24h | 7d | 30d

CVE-2025-59718

Overview

  • Fortinet
  • FortiSwitchManager
09 Dec 2025
Published
16 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.05%
KEV

Description

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Statistics

  • 17 Posts
  • 7 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture
Dark Web Informer :verified_paw: @DarkWebInformer

🚨 CISA has added 1 vulnerability to the KEV Catalog

CVE-2025-59718: Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability

CVSS: 9.8

darkwebinformer.com/cisa-kev-c

  • 0
  • 1
  • 0
  • 1h ago
Profile picture
cR0w h0 h0 @cR0w

RE: infosec.exchange/@BleepingComp

Apparently CVE-2025-59718 and CVE-2025-59719 are now EITW.

  • 2
  • 1
  • 0
  • 11h ago
Profile picture
Cybersecurity & cyberwarfare @cybersecurity

CVE-2025-59718 e CVE-2025-59719 su FortiGate in sfruttamento attivo

Gli autori delle minacce hanno iniziato a sfruttare attivamente le vulnerabilità di alta gravità, poco dopo che il fornitore le aveva rese pubbliche, al fine di aggirare l’autenticazione su dispositivi FortiGate.

Un recente rapporto di Arctic Wolf rivela che, dal 12 dicembre 2025, queste vulnerabilità vengono sfruttate dagli aggressori per ottenere l’accesso come amministratori attraverso il Single Sign-On (SSO) e rubare configurazioni di sistema sensibili.

Le vulnerabilità CVE-2025-59718 e CVE-2025-59719, con un punteggio CVSS critico di 9,1, sono nel mirino degli attacchi. Di fatto, senza chiave, un aggressore non autenticato può entrare dalla porta principale sfruttando tali falle, che permettono di eludere le protezioni di accesso SSO grazie a messaggi SAML falsificati.

I ricercatori di Arctic Wolf hanno evidenziato: “Tuttavia, quando gli amministratori registrano i dispositivi utilizzando FortiCare tramite la GUI, FortiCloud SSO viene abilitato al momento della registrazione, a meno che l’impostazione ‘Consenti accesso amministrativo tramite FortiCloud SSO’ non sia disabilitata nella pagina di registrazione”.

I tentativi di intrusione osservati da Arctic Wolf seguono uno schema ben preciso. Gli aggressori provengono da provider di hosting specifici, tra cui The Constant Company LLC, Bl Networks e Kaopu Cloud Hk Limited, e prendono di mira direttamente l’account amministratore.

Una volta all’interno, gli aggressori si sono subito dedicati al furto di dati. “In seguito ad accessi SSO dannosi, le configurazioni venivano esportate agli stessi indirizzi IP tramite l’interfaccia utente grafica”. Questa esfiltrazione è catastrofica perché le configurazioni del firewall contengono spesso credenziali hash per gli utenti VPN e altri account locali.

Si consiglia agli amministratori di effettuare immediatamente l’aggiornamento alle ultime versioni corrette (ad esempio, FortiOS 7.6.4, 7.4.9, 7.2.12 o 7.0.18). Per coloro che non possono applicare immediatamente la patch, esiste una soluzione alternativa fondamentale. È possibile disabilitare la funzionalità vulnerabile tramite l’interfaccia a riga di comando (CLI):

L'articolo CVE-2025-59718 e CVE-2025-59719 su FortiGate in sfruttamento attivo proviene da Red Hot Cyber.

  • 0
  • 0
  • 0
  • 21h ago
Profile picture
ekiledjian @edwardk

Threat actors are exploiting two critical authentication bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719) in Fortinet FortiGate devices. Organizations are advised to apply patches, disable FortiCloud SSO, and limit access to management interfaces.
thehackernews.com/2025/12/fort

  • 0
  • 0
  • 0
  • 16h ago
Profile picture
CyberNetsecIO @netsecio

📰 Active Attacks Exploit Critical Fortinet SSO Bypass Flaws to Gain Admin Access

🚨 CRITICAL: Fortinet devices under active attack via two SSO bypass flaws (CVE-2025-59718 & CVE-2025-59719). Attackers are forging SAML messages to gain admin access. Patch NOW or disable FortiCloud SSO! 🔥 #Fortinet #CyberAttack #Vulnerability

🔗 cyber.netsecops.io/articles/fo

  • 0
  • 0
  • 0
  • 11h ago
Profile picture
Andy Thompson (rainmaker) @Andy_Thompson

Pornhub / Mixpanel
- bleepingcomputer.com/news/secu
- mixpanel.com/blog/sms-security
- techspot.com/news/107779-pornh
- securityaffairs.com/177881/dat

PDVSA Hacked
- bleepingcomputer.com/news/secu
- reuters.com/world/americas/cyb
- bloomberg.com/news/articles/20
- maritime-executive.com/article

Fortinet FortiCloud SSO auth bypass
- bleepingcomputer.com/news/secu
- arcticwolf.com/resources/blog/
- cyber.gov.au/about-us/view-all
- cyber.gc.ca/en/alerts-advisori
- thehackernews.com/2025/12/fort

  • 0
  • 0
  • 0
  • 7h ago

Bluesky

Profile picture
piggo @pigondrugs.bsky.social
~Cisa~ CISA warns of an actively exploited Fortinet cryptographic signature vulnerability (CVE-2025-59718) added to the KEV catalog. - IOCs: CVE-2025-59718 - #CVE202559718 #Fortinet #ThreatIntel
  • 0
  • 0
  • 0
  • 7h ago
Profile picture
キタきつね @kitafox.bsky.social
CISAが既知の脆弱性1件をカタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Dec 16) CVE-2025-59718フォーティネットの複数製品における暗号署名の不適切な検証の脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 2h ago
Profile picture
Red Siege @redsiege.com
Hackers are exploiting two critical Fortinet authentication bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719) to gain unauthorized administrative access across multiple Fortinet products. via @bleepingcomputer.com www.bleepingcomputer.com/news/securit... #hacking #infosec #cybersecurity
  • 1
  • 1
  • 0
  • 9h ago
Profile picture
CyberHub @cyberhub.blog
📌 Critical Fortinet Vulnerabilities (CVE-2025-59718 & CVE-2025-59719) Actively Exploited Days After Patch Release https://www.cyberhub.blog/article/16837-critical-fortinet-vulnerabilities-cve-2025-59718-cve-2025-59719-actively-exploited-days-after-patch-release
  • 0
  • 1
  • 0
  • 9h ago
Profile picture
OpsMatters @opsmatters.com
The latest update for #ArcticWolf includes "Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
  • 0
  • 0
  • 0
  • 22h ago
Profile picture
Red Hot Cyber @redhotcyber.bsky.social
CVE-2025-59718 e CVE-2025-59719 su FortiGate in sfruttamento attivo 📌 Link all'articolo : www.redhotcyber.com/post/cve... #redhotcyber #news #cybersecurity #hacking #malware #ransomware #vulnerabilita #fortigate #saml
  • 0
  • 0
  • 0
  • 21h ago
Profile picture
Information Security Briefly @infosecbriefly.bsky.social
Threat actors actively exploit two critical FortiGate SSO authentication bypasses (CVE-2025-59718, CVE-2025-59719); apply patches immediately and disable FortiCloud SSO.
  • 0
  • 0
  • 0
  • 16h ago
Profile picture
UndercodeTesting @undercode.bsky.social
Operation Gatecrasher: How Fortinet’s SAML Flaw Became a Hacker’s Master Key + Video Introduction: Fortinet has confirmed that two critical vulnerabilities in its FortiCloud Single Sign-On (SSO) feature, tracked as CVE-2025-59718 and CVE-2025-59719, are being actively exploited in the wild. These…
  • 0
  • 0
  • 0
  • 8h ago
Profile picture
r/blueteamsec bot @r-blueteamsec.bsky.social
Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719
  • 0
  • 0
  • 0
  • 5h ago
Profile picture
UndercodeTesting @undercode.bsky.social
Silent Perimeter Breach: How a Default Toggle Could Let Attackers Bypass Your Fortinet Firewalls (CVE-2025-59718 & CVE-2025-59719) + Video Introduction: Fortinet's recent disclosure of two critical authentication bypass vulnerabilities (CVE-2025-59718 & CVE-2025-59719) represents more than a…
  • 0
  • 0
  • 0
  • 1h ago
Profile picture
ohhara @shiojiri.com
Fortinetが最近修正した脆弱性、攻撃で悪用される:CVE-2025-59718、CVE-2025-59719 | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43104/
  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-55182

Overview

  • Meta
  • react-server-dom-webpack
03 Dec 2025
Published
11 Dec 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
76.01%
KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 11 Posts
  • 17 Interactions
Last activity: 5 hours ago

Fediverse

Profile picture
abuse.ch :verified: @abuse_ch

Love letter ❤️ from a threat actor 🕵️exploiting React2Shell vulnerability (CVE-2025-55182) to spread #Mirai malware ⤵️

fuckoffurlhaus 😂

Payload URLs 🌐:
urlhaus.abuse.ch/host/45.153.3

Mirai botnet C2s 📡:
marvisxoxo .st (ISTanCo 🇷🇸)
45.156.87 .231:23789 (AS51396 PFCLOUD 🇩🇪)

Malware sample 📄:
bazaar.abuse.ch/sample/9a84057

  • 2
  • 9
  • 1
  • 20h ago
Profile picture
Linkeaz @linkeaz

React2Shell: L'ampleur des dégâts se révèle. Cloudflare rapporte 14,5M tentatives d'exploitation/heure. Microsoft observe des compromissions massives. Cette faille critique (CVE-2025-55182) exige une action immédiate. Patchez et protégez vos systèmes.
⚡️linkeaz.net/fr/posts/react2she

#React2Shell #Sécurité #CyberSécurité #Technews #Vulnerabilités #React #NextJS

  • 1
  • 0
  • 0
  • 17h ago
Profile picture
tomcat @tomcat

Attackers are abusing React2Shell to plant Linux backdoors like KSwapDoor and ZnDoor.

This hits orgs that left React and Next.js servers unpatched.

Microsoft saw reverse shells, Cobalt Strike, and stolen cloud tokens tied to CVE-2025-55182, and Shadowserver tracks over 111,000 exposed IPs.

🔗 Details → thehackernews.com/2025/12/reac

  • 0
  • 1
  • 0
  • 17h ago
Profile picture
Caitlin Condon @catc0n

React2Shell beyond Next.js: Our team tested exploitability and analyzed exploit patterns for *other* frameworks vulnerable to CVE-2025-55182. Notes on the four other frameworks we exploited successfully are in this blog, but it's important to note that none of these is anywhere close to the viable attack surface area that Next.js apps presented.

In other words, in an alternate universe where Next.js apps weren't vulnerable by default, this probably would've been a nothing-burger after all. Unfortunately (gestures at everything).

vulncheck.com/blog/react2shell

  • 0
  • 1
  • 0
  • 5h ago

Bluesky

Profile picture
ohhara @shiojiri.com
GitHub Scanner for React2Shell (CVE-2025-55182) Turns Out to Be Malware – Hackread – Cybersecurity News, Data Breaches, AI, and More https://hackread.com/github-scanner-react2shell-cve-2025-55182-malware/
  • 0
  • 2
  • 0
  • 17h ago
Profile picture
Patrick C Miller @patrickcmiller.bsky.social
GitHub Scanner for React2Shell (CVE-2025-55182) Turns Out to Be Malware hackread.com/github-scann...
  • 0
  • 1
  • 1
  • 6h ago
Profile picture
Bitnewsbot @bitnewsbot.bsky.social
A critical vulnerability, CVE-2025-55182, in React Server Components is actively exploited by various threat actors. The flaw allows remote code […]
  • 0
  • 0
  • 0
  • 21h ago
Profile picture
ohhara @shiojiri.com
Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide – Hackread – Cybersecurity News, Data Breaches, AI, and More https://hackread.com/react2shell-vulnerability-cve-2025-55182-analysis/
  • 0
  • 0
  • 0
  • 17h ago
Profile picture
CyberVeille @cyberveille-ch.bsky.social
📢 React2Shell (CVE-2025-55182) exploité pour déployer le ransomware Weaxor 📝 Source: S-RM — Dans un rapport d’incident, S-RM décrit l’exploitation de la vulné… https://cyberveille.ch/posts/2025-12-16-react2shell-cve-2025-55182-exploite-pour-deployer-le-ransomware-weaxor/ #CVE_2025_55182 #Cyberveille
  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-59719

Overview

  • Fortinet
  • FortiWeb
09 Dec 2025
Published
10 Dec 2025
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.05%
KEV

Description

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Statistics

  • 14 Posts
  • 6 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

RE: infosec.exchange/@BleepingComp

Apparently CVE-2025-59718 and CVE-2025-59719 are now EITW.

  • 2
  • 1
  • 0
  • 11h ago
Profile picture
Cybersecurity & cyberwarfare @cybersecurity

CVE-2025-59718 e CVE-2025-59719 su FortiGate in sfruttamento attivo

Gli autori delle minacce hanno iniziato a sfruttare attivamente le vulnerabilità di alta gravità, poco dopo che il fornitore le aveva rese pubbliche, al fine di aggirare l’autenticazione su dispositivi FortiGate.

Un recente rapporto di Arctic Wolf rivela che, dal 12 dicembre 2025, queste vulnerabilità vengono sfruttate dagli aggressori per ottenere l’accesso come amministratori attraverso il Single Sign-On (SSO) e rubare configurazioni di sistema sensibili.

Le vulnerabilità CVE-2025-59718 e CVE-2025-59719, con un punteggio CVSS critico di 9,1, sono nel mirino degli attacchi. Di fatto, senza chiave, un aggressore non autenticato può entrare dalla porta principale sfruttando tali falle, che permettono di eludere le protezioni di accesso SSO grazie a messaggi SAML falsificati.

I ricercatori di Arctic Wolf hanno evidenziato: “Tuttavia, quando gli amministratori registrano i dispositivi utilizzando FortiCare tramite la GUI, FortiCloud SSO viene abilitato al momento della registrazione, a meno che l’impostazione ‘Consenti accesso amministrativo tramite FortiCloud SSO’ non sia disabilitata nella pagina di registrazione”.

I tentativi di intrusione osservati da Arctic Wolf seguono uno schema ben preciso. Gli aggressori provengono da provider di hosting specifici, tra cui The Constant Company LLC, Bl Networks e Kaopu Cloud Hk Limited, e prendono di mira direttamente l’account amministratore.

Una volta all’interno, gli aggressori si sono subito dedicati al furto di dati. “In seguito ad accessi SSO dannosi, le configurazioni venivano esportate agli stessi indirizzi IP tramite l’interfaccia utente grafica”. Questa esfiltrazione è catastrofica perché le configurazioni del firewall contengono spesso credenziali hash per gli utenti VPN e altri account locali.

Si consiglia agli amministratori di effettuare immediatamente l’aggiornamento alle ultime versioni corrette (ad esempio, FortiOS 7.6.4, 7.4.9, 7.2.12 o 7.0.18). Per coloro che non possono applicare immediatamente la patch, esiste una soluzione alternativa fondamentale. È possibile disabilitare la funzionalità vulnerabile tramite l’interfaccia a riga di comando (CLI):

L'articolo CVE-2025-59718 e CVE-2025-59719 su FortiGate in sfruttamento attivo proviene da Red Hot Cyber.

  • 0
  • 0
  • 0
  • 21h ago
Profile picture
ekiledjian @edwardk

Threat actors are exploiting two critical authentication bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719) in Fortinet FortiGate devices. Organizations are advised to apply patches, disable FortiCloud SSO, and limit access to management interfaces.
thehackernews.com/2025/12/fort

  • 0
  • 0
  • 0
  • 16h ago
Profile picture
CyberNetsecIO @netsecio

📰 Active Attacks Exploit Critical Fortinet SSO Bypass Flaws to Gain Admin Access

🚨 CRITICAL: Fortinet devices under active attack via two SSO bypass flaws (CVE-2025-59718 & CVE-2025-59719). Attackers are forging SAML messages to gain admin access. Patch NOW or disable FortiCloud SSO! 🔥 #Fortinet #CyberAttack #Vulnerability

🔗 cyber.netsecops.io/articles/fo

  • 0
  • 0
  • 0
  • 11h ago
Profile picture
Andy Thompson (rainmaker) @Andy_Thompson

Pornhub / Mixpanel
- bleepingcomputer.com/news/secu
- mixpanel.com/blog/sms-security
- techspot.com/news/107779-pornh
- securityaffairs.com/177881/dat

PDVSA Hacked
- bleepingcomputer.com/news/secu
- reuters.com/world/americas/cyb
- bloomberg.com/news/articles/20
- maritime-executive.com/article

Fortinet FortiCloud SSO auth bypass
- bleepingcomputer.com/news/secu
- arcticwolf.com/resources/blog/
- cyber.gov.au/about-us/view-all
- cyber.gc.ca/en/alerts-advisori
- thehackernews.com/2025/12/fort

  • 0
  • 0
  • 0
  • 7h ago

Bluesky

Profile picture
Red Siege @redsiege.com
Hackers are exploiting two critical Fortinet authentication bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719) to gain unauthorized administrative access across multiple Fortinet products. via @bleepingcomputer.com www.bleepingcomputer.com/news/securit... #hacking #infosec #cybersecurity
  • 1
  • 1
  • 0
  • 9h ago
Profile picture
CyberHub @cyberhub.blog
📌 Critical Fortinet Vulnerabilities (CVE-2025-59718 & CVE-2025-59719) Actively Exploited Days After Patch Release https://www.cyberhub.blog/article/16837-critical-fortinet-vulnerabilities-cve-2025-59718-cve-2025-59719-actively-exploited-days-after-patch-release
  • 0
  • 1
  • 0
  • 9h ago
Profile picture
OpsMatters @opsmatters.com
The latest update for #ArcticWolf includes "Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
  • 0
  • 0
  • 0
  • 22h ago
Profile picture
Red Hot Cyber @redhotcyber.bsky.social
CVE-2025-59718 e CVE-2025-59719 su FortiGate in sfruttamento attivo 📌 Link all'articolo : www.redhotcyber.com/post/cve... #redhotcyber #news #cybersecurity #hacking #malware #ransomware #vulnerabilita #fortigate #saml
  • 0
  • 0
  • 0
  • 21h ago
Profile picture
Information Security Briefly @infosecbriefly.bsky.social
Threat actors actively exploit two critical FortiGate SSO authentication bypasses (CVE-2025-59718, CVE-2025-59719); apply patches immediately and disable FortiCloud SSO.
  • 0
  • 0
  • 0
  • 16h ago
Profile picture
UndercodeTesting @undercode.bsky.social
Operation Gatecrasher: How Fortinet’s SAML Flaw Became a Hacker’s Master Key + Video Introduction: Fortinet has confirmed that two critical vulnerabilities in its FortiCloud Single Sign-On (SSO) feature, tracked as CVE-2025-59718 and CVE-2025-59719, are being actively exploited in the wild. These…
  • 0
  • 0
  • 0
  • 8h ago
Profile picture
r/blueteamsec bot @r-blueteamsec.bsky.social
Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719
  • 0
  • 0
  • 0
  • 5h ago
Profile picture
UndercodeTesting @undercode.bsky.social
Silent Perimeter Breach: How a Default Toggle Could Let Attackers Bypass Your Fortinet Firewalls (CVE-2025-59718 & CVE-2025-59719) + Video Introduction: Fortinet's recent disclosure of two critical authentication bypass vulnerabilities (CVE-2025-59718 & CVE-2025-59719) represents more than a…
  • 0
  • 0
  • 0
  • 1h ago
Profile picture
ohhara @shiojiri.com
Fortinetが最近修正した脆弱性、攻撃で悪用される:CVE-2025-59718、CVE-2025-59719 | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43104/
  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-14282

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 3 Posts
  • 9 Interactions
Last activity: 10 hours ago

Fediverse

Profile picture
Harry Sintonen @harrysintonen

A privilege escalation in Dropbear (CVE-2025-14282) allows any authenticated user to run arbitrary commands as root. The vulnerability affects versions 2024.84 to 2025.88. Dropbear release 2025.89 fixes the vulnerability.

A mitigation is to run dropbear without unix socket forwarding by adding the -j option.

openwall.com/lists/oss-securit

  • 5
  • 2
  • 0
  • 11h ago
Profile picture
buherator @buherator
[CVE-2025-14282] dropbear: privilege escalation via unix domain socket forwardings

https://github.com/turistu/odds-n-ends/blob/main/CVE-2025-14282.md
  • 0
  • 2
  • 0
  • 10h ago

Bluesky

Profile picture
buherator @buherator.bsky.social
[CVE-2025-14282] dropbear: privilege escalation via unix domain socket forwardings github.com -> Original->
  • 0
  • 0
  • 0
  • 10h ago

CVE-2023-52922

Overview

  • Linux
  • Linux
28 Nov 2024
Published
13 Jun 2025
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcm_proc_show() BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862 CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0xd5/0x150 print_report+0xc1/0x5e0 kasan_report+0xba/0xf0 bcm_proc_show+0x969/0xa80 seq_read_iter+0x4f6/0x1260 seq_read+0x165/0x210 proc_reg_read+0x227/0x300 vfs_read+0x1d5/0x8d0 ksys_read+0x11e/0x240 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd Allocated by task 7846: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_kmalloc+0x9e/0xa0 bcm_sendmsg+0x264b/0x44e0 sock_sendmsg+0xda/0x180 ____sys_sendmsg+0x735/0x920 ___sys_sendmsg+0x11d/0x1b0 __sys_sendmsg+0xfa/0x1d0 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 7846: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x27/0x40 ____kasan_slab_free+0x161/0x1c0 slab_free_freelist_hook+0x119/0x220 __kmem_cache_free+0xb4/0x2e0 rcu_core+0x809/0x1bd0 bcm_op is freed before procfs entry be removed in bcm_release(), this lead to bcm_proc_show() may read the freed bcm_op.

Statistics

  • 2 Posts
  • 5 Interactions
Last activity: 15 hours ago

Fediverse

Profile picture
Allele Security Intelligence @alleleintel

With H2HC on hiatus this year, the security community stepped up to create the 307 Temporary Security Conference—and we were proud to be part of it!

We presented our research on vulnerabilities in the CAN BCM protocol in the Linux kernel.

Thank you to everyone who watched!

The slides and exploit demos are now available.

Slides
allelesecurity.com/wp-content/

Demo 1: Exploit for UAF read (CAN BCM) to dump shadow file & MySQL root hash.
youtube.com/watch?v=znTLHc2mXIs

Demo 2: Exploit for UAF read in CAN BCM (CVE-2023-52922) that leaks encoded freelist pointer and slab object addresses
youtube.com/watch?v=XQ3QlXqn6pI

  • 2
  • 3
  • 0
  • 15h ago

Bluesky

Profile picture
Allele Security Intelligence @alleleintel.com
Demo 1: Exploit for UAF read (CAN BCM) to dump shadow file & MySQL root hash. www.youtube.com/watch?v=znTL... Demo 2: Exploit for UAF read in CAN BCM (CVE-2023-52922) that leaks encoded freelist pointer and slab object addresses www.youtube.com/watch?v=XQ3Q...
  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-34352

Overview

  • JumpCloud Inc.
  • Remote Assist
02 Dec 2025
Published
02 Dec 2025
Updated
CVSS v4.0
HIGH (8.5)
EPSS
0.02%
KEV

Description

JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged create, write, execute, and delete actions on predictable files inside a user-writable %TEMP% subdirectory without validating that the directory is trusted or resetting its ACLs when it already exists. A local, low-privileged attacker can pre-create the directory with weak permissions and leverage mount-point or symbolic-link redirection to (a) coerce arbitrary file writes to protected locations, leading to denial of service (e.g., by overwriting sensitive system files), or (b) win a race to redirect DeleteFileW() to attacker-chosen targets, enabling arbitrary file or folder deletion and local privilege escalation to SYSTEM. This issue is fixed in JumpCloud Remote Assist 0.317.0 and affects Windows systems where Remote Assist is installed and managed through the Agent lifecycle.

Statistics

  • 2 Posts
Last activity: 13 hours ago

Fediverse

Profile picture
Hackread.com @Hackread

🚨 JumpCloud Remote Assist flaw (CVE-2025-34352) lets local users hijack full control of company devices. Affects 180,000+ orgs. Update now to patch.

Read: hackread.com/jumpcloud-remote-

#JumpCloud #CyberSecurity #Vulnerability #InfoSec #Windows

  • 0
  • 0
  • 0
  • 13h ago

Bluesky

Profile picture
Hackread.com @hackread.bsky.social
🚨 JumpCloud Remote Assist flaw (CVE-2025-34352) lets local users hijack full control of company devices. Affects 180,000+ orgs. Update now to patch. Read: hackread.com/jumpcloud-re... #JumpCloud #CyberSecurity #Vulnerability #InfoSec #Windows
  • 0
  • 0
  • 0
  • 13h ago

CVE-2025-66516

Overview

  • Apache Software Foundation
  • Apache Tika core
  • org.apache.tika:tika-core
04 Dec 2025
Published
05 Dec 2025
Updated
CVSS
Pending
EPSS
0.06%
KEV

Description

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.

Statistics

  • 4 Posts
Last activity: 17 hours ago

Bluesky

Profile picture
CyberHub @cyberhub.blog
📌 Atlassian Patches Critical XXE Vulnerability (CVE-2025-66516) in Apache Tika with Maximum CVSS Score https://www.cyberhub.blog/article/16813-atlassian-patches-critical-xxe-vulnerability-cve-2025-66516-in-apache-tika-with-maximum-cvss-score
  • 0
  • 0
  • 0
  • 23h ago
Profile picture
ohhara @shiojiri.com
Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika https://securityaffairs.com/185710/security/atlassian-fixed-maximum-severity-flaw-cve-2025-66516-in-apache-tika.html
  • 0
  • 0
  • 2
  • 17h ago

CVE-2025-13223

Overview

  • Google
  • Chrome
17 Nov 2025
Published
01 Dec 2025
Updated
CVSS
Pending
EPSS
1.16%
KEV

Description

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture
Furry walls @furry_walls

Только вчера была удалена запись о критической уязвимости #Chrome (CVE-2025-13223), и вот, не прошло и месяца (спустя 24 дня), как нашлась новая, у которой даже нет #CVE-идентификатора.

Какие ещё нужны аргументы, чтобы слезть с этого...

и начать пользоваться #Firefox?

  • 2
  • 0
  • 0
  • 6h ago

CVE-2023-53896

Overview

  • D-Link
  • DAP-1325
16 Dec 2025
Published
16 Dec 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration information by directly accessing the export settings script.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 10 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

D-Link

cve.org/CVERecord?id=CVE-2023-

cc: @Dio9sys @da_667

  • 1
  • 1
  • 0
  • 10h ago

CVE-2025-37164

Overview

  • Hewlett Packard Enterprise (HPE)
  • HPE OneView
16 Dec 2025
Published
16 Dec 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
Pending
KEV

Description

A remote code execution issue exists in HPE OneView.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 10 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Perfect 10 in HPE OneView with no description and the advisory behind a login? Must be good. Go hack that shit please. 🥳

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 3
  • 0
  • 10h ago
Showing 1 to 10 of 70 CVEs