Overview CVE-2025-64067 details a significant data exposure vulnerability within the Primakon Pi Portal version 1.0.18. Specifically, the API endpoints responsible for retrieving object-specific data (like user profiles and project records) lack sufficient server-side validation to confirm the requesting user’s authorization to access the requested data. This can lead to unauthorized access to sensitive personal and organizational information. Technical Details The vulnerability can be exploited in two primary ways: Direct ID Manipulation (IDOR): By manipulating the ID parameter (e.g., user_id, project_id) in API requests, an attacker can potentially access objects and data belonging to other users. For example, changing user_id from…

Overview CVE-2025-64065 describes a severe vulnerability affecting the Primakon Pi Portal version 1.0.18. This flaw allows an authenticated, low-privileged user to impersonate any other user, including administrators, due to insufficient server-side validation in the /api/V2/pp_udfv_admin API endpoint. This effectively bypasses access controls and grants unauthorized access to sensitive functionalities. Technical Details The root cause of this vulnerability lies in two key issues: Broken Function Level Authorization: The /api/V2/pp_udfv_admin endpoint lacks proper privilege checks. The system fails to verify whether the user making the request has the necessary permissions to perform user impersonation (LoginAs). Insecure Design: The system allows a user…

Overview CVE-2025-64064 is a critical vulnerability affecting Primakon Pi Portal version 1.0.18. This vulnerability allows low-privileged users to escalate their privileges to administrator level by exploiting a weakness in the access control mechanism within the `/api/v2/pp_users` endpoint. Specifically, the application fails to properly validate user permissions before processing PATCH requests aimed at modifying the `PP_SECURITY_PROFILE_ID`. Technical Details The vulnerability lies in the insufficient access control checks performed when handling PATCH requests to the `/api/v2/pp_users` endpoint. A low-level user can craft a malicious request containing `PP_SECURITY_PROFILE_ID=2` within the request body. Due to the lack of proper validation, the application will incorrectly…

Overview CVE-2025-64063 identifies a significant security vulnerability in Primakon Pi Portal version 1.0.18. This flaw allows standard users to bypass UI restrictions and directly interact with administrative API endpoints. By crafting direct HTTP requests, attackers can manipulate data beyond their authorized scope, leading to unauthorized account modification, confidential data access, and ultimately, privilege escalation. Technical Details The core of the vulnerability lies in the insufficient authorization checks within the Pi Portal’s API. A standard user can send direct HTTP requests to administrative endpoints, effectively circumventing the intended user interface controls. Specific attack vectors include: Unauthorized Account Modification: Attackers can modify…

Overview CVE-2025-61168 describes a critical security vulnerability affecting SIGB PMB (Professional Management of Bibliographic records) version 8.0.1.14. Specifically, an issue exists in the cms_rest.php component that allows unauthenticated attackers to execute arbitrary code by unserializing a malicious file. This vulnerability stems from the lack of proper input validation and sanitization during the unserialization process. Technical Details The vulnerability resides within the cms_rest.php file. The application processes user-supplied data through the unserialize() function without adequate validation. An attacker can craft a serialized PHP object containing malicious code, which, when unserialized by the application, results in arbitrary code execution on the server.…

Overview CVE-2025-61167 details critical SQL injection vulnerabilities identified in SIGB PMB (Public Mediatheque Benchmark) version 8.0.1.14. These vulnerabilities reside in the /opac_css/ajax_selector.php component and can be exploited via the id and datas parameters. Successful exploitation could allow attackers to execute arbitrary SQL queries, potentially leading to data breaches, modification of sensitive information, or even complete system compromise. This article provides a technical analysis, potential impact assessment, and recommended mitigation strategies. Technical Details The vulnerability exists due to insufficient sanitization of user-supplied input passed to the id and datas parameters in the /opac_css/ajax_selector.php file. An attacker can inject malicious SQL code…

Overview A critical security vulnerability, identified as CVE-2025-34350, has been discovered in UnForm Server versions prior to 10.1.15. This vulnerability allows unauthenticated attackers to read arbitrary files on the server and potentially coerce the server into initiating outbound SMB authentication. Exploitation of this flaw can lead to sensitive information disclosure and, in some environments, facilitate lateral movement within the network. Immediate action is recommended to mitigate this risk. Technical Details The vulnerability resides within the ‘arc’ endpoint of the Doc Flow feature. The Doc Flow module uses this endpoint to retrieve and render resources based on the user-supplied ‘pp’ parameter.…

Overview CVE-2025-65085 describes a heap-based buffer overflow vulnerability found in several Ashlar-Vellum products, including Cobalt, Xenon, Argon, Lithium, and Cobalt Share. The vulnerability affects versions 12.6.1204.207 and prior. Successful exploitation of this vulnerability could allow an attacker to potentially disclose sensitive information or execute arbitrary code on the affected system. Technical Details The root cause of CVE-2025-65085 is a heap-based buffer overflow. This occurs when a program attempts to write data beyond the allocated boundaries of a heap-allocated buffer. By carefully crafting input, an attacker can overwrite adjacent memory locations on the heap. This could lead to: Information Disclosure: Overwriting…

Overview An Out-of-Bounds Write vulnerability, identified as CVE-2025-65084, has been discovered in multiple Ashlar-Vellum products, specifically Cobalt, Xenon, Argon, Lithium, and Cobalt Share. The affected versions include 12.6.1204.207 and all prior releases. This vulnerability poses a significant risk as it could allow a malicious actor to potentially disclose sensitive information or, more severely, execute arbitrary code on the affected system. This blog post details the vulnerability, its impact, and recommended mitigation strategies. Technical Details The vulnerability stems from an Out-of-Bounds Write error within the affected Ashlar-Vellum products. Out-of-Bounds Write vulnerabilities occur when a program writes data beyond the allocated buffer.…

Overview A critical security vulnerability, identified as CVE-2025-64066, has been discovered in Primakon Pi Portal version 1.0.18. This vulnerability stems from a Broken Access Control issue within the REST API, specifically affecting the /api/v2/user/register endpoint. This allows unauthenticated attackers to register new user accounts directly in the application’s local database, bypassing the intended security mechanisms. Technical Details The /api/v2/user/register endpoint in Primakon Pi Portal 1.0.18 lacks proper authorization checks. Normally, user registration is designed to rely on an external Identity Provider. This vulnerability allows an attacker to bypass this intended flow and create user accounts without any authentication. A simple…