Cybersecurity Vulnerabilities

Overview CVE-2025-64714 identifies a medium-severity Local File Inclusion (LFI) vulnerability affecting PrivateBin, an open-source, zero-knowledge pastebin. Specifically, versions 1.7.7 and prior to 2.0.3 are vulnerable. This flaw allows unauthenticated attackers to potentially read sensitive files on the server or, in certain circumstances, achieve remote code execution (RCE). Technical Details The vulnerability resides in the template-switching … Read more

Overview A medium severity vulnerability, identified as CVE-2025-64703, has been discovered in MaxKB, an open-source AI assistant for enterprise. This vulnerability affects versions prior to 2.3.1 and allows a malicious user to potentially extract sensitive information through the execution of Python code within the tool module. While the code is intended to run within a … Read more

Overview CVE-2025-64511 is a high-severity security vulnerability affecting MaxKB, an open-source AI assistant for enterprise. This vulnerability allows a malicious user to bypass the intended sandbox environment and gain unauthorized access to internal network services, such as databases. This can be achieved by exploiting Python code execution within the tool module. The vulnerability exists in … Read more

Overview CVE-2025-60689 is a critical security vulnerability affecting Linksys E1200 v2 routers running firmware version E1200_v2.0.11.001_us.tar.gz. This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on the affected device. The root cause lies in insufficient input sanitization within the Start_EPI function of the httpd binary. Technical Details The vulnerability stems from the way the … Read more

Overview A critical security vulnerability, identified as CVE-2025-60688, affects ToToLink LR1200GB and NR1800X routers. This vulnerability is a stack buffer overflow located within the cstecgi.cgi binary, specifically in the setDefResponse function. Exploitation of this vulnerability could allow unauthenticated attackers to execute arbitrary code or cause memory corruption on the affected devices. This article provides a … Read more

Overview CVE-2025-60687 is a medium-severity unauthenticated command injection vulnerability affecting the ToToLink LR1200GB Router running firmware version V9.1.0u.6619_B20230130. This flaw allows attackers to execute arbitrary commands on the router without needing any credentials. This vulnerability stems from improper input validation in the cstecgi.cgi binary, specifically within the sub_41EC68 function. Exploitation can lead to complete compromise … Read more

Overview CVE-2025-60686 is a medium severity vulnerability affecting specific models of ToToLink routers. This vulnerability is a stack-based buffer overflow found in the infostat.cgi and cstecgi.cgi binaries. Successful exploitation could lead to denial of service or, potentially, arbitrary code execution. Affected models include: A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X V9.1.0u.6681_B20230703. Technical Details The vulnerability resides … Read more

Overview CVE-2025-60685 is a medium-severity stack buffer overflow vulnerability affecting ToToLink A720R routers running firmware version V4.1.5cu.614_B20230630. This flaw resides within the sysconf binary and allows a malicious actor with filesystem write privileges to potentially execute arbitrary code on the vulnerable device. This article provides a detailed analysis of the vulnerability, its potential impact, and … Read more

Overview CVE-2025-60684 is a medium-severity vulnerability affecting specific versions of ToToLink routers. This vulnerability allows an unauthenticated attacker to potentially execute arbitrary code or cause memory corruption due to a stack buffer overflow in the web interface. Technical Details The vulnerability resides within the cstecgi.cgi binary, specifically the sub_42F32C function. The web interface processes the … Read more

Overview A critical command injection vulnerability, identified as CVE-2025-60682, has been discovered in the ToToLink A720R Router running firmware version V4.1.5cu.614_B20230630. This flaw allows an unauthenticated remote attacker to execute arbitrary commands on the affected device. The vulnerability stems from insufficient input validation within the cloud update functionality. Technical Details The vulnerability resides in the … Read more