Overview CVE-2025-65730 describes an authentication bypass vulnerability found in GoAway, a project (likely a service or application) up to version 0.62.18. The vulnerability stems from the use of a hardcoded secret key for signing JSON Web Tokens (JWTs), which are used for authentication. This allows attackers to forge valid JWTs and gain unauthorized access to the system. The vulnerability is fixed in version 0.62.19. Technical Details The vulnerability resides in the authentication mechanism of GoAway. Specifically, the application used a hardcoded string as the secret key for signing JWTs. This secret key was present in the source code and therefore…

Overview A critical file upload vulnerability, identified as CVE-2025-64056, has been discovered in Fanvil x210 V2 devices, specifically version 2.12.20. This vulnerability allows unauthenticated attackers on the local network to store arbitrary files on the device’s filesystem. This could lead to various malicious activities, including code execution, data exfiltration, or denial of service. This blog post provides a detailed analysis of the vulnerability, including technical details, potential impact, and recommended mitigation strategies. Technical Details The vulnerability exists due to insufficient input validation during the file upload process. The Fanvil x210 V2 firmware lacks proper authentication and authorization mechanisms for certain…

Overview A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Fanvil x210 devices, specifically affecting version 2.12.20. This vulnerability, tracked as CVE-2025-64054, allows attackers to inject malicious scripts into the web interface of the phone, potentially leading to denial-of-service conditions or even arbitrary command execution. Technical Details The vulnerability resides within the /cgi-bin/webconfig?page=upload&action=submit endpoint. An attacker can craft a malicious POST request to this endpoint, injecting JavaScript code within a parameter. Due to inadequate input sanitization, the injected script is reflected back to the user’s browser when the page is rendered, leading to the execution of the malicious script.…

Overview A significant security vulnerability, identified as CVE-2025-64053, has been discovered in Fanvil X210 devices running firmware version 2.12.20. This vulnerability is a buffer overflow that could allow attackers to cause a denial-of-service (DoS) condition or potentially execute arbitrary commands on the affected device. Technical Details The buffer overflow occurs due to insufficient input validation in the `/cgi-bin/webconfig?page=upload&action=submit` endpoint. A crafted POST request sent to this endpoint can overflow a buffer, leading to unexpected program behavior. An attacker could exploit this by sending a specially crafted request that exceeds the allocated buffer size. The vulnerable component handles file uploads, making…

Overview This article discusses a critical vulnerability, identified as CVE-2025-64052, affecting Fanvil x210 V2 IP phones running firmware version 2.12.20. This vulnerability allows unauthenticated attackers on the same local network to execute arbitrary system commands on the affected device. This can lead to a complete compromise of the phone and potentially the network it’s connected to. Technical Details CVE-2025-64052 exposes a flaw within the Fanvil x210 V2’s firmware that allows remote command execution without requiring authentication. The specific details of the vulnerability, including the vulnerable endpoint or function, are outlined in the advisory linked below. An attacker exploiting this vulnerability…

Overview CVE-2025-14092 describes a medium-severity OS command injection vulnerability found in the Edimax BR-6478AC V3 router, specifically version 1.0.15. This flaw allows a remote attacker to execute arbitrary operating system commands by manipulating the ‘host’ argument within the sub_416898 function of the /boafrm/formDebugDiagnosticRun file. The vendor was notified but has not responded to this disclosure. Technical Details The vulnerability lies in the improper sanitization of user-supplied input passed to the ‘host’ argument of the sub_416898 function within the /boafrm/formDebugDiagnosticRun file. By crafting a malicious request containing specially crafted input in the ‘host’ parameter, an attacker can inject arbitrary OS commands…

Overview A high-severity SQL injection vulnerability, identified as CVE-2025-14091, has been discovered in TrippWasTaken PHP-Guitar-Shop, specifically in versions up to commit 6ce0868889617c1975982aae6df8e49555d0d555. This vulnerability allows remote attackers to execute arbitrary SQL commands by manipulating the ID argument in the /product.php file. This could lead to data breaches, modification of data, or even complete compromise of the database server. Unfortunately, the vendor has not responded to attempts at responsible disclosure, making mitigation challenging. Technical Details The vulnerability resides within the Product Details Page functionality (/product.php). The application fails to properly sanitize user-supplied input provided through the ID parameter when retrieving product…

Overview CVE-2025-14090 is a medium severity SQL injection vulnerability discovered in AMTT Hotel Broadband Operation System version 1.0. This vulnerability allows a remote attacker to execute arbitrary SQL commands through manipulation of the ‘ID’ argument in the /manager/card/cardmake_down.php file. The vendor has been notified but has not provided a response, and an exploit is publicly available, increasing the risk of exploitation. Technical Details The vulnerability stems from inadequate sanitization of user-supplied input within the /manager/card/cardmake_down.php script. Specifically, the ‘ID’ parameter is not properly validated before being used in a SQL query. This allows an attacker to inject malicious SQL code…

Overview A critical security vulnerability, identified as CVE-2025-14089, has been discovered in Himool ERP versions up to 2.2. This vulnerability allows for improper authorization, potentially enabling remote attackers to perform unauthorized actions within the system. The vendor has not responded to vulnerability disclosure requests. A public exploit is available, increasing the risk of exploitation. Technical Details The vulnerability resides in the update_account function within the AdminActionViewSet component, specifically in the /api/admin/update_account/ file. By manipulating this function, an attacker can bypass authorization checks and potentially modify user accounts or perform other administrative actions without proper authentication. The root cause is inadequate…

Overview A critical directory traversal vulnerability, identified as CVE-2025-64057, has been discovered in Fanvil x210 V2 devices running firmware version 2.12.20. This vulnerability allows unauthenticated attackers on the local network to write files to arbitrary locations on the device’s file system. Technical Details The directory traversal vulnerability exists due to insufficient input validation when handling file paths. An attacker can exploit this by crafting a malicious request that includes directory traversal sequences (e.g., “../”) to navigate outside of the intended directory and write files to sensitive system locations. This can be achieved without authentication, provided the attacker is on the…