The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Microsoft Patch Tuesday September 2025

Published: 2025-09-09

Last Updated: 2025-09-09 17:42:34 UTC

by Johannes Ullrich (Version: 1)

As part of its September patch Tuesday, Microsoft addressed 177 different vulnerabilities, 86 of which affect Microsoft products. None of the vulnerabilities has been exploited before today. Two of the vulnerabilities were already made public. Microsoft rates 13 of the vulnerabilities are critical.

You will see a number of vulnerabilities without assigned severity. These vulnerabilities affect Linux distributions like Mariner, Microsoft's Linux distribution used in its cloud environments, and Azure Linux.

Vulnerabilities of Interest:

CVE-2025-54107, CVE-2025-54917: Microsoft assigns URLs to different security zones, like "Intranet" and "Internet". URLs may be misclassified. An attacker could use this vulnerability to bypass security features that restrict more risky URLs.

CVE-2025-55226, CVE-2025-55236: The description for these vulnerabilities is a bit odd. Microsoft labels them as "remote code execution" vulnerabilities, but states that they allow an "authorized attacker to execute code locally." I suspect that the remote part refers to a user unknowingly executing the code by viewing an image. The CVSS score is still low for a "critical" vulnerability.

Overall, there is no "patch now" vulnerability included. Apply patches in line with your local vulnerability management policy (hopefully before next month's patch Tuesday) ...

Read the full entry: https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+September+2025/32270/

HTTP Request Signatures

Published: 2025-09-08

Last Updated: 2025-09-08 12:40:58 UTC

by Johannes Ullrich (Version: 1)

This weekend, I noticed three related headers being used in requests to some of our honeypots for the first time ...

These headers are related to a relatively new feature, HTTP Message Signatures, which was standardized in RFC 9421 in February last year.

First, what is the problem that HTTP Request Signatures attempt to solve? According to the RFC, there are quite a few problems. However, the main use case appears to be authenticating bots. Most well-behaved bots add specific user agents. Like, for example, "Googlebot", to identify requests originating from the bot.

On the other hand, users have long figured out that setting your user agent to "Googlebot" may get you past some paywalls. To counter this, Google ensured that its IP addresses reverse-resolve to "googlebot.com" hostnames. This may work for a large organization like Google, but in modern architectures, the client IP address is often lost in the proxy bucket brigade, or if it is present, may not be communicated in a trustworthy manner.

HTTP Request Signatures are supposed to fix that.

Here is an example request received by one of our honeypots ...

Read the full entry: https://isc.sans.edu/diary/HTTP+Request+Signatures/32266/

Exploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086

Published: 2025-09-03

Last Updated: 2025-09-03 14:36:19 UTC

by Johannes Ullrich (Version: 1)

When I am thinking about the security of manufacturing environments, I am usually focusing on IoT devices integrated into production lines. All the little sensors and actuators are often very difficult to secure. On the other hand, there is also "big software" that is used to manage manufacturing. One example is DELMIA Apriso by Dassault Systèmes. This type of Manufacturing Operation Management (MOM) or Manufacturing Execution System (MES) ties everything together and promises to connect factory floors to ERP systems.

But complex systems like this have bugs, too. In June, Dassault Systèmes published an advisory regarding a vulnerability in DELMIA Apriso. The advisory is rather short and states:

"A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution" ...

Read the full entry: https://isc.sans.edu/diary/Exploit+Attempts+for+Dassault+DELMIA+Apriso+CVE20255086/32256/

From YARA Offsets to Virtual Addresses (2025.09.05)

https://isc.sans.edu/diary/From+YARA+Offsets+to+Virtual+Addresses/32262/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-53690 - Sitecore Experience Manager and Sitecore Experience Platform (XP) are vulnerable to deserialization of untrusted data, allowing code injection through version 9.0.

Product: Sitecore Experience Commerce

CVSS Score: 9.0

** KEV since 2025-09-04 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53690

NVD References: https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003865

CVE-2025-53693 - Sitecore Experience Manager and Sitecore Experience Platform versions 9.0 through 10.4 are vulnerable to Cache Poisoning due to unsafe reflection allowing for externally-controlled input selection of classes or code.

Product: Sitecore Experience Commerce

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53693

NVD References: https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667

CVE-2025-57052 - cJSON versions 1.5.0 through 1.7.18 are vulnerable to out-of-bounds access, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings.

Product: Davegamble cJSON

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57052

ISC Diary: https://isc.sans.edu/diary/32270

CVE-2025-48543 - Chrome has a potential vulnerability that allows for the escape of the sandbox to target Android system_server through a use after free, leading to local escalation of privilege without requiring additional execution privileges or user interaction.

Product: Google Android

CVSS Score: 8.8

** KEV since 2025-09-04 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48543

NVD References: https://source.android.com/security/bulletin/2025-09-01

CVE-2025-9377 - TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Product: TP-Link Archer C7(EU) and TL-WR841N/ND(MS)

CVSS Score: 8.6

** KEV since 2025-09-03 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9377

NVD References:

- https://www.tp-link.com/us/support/faq/4308/

- https://www.tp-link.com/us/support/faq/4365/

CVE-2025-54914 - Azure Networking Elevation of Privilege Vulnerability

Product: Microsoft Azure Networking

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54914

ISC Diary: https://isc.sans.edu/diary/32270

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54914

CVE-2025-55241 - Azure Entra Elevation of Privilege Vulnerability

Product: Microsoft Azure Entra

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55241

ISC Diary: https://isc.sans.edu/diary/32270

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55241

CVE-2025-55244 - Azure Bot Service Elevation of Privilege Vulnerability

Product: Microsoft Azure Bot Service

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55244

ISC Diary: https://isc.sans.edu/diary/32270

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55244

CVE-2025-55232 - Microsoft High Performance Compute Pack (HPC) is vulnerable to code execution over a network due to deserialization of untrusted data.

Product: Microsoft High Performance Compute Pack (HPC)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55232

ISC Diary: https://isc.sans.edu/diary/32270

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55232

CVE-2025-5086 - DELMIA Apriso from Release 2020 through Release 2025 is vulnerable to remote code execution via untrusted data deserialization.

Product: DELMIA Apriso

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5086

ISC Podcast: https://isc.sans.edu/podcastdetail/9598

CVE-2025-57140 - rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/DatasetService path.

Product: Ruisitech Ruisibi

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57140

CVE-2025-22429 - The vulnerable product may allow for local privilege escalation without the need for user interaction due to a logic error, potentially enabling arbitrary code execution in multiple locations.

Product: Google Android

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22429

NVD References: https://source.android.com/security/bulletin/2025-04-01

CVE-2025-22435 - avdt_msg vulnerability in avdt_msg.cc may result in memory corruption through type confusion, enabling paired device privilege escalation without requiring user interaction.

Product: Google Android

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22435

NVD References: https://source.android.com/security/bulletin/2025-04-01

CVE-2025-26416 - SkBmpStandardCodec.cpp contains a possible out of bounds write vulnerability in initializeSwizzler, allowing for remote escalation of privilege without user interaction.

Product: Google Android

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26416

NVD References: https://source.android.com/security/bulletin/2025-04-01

CVE-2025-36890 - Elevation of Privilege

Product: Google Android

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-36890

NVD References: https://source.android.com/security/bulletin/pixel/2025-09-01

CVE-2025-36896 - WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106.

Product: Google Android

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-36896

NVD References: https://source.android.com/security/bulletin/pixel/2025-09-01

CVE-2025-36897 - cd_CnMsgCodecUserApi.cpp in an unknown product may experience an out of bounds write vulnerability allowing for remote code execution without requiring user interaction.

Product: Google Android

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-36897

NVD References: https://source.android.com/security/bulletin/pixel/2025-09-01

CVE-2025-36904 - WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384.

Product: Google Android

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-36904

NVD References: https://source.android.com/security/bulletin/pixel/2025-09-01

CVE-2025-48581 - Apexd.cpp is vulnerable to a logic error that can block security updates, allowing for local privilege escalation without user interaction.

Product: Google Android

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48581

NVD References: https://source.android.com/security/bulletin/2025-09-01

CVE-2025-1740 - Akinsoft MyRezzta is vulnerable to improper restriction of excessive authentication attempts, potentially enabling authentication bypass, password recovery exploitation, and brute force attacks in versions before v2.05.01.

Product: Akinsoft MyRezzta

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1740

CVE-2024-43166 - Apache DolphinScheduler is vulnerable to Incorrect Default Permissions before version 3.2.2, requiring users to upgrade to version 3.3.1 for a fix.

Product: Apache DolphinScheduler

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43166

CVE-2025-57148 - phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation.

Product: Phpgurukul Online Shopping Portal

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57148

CVE-2025-56752 - Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 has a vulnerability that allows remote attackers to bypass authentication and gain complete control via a specially crafted HTTP POST request.

Product: Ruijie RG-ES series switch firmware

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-56752

CVE-2025-58357 - 5ire is vulnerable to content injection attacks through multiple vectors in version 0.13.2, which is fixed in version 0.14.0.

Product: 5ire Desktop AI Assistant

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58357

CVE-2025-41032, CVE-2025-41033, CVE-2025-41034 - appRain CMF 4.0.5 SQL injection vulnerabilities

Product: AppRain 4.0.5

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41032

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41033

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41034

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-apprain-cmf

CVE-2025-58361 - Promptcraft Forge Studio has a non-exhaustive URL scheme check vulnerability that leaves LLM-powered applications open to XSS attacks.

Product: Promptcraft Forge Studio

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58361

CVE-2025-55190 - Argo CD allows sensitive repository credentials to be retrieved by API tokens with project-level permissions in certain versions, even if the token only has application management permissions.

Product: Argo CD

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55190

CVE-2025-35451 & CVE-2025-35452 - PTZOptics and other ValueHD-based pan-tilt-zoom cameras have hard-coded default passwords and default, shared credentials for the administrative web interface.

Product: PTZOptics ValueHD-based pan-tilt-zoom cameras

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-35451

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-35452

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-10

NVD References: https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-ai

CVE-2025-22956 - OPSI allows any client to retrieve any ProductPropertyState, potentially leading to privilege escalation by accessing secrets intended only for specific clients, such as windomain package passwords.

Product: OPSI before 4.3

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22956

CVE-2025-52161 - Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross-site scripting (XSS) vulnerability.

Product: Scholl Communications AG Weblication CMS Core

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52161

CVE-2025-57141 - rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc.

Product: rsbi-os sqlite-jdbc

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57141

CVE-2025-59033 - The Microsoft vulnerable driver block list is susceptible to bypass on systems without HVCI enabled, allowing certain entries with specific qualifiers to remain unblocked.

Product: Microsoft Windows Defender Application Control (WDAC)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59033

CVE-2025-56266 & CVE-2025-56267 - Vulnerabilities in Avigilon ACM v7.10.0.20.

Product: Avigilon CM v7.10.0.20

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-56266

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-56267

CVE-2025-57285 - CodeceptJS 3.7.3 has a command injection vulnerability in the emptyFolder function due to unsanitized user input in lib/utils.js.

Product: Codeceptjs 3.7.3

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57285

CVE-2025-58745 - WeGIA's arbitrary file upload vulnerability allows remote attackers to upload webshells to the server for remote code execution, even after CVE-2025-22133 fix.

Product: WeGIA Web manager

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58745

CVE-2025-58746 - The Volkov Labs Business Links panel for Grafana allows for privilege escalation by injecting arbitrary JavaScript code in the URL field.

Product: Volkov Labs Business Links panel for Grafana

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58746

CVE-2025-42922 - SAP NetWeaver AS Java allows non-admin users to upload files leading to system compromise.

Product: SAP NetWeaver AS Java

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42922

CVE-2025-42944 - SAP NetWeaver is vulnerable to deserialization attacks allowing unauthenticated attackers to execute arbitrary OS commands through the RMI-P4 module.

Product: SAP NetWeaver

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42944

CVE-2025-42958 - SAP NetWeaver application on IBM i-series allows high privileged unauthorized users to access sensitive information, resulting in a high impact on confidentiality, integrity, and availability.

Product: SAP NetWeaver

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42958

CVE-2025-40795 - SIMATIC PCS neo V4.1, SIMATIC PCS neo V5.0, and User Management Component (UMC) versions prior to V2.15.1.3 are vulnerable to a stack-based buffer overflow, enabling remote attackers to execute arbitrary code or trigger a denial of service attack.

Product: Siemens SIMATIC PCS neo

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40795

CVE-2025-40804 - SIMATIC Virtualization as a Service (SIVaaS) allows attackers to access or alter sensitive data through an exposed network share without authentication.

Product: SIMATIC Virtualization as a Service (SIVaaS)

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40804

CVE-2025-54236 - Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are vulnerable to an Improper Input Validation issue, allowing attackers to achieve session takeover without requiring user interaction.

Product: Adobe Commerce

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54236

NVD References: https://helpx.adobe.com/security/products/magento/apsb25-88.html

CVE-2025-54261 - Adobe ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are vulnerable to Path Traversal, allowing attackers to execute arbitrary code.

Product: Adobe ColdFusion

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54261

NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-93.html

CVE-2025-10183 - TecCom TecConnect 4.1 is vulnerable to a blind XXE injection, allowing unauthenticated attackers to exfiltrate files to a remote server, with end-of-life scheduled for December 2023.

Product: TecCom TecConnect 4.1

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10183

CVE-2025-55236 - Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.

Product: Graphics Kernel Microsoft

CVSS Score: 7.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55236

ISC Diary: https://isc.sans.edu/diary/32270

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55236

CVE-2025-55727, CVE-2025-55728, CVE-2025-55729, & CVE-2025-55730 - XWiki Remote Macros allow remote code execution in versions prior to 1.26.5

Product: XWiki Remote Macros

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55727

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55728

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55729

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55730

CVE-2025-58762 - Tautulli allows an attacker with administrative access to write arbitrary python scripts into the application filesystem, leading to remote code execution via the `pms_image_proxy` endpoint in versions 2.15.3 and earlier.

Product: Tautulli Plex Media Server

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58762

CVE-2025-10159 - Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7) are vulnerable to an authentication bypass issue that enables remote attackers to achieve administrative privileges.

Product: Sophos AP6 Series Wireless Access Points

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10159

CVE-2025-58462 - OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 is vulnerable to SQL injection, allowing a remote attacker to manipulate the database.

Product: OPEXUS FOIAXpress Public Access Link (PAL)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58462

CVE-2025-58768 - DeepChat is vulnerable to a command execution exploit due to improper handling of user content in the Mermaid chart rendering component.

Product: DeepChat Mermaid chart rendering component

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58768

CVE-2025-58447 - rAthena has a heap-based buffer overflow vulnerability in the login server, allowing remote attackers to achieve denial of service and potentially remote code execution prior to commit 2f5248b.

Product: rAthena

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58447

CVE-2025-58448 - rAthena is vulnerable to SQL Injection in the PartyBooking component via the `WorldName` parameter in versions prior to commit 0d89ae0.

Product: rAthena

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58448

CVE-2025-59046 - The npm package `interactive-git-checkout` is vulnerable to a command injection due to improper input validation in versions up to 1.1.4, but the issue is fixed in commit 8dd832dd302af287a61611f4f85e157cd1c6bb41.

Product: npm interactive-git-checkout

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59046

CVE-2025-54107 - Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

Product: Microsoft Windows

CVSS Score: 4.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54107

ISC Diary: https://isc.sans.edu/diary/32270

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54107

CVE-2024-21907 - Newtonsoft.Json before version 13.0.1 mishandles exceptional conditions, allowing an unauthenticated attacker to trigger a denial of service by passing crafted data to JsonConvert.DeserializeObject.

Product: Newtonsoft Json.Net

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21907

ISC Diary: https://isc.sans.edu/diary/32270

CVE-2025-24204 - macOS Sequoia is vulnerable to an issue where an app may access protected user data, which has been fixed with improved checks in version 15.4.

Product: Apple macOS Sequoia

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24204

ISC Podcast: https://isc.sans.edu/podcastdetail/9600

CVE-2024-32444 - Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation. This issue affects RealHomes: from n/a through 4.3.6.

Product: InspiryThemes RealHomes

Active Installations: Unknown. Update to version 4.3.7 or later.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32444

NVD References: https://patchstack.com/database/wordpress/theme/realhomes/vulnerability/wordpress-real-homes-plugin-4-3-6-privilege-escalation-vulnerability?_s_id=cve

CVE-2025-58819 - Bulk Featured Image in CreedAlly allows the unrestricted upload of dangerous files, leading to the potential upload of a web shell onto a web server.

Product: CreedAlly Bulk Featured Image

Active Installations: 900+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58819

NVD References: https://patchstack.com/database/wordpress/plugin/bulk-featured-image/vulnerability/wordpress-bulk-featured-image-plugin-1-2-2-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-49401 - Quiz And Survey Master is vulnerable to object injection due to deserialization of untrusted data, impacting versions from n/a through 10.2.5.

Product: ExpressTech Systems Quiz And Survey Master

Active Installations: 40,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49401

NVD References: https://patchstack.com/database/wordpress/plugin/quiz-master-next/vulnerability/wordpress-quiz-and-survey-master-plugin-10-2-5-php-object-injection-vulnerability?_s_id=cve

CVE-2025-58628 - Miraculous is vulnerable to Blind SQL Injection due to improper neutralization of special elements in SQL commands, impacting versions from n/a through n/a.

Product: kamleshyadav Miraculous

Active Installations: Unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58628

NVD References: https://patchstack.com/database/wordpress/theme/miraculous/vulnerability/wordpress-miraculous-theme-2-0-9-sql-injection-vulnerability?_s_id=cve

CVE-2025-8359 - The AdForest theme for WordPress is vulnerable to Authentication Bypass, allowing unauthenticated attackers to log in as other users, including administrators.

Product: AdForest Theme for WordPress

Active Installations: Unknown. Update to version 6.0.10, or a newer patched version.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8359

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/c080df50-1113-484b-80ed-09515982c585?source=cve

CVE-2025-9113 - The Doccure theme for WordPress is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially achieve remote code execution.

Product: WordPress Doccure theme

Active Installations: Unknown. No patch available.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9113

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/6ff01c24-fa35-43bc-be60-f2bb37854681?source=cve

CVE-2025-9114 - The Doccure theme for WordPress allows unauthenticated attackers to change user passwords and potentially take over administrator accounts.

Product: WordPress Doccure theme

Active Installations: Unknown. No patch available.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9114

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/8f8b1d8f-b2b6-415c-91f2-e5b98048258d?source=cve

CVE-2025-10134 - The Goza - Nonprofit Charity WordPress Theme for WordPress allows unauthenticated attackers to delete arbitrary files on the server, leading to potential remote code execution.

Product: Goza Nonprofit Charity WordPress Theme

Active Installations: Unknown. Update to version 3.2.3, or a newer patched version.

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10134

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/73efd9ad-9515-4ca8-bfb3-1d478f39c2b9?source=cve

CVE-2025-47569 - WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates is vulnerable to SQL Injection from version n/a through 2.8.10.

Product: WPSwings WooCommerce Ultimate Gift Card

Active Installations: 7,000+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47569

NVD References: https://patchstack.com/database/wordpress/plugin/woocommerce-ultimate-gift-card/vulnerability/wordpress-woocommerce-ultimate-gift-card-plugin-2-8-10-sql-injection-vulnerability?_s_id=cve

CVE-2025-47579 - Deserialization of Untrusted Data vulnerability in ThemeGoods Photography. This issue affects Photography: from n/a through 7.5.2.

Product: ThemeGoods Photography

Active Installations: Unknown.

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47579

NVD References: https://patchstack.com/database/wordpress/theme/photography/vulnerability/wordpress-photography-theme-7-5-2-unauthenticated-php-object-injection-vulnerability?_s_id=cve

CVE-2025-58997 - Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue affects Mow: from n/a through 4.10.

Product: Frenify Mow

Active Installations: Unknown. Update to version 4.11 or later.

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58997

NVD References: https://patchstack.com/database/wordpress/theme/mow/vulnerability/wordpress-mow-theme-4-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve