Overview A critical command injection vulnerability, identified as CVE-2025-14106, has been discovered in ZSPACE Q2C NAS devices up to version 1.1.0210050. This vulnerability allows a remote attacker to execute arbitrary commands on the affected system. The vendor was notified of the issue but has not yet responded. The exploit is publicly available, increasing the risk of exploitation. Technical Details The vulnerability resides in the zfilev2_api.CloseSafe function within the /v2/file/safe/close endpoint, which handles HTTP POST requests. By manipulating the safe_dir argument, an attacker can inject arbitrary commands that will be executed with the privileges of the web server process. This attack…

Overview A critical vulnerability, identified as CVE-2025-13426, has been discovered in Google Apigee’s JavaCallout policy. This vulnerability allows for remote code execution (RCE), potentially enabling attackers to compromise systems and data within your Apigee environment. Google has released patches to address this issue in several Apigee hybrid and OPDK versions. Immediate action is recommended to upgrade to a patched version. Technical Details CVE-2025-13426 stems from the potential for malicious code injection through the JavaCallout policy. Specifically, a crafted JavaCallout can inject a malicious object into the MessageContext. This allows for the execution of arbitrary Java code and operating system commands…

Overview This article provides a detailed analysis of CVE-2025-8148, a medium-severity vulnerability affecting Fortra’s GoAnywhere MFT (Managed File Transfer) platform. This improper access control flaw in the SFTP service allows unauthorized access under specific circumstances, potentially leading to data breaches and security compromises. Technical Details CVE-2025-8148 resides in the SFTP service of GoAnywhere MFT versions prior to 7.9.0. The vulnerability occurs when a Web User is configured with an Authentication Alias and possesses a valid SSH key. While the user might be restricted to Password authentication for SFTP, the system incorrectly allows them to bypass this restriction and authenticate using…

Overview CVE-2025-14105 details a medium severity vulnerability affecting TOZED ZLT M30S and ZLT M30S PRO routers running firmware versions 1.47/3.09.06. This vulnerability allows an attacker within the local network to cause a denial-of-service (DoS) condition by manipulating a specific request to the router’s web interface. The vendor has been contacted but has not provided a response or fix. Technical Details The vulnerability exists in the /reqproc/proc_post component of the router’s web interface. By manipulating the goformId argument with the value REBOOT_DEVICE, an attacker can trigger a reboot of the device, effectively causing a denial of service. This attack is exploitable…

Overview A high-severity vulnerability, identified as CVE-2025-66624, has been discovered in the BACnet Protocol Stack library. This library provides BACnet application layer, network layer, and media access (MAC) layer communication services. The vulnerability exists in versions prior to 1.5.0.rc2 and could lead to a Denial-of-Service (DoS) condition. This article provides a detailed analysis of the vulnerability, its potential impact, and recommended mitigation steps. Technical Details The vulnerability resides within the npdu_is_expected_reply function located in src/bacnet/npdu.c. The function improperly indexes request_pdu[offset+2/3/5] and reply_pdu[offset+1/2/4] without first verifying that those Application Protocol Data Unit (APDU) bytes actually exist within the received packet. Specifically,…

Overview A high-severity vulnerability, identified as CVE-2025-66623, has been discovered in Strimzi, a Kubernetes Operator for running Apache Kafka. This vulnerability affects Strimzi versions 0.47.0 and prior to 0.49.1. It could allow Apache Kafka Connect and Apache Kafka MirrorMaker 2 operands to gain unauthorized read access to all Kubernetes Secrets within the namespace where they are deployed. Technical Details The vulnerability stems from an incorrectly configured Kubernetes Role created by Strimzi during the deployment of Kafka Connect and Kafka MirrorMaker 2 clusters. Specifically, the Role inadvertently grants the get verb to all Kubernetes Secrets within the target namespace. This means…

Overview A significant security vulnerability, identified as CVE-2025-66581, has been discovered in Frappe Learning Management System (LMS). This flaw, present in versions prior to 2.41.0, allowed authenticated users with low-level privileges to execute actions typically reserved for instructors or administrators. This privilege escalation was possible due to insufficient server-side authorization checks, relying instead on client-side controls that could be bypassed. Technical Details CVE-2025-66581 stems from a weakness in the server-side authorization logic of Frappe LMS. The affected endpoints lacked proper permission enforcement on the server. Client-side or UI-level checks, which are easily manipulable, were the primary means of restricting access…

Overview CVE-2025-66577 is a medium severity vulnerability found in cpp-httplib, a C++11 single-file header-only cross platform HTTP/HTTPS library. This vulnerability allows attackers to manipulate server-side logs by injecting malicious values into the X-Forwarded-For and X-Real-IP headers. Specifically, the get_client_ip() function in docker/main.cc unconditionally accepts these headers, leading to log poisoning and potential audit evasion. Technical Details The vulnerability arises because the get_client_ip() function within the cpp-httplib library does not properly validate or sanitize the X-Forwarded-For and X-Real-IP HTTP headers. An attacker can craft HTTP requests that include arbitrary values in these headers. These values are then directly used by the…

Overview CVE-2025-66570 identifies a critical vulnerability in cpp-httplib, a C++11 single-file header-only cross-platform HTTP/HTTPS library. This vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. It has been assigned a CVSS score of 10, indicating its severity. Technical Details The vulnerability arises from how cpp-httplib handles incoming HTTP headers. An attacker can inject headers with names such as REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, and LOCAL_PORT. These headers are parsed and stored in the request header multimap through the read_headers() function in httplib.h. The server then appends its own internal metadata using the same header names during the Server::process_request…

Overview CVE-2025-46603 is a high-severity vulnerability affecting Dell CloudBoost Virtual Appliance, versions 19.13.0.0 and prior. This vulnerability stems from an improper restriction of excessive authentication attempts, potentially allowing an unauthenticated attacker with remote access to gain unauthorized access to the system. Technical Details The vulnerability resides in the authentication mechanism of the Dell CloudBoost Virtual Appliance. Specifically, the system fails to adequately limit the number of authentication attempts. This allows an attacker to potentially launch a brute-force attack or other credential stuffing techniques to bypass authentication and gain unauthorized access. The lack of account lockout or rate limiting on failed…