Overview CVE-2025-55128 describes an uncontrolled resource consumption vulnerability found in the userlog-index.php file. This vulnerability allows an attacker with access to the administrative interface to potentially trigger a denial-of-service (DoS) condition. The issue stems from the ability to request an arbitrarily large number of items per page, overwhelming server resources. This vulnerability was reported by HackerOne community member Dao Hoang Anh (yoyomiski) and publicly disclosed on 2025-11-20. Technical Details The userlog-index.php file likely provides a user interface for viewing and managing user activity logs. The vulnerability exists because the application doesn’t properly sanitize or limit the number of items requested…

Overview CVE-2025-55127 describes a vulnerability involving the improper neutralization of whitespace characters within usernames during user creation. Discovered and reported by HackerOne community member Dao Hoang Anh (yoyomiski), this issue arises when leading or trailing whitespace is not properly removed or handled when a new user account is created. This can lead to nearly identical usernames being created, visually indistinguishable from legitimate accounts in the user interface. While not a critical vulnerability in terms of system compromise, it presents a significant risk of user confusion and potential for social engineering attacks. Technical Details The core of the vulnerability lies in…

Overview CVE-2025-55126 is a reported stored Cross-Site Scripting (XSS) vulnerability affecting the navigation box located at the top of advertiser-related pages. The vulnerability was discovered and reported by HackerOne community member Dang Hung Vi (vidang04). Specifically, the campaign names are the vector through which malicious JavaScript can be injected and stored. Technical Details The vulnerability stems from insufficient input sanitization when handling campaign names displayed in the advertiser navigation. An attacker could inject malicious JavaScript code within the campaign name. This code would then be stored on the server and executed in the browsers of other users accessing the same…

Overview A critical authentication bypass vulnerability, identified as CVE-2025-10571, has been discovered in ABB Ability Edgenius versions 3.2.0.0 and 3.2.1.1. This vulnerability allows attackers to potentially bypass authentication mechanisms using an alternate path or channel, leading to unauthorized access and control of affected systems. Technical Details CVE-2025-10571 is classified as an Authentication Bypass Using an Alternate Path or Channel vulnerability. The specifics of the vulnerable path/channel are detailed in ABB’s advisory (see References section). Exploit details are not publicly available at this time, but the severity suggests that successful exploitation is relatively straightforward. CVSS Analysis CVE ID: CVE-2025-10571 Severity: CRITICAL…

Overview CVE-2025-64524 describes a heap-buffer-overflow vulnerability affecting the rastertopclx filter within the cups-filters package. cups-filters provides backends, filters, and other software components necessary for CUPS (Common UNIX Printing System) to function on non-macOS operating systems. This vulnerability, present in versions 2.0.1 and prior, can be triggered by processing maliciously crafted input data, potentially leading to a crash or, more seriously, arbitrary code execution. Technical Details The vulnerability lies in the rastertopclx filter. This filter is responsible for converting raster image data into PCL/PCLm format for printing. The heap-buffer-overflow occurs due to improper bounds checking when processing the input raster data.…

Overview CVE-2025-63889 describes an arbitrary file read vulnerability affecting ThinkPHP version 5.0.24. This vulnerability allows attackers to potentially read sensitive files on the server by crafting a malicious file path within a template value processed by the fetch function in thinkphp\library\think\Template.php. Technical Details The vulnerability resides in the way ThinkPHP 5.0.24 handles user-supplied input when rendering templates. Specifically, the fetch function, responsible for loading and processing template files, is susceptible to path traversal attacks. By manipulating the template value with carefully constructed file paths (e.g., using ../ sequences), an attacker can bypass intended security restrictions and access files outside the…

Overview CVE-2025-63888 describes a critical remote code execution (RCE) vulnerability affecting ThinkPHP version 5.0.24. This flaw resides within the read function of the File.php file, specifically located at thinkphp\library\think\template\driver\File.php. An attacker can exploit this vulnerability to execute arbitrary code on the server, potentially leading to complete system compromise. Technical Details The vulnerability lies in how ThinkPHP 5.0.24 handles template file reading. A crafted request can manipulate the read function to include and execute arbitrary PHP code. The exact exploitation method is detailed in the provided references, but essentially, by controlling specific input parameters, an attacker can inject malicious code into…

Overview CVE-2025-64428 identifies a critical JNDI (Java Naming and Directory Interface) injection vulnerability affecting Dataease, an open-source data visualization and analysis tool. Versions prior to 2.10.17 are susceptible. While a blacklist intended to address this issue was introduced in version 2.10.14, the vulnerability remained exploitable through alternative JNDI schemes. A complete fix is available in Dataease version 2.10.17. It’s crucial to upgrade to this version as soon as possible. Technical Details The vulnerability stems from insufficient input validation when processing user-supplied data, particularly within JNDI lookup operations. Attackers can leverage this flaw to inject malicious JNDI URIs (Uniform Resource Identifiers)…

Overview CVE-2025-64185 identifies a security vulnerability in Open OnDemand, an open-source HPC (High-Performance Computing) portal. Versions prior to 4.0.8 and 3.1.16 inadvertently create world-writable locations within the GEM_PATH. This can lead to potential security risks, as malicious actors could exploit this weakness to inject malicious code into the system. Open OnDemand versions 4.0.8 and 3.1.16 contain the fix for this vulnerability. Technical Details The vulnerability stems from the way Open OnDemand handles the GEM_PATH environment variable during package installation or configuration. By creating world-writable directories in the GEM_PATH, any user on the system can potentially install Ruby gems. A malicious…

Overview CVE-2025-64027 details a reflected Cross-Site Scripting (XSS) vulnerability found in Snipe-IT version 8.3.4 (build 20218). This vulnerability resides within the CSV import workflow and allows an attacker to inject arbitrary HTML or JavaScript code into the application’s user interface. This occurs when an invalid CSV file is uploaded, and the resulting error message, specifically the `progress_message`, is rendered without proper sanitization. Technical Details The vulnerability is triggered when an administrator attempts to import a malformed CSV file. Snipe-IT then returns an error message as part of the `progress_message` value. However, the application fails to properly sanitize this message before…