24h | 7d | 30d

Overview

  • Gogs
  • Gogs
  • Gogs

10 Dec 2025
Published
11 Dec 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.08%

KEV

Description

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

Statistics

  • 11 Posts
  • 10 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture

🚨 CVE-2025-8110 (Zero-Day) Detection Template: Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code

GitHub: github.com/rxerium/CVE-2025-81

Writeup: wiz.io/blog/wiz-research-gogs-

  • 1
  • 0
  • 0
  • 10h ago
Profile picture

:uwasa_sana: Rumor has it attackers are exploiting a zero-day bug (CVE-2025-8110) in Gogs, a self-hosted Git service, allowing remote code execution. The vulnerability, discovered by Wiz researchers, affects Gogs versions 0.13.3 or earlier with open-registration enabled. While a fix is being developed, Wiz recommends disabling open-registration and limiting internet exposure.

  • 0
  • 2
  • 0
  • 15h ago
Profile picture

The flaw, tracked as CVE-2025-8110 (CVSS score: 8.7), is a case of file overwrite in the file update API of the Go-based self-hosted Git service. thehackernews.com/2025/12/unpa

  • 0
  • 0
  • 1
  • 16h ago

Bluesky

Profile picture
An unpatched zero-day vulnerability (CVE-2025-8110) in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers.
  • 3
  • 3
  • 0
  • 17h ago
Profile picture
Une faille critique non corrigée dans #Gogs exploitée sur plus de 700 instances en activité ⚠️ Une vulnérabilité (CVE-2025-8110, score CVSS 8.7) permet de remplacer des fichiers via l’API de mise à jour. #CyberSecurity #IA #InnovationIA https://kntn.ly/983ad59c
  • 1
  • 0
  • 0
  • 13h ago
Profile picture
A critical file-overwrite vulnerability (CVE-2025-8110, CVSS 8.7) in Gogs enables symlink-based arbitrary code execution and has been actively exploited across 700+ instances.
  • 0
  • 0
  • 0
  • 19h ago
Profile picture
A high-severity vulnerability in the self-hosted Git service Gogs is actively exploited, affecting over 700 internet-accessible instances. The flaw, CVE-2025-8110, […]
  • 0
  • 0
  • 0
  • 19h ago
Profile picture
📌 Critical Unpatched Gogs Vulnerability (CVE-2025-8110) Actively Exploited in the Wild https://www.cyberhub.blog/article/16625-critical-unpatched-gogs-vulnerability-cve-2025-8110-actively-exploited-in-the-wild
  • 0
  • 0
  • 0
  • 17h ago
Profile picture
Gogs 0-Day Exploited in the Wild (CVE-2025-8110) #appsec
  • 0
  • 0
  • 0
  • 13h ago
Profile picture
Gitサーバ「Gogs」にゼロデイ脆弱性 - 広範囲の公開サーバに侵害痕跡 - Security NEXT 「CVE-2025-8110」を発見、報告したWizは、ワークロードにおけるマルウェア感染の調査を進めていた際に偶然発見したと説明。 インターネット上で公開されて ... www.security-next.com/178279/2
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Meta
  • react-server-dom-webpack

03 Dec 2025
Published
11 Dec 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
76.01%

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 13 Posts
  • 19 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture

Just in: Watch exploitation unfold over time in the map below (geo of source IPs attempting to exploit CVE-2025-55182).

  • 5
  • 11
  • 1
  • 14h ago
Profile picture

[WelsonJS 프로젝트 관련 공지사항]

WelsonJS 프로젝트의 하위 프로젝트 중 일부가 React(클라이언트 측)를 사용중인 관계로, 프로젝트 내에서 조만간 React2Shell (CVE-2025-55182) 관련 공지를 진행할 예정입니다.

시스템에 직접적으로 영향을 미칠 수 있는 부분(서버 측)에는 어떠한 React 및 NextJS 관련 컴포넌트를 사용 중이지 않아, 이번 취약점에 해당사항이 없다는 것이 제 공식 입장임을 밝힙니다.

다만, 확실히하기 위해 필요한 정보를 곧 정리하여 공지하도록 하겠습니다.

감사합니다.

  • 2
  • 0
  • 0
  • 2h ago
Profile picture

It didn’t take long: CVE-2025-55182 is now under active exploitation

On December 4, 2025, researchers published details on the critical vulnerability CVE-2025-55182, which received a CVSS score of 10.0. It has been unofficially dubbed React4Shell, as it affects React Server Components (RSC) functionality used in web applications built with the React library. RSC speeds up UI rendering by distributing tasks between the client and the server. The flaw is categorized as CWE-502 (Deserialization of Untrusted Data). It allows an attacker to execute commands, as well as read and write files in directories accessible to the web application, with the server process privileges.

Almost immediately after the exploit was published, our honeypots began registering attempts to leverage CVE-2025-55182. This post analyzes the attack patterns, the malware that threat actors are attempting to deliver to vulnerable devices, and shares recommendations for risk mitigation.

A brief technical analysis of the vulnerability


React applications are built on a component-based model. This means each part of the application or framework should operate independently and offer other components clear, simple methods for interaction. While this approach allows for flexible development and feature addition, it can require users to download large amounts of data, leading to inconsistent performance across devices. This is the challenge React Server Components were designed to address.

The vulnerability was found within the Server Actions component of RSC. To reach the vulnerable function, the attacker just needs to send a POST request to the server containing a serialized data payload for execution. Part of the functionality of the handler that allows for unsafe deserialization is illustrated below:


A comparison of the vulnerable (left) and patched (right) functions

CVE-2025-55182 on Kaspersky honeypots


As the vulnerability is rather simple to exploit, the attackers quickly added it to their arsenal. The initial exploitation attempts were registered by Kaspersky honeypots on December 5. By Monday, December 8, the number of attempts had increased significantly and continues to rise.

The number of CVE-2025-55182 attacks targeting Kaspersky honeypots, by day (download)

Attackers first probe their target to ensure it is not a honeypot: they run whoami, perform multiplication in bash, or compute MD5 or Base64 hashes of random strings to verify their code can execute on the targeted machine.

In most cases, they then attempt to download malicious files using command-line web clients like wget or curl. Additionally, some attackers deliver a PowerShell-based Windows payload that installs XMRig, a popular Monero crypto miner.

CVE-2025-55182 was quickly weaponized by numerous malware campaigns, ranging from classic Mirai/Gafgyt variants to crypto miners and the RondoDox botnet. Upon infecting a system, RondoDox wastes no time, its loader script immediately moving to eliminate competitors:

Beyond checking hardcoded paths, RondoDox also neutralizes AppArmor and SELinux security modules and employs more sophisticated methods to find and terminate processes with ELF files removed for disguise.

Only after completing these steps does the script download and execute the main payload by sequentially trying three different loaders: wget, curl, and wget from BusyBox. It also iterates through 18 different malware builds for various CPU architectures, enabling it to infect both IoT devices and standard x86_64 Linux servers.

In some attacks, instead of deploying malware, the adversary attempted to steal credentials for Git and cloud environments. A successful breach could lead to cloud infrastructure compromise, software supply chain attacks, and other severe consequences.


Risk mitigation measures


We strongly recommend updating the relevant packages by applying patches released by the developers of the corresponding modules and bundles.
Vulnerable versions of React Server Components:

  • react-server-dom-webpack (19.0.0, 19.1.0, 19.1.1, 19.2.0)
  • react-server-dom-parcel (19.0.0, 19.1.0, 19.1.1, 19.2.0)
  • react-server-dom-turbopack (19.0.0, 19.1.0, 19.1.1, 19.2.0)

Bundles and modules confirmed as using React Server Components:

  • next
  • react-router
  • waku
  • @parcel/rsc
  • @vitejs/plugin-rsc
  • rwsdk

To prevent exploitation while patches are being deployed, consider blocking all POST requests containing the following keywords in parameters or the request body:

  • #constructor
  • # proto
  • #prototype
  • vm#runInThisContext
  • vm#runInNewContext
  • child_process#execSync
  • child_process#execFileSync
  • child_process#spawnSync
  • module#_load
  • module#createRequire
  • fs#readFileSync
  • fs#writeFileSync
  • s#appendFileSync


Conclusion


Due to the ease of exploitation and the public availability of a working PoC, threat actors have rapidly adopted CVE-2025-55182. It is highly likely that attacks will continue to grow in the near term.

We recommend immediately updating React to the latest patched version, scanning vulnerable hosts for signs of malware, and changing any credentials stored on them.

Indicators of compromise


Malware URLs
hxxp://172.237.55.180/b
hxxp://172.237.55.180/c
hxxp://176.117.107.154/bot
hxxp://193.34.213.150/nuts/bolts
hxxp://193.34.213.150/nuts/x86
hxxp://23.132.164.54/bot
hxxp://31.56.27.76/n2/x86
hxxp://31.56.27.97/scripts/4thepool_miner[.]sh
hxxp://41.231.37.153/rondo[.]aqu[.]sh
hxxp://41.231.37.153/rondo[.]arc700
hxxp://41.231.37.153/rondo[.]armeb
hxxp://41.231.37.153/rondo[.]armebhf
hxxp://41.231.37.153/rondo[.]armv4l
hxxp://41.231.37.153/rondo[.]armv5l
hxxp://41.231.37.153/rondo[.]armv6l
hxxp://41.231.37.153/rondo[.]armv7l
hxxp://41.231.37.153/rondo[.]i486
hxxp://41.231.37.153/rondo[.]i586
hxxp://41.231.37.153/rondo[.]i686
hxxp://41.231.37.153/rondo[.]m68k
hxxp://41.231.37.153/rondo[.]mips
hxxp://41.231.37.153/rondo[.]mipsel
hxxp://41.231.37.153/rondo[.]powerpc
hxxp://41.231.37.153/rondo[.]powerpc-440fp
hxxp://41.231.37.153/rondo[.]sh4
hxxp://41.231.37.153/rondo[.]sparc
hxxp://41.231.37.153/rondo[.]x86_64
hxxp://51.81.104.115/nuts/bolts
hxxp://51.81.104.115/nuts/x86
hxxp://51.91.77.94:13339/termite/51.91.77.94:13337
hxxp://59.7.217.245:7070/app2
hxxp://59.7.217.245:7070/c[.]sh
hxxp://68.142.129.4:8277/download/c[.]sh
hxxp://89.144.31.18/nuts/bolts
hxxp://89.144.31.18/nuts/x86
hxxp://gfxnick.emerald.usbx[.]me/bot
hxxp://meomeoli.mooo[.]com:8820/CLoadPXP/lix.exe?pass=PXPa9682775lckbitXPRopGIXPIL
hxxps://api.hellknight[.]xyz/js
hxxps://gist.githubusercontent[.]com/demonic-agents/39e943f4de855e2aef12f34324cbf150/raw/e767e1cef1c35738689ba4df9c6f7f29a6afba1a/setup_c3pool_miner[.]sh

MD5 hashes
0450fe19cfb91660e9874c0ce7a121e0
3ba4d5e0cf0557f03ee5a97a2de56511
622f904bb82c8118da2966a957526a2b
791f123b3aaff1b92873bd4b7a969387
c6381ebf8f0349b8d47c5e623bbcef6b
e82057e481a2d07b177d9d94463a7441

securelist.com/cve-2025-55182-…

  • 0
  • 0
  • 0
  • 22h ago
Profile picture

In addition to React, CVE-2025-55182 impacts other frameworks, including Next.js, Waku, React Router, and RedwoodSDK. securityweek.com/wide-range-of

  • 0
  • 0
  • 1
  • 17h ago

Bluesky

Profile picture
「React2Shell」(CVE-2025-55182)の攻撃観測と感染するマルウェアを解析 | 技術者ブログ | 三井物産セキュアディレクション株式会社 https://www.mbsd.jp/research/20251211/react2shell/ 攻撃の具体例。対策は粛々と進めましょう
  • 0
  • 1
  • 0
  • 18h ago
Profile picture
Next.js 暴雷:CVE-2025-55182 無條件 RCE 漏洞預警
  • 0
  • 0
  • 0
  • 20h ago
Profile picture
📢 CVE-2025-55182 : RCE via React Server Functions/Next.js par références de prototype non sécurisées 📝 Une publication technique décrit en … https://cyberveille.ch/posts/2025-12-10-cve-2025-55182-rce-via-react-server-functions-next-js-par-references-de-prototype-non-securisees/ #Next_js #Cyberveille
  • 0
  • 0
  • 0
  • 18h ago
Profile picture
The latest update for #Foresiet includes "CVE-2025-55182: React2Shell – A Critical RCE in React Server Components and Its Rapid Exploitation" and "Stealc Infostealer: A Deep Dive into Its Evolution, Operations, and Threat Landscape". #cybersecurity #infosec https://opsmtrs.com/3J3CMGz
  • 0
  • 0
  • 0
  • 14h ago
Profile picture
CISAは、現在5000万以上のウェブサイトや製品で使用されているReact Server Componentsの脆弱性React2Shell(CVE-2025-55182)の修正期限を大幅に前倒しし、今週金曜日までとした。パッチ適用に加え、侵害の痕跡がないか確認することも求めている。 therecord.media/react4shell-...
  • 0
  • 0
  • 0
  • 12h ago
Profile picture
The latest update for #Detectify includes "Detectify year in review 2025" and "Security Update: Critical RCE in React Server Components & Next.js (CVE-2025-55182)". #cybersecurity #webvulnerabilities #websecurity https://opsmtrs.com/33CTOVX
  • 0
  • 0
  • 0
  • 6h ago
Profile picture
The latest update for #Wallarm includes "2026 #API and #AI Security Predictions: What Experts Expect in the Year Ahead" and "Update on React Server Components RCE Vulnerability (CVE-2025-55182 / CVE-2025-66478)". #cybersecurity #APISecurity #AppSec https://opsmtrs.com/453oM6P
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • geoserver
  • geoserver

25 Nov 2025
Published
12 Dec 2025
Updated

CVSS v3.1
HIGH (8.2)
EPSS
12.06%

Description

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML request. This issue has been patched in GeoServer 2.25.6, GeoServer 2.26.3, and GeoServer 2.27.0.

Statistics

  • 4 Posts

Last activity: 1 hour ago

Fediverse

Profile picture

🚨 CVE-2025-58360: OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability has been added to the CISA KEV Catalog

CVSS: 8.2

darkwebinformer.com/cisa-kev-c

  • 0
  • 0
  • 0
  • 6h ago

Bluesky

Profile picture
CISA、既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Dec 11) CVE-2025-58360 OSGeo GeoServer の XML 外部エンティティ参照の不適切な制限の脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 6h ago
Profile picture
~Cisa~ CISA added the actively exploited OSGeo GeoServer XXE vulnerability (CVE-2025-58360) to its KEV catalog. - IOCs: CVE-2025-58360 - #CVE202558360 #GeoServer #ThreatIntel
  • 0
  • 0
  • 0
  • 2h ago
Profile picture
CVE-2025-58360 is an unauthenticated XXE in OSGeo GeoServer being exploited in the wild; affected versions require immediate patching to prevent file access, SSRF, and DoS.
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Meta
  • react-server-dom-webpack

11 Dec 2025
Published
11 Dec 2025
Updated

CVSS v3.1
MEDIUM (5.3)
EPSS
Pending

KEV

Description

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument.

Statistics

  • 5 Posts
  • 39 Interactions

Last activity: Last hour

Fediverse

Profile picture

If you just updated React / NextJS for #react2shell , you now get to update again. Two additional vulnerabilities identified in follow-up work were just published: CVE-2025-55183 (DoS), CVE-2025-55184 (Source Code Exposure)

react.dev/blog/2025/12/11/deni

nextjs.org/blog/security-updat

  • 18
  • 20
  • 0
  • 8h ago
Profile picture

Two more #reactjs things. CVE2025-55183 and 55184

Distinct from #React2Shell but still relevant.

Leaky server functions and DoS in this one

#CTI #Infosec blog.cloudflare.com/react2shel

  • 0
  • 0
  • 0
  • 7h ago
Profile picture

It’s time for another round of updates. Sorry folks, this will be a “deploy on friday” day.

vercel.com/kb/bulletin/securit

#React2Shell

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture
🚨 BREAKING: React drops new security patches for CVE-2025-55183 & CVE-2025-67779 Two new vulnerabilities discovered: ✅ DoS (CVSS 7.5) - can crash your servers ✅ Source code exposure (CVSS 5.3) - leaks business logic Read Details - www.cyberkendra.com/2025/12/reac... #React2shell
  • 0
  • 1
  • 0
  • 3h ago
Profile picture
Two new React Server Components vulnerabilities have been discovered: - Denial of Service (High): CVE-2025-55184 -> CVE-2025-67779 - Source Code Exposure (Medium): CVE-2025-55183 If you previously updated to 19.0.2, 19.1.3, or 19.2.2, those patches were incomplete & you will need to update again!
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Meta
  • react-server-dom-webpack

11 Dec 2025
Published
11 Dec 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

KEV

Description

A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints, which can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.

Statistics

  • 4 Posts
  • 43 Interactions

Last activity: Last hour

Fediverse

Profile picture

If you just updated React / NextJS for #react2shell , you now get to update again. Two additional vulnerabilities identified in follow-up work were just published: CVE-2025-55183 (DoS), CVE-2025-55184 (Source Code Exposure)

react.dev/blog/2025/12/11/deni

nextjs.org/blog/security-updat

  • 18
  • 20
  • 0
  • 8h ago
Profile picture

F5 finally confirmed their stuff is not impacted by CVE-2025-55184.

my.f5.com/manage/s/article/K00

  • 2
  • 3
  • 0
  • 8h ago
Profile picture

It’s time for another round of updates. Sorry folks, this will be a “deploy on friday” day.

vercel.com/kb/bulletin/securit

#React2Shell

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture
Two new React Server Components vulnerabilities have been discovered: - Denial of Service (High): CVE-2025-55184 -> CVE-2025-67779 - Source Code Exposure (Medium): CVE-2025-55183 If you previously updated to 19.0.2, 19.1.3, or 19.2.2, those patches were incomplete & you will need to update again!
  • 0
  • 0
  • 0
  • Last hour

Overview

  • FreePBX
  • security-reporting

09 Dec 2025
Published
10 Dec 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.08%

KEV

Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23.

Statistics

  • 3 Posts
  • 2 Interactions

Last activity: 9 hours ago

Bluesky

Profile picture
[RSS] The FreePBX Rabbit Hole: CVE-2025-66039 and others horizon3.ai -> Original->
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • traefik
  • traefik

09 Dec 2025
Published
09 Dec 2025
Updated

CVSS v3.1
MEDIUM (5.9)
EPSS
0.01%

KEV

Description

Traefik is an HTTP reverse proxy and load balancer. Versions 3.5.0 through 3.6.2 have inverted TLS verification logic in the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" (intending to enable backend TLS certificate verification) actually disables verification, allowing man-in-the-middle attacks against HTTPS backends when operators believe they are protected. This issue is fixed in version 3.6.3.

Statistics

  • 1 Post
  • 21 Interactions

Last activity: 18 hours ago

Fediverse

Profile picture

A popular reverse proxy and ingress controller shipped misconfigured versions for the past five months.

The Traefik setting that enabled TLS verification was actually disabling it across the board.

aisle.com/blog/cve-2025-66491-

  • 12
  • 9
  • 0
  • 18h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 3 Posts
  • 2 Interactions

Last activity: Last hour

Fediverse

Profile picture

Microsoft Edge 143.0.3650.80 korrigiert gefährliche Sicherheitslücke (CVE-2025-14174)

deskmodder.de/blog/2025/12/12/

  • 2
  • 0
  • 1
  • Last hour

Bluesky

Profile picture
「Microsoft Edge」でもゼロデイ脆弱性「CVE-2025-14174」が修正、実環境での悪用を確認 - 窓の杜 https://forest.watch.impress.co.jp/docs/news/2070721.html
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Microsoft
  • Windows 10 Version 1809

09 Dec 2025
Published
11 Dec 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.16%

KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally.

Statistics

  • 2 Posts
  • 2 Interactions

Last activity: 13 hours ago

Bluesky

Profile picture
PowerShell Remote Code Execution Vulnerability CVE-2025-54100
  • 1
  • 1
  • 0
  • 13h ago
Profile picture
⚠️ Le patch pour la vulnérabilité CVE-2025-54100 peut avoir un impact sur vos scripts PowerShell Je vous propose un récap' dans cet article 👇 - www.it-connect.fr/windows-powe... #PowerShell #infosec #veilleIT #informatique
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • UTT
  • 进取 512W

11 Dec 2025
Published
11 Dec 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

A vulnerability was determined in UTT 进取 512W up to 3.1.7.7-171114. This impacts the function strcpy of the file /goform/formNatStaticMap of the component Endpoint. Executing manipulation of the argument NatBind can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 2 Posts
  • 2 Interactions

Last activity: 3 hours ago

Fediverse

Profile picture

🚨 CVE-2025-14534: CRITICAL buffer overflow in UTT 进取 512W (≤3.1.7.7-171114). Remote, unauthenticated exploit — public code available. Isolate & restrict /goform/formNatStaticMap now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago
Showing 1 to 10 of 78 CVEs