with PyArmor (2025.04.09)
https://isc.sans.edu/diary/Obfuscated+Malicious+Python+Scripts+with+PyArmor/31840/
XORsearch: Searching With Regexes (2025.04.07)
https://isc.sans.edu/diary/XORsearch+Searching+With+Regexes/31834/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2025-22457 - Ivanti products are vulnerable to a remote unauthenticated attacker achieving remote code execution due to a stack-based buffer overflow.
Product: Ivanti Connect Secure
CVSS Score: 9.0
** KEV since 2025-04-04 **
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-22457/
ISC Podcast:
https://isc.sans.edu/podcastdetail/9394/
NVD References:
CVE-2025-29824 - Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows Common Log File System Driver
CVSS Score: 7.8
** KEV since 2025-04-08 **
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-29824
ISC Diary:
https://isc.sans.edu/diary/31838
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29824
CVE-2025-30406 - Gladinet CentreStack prior to 16.4.10315.56368 is vulnerable to a deserialization exploit through hardcoded machineKey in its portal, allowing remote code execution for threat actors with the machineKey.
Product: Gladinet CentreStack
CVSS Score: 9.0
** KEV since 2025-04-08 **
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-30406
NVD References:
- https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf
CVE-2025-31161 - CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows for authentication bypass and takeover of the crushadmin account, unless a DMZ proxy instance is used, through a race condition in the AWS4-HMAC authorization method of the FTP server.
Product: CrushFTP
CVSS Score: 9.8
** KEV since 2025-04-07 **
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-31161
NVD References:
- https://crushftp.com/crush11wiki/Wiki.jsp?page=Update#section-Update-VulnerabilityInfo
- https://www.infosecurity-magazine.com/news/crushftp-flaw-exploited-disclosure/
CVE-2025-26663 & CVE-2025-26670 - Windows LDAP use after free vulnerabilities allows remote code execution.
Product: Microsoft Windows LDAP
CVSS Score: 8.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-26663
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-26670
ISC Diary:
https://isc.sans.edu/diary/31838
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26663
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26670
CVE-2025-31334 - WinRAR versions prior to 7.11 are vulnerable to an issue where opening a symbolic link pointing to an executable file can bypass security warnings and execute arbitrary code.
Product: WinRAR
CVSS Score: 0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-31334
ISC Podcast:
https://isc.sans.edu/podcastdetail/9394
NVD References:
CVE-2025-27480 - Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
Product: Microsoft Remote Desktop Gateway Service
CVSS Score: 8.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-27480
ISC Diary:
https://isc.sans.edu/diary/31838
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27480
CVE-2025-27482 - Remote Desktop Gateway Service does not properly lock sensitive data in memory, allowing attackers to execute code remotely.
Product: Microsoft Remote Desktop Gateway Service
CVSS Score: 8.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-27482
ISC Diary:
https://isc.sans.edu/diary/31838
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27482
CVE-2023-40714 - Fortinet FortiSIEM versions 6.5.0 through 7.0.0 are vulnerable to privilege escalation via uploading specific GUI elements.
Product: Fortinet FortiSIEM
CVSS Score: 9.9
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2023-40714
NVD References:
CVE-2024-48887 - Fortinet FortiSwitch GUI is vulnerable to unauthenticated remote password changes due to a password change vulnerability.
Product: Fortinet FortiSwitch
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-48887
NVD References:
CVE-2024-38392 - Pexip Infinity Connect before 1.13.0 allows remote attackers to run untrusted code by skipping authenticity checks while loading resources.
Product: Pexip Infinity Connect
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-38392
NVD References:
CVE-2025-29062 & CVE-2025-29063 - BL-AC2100 V1.0.4 command injection vulnerabilities
Product: BL-AC2100
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-29062
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-29063
NVD References:
- https://www.yuque.com/jichujiliangdanwei/vwbq9e/grfgkm2kvk6btwbp
- https://www.yuque.com/jichujiliangdanwei/vwbq9e/ux1426h170rhgfn7
CVE-2025-29085 - SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component.
Product: vipshop Saturn v.3.5.1
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-29085
NVD References:
https://gist.github.com/Cafe-Tea/bcef0d7a2bdb5ec8e0d69de852fdc900
CVE-2025-2945 - pgAdmin 4 is vulnerable to remote code execution due to unsafe passing of parameters to Python eval() function in its Query Tool and Cloud Deployment modules.
CVE-2025-2946 - pgAdmin <= 9.1 is vulnerable to Cross-Site Scripting (XSS) attacks through query result rendering, allowing attackers to execute arbitrary HTML/JavaScript in a user's browser.
Product: pgAdmin 9.1
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-2946
NVD References:
CVE-2024-22611 - OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\C_Pharmacy.class.php and \openemr\controller.php.
Product: OpenEMR
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-22611
NVD References:
https://github.com/baolqinfosec/CVE-Reseach/blob/main/OpenERM_CVE-2024-22611.md
CVE-2025-29647 - SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php.
Product: SeaCMS
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-29647
NVD References:
https://gitee.com/B00W_NSD/poc/blob/master/seacms13.3-sql/poc.md
CVE-2025-26817 & CVE-2025-26817 - Netwrix Password Secure command injection vulnerabilities.
Product: Netwrix Password Secure
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-26817
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-26818
NVD References:
CVE-2025-29064 - TOTOLINK x18 v.9.1.0cu.2024_B20220329 is vulnerable to remote code execution through the sub_410E54 function of the cstecgi.cgi.
Product: TOTOLINK x18
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-29064
NVD References:
CVE-2025-29462 - Tenda Ac15 V15.13.07.13 is vulnerable to buffer overflow due to a flaw in the webCgiGetUploadFile function when processing HTTP request messages.
Product: Tenda Ac15
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-29462
NVD References:
CVE-2025-28146 - Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 is vulnerable to command injection through fota_url in /boafrm/formLtefotaUpgradeQuectel.
Product: Edimax AC1200 Wave 2 Dual-Band Gigabit Router
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-28146
NVD References:
https://github.com/regainer27/edimax-br-6478ac_v3-br-6478ac_v3_1.0.15/tree/main/3
CVE-2025-27520 - BentoML is vulnerable to Remote Code Execution (RCE) due to insecure deserialization, allowing unauthenticated users to execute arbitrary code on the server before version 1.4.3.
Product: BentoML
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-27520
NVD References:
- https://github.com/bentoml/BentoML/commit/b35f4f4fcc53a8c3fe8ed9c18a013fe0a728e194
- https://github.com/bentoml/BentoML/security/advisories/GHSA-33xw-247w-6hmc
CVE-2025-31480 - aiven-extras is vulnerable to privilege escalation within PostgreSQL databases due to an issue with the format function not being schema-prefixed, users should update to version 1.1.16 and run ALTER EXTENSION aiven_extras UPDATE TO '1.1.16' in each database where aiven_extras is installed.
Product: aiven-extras
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-31480
NVD References:
- https://github.com/aiven/aiven-extras/commit/77b5f19a0c1d196bc741ff5c774f85fe7ca3063b
- https://github.com/aiven/aiven-extras/security/advisories/GHSA-33xh-jqgf-6627
CVE-2021-47667 - ZendTo contains an OS command injection vulnerability in lib/NSSDropoff.php, allowing unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmp_name parameter during a POST /dropoff request.
Product: ZendTo lib/NSSDropoff.php
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2021-47667
NVD References:
CVE-2025-20654 - Wlan service is vulnerable to remote code execution without user interaction due to a lack of correct bounds check, identified by Patch ID: WCNCR00406897; Issue ID: MSV-2875.
Product: Wlan service
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-20654
NVD References:
https://corp.mediatek.com/product-security-bulletin/April-2025
CVE-2025-3248 - Langflow versions prior to 1.3.0 allow remote and unauthenticated attackers to execute arbitrary code through code injection in the /api/v1/validate/code endpoint.
Product: Langflow
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3248
NVD References:
- https://github.com/langflow-ai/langflow/pull/6911
- https://github.com/langflow-ai/langflow/releases/tag/1.3.0
CVE-2025-28402, CVE-2025-28405, CVE-2025-28406, CVE-2025-28408, CVE-2025-28410 through CVE-2025-28413 - RUoYi v.4.8.0 privilege elevation vulnerabilities
Product: RUoYi v.4.8.0
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-28402
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-28405
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-28406
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-28408
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-28410
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-28411
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-28412
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-28413
NVD References:
- https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28402.md
CVE-2025-29087 - Sqlite 3.49.0 is susceptible to integer overflow through the concat function.
Product: Sqlite 3.49.0
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-29087
NVD References:
https://gist.github.com/ylwango613/a44a29f1ef074fa783e29f04a0afd62a
CVE-2025-3361, CVE-2025-3362, CVE-2025-3363 - iSherlock from HGiga has vulnerable multiple OS Command Injection vulnerabilities, enabling remote attackers to execute arbitrary commands on the server.
Product: HGiga iSherlock
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3361
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3362
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3363
NVD References:
- https://www.twcert.org.tw/en/lp-139-2.html
- https://www.twcert.org.tw/tw/cp-132-10051-76634-1.html
- https://www.twcert.org.tw/en/cp-139-10055-7dacf-2.html
- https://www.twcert.org.tw/tw/cp-132-10053-890b1-1.html
CVE-2025-27429 - SAP S/4HANA is susceptible to a backdoor vulnerability that allows an attacker with user privileges to inject arbitrary ABAP code, compromising system integrity and confidentiality.
Product: SAP S/4HANA
CVSS Score: 9.9
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-27429
NVD References:
CVE-2025-30016 - SAP Financial Consolidation is vulnerable to unauthorized access to the Admin account due to insecure authentication, compromising confidentiality, integrity, and availability.
Product: SAP Financial Consolidation
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-30016
NVD References:
CVE-2025-31330 - SAP Landscape Transformation (SLT) allows an attacker to inject arbitrary ABAP code and compromise the system, bypassing authorization checks.
Product: SAP Landscape Transformation (SLT)
CVSS Score: 9.9
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-31330
NVD References:
-
https://me.sap.com/notes/3587115
-
CVE-2024-41788, CVE-2024-41789, CVE-2024-41790 - SENTRON 7KT PAC1260 Data Manager (All versions) remote code execution vulnerabilities.
Product: Siemens SENTRON 7KT PAC1260 Data Manager
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-41788
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-41789
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-41790
NVD References:
https://cert-portal.siemens.com/productcert/html/ssa-187636.html
CVE-2024-41794 - SENTRON 7KT PAC1260 Data Manager (All versions) contains hardcoded credentials for remote access, allowing unauthenticated attackers to gain full access with root privileges.
Product: Siemens SENTRON 7KT PAC1260 Data Manager
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-41794
NVD References:
https://cert-portal.siemens.com/productcert/html/ssa-187636.html
CVE-2024-54092 - Industrial Edge Device Kit and related devices are vulnerable to unauthorized user impersonation due to a lack of proper user authentication enforcement on specific API endpoints when identity federation is used.
Product: Siemens Industrial Edge Device Kit, SCALANCE LPE9413, SIMATIC IPC BX-39A Industrial Edge Device, SIMATIC IPC BX-59A Industrial Edge Device, SIMATIC IPC127E Industrial Edge Device, SIMATIC IPC227E Industrial Edge Device, SIMATIC IPC427E Industrial Edge Device, SIMATIC IPC847E Industrial Edge Device
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-54092
NVD References:
- https://cert-portal.siemens.com/productcert/html/ssa-634640.html
- https://cert-portal.siemens.com/productcert/html/ssa-819629.html
CVE-2025-32028 - HAX CMS PHP allows for potential file upload vulnerability due to incomplete denylist blocking certain file types, leading to a "fail open" scenario rather than "fail closed."
Product: HAX CMS PHP
CVSS Score: 9.9
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-32028
NVD References:
- https://github.com/haxtheweb/issues/security/advisories/GHSA-vj5q-3jv2-cg5p
- https://github.com/haxtheweb/issues/security/advisories/GHSA-vj5q-3jv2-cg5p
CVE-2025-24446 - ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are vulnerable to an Improper Input Validation issue allowing for arbitrary code execution with user interaction required.
Product: Adobe ColdFusion
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-24446
NVD References:
https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html
CVE-2025-24447 - ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are vulnerable to a Deserialization of Untrusted Data flaw that allows for arbitrary code execution through user interaction.
Product: Adobe ColdFusion
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-24447
NVD References:
https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html
CVE-2025-30281 - ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier have an Improper Access Control vulnerability allowing attackers to read arbitrary file systems without authorization, potentially leading to unauthorized access or modification of sensitive data without user interaction.
Product: Adobe ColdFusion
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-30281
NVD References:
https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html
CVE-2025-30282 - ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are vulnerable to an Improper Authentication flaw, allowing attackers to execute arbitrary code in the context of the current user by bypassing authentication mechanisms with victim interaction.
Product: Adobe ColdFusion
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-30282
NVD References:
https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html
CVE-2025-32461 - Tiki's wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php before version 28.3 allows for input mishandling in an eval function.
Product: Tiki wikiplugin_includetpl
CVSS Score: 9.9
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-32461
NVD References:
- https://gitlab.com/tikiwiki/tiki/-/commit/406bea4f6c379a23903ecfd55e538d90fd669ab0
- https://gitlab.com/tikiwiki/tiki/-/commit/801ed912390c2aa6caf12b7b953e200f5d4bc0b1
- https://gitlab.com/tikiwiki/tiki/-/commit/9ffb4ab21bd86837370666ecd6afd868f3d7877a
- https://gitlab.com/tikiwiki/tiki/-/commit/be8dc1aa220fbceb07a7a5dc36416243afccd358
- https://gitlab.com/tikiwiki/tiki/-/commit/f3f36c1ac702479209acfcaec5789d2fd1f996bc
CVE-2025-2004 - The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion, allowing unauthenticated attackers to delete important files and potentially execute remote code.
Product: Simple WP Events WordPress plugin
Active Installations: This plugin has been closed as of April 4, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-2004
NVD References:
CVE-2025-30622 - PostMash is susceptible to SQL Injection, impacting versions from n/a through 1.0.3.
Product: torsteino PostMashActive Installations: unknownCVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30622NVD References: https://patchstack.com/database/wordpress/plugin/postmash-custom/vulnerability/wordpress-postmash-1-0-3-sql-injection-vulnerability?_s_id=cveCVE-2025-30876 - Ads by WPQuads version n/a through 2.0.87.1 allows SQL Injection.Product: WPQuads Ads by WPQuadsActive Installations: 30,000+CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30876NVD References: https://patchstack.com/database/wordpress/plugin/quick-adsense-reloaded/vulnerability/wordpress-ads-by-wpquads-plugin-2-0-87-1-sql-injection-vulnerability?_s_id=cveCVE-2025-30886 - JS Help Desk by JoomSky is vulnerable to SQL Injection from version n/a through 2.9.2.Product: JoomSky JS Help DeskActive Installations: 7,000+CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30886NVD References: https://patchstack.com/database/wordpress/plugin/js-support-ticket/vulnerability/wordpress-js-help-desk-plugin-2-9-2-sql-injection-vulnerability?_s_id=cveCVE-2025-30911 - RomethemeKit For Elementor versions up to 1.5.4 are vulnerable to Command Injection due to improper control of code generation.Product: RomethemeKit For ElementorActive Installations: 30,000+CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30911NVD References: https://patchstack.com/database/wordpress/plugin/rometheme-for-elementor/vulnerability/wordpress-romethemekit-for-elementor-plugin-1-5-4-arbitrary-plugin-installation-activation-to-rce-vulnerability?_s_id=cveCVE-2025-30971 - Xavi Ivars XV Random Quotes is vulnerable to SQL Injection from versions n/a through 1.40.Product: Xavi Ivars XV Random QuotesActive Installations: This plugin has been closed as of February 18, 2025 and is not available for download. This closure is temporary, pending a full review.CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30971NVD References: https://patchstack.com/database/wordpress/plugin/xv-random-quotes/vulnerability/wordpress-xv-random-quotes-plugin-1-40-sql-injection-vulnerability?_s_id=cveCVE-2025-31084 - Sunshine Photo Cart is susceptible to object injection through deserialization of untrusted data.Product: Sunshine Photo CartActive Installations: 1,000+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31084NVD References: https://patchstack.com/database/wordpress/plugin/sunshine-photo-cart/vulnerability/wordpress-sunshine-photo-cart-3-4-10-php-object-injection-vulnerability?_s_id=cveCVE-2025-31087 - Multiple Shipping And Billing Address For Woocommerce plugin is vulnerable to deserialization of untrusted data, allowing for object injection from version n/a through 1.5.Product: Multiple Shipping And Billing Address For WoocommerceActive Installations: 200+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31087NVD References: https://patchstack.com/database/wordpress/plugin/different-shipping-and-billing-address-for-woocommerce/vulnerability/wordpress-multiple-shipping-and-billing-address-for-woocommerce-1-5-php-object-injection-vulnerability?_s_id=cveCVE-2025-31095 - Material Dashboard has an Authentication Bypass vulnerability that allows attackers to bypass authentication from n/a through 1.4.5.Product: ho3einie Material DashboardActive Installations: This plugin has been closed as of April 9, 2025 and is not available for download. This closure is temporary, pending a full review.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31095NVD References: https://patchstack.com/database/wordpress/plugin/material-dashboard/vulnerability/wordpress-material-dashboard-1-4-5-privilege-escalation-vulnerability?_s_id=cveCVE-2024-13553 - The SMS Alert Order Notifications Ð WooCommerce plugin for WordPress is vulnerable to privilege escalation through account takeover due to insecure Host header validation, allowing attackers to authenticate as any user.Product: WordPress SMS Alert Order Notifications Ð WooCommerce pluginActive Installations: 5,000+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13553NVD References: - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3227241%40sms-alert&new=3227241%40sms-alert&sfp_email=&sfph_mail=- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3248017%40sms-alert&new=3248017%40sms-alert&sfp_email=&sfph_mail=- https://www.wordfence.com/threat-intel/vulnerabilities/id/4e444a30-11c5-4219-b4fe-635084cbac3a?source=cveCVE-2025-2237 - The WP RealEstate plugin for WordPress, used by the Homeo theme, allows unauthenticated attackers to register as administrators due to an authentication bypass vulnerability in versions up to 1.6.26.Product: WordPress WP RealEstate pluginActive Installations: Unknown. Update to version 1.6.27, or a newer patched versionCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2237NVD References: - https://themeforest.net/item/homeo-real-estate-wordpress-theme/…
CVE-2025-30886 - JS Help Desk by JoomSky is vulnerable to SQL Injection from version n/a through 2.9.2.
Product: JoomSky JS Help Desk
Active Installations: 7,000+
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-30886
NVD References:
CVE-2025-30911 - RomethemeKit For Elementor versions up to 1.5.4 are vulnerable to Command Injection due to improper control of code generation.
Product: RomethemeKit For ElementorActive Installations: 30,000+CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30911NVD References: https://patchstack.com/database/wordpress/plugin/rometheme-for-elementor/vulnerability/wordpress-romethemekit-for-elementor-plugin-1-5-4-arbitrary-plugin-installation-activation-to-rce-vulnerability?_s_id=cveCVE-2025-30971 - Xavi Ivars XV Random Quotes is vulnerable to SQL Injection from versions n/a through 1.40.Product: Xavi Ivars XV Random QuotesActive Installations: This plugin has been closed as of February 18, 2025 and is not available for download. This closure is temporary, pending a full review.CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30971NVD References: https://patchstack.com/database/wordpress/plugin/xv-random-quotes/vulnerability/wordpress-xv-random-quotes-plugin-1-40-sql-injection-vulnerability?_s_id=cveCVE-2025-31084 - Sunshine Photo Cart is susceptible to object injection through deserialization of untrusted data.Product: Sunshine Photo CartActive Installations: 1,000+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31084NVD References: https://patchstack.com/database/wordpress/plugin/sunshine-photo-cart/vulnerability/wordpress-sunshine-photo-cart-3-4-10-php-object-injection-vulnerability?_s_id=cveCVE-2025-31087 - Multiple Shipping And Billing Address For Woocommerce plugin is vulnerable to deserialization of untrusted data, allowing for object injection from version n/a through 1.5.Product: Multiple Shipping And Billing Address For WoocommerceActive Installations: 200+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31087NVD References: https://patchstack.com/database/wordpress/plugin/different-shipping-and-billing-address-for-woocommerce/vulnerability/wordpress-multiple-shipping-and-billing-address-for-woocommerce-1-5-php-object-injection-vulnerability?_s_id=cveCVE-2025-31095 - Material Dashboard has an Authentication Bypass vulnerability that allows attackers to bypass authentication from n/a through 1.4.5.Product: ho3einie Material DashboardActive Installations: This plugin has been closed as of April 9, 2025 and is not available for download. This closure is temporary, pending a full review.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31095NVD References: https://patchstack.com/database/wordpress/plugin/material-dashboard/vulnerability/wordpress-material-dashboard-1-4-5-privilege-escalation-vulnerability?_s_id=cveCVE-2024-13553 - The SMS Alert Order Notifications Ð WooCommerce plugin for WordPress is vulnerable to privilege escalation through account takeover due to insecure Host header validation, allowing attackers to authenticate as any user.Product: WordPress SMS Alert Order Notifications Ð WooCommerce pluginActive Installations: 5,000+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13553NVD References: - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3227241%40sms-alert&new=3227241%40sms-alert&sfp_email=&sfph_mail=- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3248017%40sms-alert&new=3248017%40sms-alert&sfp_email=&sfph_mail=- https://www.wordfence.com/threat-intel/vulnerabilities/id/4e444a30-11c5-4219-b4fe-635084cbac3a?source=cveCVE-2025-2237 - The WP RealEstate plugin for WordPress, used by the Homeo theme, allows unauthenticated attackers to register as administrators due to an authentication bypass vulnerability in versions up to 1.6.26.Product: WordPress WP RealEstate pluginActive Installations: Unknown. Update to version 1.6.27, or a newer patched versionCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2237NVD References: - https://themeforest.net/item/homeo-real-estate-wordpress-theme/26372986#item-description__updates-history- https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f7bff6-3bc3-4572-97fd-a039d54ac0ff?source=cveCVE-2025-30580 - DigiWidgets Image Editor versions 1.10 and below are vulnerable to remote code inclusion due to improper control of code generation, also known as code injection.Product: NDigiWidgets Image EditorActive Installations: UnknownCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30580NVD References: https://patchstack.com/database/wordpress/plugin/digiwidgets-image-editor/vulnerability/wordpress-digiwidgets-image-editor-1-10-remote-code-execution-rce-vulnerability?_s_id=cveCVE-2025-30807 - Martin Nguyen Next-Cart Store to WooCommerce Migration is vulnerable to SQL Injection, affecting versions n/a through 3.9.4.Product: Martin Nguyen Next-Cart Store to WooCommerce MigrationActive Installations: 200+CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30807NVD References: https://patchstack.com/database/wordpress/plugin/nextcart-woocommerce-migration/vulnerability/wordpress-next-cart-store-to-woocommerce-migration-plugin-3-9-4-sql-injection-vulnerability?_s_id=cveCVE-2025-30841 - Countdown & Clock's vulnerability …
CVE-2025-31084 - Sunshine Photo Cart is susceptible to object injection through deserialization of untrusted data.
Product: Sunshine Photo Cart
Active Installations: 1,000+
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-31084
NVD References:
CVE-2025-31087 - Multiple Shipping And Billing Address For Woocommerce plugin is vulnerable to deserialization of untrusted data, allowing for object injection from version n/a through 1.5.
Product: Multiple Shipping And Billing Address For Woocommerce
Active Installations: 200+
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-31087
NVD References:
CVE-2025-31095 - Material Dashboard has an Authentication Bypass vulnerability that allows attackers to bypass authentication from n/a through 1.4.5.
Product: ho3einie Material Dashboard
Active Installations: This plugin has been closed as of April 9, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-31095
NVD References:
CVE-2024-13553 - The SMS Alert Order Notifications Ð WooCommerce plugin for WordPress is vulnerable to privilege escalation through account takeover due to insecure Host header validation, allowing attackers to authenticate as any user.
Product: WordPress SMS Alert Order Notifications Ð WooCommerce plugin
Active Installations: 5,000+
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-13553
NVD References:
-
CVE-2025-2237 - The WP RealEstate plugin for WordPress, used by the Homeo theme, allows unauthenticated attackers to register as administrators due to an authentication bypass vulnerability in versions up to 1.6.26.
Product: WordPress WP RealEstate plugin
Active Installations: Unknown. Update to version 1.6.27, or a newer patched version
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-2237
NVD References:
CVE-2025-30580 - DigiWidgets Image Editor versions 1.10 and below are vulnerable to remote code inclusion due to improper control of code generation, also known as code injection.
Product: NDigiWidgets Image Editor
Active Installations: Unknown
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-30580
NVD References:
CVE-2025-30807 - Martin Nguyen Next-Cart Store to WooCommerce Migration is vulnerable to SQL Injection, affecting versions n/a through 3.9.4.
Product: Martin Nguyen Next-Cart Store to WooCommerce Migration
Active Installations: 200+
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-30807
NVD References:
CVE-2025-30841 - Countdown & Clock's vulnerability allows Remote Code Inclusion through improper limitation of a pathname to a restricted directory.
Product: adamskaat Countdown & Clock
Active Installations: 10,000+
CVSS Score: 9.9
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-30841
NVD References:
CVE-2025-31531 - click5 History Log by click5 allows SQL injection through improper neutralization of special elements in an SQL command, affecting versions n/a through 1.0.13.
Product: click5 History Log
Active Installations: 600+. Last updated two years ago.
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-31531
NVD References:
CVE-2025-31534 - ShopperDotCom Shopper is vulnerable to SQL Injection in versions up to 3.2.5, allowing attackers to manipulate SQL commands.
Product: shopperdotcom Shopper
Active Installations: 100+
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-31534
NVD References:
CVE-2025-31551 - Salesmate.io Salesmate Add-On for Gravity Forms is vulnerable to SQL Injection from versions n/a through 2.0.3.
Product: Salesmate.io Salesmate Add-On for Gravity Forms
Active Installations: This plugin has been closed as of April 8, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-31551
NVD References:
CVE-2025-31552 - davidfcarr RSVPMarker is vulnerable to SQL Injection from n/a through 11.4.8.
Product: davidfcarr RSVPMarker
Active Installations: 400+
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-31552
NVD References:
CVE-2025-31553 - Advanced WooCommerce Product Sales Reporting allows SQL Injection via improper neutralization of special elements used in an SQL command, affecting versions n/a through 3.1.
Product: WPFactory Advanced WooCommerce Product Sales Reporting
Active Installations: 400+
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-31553
NVD References:
CVE-2025-31579 - WP AutoKeyword is vulnerable to SQL Injection in versions from n/a through 1.0.
Product: EXEIdeas International WP AutoKeyword
Active Installations: 400+
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-31579
NVD References:
CVE-2025-31612 - CBX Poll is vulnerable to Object Injection via deserialization of untrusted data through version 1.2.7.
Product: Sabuj Kundu CBX Poll
Active Installations: 100+ Last updated three years ago.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-31612
NVD References:
CVE-2025-2005 - The Front End Users plugin for WordPress allows unauthenticated attackers to upload arbitrary files on the server, potentially enabling remote code execution.
Product: WordPress Front End Users plugin
Active Installations: This plugin has been closed as of March 31, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-2005
NVD References:
- https://wordpress.org/support/plugin/front-end-only-users/
CVE-2025-31911 - Social Share And Social Locker is vulnerable to Blind SQL Injection through improper neutralization of special elements in SQL commands, affecting versions from n/a through 1.4.2.
Product: Social Share And Social Locker
Active Installations: This plugs has been closed as of February 1, 2025 and is not available for download.
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-31911
NVD References:
CVE-2024-13645 - The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation up to version 5.3, allowing unauthenticated attackers to Instantiate a PHP Object, which may lead to further exploitation if another plugin or theme with a POP chain is present.
Product: tagDiv Composer plugin for WordPress
Active Installations: Unknown. Update to version 5.4, or a newer patched version.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-13645
NVD References:
CVE-2025-2780 - The Woffice Core plugin for WordPress, used by the Woffice Theme, allows authenticated attackers to upload arbitrary files and potentially execute remote code due to missing file type validation in versions up to 5.4.21.
Product: WordPress Woffice Core plugin
Active Installations: Unknown. Update to version 5.4.22, or a newer patched version.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-2780
NVD References:
- https://hub.woffice.io/woffice/changelog#april-1st-2025-version-5422
CVE-2025-2798 - The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass up to version 5.4.21, allowing unauthenticated attackers to register as Administrators through a misconfiguration in excluded roles during registration.
Product: Woffice CRM theme for WordPress
Active Installations: unknown. Update to version 5.4.22, or a newer patched version.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-2798
NVD References:
- http://localhost/wp-content/themes/woffice/inc/classes/Woffice_Register.php#L405
- https://hub.woffice.io/woffice/changelog#april-1st-2025-version-5422
CVE-2024-51800 - Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.
Product: Favethemes Homey
Active Installations: Unknown
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-51800
NVD References:
CVE-2025-31403 - Booking Calendar and Notification from n/a through 4.0.3 is vulnerable to Blind SQL Injection due to improper neutralization of special elements in an SQL command.
Product: shiptrack Booking Calendar and Notification
Active Installations: Unknown
CVSS Score: 9.3
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-31403
NVD References:
CVE-2025-32118 - CMP Ð Coming Soon & Maintenance from n/a through 4.1.13 allows for unrestricted upload of files with dangerous types, potentially leading to the execution of malicious files.
Product: NiteoThemes CMP Ð Coming Soon & Maintenance
Active Installations: 200,000+ Last updated 9 months ago
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-32118
NVD References:
CVE-2025-2941 - The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving in versions up to 1.1.4, allowing for potential remote code execution by unauthenticated attackers.
Product: WordPress Drag and Drop Multiple File Upload for WooCommerce plugin
Active Installations: 6,000+
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-2941
NVD References:
https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/#developers
The following vulnerabilities need a manual review:
CVE-2025-20570 - Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.
Product: Visual Studio Code
CVSS Score: 6.8 / 5.9
NVD References:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-20570
CVE-2025-29803 - Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.
Product: Visual Studio Tools
CVSS Score: 7.3 / 6.4
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29803
CVE-2025-2941 - The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving in versions up to 1.1.4, allowing for potential remote code execution by unauthenticated attackers.
Product: WordPress Drag and Drop Multiple File Upload for WooCommerce plugin
Active Installations: 6,000+
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-2941
NVD References:
https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/#developers
The following vulnerabilities need a manual review:
CVE-2025-20570 - Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.
Product: Visual Studio Code
CVSS Score: 6.8 / 5.9
NVD References:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-20570
cve-2025-20570 - understanding-visual-studio-codes-access-control-vulnerability.360028/#google_vignette
CVE-2025-29803 - Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.
Product: Visual Studio Tools
CVSS Score: 7.3 / 6.4
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29803
Sponsors
Wiz
Contain emerging threats in real time - before they impact your business. Learn how cloud detection and response (CDR) gives security teams the edge they need in this practical, no-nonsense guide that shows you how to prepare, detect, investigate, and respond to cloud attacks effectively. Get the guide here:
Corellium
Webcast | Collaborative Mobile App Security Development and Analysis | May 20, 1:00 ETMobile app security is more critical-and more complex-than ever. With growing pressure to release quickly, mobile security teams often face tough trade-offs: limited access to devices, remote team coordination challenges, and slow, unreliable emulators that fail to mirror real-world behavior. Join SANS Certified Instructor Jeroen Beckers as he shares how to overcome these challenges and modernize your mobile security testing.
Broadcom Inc.
Webcast | Resiliency and Business Continuity in the Cloud Era | May 22, 1:00 pm ET Join Dave Shackleford and Chris Newman as they discuss: - How cloud use is growing and changing, with some emphasis on zero trust and user access strategies - The types of security controls most organizations have implemented in the cloud - Changing compliance and regulatory requirements - Why-and how-we need to rethink business continuity to ensure consistent coverage, even when outages occur Save your seat today!
Hexagon AB
Webcast | ICS Security and Management of Change: Risks and Resilience | April 16, 10:30 ETJoin us for an in-depth webcast exploring the intersection of ICS security and management of change (MoC). Learn how organizations can implement proactive and reactive strategies to identify, evaluate, and mitigate risks associated with change. Whether dealing with scheduled upgrades or unexpected shifts in the operational environment, having a measurable control process is key to maintaining security and stability.