The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Microsoft Patch Tuesday: May 2025

Published: 2025-05-13

Last Updated: 2025-05-13 17:57:17 UTC

by Johannes Ullrich (Version: 1)

Today, Microsoft released its expected update for the May patch on Tuesday. This update fixes 78 vulnerabilities. 11 are rated as critical, and 66 as important. Five of the vulnerabilities have already been exploited and two were publicly known but not yet exploited. 70 of the vulnerabilities were patched today, 8 had patches delivered earlier this month.

Notable Vulnerabilities:

CVE-2025-30397: This vulnerability is already exploited. It could lead to remote code execution if a user visits a malicious web page, but only if Edge is running in Internet Explorer mode.

https://nvd.nist.gov/vuln/detail/CVE-2025-30397

The other four already exploited vulnerabilities are all privilege escalation vulnerabilities. The two already known vulnerabilities include a remote code execution vulnerability in Visual Studio and a spoofing vulnerability in Microsoft Defender.

Most of the critical vulnerabilities affect Microsoft Office and the Remote Desktop Client. 

CVE-2025-29831 could be interesting: It is only rated "important", but it is described as a remote code execution issue in Windows Remote Desktop. No authorization is required to exploit the vulnerability. Exploitation relies on a race collation which is often not reliably exploitable (but exploitable). The attack has to be triggered while the server is being restarted. This may be exploitable if a denial of service vulnerability can be used to restart the system ...

https://nvd.nist.gov/vuln/detail/CVE-2025-29831

Read the full entry: 

https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+May+2025/31946/

Apple Updates Everything: May 2025 Edition

Published: 2025-05-12

Last Updated: 2025-05-12 20:30:06 UTC

by Johannes Ullrich (Version: 1)

Apple released its expected update for all its operating systems. The update, in addition to providing new features, patches 65 different vulnerabilities. Many of these vulnerabilities affect multiple operating systems within the Apple ecosystem.

Of note is CVE-2025-31200. This vulnerability is already exploited in "targeted attacks". Apple released patches for this vulnerability in mid-April for its current operating Systems (iOS 18, macOS 15, tvOS 18, and visionOS 2). This update includes patches for older versions of macOS and iPadOS/iOS ...

https://nvd.nist.gov/vuln/detail/CVE-2025-31200

Read the full entry: 

https://isc.sans.edu/diary/Apple+Updates+Everything+May+2025+Edition/31942/

It Is 2025, And We Are Still Dealing With Default IoT Passwords And Stupid 2013 Router Vulnerabilities

Published: 2025-05-12

Last Updated: 2025-05-12 13:49:21 UTC

by Johannes Ullrich (Version: 1)

Unipi Technologies is a company developing programmable logic controllers for a number of different applications like home automation, building management, and industrial controls. The modules produced by Unipi are likely to appeal to a more professional audience. All modules are based on the "Marvis" platform, a customized Linux distribution maintained by Unipi.

In the last couple of days, we did observe scans for the unipi default username and password ("unipi" and "unipi.technology") in our honeypot logs. The scans originate from ... an IP address that is well-known to our database.

In addition to SSH, the IP address also scans for an ancient Netgear vulnerability from 2013, which only got a CVE number last year (CVE-2024-12847). 

https://nvd.nist.gov/vuln/detail/CVE-2024-12847

Both, the SSH as well as the "Netgear" exploit attempts are executing the same commands ...

Read the full entry: 

https://isc.sans.edu/diary/It+Is+2025+And+We+Are+Still+Dealing+With+Default+IoT+Passwords+And+Stupid+2013+Router+Vulnerabilities/31940/

Another day, another phishing campaign abusing google.com open redirects (2025.05.14)

https://isc.sans.edu/diary/Another+day+another+phishing+campaign+abusing+googlecom+open+redirects/31950/

Steganography Challenge: My Solution (2025.05.10)

https://isc.sans.edu/diary/Steganography+Challenge+My+Solution/31912/

No Internet Access? SSH to the Rescue! (2025.05.08)

https://isc.sans.edu/diary/No+Internet+Access+SSH+to+the+Rescue/31932/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-30397 - Microsoft Scripting Engine is vulnerable to type confusion, enabling unauthorized attackers to execute code over a network.

Product: Microsoft Scripting Engine

CVSS Score: 7.5

** KEV since 2025-05-13 **

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-30397

ISC Diary:

https://isc.sans.edu/diary/31946

NVD References:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30397

CVE-2025-30400 - Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.

Product: Microsoft Windows DWM

CVSS Score: 7.8

** KEV since 2025-05-13 **

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-30400

ISC Diary:

https://isc.sans.edu/diary/31946

NVD References:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30400

CVE-2025-32701 - Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Product: Microsoft Windows Common Log File System Driver

CVSS Score: 7.8

** KEV since 2025-05-13 **

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-32701

ISC Diary:

https://isc.sans.edu/diary/31946

NVD References:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32701

CVE-2025-32706 - Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Product: Microsoft Windows Common Log File System Driver

CVSS Score: 7.8

** KEV since 2025-05-13 **

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-32706

ISC Diary:

https://isc.sans.edu/diary/31946

NVD References:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32706

CVE-2025-32709 - Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Product: Microsoft Windows Ancillary Function Driver for WinSock

CVSS Score: 7.8

** KEV since 2025-05-13 **

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-32709

ISC Diary:

https://isc.sans.edu/diary/31946

NVD References:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32709

CVE-2025-31200 - Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file. The issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

Product: Multiple Apple products

CVSS Score: N/A

** KEV since 2025-04-17 **

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-31200

ISC Diary:

https://isc.sans.edu/diary/31942

ISC Podcast:

https://isc.sans.edu/podcastdetail/9448

NVD References:

-

https://support.apple.com/en-us/122282

-

https://support.apple.com/en-us/122400

-

https://support.apple.com/en-us/122401

-

https://support.apple.com/en-us/122402

CVE-2025-47729 - The TeleMessage archiving backend stores clear copies of messages from TM SGNL app users beyond its documented end-to-end encryption capabilities, allowing exploitation.

Product: Telemessage Text Message Archiver

CVSS Score: 1.9

** KEV since 2025-05-12 **

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-47729

NVD References:

-

https://arstechnica.com/security/2025/05/signal-clone-used-by-trump-official-stops-operations-after-report-it-was-hacked/

-

https://news.ycombinator.com/item?id=43909220

-

https://www.theregister.com/2025/05/05/telemessage_investigating/

CVE-2024-6047 - GeoVision devices have a vulnerability where unauthenticated remote attackers can inject and execute arbitrary system commands.

Product: GeoVision EOL GeoVision devices

CVSS Score: 0

** KEV since 2025-05-07 **

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2024-6047

CVE-2025-32756 - Fortinet FortiVoice, FortiRecorder, FortiMail, FortiNDR, and FortiCamera are vulnerable to a stack-based buffer overflow allowing remote attackers to execute arbitrary code via specially crafted HTTP requests.

Product: Multiple Fortinet products

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-32756

ISC Podcast:

https://isc.sans.edu/podcastdetail/9450

NVD References:

https://fortiguard.fortinet.com/psirt/FG-IR-25-254

CVE-2025-29813 - Visual Studio is vulnerable to an elevation of privilege issue due to mishandling pipeline job tokens, allowing an attacker to extend their access to a project by swapping short-term tokens for long-term ones.

Product: Microsoft Visual Studio

CVSS Score: 10.0

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-29813

ISC Diary:

https://isc.sans.edu/diary/31946

NVD References:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29813

CVE-2025-29827 - Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.

Product: Microsoft Azure Automation

CVSS Score: 9.9

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-29827

ISC Diary:

https://isc.sans.edu/diary/31946

NVD References:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29827

CVE-2025-29972 - Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.

Product: Microsoft Azure

CVSS Score: 9.9

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-29972

ISC Diary:

https://isc.sans.edu/diary/31946

NVD References:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29972

CVE-2025-47733 - Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network

Product: Microsoft Power Apps

CVSS Score: 9.1

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-47733

ISC Diary:

https://isc.sans.edu/diary/31946

NVD References:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47733

CVE-2025-30387 - Azure vulnerability allows unauthorized attackers to elevate privileges through improper limitation of pathnames.

Product: Azure

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-30387

ISC Diary:

https://isc.sans.edu/diary/31946

NVD References:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30387

CVE-2025-46762 - Apache Parquet 1.15.0 and previous versions allow bad actors to execute arbitrary code through schema parsing in the parquet-avro module.

Product: Apache Parquet

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-46762

NVD References:

-

https://lists.apache.org/thread/t7724lpvl110xsbgqwsmrdsns0rhycdp

-

https://www.openwall.com/lists/oss-security/2025/05/02/1

CVE-2025-40620 through CVE-2025-40624 - TCMAN's GIM v11 has multiple SQL injection vulnerabilities.

Product: TCMAN GIM

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-40620

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-40621

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-40622

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-40623

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-40624

NVD References:

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcmans-gim

CVE-2025-40625 - TCMAN's GIM v11 allows unauthenticated attackers to upload any file to the server, leading to Remote Code Execution (RCE).

Product: TCMAN GIM

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-40625

NVD References:

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcmans-gim

CVE-2025-45487 through CVE-2025-45491 - Linksys E5600 v1.1.0.26 was discovered to contain multiple command injection vulnerabilities.

Product: Linksys E5600

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-45487

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-45488

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-45489

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-45490

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-45491

NVD References:

-

https://github.com/JZP018/vuln03/blob/main/linksys/E5600/CI_InternetConnection/CI_InternetConnection.pdf

-

https://github.com/JZP018/vuln03/blob/main/linksys/E5600/CI_InternetConnection/CI_InternetConnection.py

CVE-2025-45492 - Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function.

Product: Netgear EX8000

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-45492

NVD References:

-

https://github.com/JZP018/vuln03/blob/main/netgear/EX8000/cve-netgear_EX8000_CI_action_wireless.pdf

-

https://github.com/JZP018/vuln03/blob/main/netgear/EX8000/netgear_EX8000_CI_action_wireless.mp4

CVE-2025-25014 - Kibana is vulnerable to prototype pollution, allowing arbitrary code execution through crafted HTTP requests to machine learning and reporting endpoints.

Product: Kibana

CVSS Score: 9.1

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-25014

NVD References:

https://discuss.elastic.co/t/kibana-8-17-6-8-18-1-or-9-0-1-security-update-esa-2025-07/377868

CVE-2024-12225 - Quarkus is vulnerable to unauthorized access due to default REST endpoints remaining accessible when developers provide custom REST endpoints.

Product: Quarkus quarkus-security-webauthn

CVSS Score: 9.1

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2024-12225

NVD References:

-

https://access.redhat.com/security/cve/CVE-2024-12225

-

https://bugzilla.redhat.com/show_bug.cgi?id=2330484

CVE-2025-44073 - SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php.

Product: SeaCMS v13.3

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-44073

NVD References:

https://github.com/202110420106/CVE/blob/master/seacms/seacms_comment_news_sql.md

CVE-2025-44899 - Tenda RX3 V1.0br_V16.03.13.11 is vulnerable to a stack overflow via parameter manipulation in the fromSetWifiGuestBasic function of the /goform/WifiGuestSet web url.

Product: Tenda RX3 V1.0br_V16.03.13.11

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-44899

NVD References:

https://github.com/faqiadegege/IoTVuln/blob/main/tenda_RX3_fromSetWifiGusetBasic_shareSpeed_overflow/detail.md

CVE-2025-45513 - Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter.

Product: Tenda FH451 V1.0.0.9

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-45513

NVD References:

https://github.com/Eu21ka/cve_report/blob/master/The%20router%20Tenda%20FH451%20V1.0.0.9%20of%20Shenzhen%20Jixiang%20Tenda%20Technology%20Co.%2C%20Ltd.%20has%20a%20stack%20overflow%20vulnerability.md

CVE-2025-45779 - Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter.

Product: Tenda AC10

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-45779

NVD References:

-

https://github.com/sunyou-iot/iot-vul/blob/main/TendaAC10/CVE-2025-45779/README.md

-

https://www.tendacn.com/us/download/detail-3782.html

-

https://github.com/sunyou-iot/iot-vul/blob/main/TendaAC10/CVE-2025-45779/README.md

CVE-2025-2775, CVE-2025-2776, CVE-2025-2776 - SysAid On-Prem versions <= 23.3.40 suffers from multiple unauthenticated XXE vulnerabilities

Product: SysAid On-Prem

CVSS Score: 9.3

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-2775

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-2776

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-2777

NVD References:

-

https://documentation.sysaid.com/docs/24-40-60

-

https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/

CVE-2025-20188 - Cisco IOS XE Software for Wireless LAN Controllers (WLCs) is vulnerable to an unauthenticated attacker uploading arbitrary files through the Out-of-Band Access Point (AP) Image Download feature.

Product: Cisco Wireless LAN Controllers (WLCs)

CVSS Score: 10.0

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-20188

NVD References:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC

CVE-2025-26844 - An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.

Product: Znuny

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-26844

NVD References:

-

https://www.znuny.com

-

https://www.znuny.org/en/advisories/zsa-2025-05

CVE-2025-26845 - Znuny through 7.1.3 is vulnerable to an Eval Injection issue, allowing a user with write access to the configuration file to execute commands through the backup.pl script.

Product: Znuny

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-26845

NVD References:

-

https://www.znuny.com

-

https://www.znuny.org/en/advisories/zsa-2025-03

CVE-2025-26846 - Znuny before 7.1.4 is vulnerable to improper permissions checks in the Generic Interface for updating ticket metadata.

Product: Znuny Generic Interface

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-26846

NVD References:

-

https://www.znuny.com

-

https://www.znuny.org/en/advisories/zsa-2025-02

CVE-2025-26847 - An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.

Product: Znuny

CVSS Score: 9.1

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-26847

NVD References:

-

https://www.znuny.com

-

https://www.znuny.org/en/advisories/zsa-2025-06

CVE-2024-11186 - Arista CloudVision Portal allows malicious authenticated users to improperly access and control managed EOS devices, impacting on-premise installations only.

Product: Arista CloudVision Portal

CVSS Score: 10.0

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2024-11186

NVD References:

https://www.arista.com/en/support/advisories-notices/security-advisory/21314-security-advisory-0114

CVE-2024-12378 - Arista EOS with secure Vxlan configured may send packets in the clear when the Tunnelsec agent is restarted.

Product: Arista Networks Arista EOS

CVSS Score: 9.1

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2024-12378

NVD References:

https://www.arista.com/en/support/advisories-notices/security-advisory/21289-security-advisory-0113

CVE-2025-0505 - Arista CloudVision systems are vulnerable to gaining admin privileges through Zero Touch Provisioning, allowing unauthorized query and manipulation of system state for managed devices.

Product: Arista CloudVision

CVSS Score: 10.0

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-0505

NVD References:

https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115

CVE-2023-31585 - Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php.

Product: Grocery-CMS PHP-Restful-API

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2023-31585

NVD References:

-

https://gist.github.com/f1rstb100d/487f27964a28b100bd57f38e144f2d35

-

https://github.com/ajayrandhawa/Grocery-CMS-PHP-Restful-API/issues/5

CVE-2025-3710, CVE-2025-3711, CVE-2025-3714 - The LCD KVM over IP Switch CL5708IM has multiple a Stack-based Buffer Overflow vulnerabilities

Product: LCD KVM CL5708IM

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-3710

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-3711

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-3714

NVD References:

-

https://www.twcert.org.tw/en/cp-139-10103-32121-2.html

-

https://www.twcert.org.tw/tw/cp-132-10095-a0f57-1.html

-

https://wwwtwcert.org.tw/en/cp-139-10104-63bf4-2.html

-

https://www.twcert.org.tw/tw/cp-132-10096-60a81-1.html

-

https://www.twcert.org.tw/en/cp-139-10107-26b24-2.html

-

https://www.twcert.org.tw/tw/cp-132-10099-0ad69-1.html

CVE-2024-11861 - EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access.

Product: EnerSys AMPA

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2024-11861

NVD References:

-

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0001.md

-

https://www.enersys.com/4996bf/globalassets/documents/corporate/cve/enersys_cve-2024-11861-final.pdf

CVE-2024-12442 - EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access.

Product: EnerSys AMPA

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2024-12442

NVD References:

-

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0002.md

-

https://www.enersys.com/4996df/globalassets/documents/corporate/cve/enersys_cve-2024-12442-final.pdf

CVE-2025-45885 - PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file, allowing attackers to inject malicious code through the 'emailcont' parameter for use in SQL queries.

Product: PHPGURUKUL Vehicle Parking Management System

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-45885

NVD References:

-

https://github.com/lintian31/vpm-system/blob/main/Vehicle%20parking%20Management%20System.md

-

https://github.com/lintian31/vpm-system/blob/main/Vehicle%20parking%20Management%20System.md

CVE-2025-45887 - Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent.

Product: Yifang CMS v2.0.2

CVSS Score: 9.1

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-45887

NVD References:

https://gitee.com/wanglongcn/yifang/issues/IBZVAG

CVE-2025-28200 - Victure RX1800 EN_V1.0.0_r12_110933 has a vulnerability due to a weak default password based on the last 8 digits of the Mac address.

Product: Victure RX1800 EN_V1.0.0_r12_110933

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-28200

NVD References:

-

http://rx1800.com

-

http://victure.com

-

https://pwnit.io/2025/02/13/finding-vulnerabilities-in-wi-fi-router/

-

https://pwnit.io/2025/02/13/finding-vulnerabilities-in-wi-fi-router/

CVE-2025-46188, CVE-2025-46189, CVE-2025-46190, CVE-2025-46192 - SourceCodester Client Database Management System 1.0 has multiple SQL Injection vulnerabilities

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-46188

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-46189

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-46190

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-46192

NVD References:

-

https://github.com/x6vrn/mitre/blob/main/CVE-2025-46188.md

-

https://medium.com/@bijay.kumar1857/sql-injection-to-rce-exploitation-0a5048e592be

-

https://github.com/x6vrn/mitre/blob/main/CVE-2025-46189.md

-

https://medium.com/@YousefAlotaibi/disclaimer-1699f46cb1a0

-

https://github.com/x6vrn/mitre/blob/main/CVE-2025-46190.md

-

https://github.com/x6vrn/mitre/blob/main/CVE-2025-46192.md

-

https://www.invicti.com/learn/blind-sql-injection/

CVE-2025-46193 - SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbitrary file upload in user_proposal_update_order.php.

Product: SourceCodester Client Database Management System 1.0

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-46193

NVD References:

-

https://github.com/x6vrn/mitre/blob/main/CVE-2025-46193.md

-

https://portswigger.net/web-security/file-upload

CVE-2025-46191 - SourceCodester Client Database Management System 1.0 is vulnerable to arbitrary file upload, allowing unauthenticated users to upload PHP files and execute remote commands.

Product: SourceCodester Client Database Management System 1.0

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-46191

NVD References:

-

https://github.com/x6vrn/mitre/blob/main/CVE-2025-46191.md

-

https://portswigger.net/web-security/file-upload

CVE-2025-4555 - Okcat Parking Management Platform from ZONG YU is vulnerable to Missing Authentication, enabling unauthenticated remote attackers to access system functions such as gate opening and license plate viewing.

Product: ZONG YU Okcat Parking Management Platform

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-4555

NVD References:

-

https://www.twcert.org.tw/en/cp-139-10109-25719-2.html

-

https://www.twcert.org.tw/tw/cp-132-10108-f77f5-1.html

CVE-2025-4556 - Okcat Parking Management Platform from ZONG YU has an Arbitrary File Upload vulnerability, enabling remote attackers to upload web shell backdoors for arbitrary code execution.

Product: ZONG YU Okcat Parking Management Platform

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-4556

NVD References:

-

https://www.twcert.org.tw/en/cp-139-10111-b78e6-2.html

-

https://www.twcert.org.tw/tw/cp-132-10110-114f0-1.html

CVE-2025-4557 - ZONG YU's Parking Management System APIs have a Missing Authentication vulnerability, enabling unauthorized remote attackers to control system functions such as gate opening and system restart.

Product: ZONG YU Parking Management System

CVSS Score: 9.1

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-4557

NVD References:

-

https://www.twcert.org.tw/en/cp-139-10113-58c29-2.html

-

https://www.twcert.org.tw/tw/cp-132-10112-5de7e-1.html

CVE-2025-4558 - WormHole Tech's GPM is vulnerable to unauthenticated remote attackers changing any user's password and using it to log in due to an Unverified Password Change vulnerability.

Product: WormHole Tech GPM

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-4558

NVD References:

-

https://www.twcert.org.tw/en/cp-139-10115-f5f14-2.html

-

https://www.twcert.org.tw/tw/cp-132-10114-10b4b-1.html

CVE-2025-4559 - The ISOinsight from Netvision is vulnerable to SQL Injection, enabling remote attackers to access and manipulate database contents.

Product: Netvision ISOinsight

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-4559

NVD References:

-

https://www.twcert.org.tw/en/cp-139-10117-57344-2.html

-

https://www.twcert.org.tw/tw/cp-132-10116-784e0-1.html

CVE-2024-56523 & CVE-2024-56524 - Radware Cloud Web Application Firewall (WAF) allows remote attackers to bypass firewall filters

Product: Radware Cloud Web Application Firewall (WAF)

CVSS Score: 9.1

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2024-56523

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2024-56524

NVD References:

-

https://radware.com/solutions/cloud-security/

-

https://www.kb.cert.org/vuls/id/722229

CVE-2025-44022 - An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism.

Product: vvveb CMS

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-44022

NVD References:

-

https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-44022

-

https://github.com/givanz/Vvveb/commit/dd74abcae88f658779f61338b9f4c123884eef0d

-

https://github.com/givanz/Vvveb/issues/289

-

https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-44022

-

https://github.com/givanz/Vvveb/issues/289

CVE-2025-44830 - EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface.

Product: EngineerCMS

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-44830

NVD References:

-

https://gist.github.com/LTLTLXEY/e00ec21b730742ef432a7a560cd9b70a

-

https://github.com/3xxx/engineercms/issues/90

CVE-2023-49641 - Billing Software v1.0 has multiple Unauthenticated SQL Injection vulnerabilities due to lack of filtering in the 'username' parameter of loginCheck.php.

Product: Billing Software v1.0

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2023-49641

NVD References:

-

https://fluidattacks.com/advisories/zimerman/

-

https://www.kashipara.com/

CVE-2025-42999 - SAP NetWeaver Visual Composer Metadata Uploader is vulnerable to upload of untrusted content that could compromise system confidentiality, integrity, and availability.

Product: SAP NetWeaver Visual Composer

CVSS Score: 9.1

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-42999

NVD References:

-

https://me.sap.com/notes/3604119

-

https://url.sap/sapsecuritypatchday

-

https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

CVE-2025-4632 - Samsung MagicINFO 9 Server before version 21.1052 allows attackers to write arbitrary files with system authority by improperly limiting pathnames to restricted directories.

Product: Samsung MagicINFO 9 Server

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-4632

NVD References:

https://security.samsungtv.com/securityUpdates#SVP-MAY-2025

CVE-2025-26389 - Siemens OZW672 and OZW772 are vulnerable to a remote code execution attack due to unsanitized input parameters in the `exportDiagramPage` endpoint, potentially granting unauthorized root access.

Product: Siemens OZW

CVSS Score: 10.0

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-26389

NVD References:

https://cert-portal.siemens.com/productcert/html/ssa-047424.html

CVE-2025-26390 - Siemens OZW672 and OZW772 are vulnerable to SQL injection, allowing an unauthenticated remote attacker to bypass authentication and authenticate as Administrator user.

Product: Siemens OZW

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-26390

NVD References:

https://cert-portal.siemens.com/productcert/html/ssa-047424.html

CVE-2025-32469, CVE-2025-33024, & CVE-2025-33025 - RUGGEDCOM ROX series devices have multiple command injection vulnerabilities.

Product: Siemens RUGGEDCOM

CVSS Score: 9.9

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-32469

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-33024

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-33025

NVD References:

https://cert-portal.siemens.com/productcert/html/ssa-301229.html

CVE-2024-46506 - NetAlertX 23.01.14 through 24.x before 24.10.12 is susceptible to unauthenticated command injection via settings update due to a missing authentication requirement, seen in a real exploitation in May 2025.

Product: NetAlertX 23.01.14 through 24.x before 24.10.12

CVSS Score: 10.0

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2024-46506

NVD References:

https://rhinosecuritylabs.com/research/cve-2024-46506-rce-in-netalertx/

CVE-2025-22462 - Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2, and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system through an authentication bypass.

Product: Ivanti Neurons for ITSM

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-22462

NVD References:

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462

CVE-2025-4428 - Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows authenticated attackers to execute arbitrary code through crafted API requests.

Product: Ivanti Endpoint Manager Mobile

CVSS Score: 7.2

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-4428

ISC Podcast:

https://isc.sans.edu/podcastdetail/9450

NVD References:

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM

CVE-2025-4427 - Ivanti Endpoint Manager Mobile 12.5.0.0 and prior is vulnerable to an authentication bypass in its API component, allowing attackers to access protected resources without proper credentials.

Product: Ivanti Endpoint Manager Mobile

CVSS Score: 5.3

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-4427

ISC Podcast:

https://isc.sans.edu/podcastdetail/9450

NVD References:

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM

CVE-2025-45858 - TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function.

Product: TOTOLINK A3002R

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-45858

NVD References:

-

https://github.com/Jiangxiazhe/IOT_hack/blob/main/TOTOLINK/A3002R/injection1.md

-

https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/258/ids/36.html

CVE-2025-29831 - Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.

Product: Microsoft Remote Desktop Gateway Service

CVSS Score: 7.5

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-29831

ISC Diary:

https://isc.sans.edu/diary/31946

NVD References:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29831

CVE-2025-43559 through CVE-2025-43564 - Multiple vulnerabilities in Adobe ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier include improper input validation, incorrect authorization, OS command injection, and improper access control.

Product: Adobe ColdFusion

CVSS Score: 9.1

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-43559

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-43560

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-43561

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-43562

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-43563

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-43564

NVD References:

https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html

CVE-2025-43567 - Adobe Connect versions 12.8 and earlier are vulnerable to a reflected Cross-Site Scripting (XSS) attack, allowing an attacker to inject malicious scripts into form fields and potentially execute malicious JavaScript on a victim's browser.

Product: Adobe Connect

CVSS Score: 9.3

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-43567

NVD References:

https://helpx.adobe.com/security/products/connect/apsb25-36.html

CVE-2025-0855 - The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 5.8.0, allowing unauthenticated attackers to inject a PHP Object and potentially execute harmful actions.

Product: WordPress PGS Core plugin

Active Installations: Update to version 5.9.0, or a newer patched version

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-0855

NVD References:

-

https://docs.potenzaglobalsolutions.com/docs/ciyashop-wp/changelog/

-

https://www.wordfence.com/threat-intel/vulnerabilities/id/5dfc2249-3761-49c6-966e-73c33be74c0e?source=cve

CVE-2025-3844 - The PeproDev Ultimate Profile Solutions plugin for WordPress allows unauthenticated attackers to login as other users, including administrators, due to an Authentication Bypass vulnerability in versions 1.9.1 to 7.5.2.

Product: PeproDev Ultimate Profile Solutions plugin for WordPress

Active Installations: This plugin has been closed as of May 5, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-3844

NVD References:

-

https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L1483

-

https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L2836

-

https://www.wordfence.com/threat-intel/vulnerabilities/id/65be9417-7029-4f34-b834-98208a42743b?source=cve

CVE-2025-4104 - The Frontend Dashboard plugin for WordPress allows unauthenticated attackers to reset the administrator's email and password, escalating their privileges to that of an administrator.

Product: WordPress Frontend Dashboard plugin

Active Installations: 700+

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-4104

NVD References:

-

https://plugins.trac.wordpress.org/browser/frontend-dashboard/tags/2.2.6/includes/frontend/request/login/index.php#L21

-

https://plugins.trac.wordpress.org/browser/frontend-dashboard/tags/2.2.6/includes/frontend/request/login/register.php#L16

-

https://plugins.trac.wordpress.org/browser/frontend-dashboard/tags/2.2.7/includes/frontend/request/login/validation.php

-

https://plugins.trac.wordpress.org/changeset/3288562/

-

https://wordpress.org/plugins/frontend-dashboard/#developers

-

https://www.wordfence.com/threat-intel/vulnerabilities/id/31e518a9-316b-40a4-ada7-317fb2c16766?source=cve

CVE-2025-47549 - Themefic BEAF allows remote attackers to upload dangerous files, including web shells, to a web server, impacting versions from n/a through 4.6.10.

Product: Themefic Ultimate Before After Image Slider \\& Gallery

Active Installations: 20,000+

CVSS Score: 9.1

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-47549

NVD References:

-

https://github.com/d0n601/CVE-2025-47549

-

https://patchstack.com/database/wordpress/plugin/beaf-before-and-after-gallery/vulnerability/wordpress-beaf-4-6-10-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-47657 - Productive Commerce allows SQL Injection through version 1.1.22.

Product: Productive Minds Productive Commerce

Active Installations: 50+

CVSS Score: 9.3

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-47657

NVD References:

https://patchstack.com/database/wordpress/plugin/productive-commerce/vulnerability/wordpress-productive-commerce-1-1-22-sql-injection-vulnerability?_s_id=cve

CVE-2025-3810 - The WPBookit plugin for WordPress is vulnerable to privilege escalation through account takeover in versions up to 1.0.2.

Product: WPBookit WordPress plugin

Active Installations: 50+

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-3810

NVD References:

-

https://plugins.trac.wordpress.org/changeset/3278939/wpbookit/trunk/core/admin/classes/controllers/class.wpb-profile-controller.php

-

https://www.wordfence.com/threat-intel/vulnerabilities/id/54f1ebfb-67f1-461d-91f1-269b0a2c0653?source=cve

CVE-2025-3811 - The WPBookit plugin for WordPress allows unauthenticated attackers to change user email addresses and reset passwords, enabling privilege escalation through account takeover.

Product: WordPress WPBookit plugin

Active Installations: 50+

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-3811

NVD References:

-

https://plugins.trac.wordpress.org/changeset/3278939/wpbookit/trunk/core/admin/classes/controllers/class.wpb-customer-controller.php

-

https://www.wordfence.com/threat-intel/vulnerabilities/id/a61cce43-0df7-4ca9-8897-24c7d131b505?source=cve

CVE-2024-11617 - The Envolve Plugin for WordPress is vulnerable to arbitrary file uploads, enabling unauthenticated attackers to potentially achieve remote code execution.

Product: Envolve Plugin WordPress

Active Installations: Update to version 1.1.0, or a newer patched version

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2024-11617

NVD References:

-

https://themeforest.net/item/envolve-consulting-business-wordpress-theme/28748459

-

https://www.wordfence.com/threat-intel/vulnerabilities/id/d0ad02d9-546f-4bcb-b567-785e3acfb489?source=cve

CVE-2025-2253 - The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover due to improper validation of verification codes, allowing unauthenticated attackers to change any user's password.

Product: IMITHEMES Listing plugin

Active Installations: Update to version 3.4, or a newer patched version

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-2253

NVD References:

-

https://themeforest.net/item/auto-stars-car-dealership-listings-wp-theme/11560490

-

https://www.wordfence.com/threat-intel/vulnerabilities/id/4ed0ea4a-9cbf-4033-a31f-6cb954e8ce01?source=cve

CVE-2025-3605 - The Frontend Login and Registration Blocks plugin for WordPress allows unauthenticated attackers to escalate privileges and take over accounts by changing email addresses due to improper user identity validation.

Product: WordPress Frontend Login and Registration Blocks plugin

Active Installations: This plugin has been closed as of April 22, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-3605

NVD References:

-

https://plugins.trac.wordpress.org/browser/frontend-login-and-registration-blocks/trunk/inc/class-flr-blocks-user-settings.php#L59

-

https://www.wordfence.com/threat-intel/vulnerabilities/id/0c11668c-6dc3-4539-b2be-bf6528bed73e?source=cve

CVE-2025-4403 - The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress allows unauthenticated attackers to upload arbitrary files and potentially execute remote code due to a lack of proper file type validation.

Product: WordPress Drag and Drop Multiple File Upload for WooCommerce plugin

Active Installations: 6,000+

CVSS Score: 9.8

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-4403

NVD References:

-

https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-for-woocommerce/tags/1.1.6/inc/class-dnd-upload-wc.php#L158

-

https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-for-woocommerce/tags/1.1.6/inc/class-dnd-upload-wc.php#L360

-

https://plugins.trac.wordpress.org/changeset/3289478/

-

https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/#developers

-

https://www.wordfence.com/threat-intel/vulnerabilities/id/933dd704-5a31-42a9-9b87-bf14a9d4ffa9?source=cve

CVE-2025-47682 - SMS Alert Order Notifications Ð WooCommerce is vulnerable to SQL Injection from version n/a through 3.8.2.

Product: Cozy Vision Technologies Pvt. Ltd. SMS Alert Order Notifications Ð WooCommerce

Active Installations: 5,000+

CVSS Score: 9.3

NVD:

https://nvd.nist.gov/vuln/detail/CVE-2025-47682

NVD References:

https://patchstack.com/database/wordpress/plugin/sms-alert/vulnerability/wordpress-sms-alert-order-notifications-woocommerce-3-8-1-sql-injection-vulnerability?_s_id=cve