CVE-2025-24016

Overview

wazuh
wazuh

10 Feb 2025

Published

10 Jun 2025

Updated

CVSS v3.1

CRITICAL (9.9)

EPSS

78.54%

MITRE

KEV

Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandled_exc__`) to evaluate arbitrary python code. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. Version 4.9.1 contains a fix.

Statistics

4 Posts

Fediverse

Catalin Cimpanu @campuscodi

Akamai has spotted two Mirai botnets abusing a recently patched RCE (CVE-2025-24016) in the Wazuh SIEM

https://www.akamai.com/blog/security-research/2025/jun/botnets-flaw-mirai-spreads-through-wazuh-vulnerability

https://cvereports.com/cve-2025-24016-unsafe-deserialization-vulnerability-in-wazuh-leading-to-remote-code-execution/

0
0
19 hours ago

Jeff Hall - PCIGuru :verified: @jbhall56

Akamai, which first discovered the exploitation efforts in late March 2025, said the malicious campaign targets CVE-2025-24016 (CVSS score: 9.9), an unsafe deserialization vulnerability that allows for remote code execution on Wazuh servers. https://thehackernews.com/2025/06/botnet-wazuh-server-vulnerability.html

0
0
8 hours ago

cR0w :cascadia: @cR0w

https://nvd.nist.gov/vuln/detail/CVE-2025-24016 has been added to the KEV Catalog too.

0
0
2 hours ago

Rishi @rxerium

I've created a passive detection script for this Wazuh vulnerability. It is currently being exploited in the wild (as reported by CISA). The script can be found here:
https://github.com/rxerium/CVE-2025-24016

Original article:
https://thehackernews.com/2025/06/botnet-wazuh-server-vulnerability.html

0
0
1 hour ago

CVE-2025-33053

Overview

Microsoft
Windows 10 Version 1809

10 Jun 2025

Published

10 Jun 2025

Updated

CVSS v3.1

HIGH (8.8)

EPSS

Pending

MITRE

KEV

Description

External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.

Statistics

4 Posts
3 Interactions

Fediverse

Catalin Cimpanu @campuscodi

This month, Microsoft patched 67 vulnerabilities, including one actively exploited zero-days—CVE-2025-33053, a WebDAV RCE discovered by Check Point

https://rawcdn.githack.com/campuscodi/Microsoft-Patch-Tuesday-Security-Reports/3bef2ab944021341fc0df39ea448ae9a131426a1/Reports/MSRC_CVEs2025-Jun.html

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-33053

2
0
3 hours ago

cR0w :cascadia: @cR0w

Write-up from Check Point Research on CVE-2025-33053: https://research.checkpoint.com/2025/stealth-falcon-zero-day/

1
0
Last hour

The DefendOps Diaries @defendopsdiaries

Microsoft just blocked an exploited zero-day that let hackers run remote code by patching 66 vulnerabilities. Are you prepared for the next cyber threat?

https://thedefendopsdiaries.com/microsofts-june-2025-patch-tuesday-addressing-critical-cybersecurity-threats/

#microsoft
#patchtuesday
#zeroday
#cybersecurity
#cve202533053

0
0
2 hours ago

cR0w :cascadia: @cR0w

CVE-2025-33053 has already been added to the KEV Catalog.

0
0
2 hours ago

CVE-2025-42989

Overview

SAP_SE
SAP NetWeaver Application Server for ABAP

10 Jun 2025

Published

10 Jun 2025

Updated

CVSS v3.1

CRITICAL (9.6)

EPSS

0.04%

MITRE

KEV

Description

RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application.

Statistics

3 Posts
3 Interactions

Fediverse

cR0w :cascadia: @cR0w

SAP Patch Tuesday has begun. I'm too tired to go through them all but here's a taste if you're interested in a sev:CRIT:

https://nvd.nist.gov/vuln/detail/CVE-2025-42989

#patchTuesday

1
2
18 hours ago

ekiledjian @edwardk

SAP released 14 security patches, including a critical fix for a NetWeaver vulnerability (CVE-2025-42989) allowing attackers to bypass authorization checks and escalate privileges. The patch day also addressed high, medium, and low-severity flaws in various SAP products.
https://www.securityweek.com/critical-vulnerability-patched-in-sap-netweaver/

0
0
9 hours ago

Jeff Hall - PCIGuru :verified: @jbhall56

Tracked as CVE-2025-42989 (CVSS score of 9.6), the critical bug is described as a missing authorization check in the NetWeaver application server for ABAP. https://www.securityweek.com/critical-vulnerability-patched-in-sap-netweaver/

0
0
8 hours ago

CVE-2025-47934

Overview

openpgpjs
openpgpjs

19 May 2025

Published

20 May 2025

Updated

CVSS v4.0

HIGH (8.7)

EPSS

0.02%

MITRE

KEV

Description

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline (non-detached) signed messages (using `openpgp.verify`) and signed-and-encrypted messages (using `openpgp.decrypt` with `verificationKeys`) to be spoofed, since both functions return extracted data that may not match the data that was originally signed. Detached signature verifications are not affected, as no signed data is returned in that case. In order to spoof a message, the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed, and can then construct an inline-signed message or signed-and-encrypted message with any data of the attacker's choice, which will appear as legitimately signed by affected versions of OpenPGP.js. In other words, any inline-signed message can be modified to return any other data (while still indicating that the signature was valid), and the same is true for signed+encrypted messages if the attacker can obtain a valid signature and encrypt a new message (of the attacker's choice) together with that signature. The issue has been patched in versions 5.11.3 and 6.1.1. Some workarounds are available. When verifying inline-signed messages, extract the message and signature(s) from the message returned by `openpgp.readMessage`, and verify the(/each) signature as a detached signature by passing the signature and a new message containing only the data (created using `openpgp.createMessage`) to `openpgp.verify`. When decrypting and verifying signed+encrypted messages, decrypt and verify the message in two steps, by first calling `openpgp.decrypt` without `verificationKeys`, and then passing the returned signature(s) and a new message containing the decrypted data (created using `openpgp.createMessage`) to `openpgp.verify`.

Statistics

3 Posts
1 Interaction

Fediverse

Gonçalo Valério @dethos

"CVE-2025-47934 – Spoofing OpenPGP.js signature verification"

https://codeanlabs.com/blog/research/cve-2025-47934-spoofing-openpgp-js-signatures/

#security #cybersecurity #infosec #openpgp #openpgpjs

1
0
4 hours ago

cR0w :cascadia: @cR0w

My posts on CVE-2025-47934 have rolled off but there's a write-up for it now.

https://codeanlabs.com/blog/research/cve-2025-47934-spoofing-openpgp-js-signatures/

0
0
6 hours ago

buherator @buherator

[RSS] CVE-2025-47934 - Spoofing OpenPGP.js signature verification

https://codeanlabs.com/blog/research/cve-2025-47934-spoofing-openpgp-js-signatures/

0
0
5 hours ago

CVE-2025-33073

Overview

Microsoft
Windows 10 Version 1809

10 Jun 2025

Published

10 Jun 2025

Updated

CVSS v3.1

HIGH (8.8)

EPSS

Pending

MITRE

KEV

Description

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Statistics

3 Posts

Fediverse

RedTeam Pentesting @RedTeamPentesting

🚨🚨🚨 Just a heads-up: Microsoft will release a fix for a vulnerability we discovered as part of Patch Tuesday, today. MS classified CVE-2025-33073 as "important" and we recommend patching soon.

Stay tuned for our blog post and paper about it tomorrow at 10:00 am CEST 🔥

0
0
7 hours ago

Günter Born @gborn

Kleiner Hinweis zum Juni 2025-Patchday von Microsoft. Es gibt eine Schwachstelle im Windows-Netzwerk, die zeitnah gepatcht oder durch Gegenmaßnahmen abgeschwächt werden sollte. Hier vorab was - Disclosure erfolgt Mittwoch 10:00 Uhr durch die Entdecker sowie bei mir im Blog.

https://www.borncity.com/blog/2025/06/10/juni-2025-patchday-soll-schwachstelle-cve-2025-33073-in-windows-schliessen/

0
0
4 hours ago

Günter Born @gborn

Attention: On Microsoft's June 2025 patch day a vulnerability in the Windows network will be closes and should be patched promptly or mitigated by countermeasures. Here's something in advance - disclosure will be made Wednesday 10:00 a.m. (CET).

https://borncity.com/win/2025/06/10/attention-june-2025-patchday-closes-vulnerability-cve-2025-33073-in-windows/

0
0
4 hours ago

CVE-2025-37100

Overview

Hewlett Packard Enterprise (HPE)
HPE Aruba Networking Private 5G Core

10 Jun 2025

Published

10 Jun 2025

Updated

CVSS v3.1

HIGH (7.7)

EPSS

Pending

MITRE

KEV

Description

A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users. A successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information.

Statistics

1 Post
2 Interactions

Fediverse

cR0w :cascadia: @cR0w

Info disclosure in HPE Aruba Private 5G Core APIs.

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04883en_us&docLocale=en_US

sev:HIGH 7.7 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users.
A successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information.

https://nvd.nist.gov/vuln/detail/CVE-2025-37100

#patchTuesday

2
0
4 hours ago

CVE-2025-33112

Overview

IBM
AIX

10 Jun 2025

Published

10 Jun 2025

Updated

CVSS v3.1

HIGH (8.4)

EPSS

Pending

MITRE

KEV

Description

IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input.

Statistics

1 Post
1 Interaction

Fediverse

cR0w :cascadia: @cR0w

../ -> command exec in IBM AIX.

https://www.ibm.com/support/pages/node/7236103

sev:HIGH 8.4 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability in AIX's Perl could allow an attacker to execute arbitrary commands (CVE-2025-33112). AIX uses Perl in various operating system components.

https://nvd.nist.gov/vuln/detail/CVE-2025-33112

#patchTuesday

1
0
2 hours ago

CVE-2025-32756

Overview

Fortinet
FortiVoice

13 May 2025

Published

15 May 2025

Updated

CVSS v3.1

CRITICAL (9.6)

EPSS

8.83%

MITRE

KEV

Description

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.

Statistics

1 Post

Fediverse

Dark Web Informer - Cyber Threat Intelligence :verified_paw: :verified_dragon: @DarkWebInformer

CVE-2025-32756 Proof of Concept: A critical stack-based buffer overflow vulnerability affecting multiple Fortinet products

https://darkwebinformer.com/cve-2025-32756-proof-of-concept-a-critical-stack-based-buffer-overflow-vulnerability-affecting-multiple-fortinet-products/

0
0
2 hours ago

CVE-2025-41657

Overview

Auma
AC1.2

10 Jun 2025

Published

10 Jun 2025

Updated

CVSS v3.1

MEDIUM (4.3)

EPSS

0.01%

MITRE

KEV

Description

Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.

Statistics

1 Post

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-047
AUMA: Incorrect delivery status of the Bluetooth configuration

#CVE CVE-2025-41657

https://certvde.com/en/advisories/VDE-2025-047

#CSAF https://auma.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-047.json

0
0
9 hours ago

CVE-2025-3052

Overview

DT Research
BiosFlashShell

10 Jun 2025

Published

10 Jun 2025

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.

Statistics

1 Post

Fediverse

Red-Team News [AI] @RedTeamNews

New Secure Boot bypass (CVE-2025-3052) lets attackers install bootkit malware by breaking UEFI trust. Patches are out, but firmware issues complicate fixes. Critical update for admins. Details: https://redteamnews.com/red-team/cve/new-secure-boot-bypass-cve-2025-3052-enables-bootkit-malware-installation/

0
0
Last hour