Overview CVE-2025-63729 is a critical security vulnerability affecting Syrotech SY-GPON-1110-WDONT routers running firmware version SYRO_3.7L_3.1.02-240517. This vulnerability allows attackers to extract sensitive information, including the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates, from the firmware located in the /etc folder. This exposure poses a significant risk to the confidentiality and integrity of communications secured by these certificates. Technical Details The vulnerability stems from insufficient access control and protection mechanisms for sensitive files within the router’s firmware. Specifically, the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates are stored in .pem format within the /etc directory,…

Overview A high-severity Remote Code Execution (RCE) vulnerability, identified as CVE-2025-64050, has been discovered in REDAXO CMS version 5.20.0. This vulnerability allows authenticated administrators to execute arbitrary operating system commands by injecting malicious PHP code into an active template. The injected code is then executed whenever a visitor accesses a frontend page using the compromised template. Technical Details The vulnerability resides within the template management component of REDAXO CMS. An authenticated administrator can modify a template, injecting PHP code within the template’s source. This code is then parsed and executed by the server when the template is rendered for frontend…

Overview A stored cross-site scripting (XSS) vulnerability has been discovered in REDAXO CMS version 5.20.0, specifically within the module management component. This flaw, identified as CVE-2025-64049, allows attackers to inject malicious JavaScript code into the system through the “Output code” field of a module. When a legitimate user views or edits an article that incorporates a slice utilizing the compromised module, the injected script executes, potentially leading to account compromise, data theft, or website defacement. Technical Details The vulnerability resides in the lack of proper sanitization of user-supplied input within the module’s “Output code” field. Attackers can insert arbitrary HTML…

Overview CVE-2025-60739 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting Ilevia EVE X1 Server Firmware versions up to and including v4.7.18.0.eden, and Logic Version v6.00 – 2025_07_21. This vulnerability, located within the /bh_web_backend component, allows a remote attacker to potentially execute arbitrary code on the affected server. CSRF vulnerabilities exploit the trust a website has in a user’s browser, enabling attackers to perform actions on behalf of an authenticated user without their knowledge or consent. Technical Details The vulnerability resides in the /bh_web_backend component of the Ilevia EVE X1 Server. Due to insufficient CSRF protection, an attacker can craft a…

This article details a high-severity stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-40890, affecting dashboard functionalities. This vulnerability allows a low-privilege attacker to inject malicious JavaScript code that can compromise user accounts and application data. Read on to understand the risks and learn how to protect your systems. Overview CVE-2025-40890 is a stored XSS vulnerability discovered in the dashboard feature of an application. Due to insufficient input validation, a malicious actor with low-level privileges can craft a dashboard containing a JavaScript payload. This malicious dashboard can then be shared with other users, or victims can be socially engineered into importing…

Overview CVE-2025-13467 is a medium-severity vulnerability affecting the LDAP User Federation provider in Keycloak. This flaw allows a malicious, authenticated realm administrator to trigger deserialization of untrusted Java objects through a specially crafted LDAP server configuration. Published on 2025-11-25T16:16:06.623, this vulnerability requires immediate attention from Keycloak administrators. Technical Details The vulnerability stems from insufficient validation of the LDAP server configuration within the Keycloak LDAP User Federation provider. An authenticated realm administrator, with the necessary permissions, can configure Keycloak to connect to a malicious LDAP server. This server can then return a specially crafted response containing serialized Java objects. Keycloak, without…

Overview A critical security vulnerability, identified as CVE-2025-0248, has been discovered in HCL iNotes. This vulnerability is a Reflected Cross-site Scripting (XSS) flaw stemming from improper validation of user-supplied input. Successful exploitation allows an unauthenticated, remote attacker to inject malicious scripts into a victim’s browser within the context of the iNotes web application. This could lead to the theft of sensitive information, including cookie-based authentication credentials, or the execution of arbitrary code on the victim’s machine. This vulnerability was published on 2025-11-25T16:16:06.137. Technical Details The Reflected XSS vulnerability in HCL iNotes occurs because the application fails to properly sanitize user-supplied…

Overview CVE-2025-36134 describes a low-severity security vulnerability affecting IBM Sterling B2B Integrator and IBM Sterling File Gateway. The vulnerability stems from a missing or insecure SameSite attribute for a sensitive cookie, potentially leading to sensitive information disclosure. Technical Details The core issue revolves around the absence or improper configuration of the SameSite attribute on a cookie used by IBM Sterling B2B Integrator and File Gateway. The SameSite attribute is a crucial security measure that controls whether a cookie is sent along with cross-site requests. Without a properly set SameSite attribute (or with it set to None without the Secure attribute),…

Overview A critical security vulnerability, identified as CVE-2025-64693, has been discovered in the Security Point component of both MaLion and MaLionCloud for Windows. This vulnerability is a heap-based buffer overflow that occurs during the processing of the Content-Length header in HTTP requests. A remote, unauthenticated attacker can exploit this flaw to achieve arbitrary code execution with SYSTEM privileges on the affected system. This poses a significant risk to organizations using these products. Technical Details CVE-2025-64693 stems from insufficient validation of the Content-Length header value when processing incoming HTTP requests within the Security Point component. By sending a specially crafted request…

Overview CVE-2025-62691 describes a significant security vulnerability affecting the Security Point component of MaLion and MaLionCloud. This vulnerability is a stack-based buffer overflow that exists in the processing of HTTP headers. A remote, unauthenticated attacker can exploit this flaw to achieve arbitrary code execution with SYSTEM privileges on the affected system. Technical Details The vulnerability stems from insufficient bounds checking when handling HTTP headers within the Security Point component. By sending a specially crafted HTTP request containing an overly long header value, an attacker can overwrite data on the stack. This overwrite can potentially redirect execution flow to attacker-controlled code,…