24h | 7d | 30d

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 10 Posts
  • 6 Interactions

Fediverse

Profile picture

🚨 In this week’s Threat Alert Newsletter: exploitation of CVE-2025-25257 in Fortinet’s FortiWeb Fabric Connector.

We break down how the exploit works, what CrowdSec sees on the network, and steps to stay protected.

Read more 👇

🧵1/6

  • 2
  • 1
  • 9 hours ago
Profile picture

Critical Vulnerability Exposes Fortinet FortiWeb to Full Takeover (CVE-2025-25257) hackread.com/critical-vulnerab

  • 1
  • 1
  • 22 hours ago
Profile picture

FortiWeb-Admins aufgepasst! 🚨 Für die kritische #Sicherheitslücke (CVE-2025-25257, CVSS 9.6) steht jetzt ein Exploit bereit – Angreifer können ohne Login SQL-Injection & Codeausführung erreichen. Jetzt dringend patchen! 🔒 Mehr Infos: heise.de/news/Exploit-verfuegb #Cybersecurity #Fortinet #PatchNow
#newz

Kurzlink: heise.de/-10485654

  • 1
  • 0
  • 11 hours ago
Profile picture
  • 0
  • 0
  • 23 hours ago
Profile picture

Fortinet Releases Patch For Critical SQL Injection Flaw In FortiWeb (CVE-2025-25257) - mwyr.es/ETksrXpD #thn #infosec

  • 0
  • 0
  • 18 hours ago
Profile picture

⚠️ Key findings:
🔹 A new SQL injection vulnerability in a FortiWeb component allows attackers to execute arbitrary code on the affected machine.
🔹 CrowdSec has been tracking exploitation since the 11th of July 2025.
🔹 Data from the CrowdSec network indicates that attacker interest in the vulnerability remains very limited.

🧵2/6

  • 0
  • 0
  • 9 hours ago
Profile picture

🛠️ About the exploit:
🔹 The Fortinet FortiWeb Fabric Connector is an integration component designed to enhance application security by linking FortiWeb web application firewalls (WAFs) with other elements of the Fortinet Security Stack. It enables policy enforcement and automated threat response by leveraging intelligence gathered from FortiGate firewalls, FortiSandbox, FortiAnalyzer, and other “Fabric-enabled” devices. It is in some sense a glue product that holds an array of different Fortinet products together.
🔹 The vulnerability allows unauthenticated attackers to execute arbitrary SQL statements against the MySQL database connected to Fabric Connector. As this database runs as root per default, this attack can be chained to run arbitrary Python code on the affected machine, allowing attackers to further compromise the system. The vulnerability affects various FortiWeb versions from 7.0 to 7.6. As a workaround, the vendor recommends disabling the administrative interface to external visitors.

🧵3/6

  • 0
  • 0
  • 9 hours ago
Profile picture

📈 Trend analysis:
🔹 CrowdSec detected the first in-the-wild exploitation of this vulnerability on July 11th, shortly after we rolled out detection rules. Using our wayback tools, we were able to establish that there were no exploitation attempts before July 11th, confirming once again that public exploits are a key driver of vulnerability weaponization.
🔹 For CVE-2025-25257, CrowdSec has observed about 40 distinct IPs producing about 500 attack events in total. Most of these attacks occurred on Friday, July 11th, the day the exploit was publicized. The attacks on Friday were mainly due to a presumably coordinated attacker spinning up a bunch of machines on Scaleway cloud to use in a broad scanning campaign. Over the weekend, the exploit quickly lost popularity. This might be due to the fact that the exploit requires the Fabric Connector administrative interface to be publicly accessible, which is somewhat unlikely. While we cannot make predictions, CrowdSec expects exploitation signals to pick up slightly this week as vulnerability scanners start looking for vulnerable devices. However, we don’t expect the attacker volume for this vulnerability to reach that of other Fortinet-related CVEs.

🧵4/6

  • 0
  • 0
  • 9 hours ago
Profile picture

🛡️ How to protect your systems:
🔹 Patch: Patch your FortiWeb instance if it is publicly exposed; otherwise, remove outside access to the affected admin panel.
🔹 Preemptive blocking: Use Crowdsec CTI to block IPs exploiting CVE-2025-25257 👉 app.crowdsec.net/cti?q=cves%3A
🔹 Stay proactive: Install the Crowdsec Web Application Firewall to stay ahead of exploit attempts, with 100+ virtual patching rules available. 👉 doc.crowdsec.net/docs/next/app

🧵5/6

  • 0
  • 0
  • 9 hours ago
Profile picture

Sharing insights and taking swift action can collectively reduce the impact of these threats. This is your call to action for real-time threat intelligence and collaborative cybersecurity.

For more information, visit crowdsec.net

Want to stay ahead of the latest cyber threats? Get our weekly Threat Alert delivered straight to your inbox, along with critical threat updates and trending cybersecurity insights.

📩 Sign up now for exclusive access: contact.crowdsec.net/threat-al

🧵6/6

  • 0
  • 0
  • 9 hours ago

Overview

  • Apache Software Foundation
  • Apache HTTP Server

10 Jul 2025
Published
10 Jul 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue.

Statistics

  • 2 Posts
  • 15 Interactions

Fediverse

Profile picture

A detailed description of CVE-2025-53020, a DoS vulnerability in the HTTP/2 implementation of Apache httpd. Fixed in 2.4.64.
#apache #httpd #http2

github.com/icing/blog/blob/mai

  • 8
  • 7
  • 9 hours ago
Profile picture
  • 0
  • 0
  • 7 hours ago

Overview

  • wftpserver
  • Wing FTP Server

10 Jul 2025
Published
14 Jul 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
57.30%

Description

In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.

Statistics

  • 2 Posts
  • 2 Interactions

Fediverse

Profile picture

Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited In The Wild - mwyr.es/0nonYsR9 #thn #infosec

  • 0
  • 0
  • 19 hours ago

Overview

  • Microsoft
  • Windows 10 Version 1809

08 Jul 2025
Published
11 Jul 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.08%

KEV

Description

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Statistics

  • 1 Post
  • 5 Interactions

Fediverse

Profile picture
Buried in the Log. Exploiting a 20 years old NTFS Vulnerability

https://swarm.ptsecurity.com/buried-in-the-log-exploiting-a-20-years-old-ntfs-vulnerability/

I think I missed this one about CVE-2025-49689
  • 4
  • 1
  • 13 hours ago

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016

08 Jul 2025
Published
11 Jul 2025
Updated

CVSS v3.1
MEDIUM (6.3)
EPSS
0.04%

KEV

Description

Improper authentication in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Statistics

  • 1 Post
  • 36 Interactions

Fediverse

Profile picture

We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg to pop SharePoint at Berlin 2025, it's really just one request! Kudos to @mwulftange

  • 15
  • 21
  • 8 hours ago

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016

08 Jul 2025
Published
11 Jul 2025
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.18%

KEV

Description

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Statistics

  • 1 Post
  • 36 Interactions

Fediverse

Profile picture

We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg to pop SharePoint at Berlin 2025, it's really just one request! Kudos to @mwulftange

  • 15
  • 21
  • 8 hours ago

Overview

  • LB-LINK
  • BL-AC1900

14 Jul 2025
Published
14 Jul 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.10%

KEV

Description

A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web Interface. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
  • 2 Interactions

Fediverse

Profile picture

LB-LINK routers (BL-AC1900 & more, ≤20250702) face CRITICAL risk: CVE-2025-7574 allows remote, unauthenticated reboot/restore via /cgi-bin/lighttpd.cgi. Public exploit, no patch yet. Restrict access & monitor! radar.offseq.com/threat/cve-20

  • 1
  • 1
  • 15 hours ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 7 Extended Lifecycle Support
  • emacs

12 Feb 2025
Published
22 May 2025
Updated

CVSS
Pending
EPSS
0.10%

KEV

Description

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.

Statistics

  • 1 Post
  • 1 Interaction

Fediverse

Profile picture

Emacs Ninja - CVE-2025-1244: From Emacs URL Handler to RCE

piefed.social/post/1040293

  • 1
  • 0
  • 4 hours ago

Overview

  • immich-app
  • immich

11 Jul 2025
Published
11 Jul 2025
Updated

CVSS v4.0
HIGH (7.3)
EPSS
0.04%

KEV

Description

immich is a high performance self-hosted photo and video management solution. Prior to 1.132.0, immich is vulnerable to account hijacking through oauth2, because the state parameter is not being checked. The oauth2 state parameter is similar to a csrf token, so when the user starts the login flow this unpredictable token is generated and somehow saved in the browser session and passed to the identity provider, which will return the state parameter when redirecting the user back to immich. Before the user is logged in that parameter needs to be verified to make sure the login was actively initiated by the user in this browser session. On it's own, this wouldn't be too bad, but when immich uses the /user-settings page as a redirect_uri, it will automatically link the accounts if the user was already logged in. This means that if someone has an immich instance with a public oauth provider (like google), an attacker can - for example - embed a hidden iframe in a webpage or even just send the victim a forged oauth login url with a code that logs the victim into the attackers oauth account and redirects back to immich and links the accounts. After this, the attacker can log into the victims account using their own oauth credentials. This vulnerability is fixed in 1.132.0.

Statistics

  • 1 Post
  • 2 Interactions

Fediverse

Profile picture

If you’re using #Immich, a self-hosted photo and video management solution check for an update if you’re not running on the latest version, because prior to 1.132.0, Immich is vulnerable to account hijacking through oauth2.
github.com/immich-app/immich/s
CVSSv4:7.3
CVE-2025-43856, CWE-303
#security #cybersecurity #vulnerability

  • 0
  • 2
  • 7 hours ago

Overview

  • Avid
  • Avid NEXIS E-series

14 Jul 2025
Published
14 Jul 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path Traversal vulnerability. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance (SDA+): before 2025.5.1.

Statistics

  • 1 Post
  • 1 Interaction

Fediverse

Profile picture

This looks like an older disclosure of some vulns in Avid Nexis Agent but it includes a ../ that, at least at the time, was undocumented in gSOAP. That CVE was just published today.

raeph123.github.io/BlogPosts/A

cve.org/CVERecord?id=CVE-2024-

  • 0
  • 1
  • 7 hours ago
Showing 1 to 10 of 26 CVEs