Overview CVE-2025-60915 describes a path traversal vulnerability found in Austrian Archaeological Institute Openatlas before version 8.12.0. Specifically, the vulnerability exists within the size query parameter of the /views/file.py script. This flaw allows attackers to potentially access sensitive files and directories on the server by crafting malicious requests. This vulnerability was published on 2025-11-24T16:15:50.727. Technical Details The vulnerability resides in how the /views/file.py script handles the size query parameter. Insufficient sanitization of this parameter allows an attacker to inject directory traversal sequences (e.g., ../) into the file path being constructed. By manipulating the size parameter, an attacker can potentially navigate outside…

Overview CVE-2025-60914 describes an incorrect access control vulnerability affecting Openatlas, a web-based application used by the Austrian Archaeological Institute and others. Specifically, versions prior to v8.12.0 are susceptible to unauthorized access of sensitive information via a crafted GET request sent to the /display_logo endpoint. This allows attackers to potentially retrieve the logo without proper authentication, which in some configurations could lead to the leakage of sensitive organizational information or internal identifiers. Technical Details The vulnerability lies in the inadequate access control mechanisms protecting the /display_logo endpoint. A malicious actor can craft a GET request directly to this endpoint, bypassing intended…

Overview A denial-of-service (DoS) vulnerability, identified as CVE-2025-60638, has been discovered in Free5GC versions 4.0.0 and 4.0.1. This vulnerability allows a remote attacker to potentially disrupt the availability of the Free5GC service by sending a specially crafted POST request to the Nnssf_NSSAIAvailability API. Technical Details The vulnerability resides in the handling of incoming POST requests to the Nnssf_NSSAIAvailability API endpoint. A maliciously crafted POST request can trigger a resource exhaustion or an unhandled exception within the Free5GC application, ultimately leading to a denial of service. The exact nature of the crafted request, while not detailed here, is available in the…

Overview CVE-2025-60633 describes a vulnerability found in Free5GC versions 4.0.0 and 4.0.1. This vulnerability allows a remote attacker to potentially trigger a denial-of-service (DoS) condition by exploiting the Nudm_SubscriberDataManagement API. While the CVSS score and severity are currently listed as N/A, understanding the potential impact and implementing preventative measures is crucial for maintaining the availability of Free5GC-based networks. Technical Details The specific details of how the Nudm_SubscriberDataManagement API is exploited to cause the denial of service are not fully documented in the CVE entry itself. However, the associated GitHub issues provide more context. Analyzing Issue #700, Issue #701, Issue #702,…

Published: 2025-11-24T16:15:49.893 Overview CVE-2025-60632 describes a denial-of-service (DoS) vulnerability found in Free5GC versions v4.0.0 and v4.0.1. This flaw allows a remote attacker to disrupt the service availability by sending specially crafted POST requests to the Npcf_BDTPolicyControl API. Technical Details The vulnerability stems from insufficient input validation within the Npcf_BDTPolicyControl API. A malicious actor can exploit this by crafting a POST request containing unexpected or excessively large data, potentially causing the service to crash or become unresponsive due to resource exhaustion. The specific details of the crafted request are outlined in Issue #705 on the Free5GC GitHub repository. CVSS Analysis Currently,…

Overview CVE-2025-56423 identifies a user enumeration vulnerability affecting Austrian Academy of Sciences (AW) Austrian Archaeological Institute’s OpenAtlas version 8.12.0. This vulnerability allows a remote attacker to potentially discover valid usernames by analyzing login error messages. The improper handling of authentication errors can reveal whether a given username exists within the system. Technical Details The vulnerability stems from the way OpenAtlas 8.12.0 handles incorrect login attempts. When a user tries to log in with an invalid username, the application’s response differs depending on whether the provided username exists in the database. An attacker can exploit this by systematically attempting to log…

Overview CVE-2025-56401 describes a SQL injection vulnerability found in ZIRA Group’s WBRM (likely a Web-Based Resource Management) version 7.0. The vulnerability resides within the referenceLookupsByTableNameAndColumnName function or module. This flaw could allow an attacker to potentially execute arbitrary SQL queries, leading to data breaches, data manipulation, or other malicious activities. This article provides a detailed analysis of the vulnerability, its potential impact, and steps for mitigation. Technical Details The SQL injection vulnerability exists within the referenceLookupsByTableNameAndColumnName function. It is likely that user-supplied input for the tableName or columnName parameters is not properly sanitized before being used in a SQL query.…

Overview CVE-2025-44018 is a high-severity vulnerability affecting the Over-The-Air (OTA) update functionality of GL-iNet GL-AXT1800 routers running firmware version 4.7.0. This vulnerability allows an attacker to perform a firmware downgrade by exploiting a weakness in the way the router handles .tar files during the update process. Successful exploitation of this vulnerability can lead to complete compromise of the device. Technical Details The vulnerability stems from insufficient validation of the firmware image during the OTA update process. An attacker can craft a malicious .tar file containing an older, potentially vulnerable firmware version. By intercepting the legitimate update process through a man-in-the-middle…

Overview CVE-2025-40213 identifies a recently resolved vulnerability within the Linux kernel’s Bluetooth management (MGMT) subsystem. The vulnerability involves issues in the set_mesh_sync and set_mesh_complete functions, potentially leading to a kernel crash. Specifically, a stack-out-of-bounds write and a double list deletion were identified and subsequently fixed. Technical Details The vulnerability manifests in two primary ways: Stack-Out-Of-Bounds Write in set_mesh_sync: A memcpy operation from a badly declared on-stack flexible array in the set_mesh_sync function caused a stack-out-of-bounds write. This occurs because the array was not properly defined, allowing the copy operation to write beyond the allocated memory, triggering a KASAN (Kernel Address…

Overview A high-severity stored Cross-site Scripting (XSS) vulnerability, identified as CVE-2025-10555, has been discovered in the Service Items Management module of DELMIA Service Process Engineer on the 3DEXPERIENCE R2025x platform. This vulnerability allows a remote attacker to inject malicious script code into the application’s database. When other users access the affected data, the injected script will execute within their browser sessions, potentially leading to unauthorized access, data theft, or other malicious activities. Technical Details The vulnerability resides in the Service Items Management functionality. An attacker can inject malicious JavaScript code through a specific input field (e.g., name, description, or other…