Overview
- Sudo project
- Sudo
Description
Statistics
- 11 Posts
- 59 Interactions
Fediverse
Turns out sudo -f was implemented as sudo -R...
https://leahneukirchen.org/blog/archive/2011/04/sudo-f.html
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
CVE-2025-32463: Local root exploit in sudo >= 1.9.14 (e.g. Ubuntu 24.04, etc)
Those running new enough versions of sudo, such as those on Ubuntu 24.04, should do a package update as soon as possible.
i’ve been patched against CVE-2025-32463 since april 2022, actually
Maybe controversial, but I think it is bad to do this
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
Sudo Host Option Elevation of Privilege (CVE-2025-32462):
https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host
Sudo local privilege escalation via chroot option (CVE-2025-32463):
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
Linking oss-security too, because researcher advisories don't like to load for me:
https://www.openwall.com/lists/oss-security/2025/06/30/2
https://www.openwall.com/lists/oss-security/2025/06/30/3
Oula, une vulnérabilité sur "sudo" https://ubuntu.com/security/CVE-2025-32463
> An attacker can leverage sudo’s `-R` (`--chroot`) option to run arbitrary commands as root, even if they are not listed in the sudoers file. Sudo versions 1.9.14 to 1.9.17 inclusive are affected.
Big oof
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
install your updates yo.
🔴 CRITICAL: CVE-2025-32463 in Sudo <1.9.17p1 lets local users escalate to root by abusing --chroot and user-controlled /etc/nsswitch.conf. Identify & patch vulnerable systems, tighten controls. https://radar.offseq.com/threat/cve-2025-32463-cwe-829-inclusion-of-functionality--c61a2c6c #OffSeq #Sudo #Linux #CVE202532463
Following a recent incident, here's a reminder: #SudoConsideredHarmful
What I do use instead of #sudo? "ssh root@localhost" with keys: https://github.com/xtaran/sshudo and "alias sudo sshudo" or "ln -vis /usr/bin/sshudo /usr/bin/sudo".
(For those who wonder what I refer to: https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host and https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot)
Sudo versions 1.9.14 to 1.9.17 (inclusive) have two critical vulnerabilities:
- local privilege escalation via chroot option (CVE-2025-32463) https://www.openwall.com/lists/oss-security/2025/06/30/3
- local privilege escalation via host option (CVE-2025-32462) https://www.openwall.com/lists/oss-security/2025/06/30/2
Vulnerabilità critica in Sudo: escalation dei privilegi a root su Linux
Una falla critica nella sicurezza dell’utility Linux Sudo è stata individuata, tale falla permette a qualunque utente locale privo di autorizzazioni di ampliare i propri diritti fino ad arrivare all’accesso come root. Le versioni del software Sudo dalla 1.9.14 alla 1.9.17 sono state riconosciute come vulnerabili, codificate come CVE-2025-32463, e rappresentano un pericolo considerevole per i sistemi operativi Linux che adottano le impostazioni di default.
Pertanto si consiglia vivamente agli amministratori di sistema di aggiornare immediatamente i propri pacchetti Sudo, poiché non esiste una soluzione alternativa per questa vulnerabilità critica.
Il bug di sicurezza è stato individuato da Rich Mirch della Stratascale Cyber Research Unit (CRU) e interessa la funzionalità chroot (-R o -chroot) poco comune in Sudo. Questa falla risulta essere estremamente pericolosa poiché non necessita dell’impostazione di regole Sudo specifiche per l’utente malintenzionato, permettendo quindi lo sfruttamento da parte di utenti sprovvisti di autorizzazioni amministrative.
La falla è stata introdotta in Sudo v1.9.14 a giugno 2023 con aggiornamenti al codice di gestione della corrispondenza dei comandi quando viene utilizzata la funzionalità chroot. La vulnerabilità consente agli utenti non privilegiati di richiamare chroot() su percorsi scrivibili e non attendibili sotto il loro controllo, che Sudo esegue con autorità di root.
La tecnica di sfruttamento implica l’inserimento di un file /etc/nsswitch.conf dannoso all’interno di un ambiente chroot controllato, manipolando il sistema Name Service Switch (NSS). Questo permette agli aggressori di specificare fonti NSS personalizzate, corrispondenti a librerie di oggetti condivisi (come ad esempio libnss_/woot1337.so.2), che vengono successivamente caricate da Sudo con privilegi di root. Di conseguenza, si verifica una violazione della sicurezza quando le operazioni NSS sono attivate e il sistema procede al caricamento della configurazione /etc/nsswitch.conf da un ambiente che non è attendibile.
L’exploit proof-of-concept lo dimostra creando un oggetto condiviso dannoso con una funzione che chiama setreuid(0,0) e setregid(0,0) per ottenere privilegi di root , quindi esegue /bin/bash per fornire una shell di root. Il codice exploit mostra come un semplice comando gcc -shared -fPIC può compilare la libreria dannosa che viene caricata durante le operazioni NSS di Sudo.
I ricercatori di sicurezza hanno verificato la vulnerabilità su Ubuntu 24.04.1 con Sudo 1.9.15p5 e 1.9.16p2, nonché su Fedora 41 Server con Sudo 1.9.15p5. La vulnerabilità colpisce la configurazione predefinita di Sudo, rendendola una minaccia diffusa che richiede attenzione immediata. La correzione è disponibile in Sudo 1.9.17p1 o versioni successive, in cui l’opzione chroot è stata deprecata e le funzioni vulnerabili pivot_root() e unpivot_root() sono state rimosse.
L'articolo Vulnerabilità critica in Sudo: escalation dei privilegi a root su Linux proviene da il blog della sicurezza informatica.
Overview
Description
Statistics
- 6 Posts
- 9 Interactions
Fediverse
Chrome patched a sev:HIGH CVE with an ITW exploit.
Google is aware that an exploit for CVE-2025-6554 exists in the wild.
https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html
Chrome in crisis: a dangerous zero-day in its V8 engine was exploited in the wild—but Google moved fast to patch it. Did your browser make it through the breach?
#cve20256554
#chromevulnerability
#cybersecurity
#zeroday
#googlesecurity
🚨 A new Chrome zero-day is already being exploited in the wild.
Discovered by Google TAG on June 25, CVE-2025-6554 lets attackers run malicious code via a crafted web page.
It targets Chrome’s V8 engine—again.
Update now → https://thehackernews.com/2025/07/google-patches-critical-zero-day-flaw.html
🔎 Chrome pre-138.0.7204.96 hit by HIGH severity type confusion (CVE-2025-6554) in V8. Remote attackers can read/write memory via malicious HTML. Patch now! https://radar.offseq.com/threat/cve-2025-6554-type-confusion-in-google-chrome-3352da1d #OffSeq #Chrome #Vulnerability #CVE20256554
Google Chrome 138.0.7204.96 / .97 korrigiert eine Sicherheitslücke (CVE-2025-6554) als Exploit
"Google is aware that an exploit for CVE-2025-6554 exists in the wild," the browser vendor said in a security advisory issued on Monday. https://www.bleepingcomputer.com/news/security/google-fixes-fourth-actively-exploited-chrome-zero-day-of-2025/
Overview
- Sudo project
- Sudo
Description
Statistics
- 6 Posts
- 35 Interactions
Fediverse
⚠️ Faille Sudo, il faut corriger rapidement.
CVE-2025-32462 : une faille dans sudo permet l’escalade de privilèges locaux via l’option host (V)
TL;DR : Faille de type "Trust me bro on est sur une autre machine lance la commande". (L)
Sudo Host Option Elevation of Privilege (CVE-2025-32462):
https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host
Sudo local privilege escalation via chroot option (CVE-2025-32463):
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
Linking oss-security too, because researcher advisories don't like to load for me:
https://www.openwall.com/lists/oss-security/2025/06/30/2
https://www.openwall.com/lists/oss-security/2025/06/30/3
Setting up sudo (1.9.13p3-1+deb12u2) ...
Et hop, CVE-2025-32462 ne passera pas par moi. https://tracker.debian.org/news/1649978/accepted-sudo-1913p3-1deb12u2-source-into-stable-security/
𝐬𝐮𝐝𝐨 -𝐡 𝐡𝐨𝐬𝐭
Turns out the "h" stands for "hold my beer". 🍺 😅
⬇️
Local Privilege Escalation via host option
Sudo’s host (-h or --host) option is intended to be used in conjunction with the list option (-l or --list) to list a user’s sudo privileges on a host other than the current one. However, due to a bug it was not restricted to listing privileges and could be used when running a command via sudo or editing a file with sudoedit. Depending on the rules present in the sudoers file this could allow a local privilege escalation attack.
Sudo versions 1.8.8 to 1.9.17 inclusive are affected.
👇
https://www.sudo.ws/security/advisories/host_any/
[related]
Vulnerability Advisory: Sudo Host Option Elevation of Privilege
👇
https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host
Following a recent incident, here's a reminder: #SudoConsideredHarmful
What I do use instead of #sudo? "ssh root@localhost" with keys: https://github.com/xtaran/sshudo and "alias sudo sshudo" or "ln -vis /usr/bin/sshudo /usr/bin/sudo".
(For those who wonder what I refer to: https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host and https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot)
Sudo versions 1.9.14 to 1.9.17 (inclusive) have two critical vulnerabilities:
- local privilege escalation via chroot option (CVE-2025-32463) https://www.openwall.com/lists/oss-security/2025/06/30/3
- local privilege escalation via host option (CVE-2025-32462) https://www.openwall.com/lists/oss-security/2025/06/30/2
Overview
- NetScaler
- ADC
Description
Statistics
- 3 Posts
- 48 Interactions
Fediverse
If you see this GitHub PoC for CVE-2025-5777 doing the rounds:
https://github.com/mingshenhk/CitrixBleed-2-CVE-2025-5777-PoC-
It’s not for CVE-2025-5777. It’s AI generated. The links in the README still have ChatGPT UTM sources.
The PoC itself is for a vuln addressed in 2023 - ChatGPT has hallucinated (made up) the cause of the vuln using an old BishopFox write up of the other vuln.
Citrix Bleed 2 CVE-2025–5777 wird wohl ausgenutzt
Citrix blog on CVE-2025-5777 and some other ones https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/
Overview
- Pilz
- IndustrialPI 4 with IndustrialPI webstatus
Description
Statistics
- 3 Posts
- 6 Interactions
Fediverse
#OT #Advisory VDE-2025-039
Pilz: Authentication Bypass in IndustrialPI Webstatus
#CVE CVE-2025-41648
https://certvde.com/en/advisories/VDE-2025-039
#CSAF https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2025/ppsa-2025-003.json
🚨 CVE-2025-41648 (CRITICAL, CVSS 9.8): Pilz IndustrialPI 4 w/ webstatus lets remote attackers bypass authentication & change all settings. No patch yet—segment networks & monitor traffic. Details: https://radar.offseq.com/threat/cve-2025-41648-cwe-704-incorrect-type-conversion-o-ea121f93 #OffSeq #ICS #Vulnerability #OTSecurity
July is starting off with a perfect 10 in some OT kit. 🥳
https://certvde.com/en/advisories/VDE-2025-045/
sev:CRIT 10.0 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.
https://nvd.nist.gov/vuln/detail/CVE-2025-41656
https://certvde.com/en/advisories/VDE-2025-039/
sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.
Overview
Description
Statistics
- 2 Posts
- 23 Interactions
Fediverse
CVE-2025-6543 (citrix 🩸) hit KEV. that means confirmed exploitation with receipts. will wash dishes for payloads. bob [@] greynoise [.] io (some mastodon clients really bork email addresses) if you have'm.
Citrix blog on CVE-2025-5777 and some other ones https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/
Overview
- Cisco
- Cisco Identity Services Engine Software
Description
Statistics
- 3 Posts
Fediverse
Cisco is warning about two critical vulnerabilities in Identity Services Engine (ISE)
Vulnerabilities: Insufficient validation of user input; Poor file validation
Impact: Allows an attacker to execute arbitrary commands, and upload arbitrary files and execute with root privileges
Vulnerability IDs: CVE-2025-20281, CVE-20282
Remediation: Upgrade ISE to 3.3 Patch 6 or 3.4 Patch 2 or later
🚨CVE-2025-20281 & CVE-2025-20282: Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC
• CVSS: 10
• ZoomEye Dork: app="Cisco ISE"
• Results: 1,937
• Advisory:
github.com/advisories/GHSA-rc4f-42xm-hvjwgithub.com/advisories/GHSA-w8p2-wjjr-hr24
• PoC: github.com/abrewer251/CVE-2025-20281-2-Citrix-ISE-RCE
• ZoomEye Search: zoomeye.ai/searchResult?q=YXBwPSJDaXNjbyBJU0Ui
—————
Follow @zoomeye_team's official Twitter/X account and send the message “Dark Web Informer” via DM to receive an extra 15-day membership. 💙
Cisco centra il bersaglio: 9,8 su 10 per due RCE su Identity Services Engine e Passive Identity Connector
Cisco ha segnalato due vulnerabilità RCE critiche che non richiedono autenticazione e interessano Cisco Identity Services Engine (ISE) e Passive Identity Connector (ISE-PIC). Alle vulnerabilità sono stati assegnati gli identificatori CVE-2025-20281 e CVE-2025-20282 e hanno ottenuto il punteggio massimo di 9,8 punti su 10 sulla scala CVSS. Il primo problema riguarda le versioni 3.4 e 3.3 di ISE e ISE-PIC, mentre il secondo riguarda solo la versione 3.4.
La causa principale dell’errore CVE-2025-20281 era l’insufficiente convalida dell’input utente in un’API esposta. Ciò consentiva a un aggressore remoto e non autenticato di inviare richieste API contraffatte per eseguire comandi arbitrari come utente root. Il secondo problema, CVE-2025-20282, era causato da una convalida dei file insufficiente nell’API interna, che consentiva la scrittura di file in directory privilegiate. Questo bug consentiva ad aggressori remoti non autenticati di caricare file arbitrari sul sistema di destinazione ed eseguirli con privilegi di root.
La piattaforma Cisco Identity Services Engine (ISE) è progettata per gestire le policy di sicurezza di rete e il controllo degli accessi e in genere funge da motore di controllo degli accessi alla rete (NAC), gestione delle identità e applicazione delle policy. Questo prodotto è un elemento chiave della rete aziendale ed è spesso utilizzato da grandi aziende, enti governativi, università e fornitori di servizi.
Gli esperti Cisco segnalano che finora non si sono verificati casi di sfruttamento attivo di nuove vulnerabilità (né exploit resi pubblici), ma si consiglia a tutti gli utenti di installare gli aggiornamenti il prima possibile. Gli utenti dovrebbero aggiornare alla versione 3.3 Patch 6 (ise-apply-CSCwo99449_3.3.0.430_patch4) e alla versione 3.4 Patch 2 (ise-apply-CSCwo99449_3.4.0.608_patch1) o successive. Non esistono soluzioni alternative per risolvere i problemi senza applicare patch.
E’ ovvio che con vulnerabilità di tale entità, sia necessario procedere con urgenza all’aggiornamento delle patch, al fine di prevenire possibili tentativi di violazione. Il fornitore raccomanda pertanto di effettuare tempestivamente gli aggiornamenti necessari.
L'articolo Cisco centra il bersaglio: 9,8 su 10 per due RCE su Identity Services Engine e Passive Identity Connector proviene da il blog della sicurezza informatica.
Overview
- TrendMakers
- Sight Bulb Pro Firmware ZJ_CG32-2201
Description
Statistics
- 1 Post
- 19 Interactions
Fediverse
Internet. Of. Shit.
Unauthenticated users on an adjacent network with the Sight Bulb Pro can run shell commands as root through a vulnerable proprietary TCP protocol available on Port 16668. This vulnerability allows an attacker to run arbitrary commands on the Sight Bulb Pro by passing a well formed JSON string.
Overview
- Pilz
- IndustrialPI 4 with Firmware Bullseye
Description
Statistics
- 2 Posts
- 6 Interactions
Fediverse
#OT #Advisory VDE-2025-045
Pilz: Missing Authentication in Node-RED integration
#CVE CVE-2025-41656
https://certvde.com/en/advisories/VDE-2025-045
#CSAF https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2025/ppsa-2025-002.json
July is starting off with a perfect 10 in some OT kit. 🥳
https://certvde.com/en/advisories/VDE-2025-045/
sev:CRIT 10.0 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.
https://nvd.nist.gov/vuln/detail/CVE-2025-41656
https://certvde.com/en/advisories/VDE-2025-039/
sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.
Overview
- TeamViewer
- Full Client
Description
Statistics
- 1 Post
- 12 Interactions
Fediverse
Oh hey, now if the baddies get your box, you can privesc to get it back.
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1002/
Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management.