The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Exploit Attempts Against Older Hikvision Camera Vulnerability

Published: 2025-09-24

Last Updated: 2025-09-24 15:11:36 UTC

by Johannes Ullrich (Version: 1)

I notice a new URL showing up in our web honeypot logs, which looked a bit interesting ...

The auth" string caught my attention, in particular as it was followed by a base64 encoded string. The string decodes to admin:11.

This "auth" string has been around for a while for a number of Hikvision-related URLs. Until this week, the particular URL never hit our threshold to be included in our reports. So far, the "configurationFile" URL has been the most popular. It may give access to additional sensitive information ...

Read the full entry: https://isc.sans.edu/diary/Exploit+Attempts+Against+Older+Hikvision+Camera+Vulnerability/32316/

[Guest Diary] Distracting the Analyst for Fun and Profit

Published: 2025-09-23

Last Updated: 2025-09-23 12:55:18 UTC

by Jesse La Grew (Version: 1)

[This is a Guest Diary by Taylor House, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program.]

Distributed denial of service (DDoS) attacks are a type of cyber-attack where the threat actor attempts to disrupt a service by flooding the target with a ton of requests to overload system resources and prevent legitimate traffic from reaching it. From March 31st until April 20th of this year, my honeypot went under a constant barrage of TCP SYN packets over port 443. This post seeks to go over this attack and share observations proving how looks can be deceiving.

In total, this attack sent 2389339 packets from 6039 hosts. The attack came over a series of three waves, with no relation other than the destination port and the flag that was set. A sample was taken from the first of these waves, and each packet was found to have these properties:

* A total length of 60 bytes.

* Targeted port 443 using the TCP protocol.

* Had the SYN flag and no other flags set.

* Had a window size of 32768.

* Had a maximum segment size of 1460 bytes.

* A trailer in the Ethernet header containing 2 bytes of padding ...

Read the full entry: https://isc.sans.edu/diary/Guest+Diary+Distracting+the+Analyst+for+Fun+and+Profit/32308/

Exploring Uploads in a Dshield Honeypot Environment [Guest Diary]

Published: 2025-09-18

Last Updated: 2025-09-18 00:49:09 UTC

by Guy Bruneau (Version: 1)

[This is a Guest Diary by Nathan Smisson, an ISC intern as part of the SANS.edu BACS program]

The goal of this project is to test the suitability of various data entry points within the dshield ecosystem to determine which metrics are likely to yield consistently interesting results. This article explores analysis of files uploaded to the cowrie honeypot server. Throughout this project, a number of tools have been developed to aid in improving workflow efficiency for analysts conducting research using a cowrie honeypot. Here, a relatively simple tool called upload-stats is used to enumerate basic information about the files in the default cowrie ‘downloads’ directory ...

The configuration of my honeypot is intentionally very typical, closely following the installation and setup guide on https://github.com/DShield-ISC/dshield/tree/main. The node in use for the purposes of this article is was set up on an EC2 instance in the AWS us-east-1 zone, which is old and very large, even by AWS standards.

Part 1: Identified Shell Script Investigation

The upload-stats tool works by enumerating some basic information about the files present in the downloads directory and printing it along with any corresponding information discovered in the honeypot event logs. If the logs are still present on the system, it will automatically identify information such as source IP, time of upload, and other statistics that can aid in further exploration of interesting-looking files.

Given no arguments, the tool produces a quick summary of the files available on the system ...

Read the full entry: https://isc.sans.edu/diary/Exploring+Uploads+in+a+Dshield+Honeypot+Environment+Guest+Diary/32296/

Help Wanted: What are these odd requests about? (2025.09.21)

https://isc.sans.edu/diary/Help+Wanted+What+are+these+odd+requests+about/32302/

Apple Updates Everything - iOS/macOS 26 Edition (2025.09.15)

https://isc.sans.edu/diary/Apple+Updates+Everything+iOSmacOS+26+Edition/32286/

Microsoft Patch Tuesday September 2025 (2025.09.09)

https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+September+2025/32270/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-26399 - SolarWinds Web Help Desk is vulnerable to a remote code execution flaw that allows unauthenticated attackers to run commands on the host machine through an unauthenticated AjaxProxy deserialization.

Product: SolarWinds Web Help Desk

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26399

ISC Podcast: https://isc.sans.edu/podcastdetail/9626

NVD References:

- https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm

- https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399

CVE-2024-28986 - SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

Product: Solarwinds Web_Help_Desk 12.8.3

CVSS Score: 0

** KEV since 2024-08-15 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28986

ISC Podcast: https://isc.sans.edu/podcastdetail/9626

NVD References: https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986

CVE-2024-28988 - SolarWinds Web Help Desk is susceptible to a Java Deserialization Remote Code Execution vulnerability, allowing attackers to run commands on the host machine.

Product: SolarWinds Web Help Desk

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28988

ISC Podcast: https://isc.sans.edu/podcastdetail/9626

CVE-2019-0211 - Apache HTTP Server Privilege Escalation Vulnerability

Product: Oracle Retail_Xstore_Point_Of_Service 7.1

CVSS Score: 0

** KEV since 2021-11-03 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-0211

ISC Diary: https://isc.sans.edu/diary/32308

CVE-2025-10585 - Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.

Product: Google Chromium V8

CVSS Score: 8.8

** KEV since 2025-09-23 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10585

References:

- https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html

- https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html

CVE-2025-4688 - SINAV.LINK Exam Result Module before 1.2 is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands.

Product: BGS Interactive SINAV.LINK Exam Result Module

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4688

CVE-2025-7743 - Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.This issue affects Omaspot: before 12.09.2025.

Product: Dolusoft Omaspot

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7743

CVE-2025-7744 - Dolusoft Omaspot is vulnerable to SQL Injection before 12.09.2025.

Product: Dolusoft Omaspot

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7744

CVE-2025-55109 - Control-M/Agent is vulnerable to an authentication bypass when using empty or default kdb keystore or default PKCS#12 keystore, allowing a remote attacker with access to a signed third-party or demo certificate to bypass the need for organization's certificate authority during authentication.

Product: BMC Control-M/Agent

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55109

NVD References:

- https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441963

- https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099

CVE-2025-55113 - Control-M/Agent vulnerability in ACL enforcement allows attackers to bypass configured ACLs by exploiting NULL byte in email address in client certificate verification.

Product: BMC Control-M/Agent

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55113

NVD References:

- https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441967

- https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099

CVE-2025-57119 - Online Library Management System v.3.0 is vulnerable to privilege escalation through the adminlogin.php component and the Login function.

Product: PHPGurukul Online Library Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57119

CVE-2025-56074 - PHPGurukul Park Ticketing Management System v2.0 is vulnerable to SQL Injection via the fromdate parameter in a POST request.

Product: PHPGurukul Park Ticketing Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-56074

CVE-2025-8276 - Patika Global Technologies HumanSuite before 53.21.0 is vulnerable to various types of injection attacks, allowing for input data manipulation, code injection, and reflection injection.

Product: Patika Global Technologies HumanSuite

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8276

CVE-2024-13149 - Arma Store Armalife allows SQL Injection, exposing sensitive information to unauthorized actors through 20250916.

Product: Arma Store Armalife

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13149

CVE-2025-41243 - Spring Cloud Gateway Server Webflux is vulnerable to Spring Environment property modification if certain conditions are met.

Product: Spring Cloud Gateway Server Webflux

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41243

NVD References: https://spring.io/security/cve-2025-41243

CVE-2025-59334 - Linkr allows arbitrary file injection and potential remote code execution due to lack of manifest file integrity verification in versions through 2.0.0, but version 2.0.1 and later includes a manifest integrity check to prevent this vulnerability.

Product: Linkr

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59334

CVE-2025-56557 - Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices through the Matter protocol.

Product: Tuya Smart Life App

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-56557

CVE-2025-57631 - TDuckCloud v.5.1 is vulnerable to SQL Injection, allowing remote attackers to execute arbitrary code through the Add a file upload module.

Product: TDuckCloud

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57631

CVE-2025-54391 - Zimbra Collaboration (ZCS) has a vulnerability that allows an attacker to bypass Two-Factor Authentication (2FA) protection with valid user credentials.

Product: Zimbra Collaboration (ZCS)

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54391

NVD References:

- https://wiki.zimbra.com/wiki/Security_Center

- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

CVE-2025-9971 - Planet Technology's Industrial Cellular Gateway has a Missing Authentication vulnerability that enables unauthenticated remote attackers to manipulate the device through a specific functionality.

Product: Planet Technology Industrial Cellular Gateway

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9971

NVD References:

- https://www.planet.com.tw/en/support/security-advisory/8

- https://www.twcert.org.tw/en/cp-139-10390-7ce12-2.html

CVE-2025-9972 - N-Reporter, N-Cloud, and N-Probe by N-Partner are vulnerable to OS Command Injection, enabling authenticated remote attackers to execute arbitrary commands on the server.

Product: N-Partner N-Reporter

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9972

NVD References:

- https://www.planet.com.tw/en/support/security-advisory/8

- https://www.twcert.org.tw/en/cp-139-10390-7ce12-2.html

CVE-2025-10439 - Yordam Library Automation System is vulnerable to SQL Injection in versions 21.5 through 21.6, allowing for improper neutralization of special elements in SQL commands.

Product: Yordam Informatics Yordam Library Automation System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10439

CVE-2025-8077 - NeuVector versions up to and including 5.4.5 have a vulnerability where the default password for the `admin` account can be exploited by any workload with network access in the cluster.

Product: NeuVector

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8077

CVE-2025-59304 - Swetrix Web Analytics API 3.1.1 before 7d8b972 is vulnerable to a directory traversal issue that enables Remote Code Execution through a malicious HTTP request.

Product: Swetrix Web Analytics API

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59304

CVE-2025-58766 - Dyad, a local AI app builder, had a critical security vulnerability in versions v0.19.0 and earlier, allowing attackers to execute arbitrary code through the preview window functionality.

Product: Dyad

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58766

CVE-2025-59340 - Jinjava is vulnerable to remote code execution prior to version 2.8.1 due to deserializing attacker-controlled input into arbitrary classes, allowing for access to local files and URLs.

Product: Jinja jinjava

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59340

CVE-2025-59352 - Dragonfly version prior to 2.1.0 is vulnerable to RCE attacks through gRPC and HTTP APIs, allowing peers to access secret data and execute code on the recipient's machine.

Product: Linux Foundation Dragonfly

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59352

CVE-2025-23316 - NVIDIA Triton Inference Server is vulnerable to remote code execution through manipulation of the model name parameter in the Python backend.

Product: NVIDIA Triton Inference Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23316

NVD References: https://nvidia.custhelp.com/app/answers/detail/a_id/5691

CVE-2024-13151 - Logo Software Diva is vulnerable to Authorization Bypass through User-Controlled SQL Primary Key, allowing for SQL Injection attacks up to version 4.56.00.00.

Product: Logo Software Diva

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13151

CVE-2025-30519 - Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed, allowing attackers with network access to gain administrative control.

Product: Dover Fueling Solutions ProGauge MagLink LX4 Devices

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30519

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07

CVE-2025-54807 - Device firmware for affected versions Dover Fueling Solutions ProGauge MagLink LX has a hardcoded signing key, allowing attackers to bypass authentication and gain full system access.

Product: Dover Fueling Solutions ProGauge MagLink LX4 Devices

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54807

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07

CVE-2025-10035 - Fortra's GoAnywhere MFT is susceptible to a deserialization vulnerability, which enables an actor to inject commands by deserializing an arbitrary object with a forged license response signature.

Product: Fortra GoAnywhere MFT

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10035

NVD References: https://www.fortra.com/security/advisories/product-security/fi-2025-012

CVE-2025-57644 - Accela Automation Platform 22.2.3.0.230103 is vulnerable to remote code execution, arbitrary file write, and server-side request forgery, potentially leading to full server compromise and unauthorized access to sensitive data.

Product: Accela Automation Platform

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57644

CVE-2025-48703 - CWP before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in a filemanager changePerm request.

Product: CWP (CentOS Web Panel)

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48703

CVE-2025-40925 - Starch versions 0.14 and earlier generate session ids insecurely, potentially allowing attackers to gain access to systems.

Product: Starch versions 0.14

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40925

CVE-2025-35042 - Airship AI Acropolis has a default administrative account with the same credentials on every installation, leaving instances open to remote attacks if the password is not changed, fixed in versions 10.2.35, 11.0.21, and 11.1.9.

Product: Airship AI Acropolis

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-35042

CVE-2025-57432 - Blackmagic Web Presenter version 3.3 allows remote attackers to manipulate stream settings through an unauthenticated Telnet service on port 9977.

Product: Blackmagic Web Presenter

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57432

CVE-2025-57437 - The Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive information through an unauthenticated Telnet service, allowing for potential live stream hijacking and network reconnaissance.

Product: Blackmagic Design Blackmagic Web Presenter HD

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57437

CVE-2025-57441 - The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device and stream configuration information through an unauthenticated Telnet service on port 9990, allowing attackers to plan further attacks.

Product: Blackmagic ATEM Mini Pro

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57441

CVE-2025-57601 & CVE-2025-57602 - AiKaan Cloud Controller and IoT management platform hardcoded credentials vulnerabilities.

Product: AiKaan Cloud Controller and IoT Management Platform

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57601

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57602

CVE-2025-59434 - Flowise had an authenticated vulnerability prior to August 2025 that allowed users on the free tier to access sensitive environment variables from other tenants, resulting in cross-tenant data exposure.

Product: Cloud-Hosted Flowise

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59434

CVE-2025-59528 - Flowise version 3.0.5 is vulnerable to remote code execution due to insecure handling of user input in the CustomMCP node, allowing attackers to execute JavaScript code with full Node.js runtime privileges.

Product: Flowise

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59528

CVE-2025-9588 - Iron Mountain Archiving Services Inc. EnVision is vulnerable to OS Command Injection before version 250563.

Product: Iron Mountain Archiving Services Inc enVision

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9588

CVE-2025-9846 - Inka.Net before 6.7.1 allows for unrestricted upload of files with dangerous types, leading to command injection vulnerabilities in TalentSys Consulting Information Technology Industry Inc.

Product: TalentSys Consulting Information Technology Industry Inc Inka.Net

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9846

CVE-2025-59545 - DNN (formerly DotNetNuke) allows potential script execution through the Prompt module prior to version 10.1.0.

Product: DNN (DotNetNuke) Prompt module

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59545

CVE-2025-6198 & CVE-2025-7937 - Supermicro MBD-X13SEM-F and MBD-X12STW Improper Verification of Cryptographic Signature vulnerabilities.

Product: Supermicro MBD-X13SEM-F and MBD-X12STW

CVSS Scores: 6.4 - 6.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6198

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7937

ISC Podcast: https://isc.sans.edu/podcastdetail/9626

NVD References: https://www.supermicro.com/en/support/security_BMC_IPMI_Sept_2025

CVE-2025-9242 - WatchGuard Fireware OS is vulnerable to an out-of-bounds write flaw, potentially enabling remote attackers to run arbitrary code.

Product: WatchGuard Fireware OS

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9242

ISC Podcast: https://isc.sans.edu/podcastdetail/9618

NVD References: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015

CVE-2021-44790 - Apache HTTP Server is susceptible to a buffer overflow in the mod_lua multipart parser.

Product: Apache HTTP Server 2.4.51 and earlier

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-44790

ISC Diary: https://isc.sans.edu/diary/32308

CVE-2011-3607 - Apache HTTP Server versions 2.0.x through 2.0.64 and 2.2.x through 2.2.21 allow local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive.

Product: Apache Http_Server 2.2.21

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2011-3607

ISC Diary: https://isc.sans.edu/diary/32308

CVE-2017-9798 - Apache httpd allows remote attackers to read secret data from process memory through a vulnerability known as Optionsbleed, affecting versions 2.2.34 and 2.4.x, by exploiting a use-after-free issue via unauthenticated OPTIONS HTTP requests.

Product: Apache httpd

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-9798

ISC Diary: https://isc.sans.edu/diary/32308

CVE-2025-55241 - Azure Entra Elevation of Privilege Vulnerability

Product: Microsoft Azure Entra

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55241

ISC Podcast: https://isc.sans.edu/podcastdetail/9618

CVE-2025-5305 - The Password Reset with Code for WordPress REST API WordPress plugin lacks secure OTP code generation, posing a risk of account takeovers.

Product: Password Reset with Code WordPress Plugin

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5305

NVD References: https://wpscan.com/vulnerability/dcf5c003-91b0-4e7d-89f3-7459d8f01153/

CVE-2025-8942 - The WP Hotel Booking WordPress plugin before 2.2.3 allows attackers to manipulate review ratings by intercepting and modifying requests.

Product: WP Hotel Booking WordPress plugin

Active Installations: 8,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8942

CVE-2025-9083 - The Ninja Forms WordPress plugin before 3.11.1 allows unauthenticated users to perform PHP Object Injection through user input in form fields.

Product: Ninja Forms WordPress plugin

Active Installations: 600,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9083

CVE-2025-10690 - The Goza - Nonprofit Charity WordPress Theme is vulnerable to unauthorized arbitrary file uploads, allowing attackers to execute remote code by uploading disguised webshells as plugins.

Product: Goza Nonprofit Charity WordPress Theme

Active Installations: Unknown. Update to version 3.2.3, or a newer patched version.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10690

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/628bfa19-2ffa-426b-8b88-22a0c4d0ba92?source=cve

CVE-2025-5948 - The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation through account takeover, allowing unauthenticated attackers to login as any user, including admins, by exploiting the claim_business AJAX action.

Product: WordPress Service Finder Bookings plugin

Active Installations: Unknown.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5948

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/7eb018bc-2650-4e0d-8da9-325eac826d45?source=cve

CVE-2025-9321 - The WPCasa plugin for WordPress is vulnerable to Code Injection up to version 1.4.1, allowing unauthenticated attackers to execute arbitrary functions and code.

Product: WPCasa WordPress plugin

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9321

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/c1001b2b-395a-44ee-827e-6e57f7a50218?source=cve

CVE-2025-10147 - The Podlove Podcast Publisher plugin for WordPress allows unauthenticated attackers to upload arbitrary files, potentially leading to remote code execution.

Product: Podlove Podcast Publisher plugin for WordPress

Active Installations: 4,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10147

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/093058f1-c717-424f-9bd5-4838df8d20a1?source=cve

CVE-2025-10412 - The Uni CPO (Premium) plugin for WordPress is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially execute remote code.

Product: WooCommerce Uni CPO (Premium) plugin

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10412

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/1c0c6a45-2c4a-4a23-84e6-7a9759796824?source=cve