Overview CVE-2025-64530 is a high-severity vulnerability affecting Apollo Federation, an architecture designed for composing APIs into a unified graph. This vulnerability allows certain queries to Apollo Router to bypass access controls on types and fields, potentially leading to unauthorized data access and privilege escalation. Technical Details The vulnerability lies in the composition logic of Apollo Federation versions prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1. It stems from the incorrect handling of user-defined access control directives on interface types and fields. Specifically, Apollo Federation incorrectly permitted the use of access control directives (like `@authenticated`, `@requiresScopes`, or `@policy`) on interface types and…

Overview A critical security vulnerability, identified as CVE-2025-64754, has been discovered in Jitsi Meet, a popular open-source video conferencing application. This vulnerability allows attackers to potentially hijack the OAuth authentication window for Microsoft accounts, potentially granting them unauthorized access. The vulnerability affects Jitsi Meet versions prior to 2.0.10532. A patch is available in version 2.0.10532. Technical Details The vulnerability stems from improper handling of the OAuth authentication process for Microsoft accounts within Jitsi Meet. An attacker could potentially intercept and manipulate the OAuth flow, redirecting the user to a malicious page that mimics the legitimate Microsoft login. This could allow…

Overview CVE-2025-64753 is a medium severity information disclosure vulnerability affecting Grist-Core, a spreadsheet hosting server. This vulnerability allows a user with partial read access to a document to potentially gain unauthorized access to sensitive information by accessing endpoints listing document version hashes and comparing versions. Specifically, the `/compare` endpoint was susceptible to revealing changes containing cells, columns, or tables that the user was not explicitly authorized to view. This issue has been addressed in Grist-Core version 1.7.7. Technical Details The vulnerability stems from insufficient access control on the /compare endpoint. Even with restricted read access to a Grist-Core document, a…

Overview CVE-2025-64752 describes a medium-severity Server-Side Request Forgery (SSRF) vulnerability affecting grist-core, a spreadsheet hosting server. This vulnerability exists in versions prior to 1.7.7. An authenticated user with access to any document within a Grist installation could leverage a URL fetching feature to initiate requests from the server itself. This allows them to potentially interact with internal resources or external services on behalf of the server, escalating their privileges and potentially compromising the system. Technical Details The vulnerability resides in the way Grist handles URL fetching from user-provided input. Before version 1.7.7, the server directly processes these requests without proper…

Overview CVE-2025-64749 is an information disclosure vulnerability affecting Directus, a real-time API and App dashboard for managing SQL database content. Specifically, versions prior to 11.13.0 are vulnerable. This vulnerability allows unauthorized users to potentially determine the existence of specific collections within the Directus instance by observing subtle differences in error messages returned by the REST API. This can aid attackers in reconnaissance and potentially lead to further exploitation. Technical Details The vulnerability lies in the /items/{collection} API endpoint. Prior to version 11.13.0, Directus returned distinct error messages depending on whether a user attempted to access: An existing collection that the…

Overview CVE-2025-64748 identifies a medium severity vulnerability in Directus, a real-time API and App dashboard used for managing SQL database content. Specifically, versions prior to 11.13.0 are susceptible to a sensitive data enumeration vulnerability. Authenticated users with read permissions can exploit this flaw to potentially identify the existence of records matching concealed/sensitive field values, even though the actual values are masked. Technical Details The vulnerability stems from the ability to search across all fields, including those designated as concealed or sensitive. While the values themselves are masked (displayed as `****`), the system still returns records that match the search criteria.…

Overview A critical security vulnerability, identified as CVE-2025-36236, has been discovered in IBM AIX 7.2, 7.3 and IBM VIOS 3.1, and 4.1 Network Installation Management (NIM) server, formerly known as the NIM master. This vulnerability allows a remote attacker to perform directory traversal, potentially leading to arbitrary file writes on the affected system. The affected service is the `nimesis` daemon. Immediate action is recommended to mitigate this risk. Technical Details The vulnerability stems from insufficient input validation within the `nimesis` service. An attacker can exploit this by crafting a malicious URL request containing directory traversal sequences (e.g., `../`) within the…

Overview A critical vulnerability, identified as CVE-2025-36096, has been discovered in IBM AIX 7.2, 7.3, and IBM VIOS 3.1, 4.1. This flaw exposes Network Installation Management (NIM) private keys, which are stored insecurely. An attacker exploiting this vulnerability using man-in-the-middle techniques could gain unauthorized access to systems within the NIM environment. Technical Details The core issue lies in the way NIM private keys are handled within the affected versions of IBM AIX and VIOS. The private keys, essential for secure communication and authentication within the NIM infrastructure, are stored in a manner that makes them susceptible to interception during network…

Overview CVE-2025-13131 identifies a high-severity vulnerability in Sonarr version 4.0.15.2940. This vulnerability stems from incorrect default permissions resulting from manipulation of an unknown function within the Sonarr.Console.exe file, located at C:\ProgramData\Sonarr\bin\Sonarr.Console.exe. While the vendor acknowledges the vulnerability, they classify it as low severity due to the common practice of using the default service user. Exploitation requires local access. Technical Details The vulnerability resides within an unspecified function of the Sonarr.Console.exe executable. Exploitation involves manipulating this function in a way that causes Sonarr to configure incorrect default permissions. Due to the local access requirement, an attacker would need existing access to…

Overview CVE-2025-64746 describes a medium severity vulnerability in Directus, a real-time API and App dashboard for managing SQL database content. Specifically, versions prior to 11.13.0 do not properly clean up field-level permissions when a field is deleted. This can lead to roles unintentionally gaining access to data they shouldn’t have. Technical Details When a field is removed from a collection in vulnerable versions of Directus, the reference to that field in the permissions table is not deleted. This “stale” reference remains. If a new field is later created using the same name as the deleted field, the new field inadvertently…