Gowri Shankar Infosec

Overview A severe security vulnerability, identified as CVE-2025-63225, has been discovered in the Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX). This vulnerability stems from a broken access control implementation, allowing unauthenticated attackers to access and manipulate sensitive system functionalities. Technical Details The Eurolab ELTS100_UBX device suffers from a critical flaw: missing authentication on critical administrative endpoints. … Read more

Overview A security vulnerability, identified as CVE-2025-61664, has been discovered in the GRUB2 bootloader. This flaw is categorized as a Use-After-Free (UAF) issue within the `normal` module. Specifically, the `normal_exit` command isn’t properly unregistered when its associated module is unloaded. This can be exploited by an attacker to trigger a system crash or potentially compromise … Read more

Overview CVE-2025-61663 is a vulnerability affecting the GRUB2 bootloader. This flaw is classified as a Use-after-Free vulnerability within the ‘normal’ command. If exploited, it allows an attacker with the ability to execute the ‘normal’ command to trigger a Denial of Service (DoS) condition, potentially leading to system instability and a complete crash. Technical Details The … Read more

Overview CVE-2025-61662 is a medium-severity Use-After-Free vulnerability affecting the gettext module in GRUB (GRand Unified Bootloader). This flaw can be exploited to cause a denial-of-service (DoS) condition. The vulnerability was published on 2025-11-18T19:15:50.203. Technical Details The core of this vulnerability lies in a programming error within GRUB’s gettext module. Specifically, the gettext command remains registered … Read more

Overview CVE-2025-61661 describes a medium severity vulnerability in the GRUB (Grand Unified Bootloader) component. This flaw allows a local attacker to potentially cause a denial-of-service (DoS) condition and possibly data corruption. The vulnerability stems from improper handling of string conversions when GRUB reads information from USB devices. Technical Details The vulnerability arises because GRUB mishandles … Read more

Overview CVE-2025-60455 describes an unsafe deserialization vulnerability found in Modular Max Serve versions prior to 25.6. This vulnerability is specifically triggered when the –experimental-enable-kvcache-agent feature is enabled. An attacker can exploit this flaw to execute arbitrary code on the affected system. Technical Details The vulnerability resides within the kvcache_agent component of Modular Max Serve. When … Read more

Overview CVE-2025-56499 describes an incorrect access control vulnerability present in mihomo version 1.19.11. This flaw allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges. The vulnerability is triggered by obtaining the external control key from the config file, which then allows for unauthorized file access. Technical Details The vulnerability stems from … Read more

Overview CVE-2025-54771 is a medium-severity use-after-free vulnerability identified in the GNU GRUB (Grand Unified Bootloader). This flaw can be exploited to cause a denial-of-service condition and potentially compromise data integrity or confidentiality. Technical Details The vulnerability stems from an incorrect memory management process within GNU GRUB’s file-closing routine. Specifically, the file-closing process fails to properly … Read more

Published: 2025-11-18T19:15:49.200 Overview A critical vulnerability, identified as CVE-2025-54770, has been discovered in the GRUB2 bootloader’s network module. This flaw presents a Denial of Service (DoS) risk, potentially leading to system instability and downtime. This article provides a comprehensive analysis of the vulnerability, its potential impact, and recommended mitigation strategies. Technical Details CVE-2025-54770 is a … Read more

Overview CVE-2025-54321 identifies a vulnerability in Ascertia SigningHub, specifically affecting versions up to 8.6.8. This vulnerability stems from a lack of proper rate limiting on the password reset function. As a result, an attacker with valid (or potentially even invalid) usernames can repeatedly trigger password reset requests, leading to an email bombing attack against targeted … Read more