Overview A critical SQL Injection vulnerability has been identified in Uniong’s WebITR software, tracked as CVE-2025-13769. This vulnerability allows authenticated remote attackers to inject arbitrary SQL commands. Successful exploitation could lead to unauthorized access to sensitive database information, including user credentials, confidential business data, and other critical assets. This poses a significant risk to organizations using the affected WebITR software. Technical Details CVE-2025-13769 is a SQL Injection vulnerability. Specifically, the vulnerability exists because WebITR does not properly sanitize user-supplied input before using it in SQL queries. An authenticated remote attacker can inject malicious SQL code into input fields, which the…

Overview CVE-2025-13768 is a high-severity authentication bypass vulnerability affecting WebITR, a product developed by Uniong. This vulnerability allows authenticated remote attackers to log into the system as any user by modifying a specific parameter. Exploitation requires prior knowledge of a valid user ID. Technical Details The vulnerability stems from insufficient validation of user identity during the authentication process. An attacker who has already obtained a valid user ID can manipulate a request parameter to impersonate that user and gain unauthorized access to the WebITR system. The specific parameter and method of manipulation are detailed in the TW-Cert advisories. CVSS Analysis…

Overview CVE-2025-66386 is a medium severity vulnerability affecting MISP (Malware Information Sharing Platform) versions prior to 2.5.27. This vulnerability allows a site administrator to perform path traversal when viewing pictures in the app/Model/EventReport.php file, potentially leading to unauthorized access to sensitive files on the server. Technical Details The vulnerability stems from insufficient sanitization of user-supplied input related to file paths when displaying event report pictures. A malicious or compromised site administrator could manipulate the file path to access files outside of the intended directory. This is a classic path traversal vulnerability (also known as directory traversal). Specifically, the view picture…

Overview CVE-2025-66385 is a critical privilege escalation vulnerability affecting Cerebrate versions prior to 1.30. This flaw allows authenticated, non-privileged users to elevate their privileges to higher roles, potentially including administrator, by exploiting the user-edit endpoint. This poses a significant risk to the confidentiality, integrity, and availability of Cerebrate instances. Technical Details The vulnerability resides in the UsersController::edit function within Cerebrate. An authenticated user can manipulate the role_id or organisation_id fields in the edit request. Due to insufficient validation or authorization checks, the system permits the modification of these fields, effectively granting the user a higher role or placing them in…

Overview A high-severity vulnerability, identified as CVE-2025-66384, has been discovered in MISP (Malware Information Sharing Platform) before version 2.5.24. This vulnerability resides in the app/Controller/EventsController.php file and involves insufficient validation of uploaded files, specifically related to the tmp_name parameter. This could allow an attacker to upload malicious files potentially leading to remote code execution or other security compromises. Technical Details The vulnerability stems from inadequate logic in validating the legitimacy of uploaded files within the EventsController.php file. Specifically, the checks performed on the tmp_name, which represents the temporary filename of the uploaded file on the server, are insufficient. An attacker…

Overview CVE-2025-66382 is a low-severity Denial-of-Service (DoS) vulnerability found in libexpat, specifically affecting versions up to 2.7.3. This vulnerability can be triggered by processing a specially crafted XML file, approximately 2 MiB in size, leading to significantly extended processing times, potentially rendering the system unresponsive. Technical Details The vulnerability arises from inefficient processing of certain XML structures within libexpat. A malicious actor can craft an XML file that exploits this inefficiency, causing the library to consume excessive CPU resources and prolong processing time. While the file size is relatively small (around 2 MiB), the crafted structure amplifies the processing burden,…

Overview CVE-2025-66372 describes an XML External Entity (XXE) vulnerability found in Mustang versions prior to 2.16.3. This vulnerability allows a malicious actor to potentially exfiltrate files from the system where the Mustang application is running by crafting a specially designed XML payload. While rated as a low severity issue, understanding and mitigating this risk is crucial for maintaining a secure environment. Technical Details XXE vulnerabilities occur when an XML parser processes external entities in a DTD (Document Type Definition) without proper sanitization or input validation. In the case of Mustang, a vulnerable XML parsing routine allows an attacker to define…

Overview CVE-2025-66371 identifies an XML External Entity (XXE) vulnerability present in Peppol-py versions prior to 1.1.1. This flaw allows attackers to potentially read arbitrary files from the server’s file system during XML invoice validation, potentially exposing sensitive data. This vulnerability arises from insecure configuration of the Saxon XML parser within Peppol-py. Technical Details The vulnerability stems from the Saxon XML parser’s configuration within Peppol-py. Specifically, the parser wasn’t properly configured to prevent external entity resolution. This means that when processing XML-based invoices, the parser could be tricked into resolving external entities defined within the XML document. An attacker could craft…

Overview CVE-2025-66370 identifies an XML External Entity (XXE) injection vulnerability in Kivitendo ERP versions prior to 3.9.2. This flaw allows a remote attacker to potentially read sensitive files from the server’s file system by exploiting the processing of electronic invoices in the ZUGFeRD format. By uploading a crafted, malicious ZUGFeRD invoice, an attacker can inject arbitrary XML entities that instruct the server to access and disclose local files. Technical Details The vulnerability stems from insufficient sanitization of XML input when processing ZUGFeRD invoices. ZUGFeRD is a standard format for electronic invoices in Germany that leverages XML for data representation. The…