Overview A medium severity vulnerability, identified as CVE-2025-64703, has been discovered in MaxKB, an open-source AI assistant for enterprise. This vulnerability affects versions prior to 2.3.1 and allows a malicious user to potentially extract sensitive information through the execution of Python code within the tool module. While the code is intended to run within a sandbox, a flaw allows for a sandbox escape, leading to unauthorized data access. Users of MaxKB are strongly advised to upgrade to version 2.3.1 as soon as possible to remediate this security risk. Technical Details The vulnerability stems from insufficient security measures in the sandbox…

Overview CVE-2025-64511 is a high-severity security vulnerability affecting MaxKB, an open-source AI assistant for enterprise. This vulnerability allows a malicious user to bypass the intended sandbox environment and gain unauthorized access to internal network services, such as databases. This can be achieved by exploiting Python code execution within the tool module. The vulnerability exists in MaxKB versions prior to 2.3.1. Users are strongly advised to upgrade to version 2.3.1 or later to mitigate this risk. Technical Details The vulnerability stems from insufficient input validation and inadequate restrictions on the Python code that can be executed within MaxKB’s tool module. Although…

Overview CVE-2025-60689 is a critical security vulnerability affecting Linksys E1200 v2 routers running firmware version E1200_v2.0.11.001_us.tar.gz. This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on the affected device. The root cause lies in insufficient input sanitization within the Start_EPI function of the httpd binary. Technical Details The vulnerability stems from the way the Start_EPI function handles user-supplied CGI parameters. Specifically, the following parameters are vulnerable: wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip, and ttcp_size. These parameters are directly concatenated into system command strings without proper validation or sanitization. The resulting command string is then executed via the wl_exec_cmd function. Because…

Overview A critical security vulnerability, identified as CVE-2025-60688, affects ToToLink LR1200GB and NR1800X routers. This vulnerability is a stack buffer overflow located within the cstecgi.cgi binary, specifically in the setDefResponse function. Exploitation of this vulnerability could allow unauthenticated attackers to execute arbitrary code or cause memory corruption on the affected devices. This article provides a detailed analysis of the vulnerability, its potential impact, and recommended mitigation steps. Technical Details The vulnerability arises from the use of the strcpy() function within the setDefResponse function of the cstecgi.cgi binary. The function processes the “IpAddress” parameter received from web requests. Crucially, strcpy() copies…

Overview CVE-2025-60687 is a medium-severity unauthenticated command injection vulnerability affecting the ToToLink LR1200GB Router running firmware version V9.1.0u.6619_B20230130. This flaw allows attackers to execute arbitrary commands on the router without needing any credentials. This vulnerability stems from improper input validation in the cstecgi.cgi binary, specifically within the sub_41EC68 function. Exploitation can lead to complete compromise of the device. Technical Details The vulnerability lies in the way the router handles the “imei” parameter within web requests. The cstecgi.cgi binary receives this parameter and performs a rudimentary check, verifying only that the input is 15 characters in length. Critically, it fails to…

Overview CVE-2025-60686 is a medium severity vulnerability affecting specific models of ToToLink routers. This vulnerability is a stack-based buffer overflow found in the infostat.cgi and cstecgi.cgi binaries. Successful exploitation could lead to denial of service or, potentially, arbitrary code execution. Affected models include: A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X V9.1.0u.6681_B20230703. Technical Details The vulnerability resides in the way the infostat.cgi and cstecgi.cgi programs parse the contents of /proc/net/arp. These programs use the sscanf() function with the "%s" format specifier to read data into fixed-size stack buffers. Critically, there is no length validation performed on the input, making it susceptible to…

Overview CVE-2025-60685 is a medium-severity stack buffer overflow vulnerability affecting ToToLink A720R routers running firmware version V4.1.5cu.614_B20230630. This flaw resides within the sysconf binary and allows a malicious actor with filesystem write privileges to potentially execute arbitrary code on the vulnerable device. This article provides a detailed analysis of the vulnerability, its potential impact, and recommended mitigation strategies. Technical Details The vulnerability stems from the sub_401EE0 function within the sysconf binary. The function reads the /proc/stat file using fgets() into a local buffer. Subsequently, it attempts to parse a line from this buffer using sscanf() and the %s format specifier,…

Overview CVE-2025-60684 is a medium-severity vulnerability affecting specific versions of ToToLink routers. This vulnerability allows an unauthenticated attacker to potentially execute arbitrary code or cause memory corruption due to a stack buffer overflow in the web interface. Technical Details The vulnerability resides within the cstecgi.cgi binary, specifically the sub_42F32C function. The web interface processes the “lang” parameter, using it to construct Help URL strings. The sprintf() function is used to build these strings into fixed-size stack buffers. However, there’s a critical lack of input validation on the length of the “lang” parameter. A maliciously crafted, overly long “lang” value can…

Overview A critical command injection vulnerability, identified as CVE-2025-60682, has been discovered in the ToToLink A720R Router running firmware version V4.1.5cu.614_B20230630. This flaw allows an unauthenticated remote attacker to execute arbitrary commands on the affected device. The vulnerability stems from insufficient input validation within the cloud update functionality. Technical Details The vulnerability resides in the cloudupdate_check binary, specifically within the sub_402414 function. This function processes parameters related to cloud updates. The issue arises because the magicid and url values provided by a user are directly concatenated into shell commands without any sanitization or escaping. This allows an attacker to inject…

Overview A significant security vulnerability, identified as CVE-2025-13120, has been discovered in mruby, affecting versions up to and including 3.4.0. This vulnerability is a use-after-free issue located within the sort_cmp function of the src/array.c file. Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code or cause a denial-of-service condition. Technical Details The vulnerability arises from improper memory management within the sort_cmp function when handling array sorting operations. Specifically, the code may attempt to access or manipulate memory that has already been freed, leading to unpredictable behavior. The vulnerability is triggered when processing specially crafted array…