Overview This article provides an in-depth analysis of CVE-2025-63994, a critical arbitrary file upload vulnerability affecting RichFilemanager version 2.7.6. This vulnerability allows unauthenticated attackers to upload malicious files to the server, potentially leading to remote code execution (RCE). Technical Details CVE-2025-63994 stems from insufficient input validation in the /php/UploadHandler.php component of RichFilemanager. The vulnerability allows an attacker to bypass intended file type restrictions by crafting a malicious file and uploading it via the file upload functionality. Specifically, the application does not properly sanitize uploaded file names and contents. This enables the injection of executable code within a file that the…

Overview This article provides a comprehensive analysis of CVE-2025-63828, a Host Header Injection vulnerability affecting Backdrop CMS version 1.32.1. This vulnerability allows attackers to manipulate the Host header during password reset requests, potentially redirecting users to malicious domains. This can lead to successful phishing attacks and even session hijacking through cookie injection. Technical Details The vulnerability resides within the password reset functionality of Backdrop CMS 1.32.1. By manipulating the HTTP Host header, an attacker can influence the domain used when generating the password reset link. When a user requests a password reset, the system utilizes the Host header to construct…

Overview This article provides an in-depth analysis of CVE-2025-63695, a critical vulnerability affecting DzzOffice v2.3.7 and earlier. This vulnerability allows for arbitrary file uploads, potentially leading to remote code execution and complete system compromise. DzzOffice is a web-based office collaboration platform, and this security flaw poses a significant risk to organizations using the affected versions. Technical Details CVE-2025-63695 is located in the /dzz/system/ueditor/php/controller.php file of DzzOffice. The vulnerability stems from insufficient input validation and sanitization during the file upload process. Attackers can bypass intended restrictions and upload malicious files, such as PHP scripts, to the server. These files can then…

Overview A significant security vulnerability, identified as CVE-2025-63694, has been discovered in DzzOffice, a web-based office suite. This vulnerability is a SQL Injection flaw present in versions 2.3.7 and earlier, specifically affecting the explorer/groupmanage component. Exploitation of this vulnerability could allow attackers to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or even complete system compromise. Technical Details The SQL Injection vulnerability exists within the explorer/groupmanage functionality of DzzOffice. The exact input vector where the injection occurs is detailed in the references provided. Without proper input sanitization or parameterization, user-supplied data is directly incorporated into SQL queries.…

Overview CVE-2025-63514 identifies a Cross-Site Scripting (XSS) vulnerability affecting the kishan0725 Hospital Management System. Specifically, this vulnerability is located within the appsearch.php file and is triggered via the email parameter. This flaw allows an attacker to inject malicious client-side scripts into the application, potentially compromising user accounts and data. Technical Details The appsearch.php file in the kishan0725 Hospital Management System improperly sanitizes user input provided through the email parameter. An attacker can exploit this by injecting malicious JavaScript code into this parameter. When a user interacts with the application, this injected script will be executed within their browser context. This…

Overview CVE-2025-56643 identifies a critical security vulnerability within Requarks Wiki.js version 2.5.307. The flaw stems from the application’s failure to properly revoke or invalidate JSON Web Tokens (JWTs) upon user logout. This means that previously issued tokens remain active and can be potentially reused to gain unauthorized access to the system, even after a user has explicitly logged out. This poses a significant risk to session integrity and data security. Technical Details The core issue lies within the authentication resolver logic of Wiki.js. Specifically, when a user logs out, the application does not implement a mechanism to actively invalidate or…

Overview CVE-2025-63829 describes an infinite loop vulnerability affecting eProsima Fast-DDS versions 3.3 and earlier. This flaw stems from an integer overflow within the Time_t::fraction() function. Exploitation of this vulnerability can lead to a denial-of-service (DoS) condition, potentially halting critical systems relying on Fast-DDS for real-time data communication. Technical Details The vulnerability resides within the Time_t::fraction() function, as detailed in the Fast-DDS source code. An integer overflow occurs when the result of a calculation exceeds the maximum value that can be stored in the integer variable. In this case, a carefully crafted input can trigger this overflow, leading to an infinite…

Overview CVE-2025-63513 describes an Insecure Direct Object Reference (IDOR) vulnerability found in kishan0725 Hospital Management System v4. This vulnerability affects the appointment cancellation functionality, potentially allowing unauthorized users to cancel appointments belonging to other patients. An IDOR vulnerability occurs when an application uses user-supplied input to directly access objects, such as database records or files, without proper authorization checks. This allows an attacker to manipulate the input (e.g., an appointment ID) to access or modify objects they shouldn’t have access to. Technical Details The vulnerability resides within the appointment cancellation feature of the Hospital Management System. Specifically, the application likely…

Overview CVE-2025-63512 identifies a significant security vulnerability in kishan0725 Hospital Management System version 4. This flaw is a SQL Injection vulnerability located in the admin-panel1.php file, specifically within the doctor deletion functionality. The application’s failure to properly sanitize user-supplied input makes it susceptible to malicious SQL queries, potentially compromising sensitive patient and administrative data. Technical Details The vulnerability stems from the improper handling of the demail parameter within the admin-panel1.php script. When deleting a doctor’s record, the application takes the value provided in the demail parameter (which is likely the doctor’s email address) and directly incorporates it into a SQL…

Overview A critical remote command execution (RCE) vulnerability, identified as CVE-2025-63258, has been discovered in H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points. This vulnerability allows a remote attacker to execute arbitrary commands on the affected devices. Given the potential impact, immediate action is recommended to mitigate the risk. Technical Details The vulnerability resides in how the affected H3C devices handle the sessionid parameter. Attackers can inject crafted commands into this parameter, which the router then executes with elevated privileges. Specifically, the affected versions include: ERG3/ERG5 series routers XiaoBei series routers, cloud gateways, and…