Overview CVE-2025-10554 is a high-severity stored Cross-site Scripting (XSS) vulnerability identified in the Requirements functionality of ENOVIA Product Manager, affecting versions from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x. This vulnerability allows a remote attacker to inject malicious scripts into the application’s database, which are then executed in the browsers of unsuspecting users. This can lead to serious security breaches, including session hijacking, data theft, and defacement of the application. Technical Details The vulnerability exists due to insufficient sanitization of user-supplied input within the “Requirements” section of ENOVIA Product Manager. An attacker can craft a malicious payload, embedding JavaScript code…

Overview CVE-2025-12978 describes a critical vulnerability found in the in_http, in_splunk, and in_elasticsearch input plugins of Fluent Bit. This flaw stems from a weakness in the tag_key validation logic, where the system fails to enforce strict key-length matching. This allows a malicious actor to manipulate tags using a crafted input, potentially redirecting logs to unintended destinations. This can significantly compromise the integrity and authenticity of ingested logs. Technical Details The vulnerability lies in how Fluent Bit’s input plugins validate the tag key against configured prefixes. Instead of requiring an exact match of the configured key, the validation logic incorrectly treats…

Overview CVE-2025-12977 identifies a vulnerability affecting the in_http, in_splunk, and in_elasticsearch input plugins in Fluent Bit. The issue stems from a failure to properly sanitize tag_key inputs. This allows an attacker with network access or the ability to write records into Splunk or Elasticsearch to inject malicious tag_key values. These malicious values, containing special characters like newlines or path traversal sequences (../), are then treated as valid tags, leading to a variety of security concerns. Technical Details The vulnerability resides in how Fluent Bit handles the tag_key parameter within the affected input plugins. This parameter is intended to specify a…

Overview A critical vulnerability, identified as CVE-2025-12972, has been discovered in the out_file plugin of Fluent Bit. This flaw allows attackers with network access to potentially write files to arbitrary locations on the system running Fluent Bit, leading to significant security risks. This is achieved by crafting specific tag values containing path traversal sequences, which are then used by Fluent Bit when the File option is omitted in the plugin configuration. Technical Details The vulnerability stems from insufficient sanitization of tag values within the out_file plugin when the File option is not explicitly defined in the configuration. In this scenario,…

Overview A significant security vulnerability, identified as CVE-2025-12970, has been discovered in the in_docker input plugin of Fluent Bit. This vulnerability stems from a buffer overflow in the extract_name function, potentially allowing attackers to cause a denial-of-service (DoS) or, in more severe scenarios, achieve arbitrary code execution. Technical Details The extract_name function within the in_docker input plugin is responsible for extracting container names. However, the function copies these names into a fixed-size stack buffer without proper length validation. An attacker who can influence container names (e.g., by creating containers or controlling existing container names) can exploit this by providing an…

Overview A critical security vulnerability, identified as CVE-2025-12969, has been discovered in the in_forward input plugin of Fluent Bit. This vulnerability allows remote attackers with network access to the Fluent Bit instance to send unauthenticated data, potentially leading to severe consequences. This bypass occurs due to improper enforcement of the security.users authentication mechanism under specific, vulnerable configuration settings. Technical Details The vulnerability stems from an inadequate validation process within the in_forward plugin. Under certain configuration circumstances, the authentication mechanism defined by security.users can be circumvented. This allows attackers to bypass intended security controls and inject arbitrary data directly into the…

Overview CVE-2025-11921 is a security vulnerability affecting iStats, a popular system monitoring application for macOS. Specifically, versions 7.10.4 and earlier are susceptible to a local privilege escalation (LPE) attack. The vulnerability stems from an insecure XPC service within iStats that allows unprivileged users to execute arbitrary commands with root privileges. This can lead to complete system compromise. Technical Details The vulnerability lies within the XPC service used by iStats. This service, intended for inter-process communication, is improperly configured, allowing local users to send malicious commands. An attacker can craft specific requests that exploit this flaw, injecting arbitrary commands that are…

Overview CVE-2025-65998 details a significant security vulnerability in Apache Syncope, an open-source identity management system. If configured to encrypt user passwords in the internal database using AES, the system utilizes a hardcoded, default key value. This flaw allows a malicious attacker, who has gained access to the internal database content, to decrypt user passwords, potentially leading to unauthorized access and data breaches. Technical Details Apache Syncope offers the option to encrypt user passwords with AES within its internal database. However, when enabled, the system employs a default, hardcoded key that is publicly accessible within the source code. This means that…

Overview CVE-2025-65503 describes a use-after-free vulnerability discovered in Redboltz async_mqtt version 10.2.5. This vulnerability can be exploited by local users to trigger a denial-of-service (DoS) condition. The root cause lies in the improper destruction order of objects during error handling, specifically when SSL initialization fails. Technical Details The vulnerability stems from an incorrect destruction order between the io_context and endpoint objects within the Redboltz async_mqtt library. Specifically, if the SSL initialization process encounters a failure, the destruction order may not be properly synchronized. This leads to a situation where the io_context might be destroyed before the endpoint object, resulting in…

Overview CVE-2025-65502 describes a denial-of-service (DoS) vulnerability affecting Cesanta Mongoose versions prior to 7.2. This vulnerability arises from a NULL pointer dereference within the `add_ca_certs()` function during TLS initialization. Specifically, if the `SSL_CTX_get_cert_store()` function returns NULL, a subsequent dereference of this NULL pointer leads to a crash, effectively halting the Mongoose server. Technical Details The vulnerability resides within the `add_ca_certs()` function in the Mongoose library. During TLS initialization, this function attempts to retrieve the certificate store using `SSL_CTX_get_cert_store()`. If this function returns NULL, the code proceeds to dereference this NULL pointer without proper error handling. This dereference then causes a…