Overview CVE-2025-63499 describes a Cross-Site Scripting (XSS) vulnerability found in Alinto Sogo version 5.12.3. This vulnerability allows attackers to inject arbitrary web scripts into the web pages viewed by other users. The specific attack vector lies within the theme parameter of the Sogo application. Technical Details The vulnerability exists due to insufficient sanitization of user-supplied input within the theme parameter. An attacker can craft a malicious URL containing JavaScript code within this parameter. When a user clicks on this crafted URL, the injected JavaScript code executes in their browser, potentially allowing the attacker to steal cookies, redirect the user to…

Published: 2025-12-04 Overview CVE-2025-29269 details a command injection vulnerability discovered in ALLNET ALL-RUT22GW v3.3.8 industrial LTE cellular routers. The vulnerability resides in the `popen.cgi` endpoint and can be exploited via the `command` parameter. This allows attackers to inject and execute arbitrary OS commands on the affected device. Technical Details The `popen.cgi` endpoint is intended to execute specific commands on the router. However, insufficient input validation on the `command` parameter allows an attacker to inject malicious code alongside the intended command. This injected code is then executed with the privileges of the web server process, potentially granting the attacker complete control…

Overview CVE-2025-29268 details a critical security vulnerability discovered in ALLNET ALL-RUT22GW v3.3.8 industrial LTE cellular routers. The vulnerability stems from the presence of hardcoded credentials within the libicos.so library. This allows unauthorized access and potential compromise of affected devices. Technical Details The specific flaw resides in the libicos.so library, which is a crucial component of the router’s firmware. Security researchers discovered that this library contains static, hardcoded credentials used for authentication. An attacker who obtains these credentials can remotely access and control the router, potentially gaining access to sensitive data, modifying configurations, or using the router as a point of…

Overview An Insecure Direct Object Reference (IDOR) vulnerability, tracked as CVE-2025-12997, has been discovered in the Medtronic CareLink Network. This vulnerability could allow an authenticated attacker, possessing specific device and user information, to potentially access sensitive user data by crafting and submitting malicious web requests to a vulnerable API endpoint. Technical Details The vulnerability stems from insufficient authorization checks within the CareLink Network’s API. An attacker who already has legitimate access to some device and user data can potentially manipulate identifiers in API requests to access data belonging to other users or devices that they are not authorized to view.…

Overview A medium-severity security vulnerability, identified as CVE-2025-12996, has been discovered in the Medtronic CareLink Network. This flaw allows a local attacker with access to log files on an internal API server to potentially view plaintext passwords under specific error logging conditions. The vulnerability affects CareLink Network versions prior to December 4, 2025. Technical Details The vulnerability stems from the logging of sensitive data, specifically plaintext passwords, in error logs generated by an internal API server within the Medtronic CareLink Network. If an error condition occurs related to password authentication or processing, the system might unintentionally include the password value…

Overview A critical security vulnerability, identified as CVE-2025-12995, has been discovered in the Medtronic CareLink Network. This vulnerability allows an unauthenticated remote attacker to perform a brute-force attack on an API endpoint. Successful exploitation of this vulnerability could allow the attacker to determine a valid password under certain circumstances. This vulnerability affects CareLink Network versions prior to December 4, 2025. Technical Details The vulnerability resides in a publicly accessible API endpoint within the Medtronic CareLink Network. The endpoint lacks sufficient rate limiting or account lockout mechanisms, making it susceptible to brute-force attacks. An attacker can repeatedly send password guesses to…

Overview A medium severity vulnerability, identified as CVE-2025-12994, has been discovered in the Medtronic CareLink Network. This flaw allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint. This could potentially be exploited to determine valid user accounts within the system. This issue affects CareLink Network versions prior to the update released on December 4, 2025. Technical Details CVE-2025-12994 stems from insufficient access control on an API endpoint within the Medtronic CareLink Network. An attacker can leverage this weakness to probe the system for valid usernames by repeatedly sending requests to the vulnerable endpoint…

Overview CVE-2025-12097 is a high-severity relative path traversal vulnerability affecting the NI System Web Server. This vulnerability, present in versions 2012 and prior, allows a remote attacker to potentially read arbitrary files on the server by sending a specially crafted request. This could lead to sensitive information disclosure, posing a significant risk to affected systems. Technical Details The vulnerability stems from improper input validation within the NI System Web Server’s handling of file requests. By exploiting a relative path traversal vulnerability, an attacker can manipulate the requested file path using “..” sequences, allowing them to navigate outside the intended web…

Overview CVE-2025-65945 identifies a high-severity vulnerability in the auth0/node-jws library, a JSON Web Signature (JWS) implementation for Node.js. This vulnerability, affecting versions 3.2.2 and earlier, as well as version 4.0.0, could allow attackers to bypass signature verification when using the HS256 algorithm under specific conditions. This article provides a detailed analysis of the vulnerability, including technical details, its potential impact, and recommended mitigation steps. Technical Details The vulnerability stems from improper signature verification within the jws.createVerify() function when used for HMAC algorithms (like HS256). Specifically, the issue arises when: Applications utilize jws.createVerify() with HMAC algorithms. User-provided data from the JSON…

Overview CVE-2025-65637 is a denial-of-service (DoS) vulnerability affecting the popular Go logging library, github.com/sirupsen/logrus. This vulnerability can be exploited by sending a specially crafted log message, leading to application unavailability. Specifically, if you’re using `Entry.Writer()` to log very long single-line messages (larger than 64KB) without newline characters, you are susceptible. Technical Details The vulnerability stems from how Logrus handles large log messages when using `Entry.Writer()`. Internally, Logrus utilizes `bufio.Scanner` to read the input. `bufio.Scanner` has a default maximum token size. When a single log line exceeds this size (64KB), the `bufio.Scanner` encounters a “token too long” error. This error causes…