Overview This article discusses a critical vulnerability, identified as CVE-2025-64052, affecting Fanvil x210 V2 IP phones running firmware version 2.12.20. This vulnerability allows unauthenticated attackers on the same local network to execute arbitrary system commands on the affected device. This can lead to a complete compromise of the phone and potentially the network it’s connected to. Technical Details CVE-2025-64052 exposes a flaw within the Fanvil x210 V2’s firmware that allows remote command execution without requiring authentication. The specific details of the vulnerability, including the vulnerable endpoint or function, are outlined in the advisory linked below. An attacker exploiting this vulnerability…
-
-
Overview CVE-2025-14092 describes a medium-severity OS command injection vulnerability found in the Edimax BR-6478AC V3 router, specifically version 1.0.15. This flaw allows a remote attacker to execute arbitrary operating system commands by manipulating the ‘host’ argument within the sub_416898 function of the /boafrm/formDebugDiagnosticRun file. The vendor was notified but has not responded to this disclosure. Technical Details The vulnerability lies in the improper sanitization of user-supplied input passed to the ‘host’ argument of the sub_416898 function within the /boafrm/formDebugDiagnosticRun file. By crafting a malicious request containing specially crafted input in the ‘host’ parameter, an attacker can inject arbitrary OS commands…
-
Overview A high-severity SQL injection vulnerability, identified as CVE-2025-14091, has been discovered in TrippWasTaken PHP-Guitar-Shop, specifically in versions up to commit 6ce0868889617c1975982aae6df8e49555d0d555. This vulnerability allows remote attackers to execute arbitrary SQL commands by manipulating the ID argument in the /product.php file. This could lead to data breaches, modification of data, or even complete compromise of the database server. Unfortunately, the vendor has not responded to attempts at responsible disclosure, making mitigation challenging. Technical Details The vulnerability resides within the Product Details Page functionality (/product.php). The application fails to properly sanitize user-supplied input provided through the ID parameter when retrieving product…
-
Overview CVE-2025-14090 is a medium severity SQL injection vulnerability discovered in AMTT Hotel Broadband Operation System version 1.0. This vulnerability allows a remote attacker to execute arbitrary SQL commands through manipulation of the ‘ID’ argument in the /manager/card/cardmake_down.php file. The vendor has been notified but has not provided a response, and an exploit is publicly available, increasing the risk of exploitation. Technical Details The vulnerability stems from inadequate sanitization of user-supplied input within the /manager/card/cardmake_down.php script. Specifically, the ‘ID’ parameter is not properly validated before being used in a SQL query. This allows an attacker to inject malicious SQL code…
-
Overview A critical security vulnerability, identified as CVE-2025-14089, has been discovered in Himool ERP versions up to 2.2. This vulnerability allows for improper authorization, potentially enabling remote attackers to perform unauthorized actions within the system. The vendor has not responded to vulnerability disclosure requests. A public exploit is available, increasing the risk of exploitation. Technical Details The vulnerability resides in the update_account function within the AdminActionViewSet component, specifically in the /api/admin/update_account/ file. By manipulating this function, an attacker can bypass authorization checks and potentially modify user accounts or perform other administrative actions without proper authentication. The root cause is inadequate…
-
Overview A critical directory traversal vulnerability, identified as CVE-2025-64057, has been discovered in Fanvil x210 V2 devices running firmware version 2.12.20. This vulnerability allows unauthenticated attackers on the local network to write files to arbitrary locations on the device’s file system. Technical Details The directory traversal vulnerability exists due to insufficient input validation when handling file paths. An attacker can exploit this by crafting a malicious request that includes directory traversal sequences (e.g., “../”) to navigate outside of the intended directory and write files to sensitive system locations. This can be achieved without authentication, provided the attacker is on the…
-
Overview CVE-2025-14088 is a medium severity vulnerability affecting ketr JEPaaS versions up to 7.2.8. This vulnerability allows for remote attackers to bypass authorization controls through manipulation of the Authorization argument when accessing the /je/load file. Successful exploitation could lead to unauthorized access to sensitive data and potential system compromise. The vulnerability has been publicly disclosed and exploits are available. Technical Details The vulnerability stems from improper authorization handling in the /je/load endpoint within the JEPaaS application. By manipulating the Authorization header, an attacker can potentially elevate their privileges and gain access to functionalities that should be restricted to authorized users.…
-
Overview CVE-2025-58098 describes a command injection vulnerability affecting Apache HTTP Server versions 2.4.65 and earlier. This vulnerability occurs when Server Side Includes (SSI) are enabled, and the mod_cgid module (but not mod_cgi) is in use. The vulnerability allows attackers to inject arbitrary commands through the query string, which is then executed by the server due to insufficient sanitization within the #exec cmd="..." SSI directive. Technical Details The core issue lies in how Apache HTTP Server handles the query string when SSI is enabled alongside mod_cgid. When processing the #exec cmd="..." directive, the server passes the query string to the command…
-
Overview CVE-2025-14086 details an improper access control vulnerability affecting youlaitech youlai-mall versions 1.0.0 and 2.0.0. This flaw allows for unauthorized access to sensitive resources due to insufficient validation of user-supplied input. The vulnerability resides within the /app-api/v1/members/openid/ endpoint, specifically through manipulation of the openid parameter. A publicly available exploit exists, increasing the risk of exploitation. The vendor was contacted regarding this issue but has not provided a response. Technical Details The vulnerability stems from a lack of proper input sanitization and authorization checks on the openid parameter within the /app-api/v1/members/openid/ endpoint. An attacker can manipulate this parameter to potentially bypass…
-
Overview CVE-2025-14085 is a medium severity vulnerability found in youlaitech youlai-mall versions 1.0.0 and 2.0.0. This vulnerability allows for remote attackers to potentially execute arbitrary code due to improper control of dynamically identified variables when manipulating the ‘orderId’ argument in the /app-api/v1/orders/ endpoint. The vendor has been notified but has not provided a response or patch at this time. Technical Details The vulnerability resides in the handling of the orderId parameter within the /app-api/v1/orders/ endpoint. An attacker can manipulate this parameter to inject malicious code, potentially leading to the execution of arbitrary commands on the server. The root cause is…