Gowri Shankar

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

CVE-2025-64738: Zoom Workplace for macOS – Local Information Disclosure Vulnerability

by

Overview CVE-2025-64738 is a medium severity vulnerability affecting Zoom Workplace for macOS versions prior to 6.5.10. This vulnerability stems from insufficient validation of file names or paths, potentially allowing an authenticated local user to exploit the system and gain access to sensitive information. This is achieved through external control of the file name or path, … Read more

CVE-2025-62483: Zoom Information Disclosure Vulnerability – Update Now!

by

Overview CVE-2025-62483 is a medium severity vulnerability affecting certain Zoom Clients before version 6.5.10. This vulnerability stems from the improper removal of sensitive information, potentially allowing an unauthenticated attacker with network access to disclose sensitive data. It’s crucial to understand the impact and take necessary steps to mitigate this risk. Technical Details The vulnerability lies … Read more

CVE-2025-62482: Unauthenticated XSS Threat in Zoom Workplace for Windows – Upgrade Now!

by

Overview CVE-2025-62482 is a medium-severity cross-site scripting (XSS) vulnerability affecting Zoom Workplace for Windows versions before 6.5.10. This flaw could allow an unauthenticated attacker with network access to inject malicious scripts, potentially impacting the integrity of the application and user data. Technical Details The vulnerability stems from insufficient input sanitization within Zoom Workplace for Windows. … Read more

Zoom Client Vulnerability Spotlight: CVE-2025-30669 – Are Your Meetings Secure?

by

Overview CVE-2025-30669 is a security vulnerability affecting certain Zoom Clients. Discovered and published on November 13, 2025, this flaw stems from improper certificate validation, potentially allowing an unauthenticated attacker with adjacent network access to conduct information disclosure. The severity is rated as MEDIUM, with a CVSS score of 4.8. Technical Details The vulnerability lies in … Read more

Zoom VDI Plugin macOS Installer Vulnerability (CVE-2025-30662): A Security Deep Dive

by

Overview CVE-2025-30662 describes a medium severity vulnerability affecting the Zoom Workplace VDI Plugin macOS Universal installer. Specifically, a symlink following vulnerability exists in versions prior to 6.3.14, 6.4.14, and 6.5.10 of their respective tracks. This vulnerability could allow an authenticated local user to potentially conduct information disclosure via network access. Technical Details The vulnerability stems … Read more

CVE-2025-13119: Critical CSRF Vulnerability Exposes Simple E-Banking System

by

Overview CVE-2025-13119 describes a Cross-Site Request Forgery (CSRF) vulnerability found in Fabian Ros/SourceCodester Simple E-Banking System version 1.0. This flaw allows a remote attacker to potentially execute unauthorized actions on behalf of legitimate users, such as initiating forced withdrawals, if they can trick a user into clicking a malicious link or visiting a compromised website. … Read more

CVE-2025-41069: DeporSite IDOR Vulnerability Exposes User Data

by

Overview CVE-2025-41069 is a security vulnerability identified in DeporSite, a product by T-INNOVA. This vulnerability is classified as an Insecure Direct Object Reference (IDOR). IDOR vulnerabilities occur when an application allows direct access to internal implementation objects based on user-supplied input. This can lead to unauthorized data access or modification. Technical Details The vulnerability exists … Read more

CVE-2025-13116: Critical Look at mall-swarm’s Unauthorized Order Cancellation Flaw

by

Overview CVE-2025-13116 is a medium-severity vulnerability affecting macrozheng’s mall-swarm, specifically versions up to 1.0.3. This vulnerability resides in the cancelUserOrder function located in the /order/cancelUserOrder endpoint. An attacker can exploit this flaw by manipulating the orderId parameter, leading to improper authorization and potentially allowing the cancellation of orders belonging to other users. A proof-of-concept exploit … Read more

CVE-2025-13115: Unauthorized Order Access in macrozheng mall-swarm

by

Overview CVE-2025-13115 describes a medium severity improper authorization vulnerability found in macrozheng mall-swarm up to version 1.0.3. This flaw allows an attacker to potentially access order details without proper authorization by manipulating the orderId parameter within the /order/detail/ endpoint. This vulnerability can be exploited remotely and has a publicly available exploit, increasing the risk of … Read more

CVE-2025-13114: Critical Authorization Flaw Threatens macrozheng mall-swarm Users

by

Overview CVE-2025-13114 is a medium severity vulnerability affecting macrozheng’s mall-swarm, specifically versions up to 1.0.3. This vulnerability allows for improper authorization when updating attributes via the updateAttr function in the /cart/update/attr file. A remote attacker can exploit this flaw, potentially leading to unauthorized modification of cart attributes and possibly affecting order processing and pricing. The … Read more