Overview CVE-2025-64656 is a critical security vulnerability affecting Application Gateway. This vulnerability is an out-of-bounds read which, if exploited, allows an unauthorized attacker to elevate privileges within the network where the vulnerable Application Gateway is deployed. Given the potential for significant impact, prompt action is required to mitigate this risk. Technical Details The vulnerability stems from insufficient bounds checking when processing specific types of network traffic within the Application Gateway. An attacker can craft a malicious packet that, when processed by the gateway, causes it to read memory beyond the allocated buffer. This out-of-bounds read can leak sensitive information, potentially…

Overview CVE-2025-66019 describes a memory exhaustion vulnerability affecting pypdf, a popular Python library for PDF manipulation. Prior to version 6.4.0, a specially crafted PDF file could trigger excessive memory usage when parsing its content stream using the LZWDecode filter. This vulnerability could lead to denial-of-service (DoS) conditions if exploited. Technical Details The vulnerability lies within the LZWDecode filter implementation within pypdf. An attacker can create a PDF document with a malicious content stream that, when processed by pypdf versions before 6.4.0, leads to the allocation of up to 1GB of memory per stream. This occurs during the decompression process of…

Overview CVE-2025-65963 is a medium severity vulnerability affecting the CFiles module in HumHub, a free social network software. Specifically, it impacts versions prior to 0.16.11 and 0.17.2. This vulnerability allows non-member users to create new folders and upload files as a ZIP archive in public spaces due to insufficient authorization checks. Private spaces are not affected. Technical Details The root cause of this vulnerability lies in the inadequate authorization mechanisms within the CFiles module. When handling requests to create folders or upload files in public spaces, the system fails to properly verify if the user making the request is a…

Overview CVE-2025-65957 identifies a vulnerability in Core Bot, an open-source Discord bot designed for Maple Hospital servers. Prior to commit dffe050, sensitive API keys, including `SUPABASE_API_KEY` and `TOKEN`, could be inadvertently exposed due to improper handling in error messages, summaries, and webhook configurations. This vulnerability has been addressed with the aforementioned commit. Technical Details Core Bot utilizes environment variables to store sensitive API keys. The vulnerability stemmed from the bot’s code failing to properly redact these keys when generating summaries, error messages, or interacting with webhooks. Specifically, under certain error conditions or when creating log entries, the values of the…

Overview CVE-2025-65956 details a stored Cross-Site Scripting (XSS) vulnerability affecting Formwork, a flat file-based Content Management System (CMS). This vulnerability exists in versions prior to 2.2.0. By injecting unsanitized data into the blog tag field, an attacker can execute arbitrary JavaScript code in the browser of any Formwork CMS user who accesses or edits the compromised blog post. This persistent XSS vulnerability can severely impact privileged administrative workflows. Technical Details The vulnerability stems from the lack of proper input sanitization when processing data entered into the blog tag field within the Formwork CMS. An attacker with the necessary permissions (typically…

Overview A critical Heap-Use-After-Free (UAF) vulnerability, identified as CVE-2025-65953, has been discovered in the NanoMQ MQTT Broker (NanoMQ), an all-around Edge Messaging Platform. This vulnerability affects versions prior to 0.22.5. The root cause lies within the TCP transport component of NanoMQ, specifically interacting with the underlying NanoNNG library. Technical Details The vulnerability is located in src/sp/transport/mqtt/broker_tcp.c of the NanoNNG library. It stems from improper resource management and premature cleanup of message and pipe structures. This occurs under specific conditions involving malformed MQTTV5 retain message traffic. Essentially, when NanoMQ processes certain types of malformed MQTTV5 retain messages, it may prematurely free…

Overview A path traversal vulnerability, identified as CVE-2025-65952, has been discovered in the “Console” software, a network tool used to manage Gorilla Tag mods and users. Prior to version 2.8.0, attackers could leverage carefully crafted combinations of backslashes and periods to bypass security measures and write files to unauthorized directories on the system running the console. This vulnerability has been addressed in version 2.8.0 of the Console software. Technical Details The path traversal vulnerability stems from insufficient input validation when handling file paths within the Console application. By exploiting this flaw, a malicious actor could potentially overwrite critical system files,…

Overview This article discusses CVE-2025-65942, a low-severity Denial-of-Service (DoS) vulnerability affecting VictoriaMetrics, a scalable time series database. The vulnerability stems from improper handling of snappy-compressed data, potentially leading to excessive memory usage and service disruption. Technical Details VictoriaMetrics versions 1.0.0 through 1.110.22, 1.111.0 through 1.122.7, and 1.123.0 through 1.129.0 are susceptible to DoS attacks. The snappy decoder in these versions does not properly enforce request size limits. This allows attackers to send malformed snappy blocks, triggering excessive memory allocation. As a result, the VictoriaMetrics instance can experience Out-of-Memory (OOM) errors and become unstable or unavailable. The fix implemented in versions…

Overview CVE-2025-64713 describes an out-of-bounds array access vulnerability found in the WebAssembly Micro Runtime (WAMR), specifically affecting versions prior to 2.4.4. This flaw resides within WAMR’s fast interpreter mode during WASM bytecode loading. Exploitation of this vulnerability could potentially lead to denial-of-service (DoS) or, in more severe scenarios, arbitrary code execution. Technical Details The vulnerability arises when handling GET_GLOBAL(I32) opcodes in conjunction with the if opcode within the WASM bytecode. Specifically, the frame_ref_bottom and frame_offset_bottom arrays are involved in managing stack frames. When frame_ref_bottom and frame_offset_bottom arrays are at capacity and a GET_GLOBAL(I32) opcode is encountered, frame_ref_bottom is expanded. However,…

Overview CVE-2025-64704 is a medium severity vulnerability affecting WebAssembly Micro Runtime (WAMR), a lightweight standalone WebAssembly (Wasm) runtime. Specifically, versions prior to 2.4.4 are susceptible to a segmentation fault triggered by the v128.store instruction. This vulnerability could lead to denial-of-service (DoS) or potentially more severe consequences depending on the context in which WAMR is used. Technical Details The vulnerability lies in the handling of the v128.store instruction within WAMR. This instruction is used to store a 128-bit vector value in memory. Due to an error in the implementation prior to version 2.4.4, processing a crafted v128.store instruction can cause WAMR…