Published: 2025-11-25T20:16:00.640 Overview A significant security vulnerability, identified as CVE-2025-66016, has been discovered in CGGMP24, a state-of-the-art ECDSA Threshold Signature Scheme (TSS) protocol. This protocol supports 1-round signing (requiring 3 preprocessing rounds), identifiable abort, and a key refresh protocol. The vulnerability, present in versions prior to 0.6.3, allows a single malicious signer to potentially reconstruct the full private key due to a missing check in the Zero-Knowledge (ZK) proof. Technical Details The core issue lies in an insufficient validation within the ZK proof mechanism of the CGGMP24 protocol. Without proper verification, a malicious actor participating in the signing process can…

Overview A credential disclosure vulnerability, identified as CVE-2025-65965, has been discovered in Grype, a popular vulnerability scanner for container images and filesystems. This vulnerability affects versions 0.68.0 through 0.104.0. When using the --file or --output json=<file> options, Grype inadvertently includes registry credentials within the output file, potentially exposing sensitive information. Technical Details The vulnerability stems from improper sanitization of registry credentials when writing Grype’s output to a file. Specifically, if registry credentials are defined (e.g., via environment variables or configuration files), the credentials are included in plain text within the JSON output file created using the --file or --output json=<file>…

Overview CVE-2025-65647 describes an Insecure Direct Object Reference (IDOR) vulnerability found in the Track order function of PHPGURUKUL Online Shopping Portal version 2.1. This vulnerability allows an attacker to potentially access sensitive order information belonging to other users by manipulating the `oid` parameter in the track order functionality. This can lead to unauthorized information disclosure, posing a significant risk to user privacy and security. Technical Details The vulnerability lies in how the application handles the `oid` (order ID) parameter within the order tracking feature. The application fails to properly validate and authorize whether the user requesting the order information is…

Overview CVE-2025-51742 details a critical vulnerability found in jishenghua JSH_ERP version 2.3.1. This vulnerability stems from improper handling of user-supplied input within the /material/getMaterialEnableSerialNumberList endpoint. Specifically, the application passes the search query parameter directly to the parseObject() method of the Fastjson library without adequate sanitization. This can be exploited to achieve Remote Code Execution (RCE) by crafting malicious JDBC payloads. Technical Details The root cause of this vulnerability lies in the insecure use of Fastjson’s deserialization capabilities. Fastjson, by default, supports deserializing Java objects from JSON strings. When uncontrolled user input is fed directly into parseObject(), an attacker can inject…

Overview CVE-2025-12816 describes an interpretation-conflict vulnerability (CWE-436) affecting node-forge versions 1.3.1 and earlier. This vulnerability allows unauthenticated attackers to craft specific ASN.1 structures that can desynchronize schema validations. This desynchronization can lead to semantic divergence, potentially bypassing crucial downstream cryptographic verifications and security decisions. Essentially, the vulnerability allows an attacker to create data that is interpreted differently by different parts of the system, leading to security compromises. Technical Details The vulnerability stems from inconsistencies in how node-forge parses and validates ASN.1 (Abstract Syntax Notation One) structures. ASN.1 is a standard and notation describing rules and structures for representing, encoding, transmitting,…

Overview A cross-site scripting (XSS) vulnerability, identified as CVE-2025-65961, has been discovered in the Contao Open Source CMS. This vulnerability allows an attacker to inject malicious code into template outputs, which is then executed in the browser of both front-end and back-end users. The vulnerability affects Contao versions prior to 4.13.57, 5.3.42, and 5.6.5. Patches are available in versions 4.13.57, 5.3.42, and 5.6.5 to address this issue. Technical Details CVE-2025-65961 stems from insufficient sanitization of user-controlled data within specific templates of the Contao CMS. An attacker can exploit this by injecting arbitrary HTML or JavaScript code into the template input.…

Overview CVE-2025-65960 is a medium severity Remote Code Execution (RCE) vulnerability affecting Contao, an Open Source CMS. This vulnerability exists in versions prior to 4.13.57, 5.3.42, and 5.6.5. It allows authenticated back-end users with specific control over template closures to execute arbitrary PHP functions, provided those functions do not require parameters. The vulnerability stems from insufficient sanitization or validation of user-controlled input within the template processing engine. This can lead to unintended execution of potentially dangerous PHP functions. Technical Details The core issue lies within the Contao\Template::once() method and how it handles user-defined template closures. If a back-end user possesses…

Overview CVE-2025-64067 details a significant data exposure vulnerability within the Primakon Pi Portal version 1.0.18. Specifically, the API endpoints responsible for retrieving object-specific data (like user profiles and project records) lack sufficient server-side validation to confirm the requesting user’s authorization to access the requested data. This can lead to unauthorized access to sensitive personal and organizational information. Technical Details The vulnerability can be exploited in two primary ways: Direct ID Manipulation (IDOR): By manipulating the ID parameter (e.g., user_id, project_id) in API requests, an attacker can potentially access objects and data belonging to other users. For example, changing user_id from…

Overview CVE-2025-64065 describes a severe vulnerability affecting the Primakon Pi Portal version 1.0.18. This flaw allows an authenticated, low-privileged user to impersonate any other user, including administrators, due to insufficient server-side validation in the /api/V2/pp_udfv_admin API endpoint. This effectively bypasses access controls and grants unauthorized access to sensitive functionalities. Technical Details The root cause of this vulnerability lies in two key issues: Broken Function Level Authorization: The /api/V2/pp_udfv_admin endpoint lacks proper privilege checks. The system fails to verify whether the user making the request has the necessary permissions to perform user impersonation (LoginAs). Insecure Design: The system allows a user…

Overview CVE-2025-64064 is a critical vulnerability affecting Primakon Pi Portal version 1.0.18. This vulnerability allows low-privileged users to escalate their privileges to administrator level by exploiting a weakness in the access control mechanism within the `/api/v2/pp_users` endpoint. Specifically, the application fails to properly validate user permissions before processing PATCH requests aimed at modifying the `PP_SECURITY_PROFILE_ID`. Technical Details The vulnerability lies in the insufficient access control checks performed when handling PATCH requests to the `/api/v2/pp_users` endpoint. A low-level user can craft a malicious request containing `PP_SECURITY_PROFILE_ID=2` within the request body. Due to the lack of proper validation, the application will incorrectly…