The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Phishing e-mail that hides malicious link from Outlook users

Published: 2025-06-04

Last Updated: 2025-06-04 09:23:19 UTC

by Jan Kopriva (Version: 1)

I recently came across an interesting phishing e-mail. At first glance, it looked like a 'normal' phishing that tried to pass itself off as a message from one of the Czech banks asking account holders to update their information ...

Nevertheless, when I hovered above the rectangle that a recipient was expected to click on, I was surprised to see that the link in the pop-up actually pointed to the legitimate domain of the bank ...

My first thought was that threat actors behind the phishing made a mistake. My assumption was that they used a real e-mail from the bank as a baseline that they wanted to modify to create a message that would point recipients to a malicious site, and mistakenly sent it out before it was finished - strange as it may sound, it wouldnÕt have been nowhere near the first case of something like that IÕve seen ...

Read the full entry: https://isc.sans.edu/diary/Phishing+email+that+hides+malicious+link+from+Outlook+users/32010/

vBulletin Exploits

Published: 2025-06-03

Last Updated: 2025-06-03 20:58:01 UTC

by Johannes Ullrich (Version: 1)

Last week, Egidio Romano disclosed an interesting and easily exploitable vulnerability in vBulletin. These days, bulletin boards are not quite as popular as they used to be, but they are still being used, and vBulletin is one of the most common commercially supported platforms to create a bulletin board. The vulnerability is remarkable as it exemplifies some common issues with patching and keeping your software up to date.

vBulletin is written in PHP (just like this website). To create a modern single-page application in PHP, one typically needs to create an API. This API often exposes internal classes. A URL like https<:>//example.com/api/test may be called the "test" method in our "API" class. Of course, you may not want to expose all your methods to the API, but only select methods you think are safe to use. 

One way to restrict access to specific methods has been to mark them as "private." Only "public" methods are typically accessible from outside the particular class. To evaluate any function, vBulletin uses "Reflection," an API that allows your code to interrogate classes to see what is available and how to call specific methods. As brilliantly explained by Karmainsecurity, this is where the problem arises ...

Read the full entry: https://isc.sans.edu/diary/vBulletin+Exploits+CVE202548827+CVE202548828/32006/

Simple SSH Backdoor

Published: 2025-06-02

Last Updated: 2025-06-02 05:20:14 UTC

by Xavier Mertens (Version: 1)

For most system and network administrators, the free SSH client Putty has been their best friend for years! This tool was also (ab)used by attackers that deployed a trojanized version. Microsoft had the good idea to include OpenSSH (beta version) in Windows 10 Fall Creators Update. One year later, it became a default component with Windows 10 version 1803. I remember the join of type for the first time "ssh" or "scp" in a cmd.exe! SSH is a very powerful tool that can be used in multiple ways, and it was de-facto categorized as a "LOLBIN" ... 

Read the full entry: https://isc.sans.edu/diary/Simple+SSH+Backdoor/32000/

YARA 4.5.3 Release (2025.06.01)

https://isc.sans.edu/diary/YARA+453+Release/31976/

A PNG Image With an Embedded Gift (2025.05.31)

https://isc.sans.edu/diary/A+PNG+Image+With+an+Embedded+Gift/31998/

Usage of "passwd" Command in DShield Honeypots (2025.05.30)

https://isc.sans.edu/diary/Usage+of+passwd+Command+in+DShield+Honeypots/31994/

Alternate Data Streams ? Adversary Defense Evasion and Detection [Guest Diary] (2025.05.28)

https://isc.sans.edu/diary/Alternate+Data+Streams+Adversary+Defense+Evasion+and+Detection+Guest+Diary/31990/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-48827 - vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 on PHP 8.1 or later allow unauthenticated users to access protected API controllers' methods via /api.php?method=protectedMethod.

Product: vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48827

ISC Podcast: https://isc.sans.edu/podcastdetail/9478

NVD References: 

- https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce

- https://kevintel.com/CVE-2025-48827

- https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/

CVE-2025-48828 - vBulletin versions are vulnerable to arbitrary PHP code execution through Template Conditionals abuse, allowing attackers to bypass security checks and execute code in an alternative function syntax.

Product: vBulletin, certain versions

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48828

ISC Podcast: https://isc.sans.edu/podcastdetail/9478

NVD References: 

- https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce

- https://kevintel.com/CVE-2025-48828

- https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/

CVE-2025-21479 & CVE-2025-21480 - Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Product: NVIDIA GPU micronode 

CVSS Score: 8.6

** KEV since 2025-06-03 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21479

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21480

NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

CVE-2025-27038 - Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

Product: Adreno GPU Drivers in Chrome

CVSS Score: 7.5

** KEV since 2025-06-03 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27038

NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

CVE-2025-20188 - Cisco IOS XE Software for Wireless LAN Controllers (WLCs) is vulnerable to an unauthenticated attacker uploading arbitrary files through the Out-of-Band Access Point (AP) Image Download feature.

Product: Cisco Wireless LAN Controllers (WLCs)

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20188

ISC Podcast: https://isc.sans.edu/podcastdetail/9474

CVE-2025-4008 - Meteobridge web interface allows remote attackers to execute arbitrary commands as root through a vulnerable endpoint.

Product: Meteobridge web interface

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4008

ISC Podcast: https://isc.sans.edu/podcastdetail/9468

CVE-2025-41651 - Weidmueller industrial ethernet switches allow unauthenticated remote attackers to execute arbitrary commands and potentially compromise the entire system by exploiting missing authentication on a critical function.

Product: Weidmueller industrial ethernet switches

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41651

NVD References:

- https://certvde.com/en/advisories/VDE-2025-044/

- https://www.cisa.gov/news-events/bulletins/sb25-153

CVE-2025-41652 - Weidmueller industrial ethernet switches are at risk of authentication bypass from flaws in the authorization mechanism, allowing unauthenticated remote attackers to compromise the device through brute-force attacks or MD5 collision techniques.

Product: Weidmueller industrial ethernet switches 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41652

NVD References:

- https://certvde.com/en/advisories/VDE-2025-044/

- https://www.cisa.gov/news-events/bulletins/sb25-153

CVE-2025-32440 - NetAlertX allows attackers to bypass authentication and trigger sensitive functions by sending crafted requests to /index.php prior to version 25.4.14.

Product: NetAlertX

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32440

NVD References: https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-h4x5-vr54-vjrx

CVE-2025-22252 - Fortinet products have a missing authentication vulnerability that could allow an attacker to access the device as an admin without proper credentials.

Product: Fortinet FortiProxy

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22252

NVD References: https://fortiguard.fortinet.com/psirt/FG-IR-24-472

CVE-2025-27528 - Apache InLong is susceptible to a deserialization of untrusted data vulnerability allowing attackers to bypass security mechanisms and lead to arbitrary file reading.

Product: Apache InLong

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27528

NVD References: 

- https://github.com/apache/inlong/pull/11747

- https://lists.apache.org/thread/b807rqzgyv4qgvxw3nhkq8tl6g90gqgj

- http://www.openwall.com/lists/oss-security/2025/05/28/3

CVE-2025-5277 - aws-mcp-server is vulnerable to command injection, allowing an attacker to execute arbitrary commands on the host system via a crafted prompt.

Product: aws-mcp-server MCP server

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5277

NVD References: 

- https://github.com/alexei-led/aws-mcp-server/blob/94d20ae1798a43ac7e3a28e71900d774e5159c8a/src/aws_mcp_server/cli_executor.py#L92

- https://github.com/alexei-led/aws-mcp-server/commit/94d20ae1798a43ac7e3a28e71900d774e5159c8a

CVE-2025-3357 - IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 is vulnerable to remote code execution due to improper validation of an index value in a dynamically allocated array.

Product: IBM Tivoli Monitoring

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3357

NVD References: https://www.ibm.com/support/pages/node/7234923

CVE-2025-45343 - Tenda W18E v.2.0 v.16.01.0.11 is vulnerable to code execution through account module editing.

Product: Tenda W18E

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45343

NVD References: 

- http://w18e.com

- https://gist.github.com/isstabber/b363d47966965e5c0a8ec26d445e090b

- https://www.tenda.com.cn/

CVE-2025-48748 - Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password.

Product: Netwrix Directory Manager (formerly Imanami GroupID)

CVSS Score: 10.0

NVD: 

- https://nvd.nist.gov/vuln/detail/CVE-2025-48748

- https://community.netwrix.com/t/adv-2025-013-hard-coded-password-in-netwrix-directory-manager-formerly-imanami-groupid-v10-and-earlier/13945

CVE-2025-48749 - Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data.

Product: Netwrix Directory Manager

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48749

NVD References: 

- https://community.netwrix.com/t/adv-2025-014-critical-vulnerabilities-in-netwrix-directory-manager-formerly-imanami-groupid-v11/13951

- https://netwrix.com

CVE-2025-3755 - Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules are vulnerable to improper validation of input, allowing a remote attacker to cause a denial-of-service condition or stop the CPU module.

Product: Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3755

NVD References: 

- https://jvn.jp/vu/JVNVU94070048/

- https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-003_en.pdf

CVE-2023-41591 - Open Network Foundation ONOS v2.7.0 enables attackers to perform man-in-the-middle attacks by generating counterfeit IP/MAC addresses.

Product: Open Network Foundation ONOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41591

NVD References: 

- https://gist.github.com/kjw6855/9764e3f51b89119473e4d2c4f64dca27

- https://wiki.onosproject.org/pages/viewpage.action?pageId=16122675

CVE-2025-47933 - Argo CD prior to versions 2.13.8, 2.14.13, and 3.0.4 allows for arbitrary actions via the API and cross-site scripting due to improper URL protocol filtering on the repository page, now patched in the mentioned versions.

Product: Argo CD

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47933

NVD References: 

- https://github.com/argoproj/argo-cd/commit/a5b4041a79c54bc7b3d090805d070bcdb9a9e4d1

- https://github.com/argoproj/argo-cd/security/advisories/GHSA-2hj5-g64g-fp6p

CVE-2025-4967 - Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections.

Product: Esri Portal for ArcGIS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4967

NVD References: https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2025-update-2-patch

CVE-2025-30466 - Safari 18.4, iOS 18.4, iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4 are vulnerable to SOP bypass due to poor state management, resolved in software updates.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30466

NVD References: 

- https://support.apple.com/en-us/122371

- https://support.apple.com/en-us/122373

- https://support.apple.com/en-us/122378

- https://support.apple.com/en-us/122379

CVE-2025-31263 - macOS Sequoia 15.4 is vulnerable to memory corruption, allowing an app to potentially corrupt coprocessor memory.

Product: Apple macOS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31263

NVD References: https://support.apple.com/en-us/122373

CVE-2025-1907 - Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected.

Product: Instantel Micromate

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1907

NVD References: 

- https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-04

- https://www.instantel.com/service-and-support/contact-technical-support

CVE-2025-41438 - The CS5000 Fire Panel is vulnerable due to an unchanged default account with high-level permissions that could impact its operation if exploited.

Product: CS5000 Fire Panel

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41438

NVD References: 

- https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03

- https://www.consiliumsafety.com/en/support/

CVE-2025-46352 - The CS5000 Fire Panel is vulnerable to remote access due to a hard-coded password in the VNC server, posing serious safety risks.

Product: CS5000 Fire Panel

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46352

NVD References: 

- https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03

- https://www.consiliumsafety.com/en/support/

CVE-2020-36846 - IO::Compress::Brotli versions prior to 0.007 are vulnerable to a buffer overflow in the embedded Brotli library, allowing an attacker to trigger a crash by controlling the input length of a decompression request.

Product: IO::Compress Brotli

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-36846

NVD References: https://github.com/advisories/GHSA-5v8v-66v8-mwm7

CVE-2025-44619 - Tinxy WiFi Lock Controller v1 RF is configured to transmit on an open Wi-Fi network, enabling unauthorized network access.

Product: Tinxy WiFi Lock Controller v1 RF

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44619

NVD References: 

- http://tinxy.com

- http://wifi.com

CVE-2025-48757 - Lovable's inadequate Row-Level Security policy allows remote attackers to read or write to any database table on generated sites until 2025-04-15.

Product: Lovable Database Row-Level Security

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48757

NVD References: 

- https://docs.lovable.dev/changelog

- https://gist.github.com/lhchavez/625ee42a6c408a850d35e50f8e649de9

CVE-2025-48865 - Fabio prior to version 1.6.6 allows clients to remove X-Forwarded headers (except X-Forwarded-For) due to a vulnerability in how it processes hop-by-hop headers, potentially creating security vulnerabilities.

Product: Fabio HTTP(S) and TCP router

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48865

NVD References: https://github.com/fabiolb/fabio/security/advisories/GHSA-q7p4-7xjv-j3wf

CVE-2025-40908 - YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

Product: YAML LibYAML

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40908

NVD References: https://github.com/ingydotnet/yaml-libyaml-pm/issues/120

CVE-2025-5408 - WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410_240222 are vulnerable to a critical buffer overflow issue in the sys_login function of /cgi-bin/login.cgi.

Product: WAVLINK QUANTUM D2G

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5408

NVD References: https://github.com/CH13hh/tmp_store_cc/blob/main/wavlink/1.md

CVE-2025-20672 - Bluetooth driver vulnerability in Patch ID: WCNCR00412257 allows for local privilege escalation without requiring user interaction.

Product: Mediatek Bluetooth driver

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20672

NVD References: https://corp.mediatek.com/product-security-bulletin/June-2025

CVE-2025-20674 - The vulnerable product, wlan AP driver, is susceptible to arbitrary packet injection, potentially allowing for remote privilege escalation without requiring additional execution privileges or user interaction.

Product: Qualcomm WLAN AP driver 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20674

NVD References: https://corp.mediatek.com/product-security-bulletin/June-2025

CVE-2025-49113 - Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 is vulnerable to remote code execution by authenticated users due to unvalidated _from parameter in upload.php, allowing PHP Object Deserialization.

Product: Roundcube Webmail

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49113

NVD References: 

- https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10

- http://www.openwall.com/lists/oss-security/2025/06/02/3

CVE-2025-0324 - The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gainÊadministrator privileges.

Product: Axis Communications VAPIX Device Configuration framework 

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0324

NVD References: https://www.axis.com/dam/public/04/f3/1c/cve-2025-0324pdf-en-US-483807.pdf

CVE-2025-37093 - An authentication bypass vulnerabilityÊexists in HPE StoreOnce Software.

Product: HPE StoreOnce Software

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-37093

NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US

CVE-2025-5086 - DELMIA Apriso from Release 2020 through Release 2025 is vulnerable to remote code execution via untrusted data deserialization.

Product: DELMIA Apriso

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5086

NVD References: https://www.3ds.com/vulnerability/advisories

CVE-2025-23099 - Samsung Mobile Processor Exynos 1480 and 2400 are prone to out-of-bounds writes due to a lack of length check.

Product: Samsung Exynos 1480 and 2400

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23099

NVD References: 

- https://semiconductor.samsung.com/support/quality-support/product-security-updates/

- https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-23099/

CVE-2025-4517 - The tarfile module in Python versions 3.12 or later allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data".

Product: Python Software Foundation

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4517

NVD References: 

- https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f

- https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/

CVE-2025-25022 - IBM QRadar Suite Software version 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security version 1.10.0.0 through 1.10.11.0 may expose highly sensitive information to unauthenticated users through configuration files.

Product: IBM QRadar Suite Software

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25022

NVD References: https://www.ibm.com/support/pages/node/7235432

CVE-2025-44148 - MailEnable before version 10 is vulnerable to Cross Site Scripting (XSS) attacks, enabling remote attackers to execute arbitrary code through the failure.aspx component.

Product: MailEnable

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44148

NVD References: 

- http://mailenable.com

- https://github.com/barisbaydur/CVE-2025-44148

CVE-2025-45854 - JEHC-BPM v2.0.1 is vulnerable to arbitrary code execution through file uploads in /server/executeExec.

Product: JEHC-BPM v2.0.1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45854

NVD References: 

- https://gist.github.com/Cafe-Tea/bc14b38f4bfd951de2979a24c3358460

- https://gitee.com/jehc/JEHC-BPM

CVE-2025-32105 - The Sangoma IMG2020 HTTP server through 2.3.9.6 is vulnerable to a buffer overflow, allowing remote code execution for unauthenticated users.

Product: Sangoma IMG2020

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32105

NVD References: https://github.com/austin2111/papers/blob/main/Software_Vulnerabilities_in_Telecommunications_Hardware.pdf

CVE-2025-32106 - Audiocodes Mediapack MP-11x through 6.60A.369.002 allows for unauthenticated remote code execution via a crafted POST request.

Product: Audiocodes Mediapack MP-11x

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32106

NVD References: 

- https://Audiocodes.com

- https://github.com/austin2111/papers/blob/main/Software_Vulnerabilities_in_Telecommunications_Hardware.pdf

CVE-2025-4009 - The Evertz SDVN 3080ipx-10G Ethernet Switching Fabric for Video Application has a vulnerability in its web management interface that allows remote attackers to gain arbitrary command execution with elevated privileges, potentially causing serious business impact.

Product: Evertz SDVN 3080ipx-10G

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4009

ISC Podcast: https://isc.sans.edu/podcastdetail/9470

NVD References: https://www.onekey.com/resource/security-advisory-remote-code-execution-on-evertz-svdn-cve-2025-4009

CVE-2025-41407 & CVE-2025-36527 - Zohocorp ManageEngine ADAudit Plus versions below 8511 SQL injection vulnerabilities.

Product: Zohocorp ManageEngine ADAudit Plus

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41407

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-36527

ISC Podcast: https://isc.sans.edu/podcastdetail/9468

CVE-2025-48336 - Deserialization of Untrusted Data vulnerability in ThimPress Course Builder allows Object Injection.This issue affects Course Builder: from n/a before 3.6.6.

Product: ThimPress Course Builder

Active Installations: Unknown. Update to version 3.6.6 or later.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48336

NVD References: https://patchstack.com/database/wordpress/theme/course-builder/vulnerability/wordpress-course-builder-3-6-6-php-object-injection-vulnerability?_s_id=cve

CVE-2025-4607 - The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation due to a weak OTP mechanism, allowing unauthenticated attackers to reset passwords and gain full site control.

Product: PSW Front-end Login & Registration plugin

Active Installations: This plugin has been closed as of May 29, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4607

NVD References: 

- https://wordpress.org/plugins/psw-login-and-registration/#developers

- https://www.wordfence.com/threat-intel/vulnerabilities/id/a2d6e595-0682-4a41-a432-afbcb50144e8?source=cve

CVE-2025-4631 - The Profitori plugin for WordPress is vulnerable to Privilege Escalation through the stocktend_object endpoint in versions 2.0.6.0 to 2.1.1.3, allowing unauthenticated attackers to elevate user privileges to that of an administrator.

Product: WordPress Profitori plugin

Active Installations: This plugin has been closed as of May 29, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4631

NVD References: 

- https://wordpress.org/plugins/profitori/#developers

- https://www.wordfence.com/threat-intel/vulnerabilities/id/c764811f-e9dc-4c3d-b696-5792e70ff0b6?source=cve

CVE-2025-4797 - The Golo - City Travel Guide WordPress Theme is vulnerable to privilege escalation via account takeover in all versions up to 1.7.0 due to improper user identity validation, allowing unauthenticated attackers to log in as any user.

Product: Golo City Travel Guide WordPress Theme

Active Installations: Unknown. Update to version 1.7.1, or a newer patched version

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4797

NVD References: 

- https://themeforest.net/item/golo-directory-listing-travel-wordpress-theme/25397810

- https://www.wordfence.com/threat-intel/vulnerabilities/id/e7b56ec1-8735-4404-8069-219f5d8866d0?source=cve