Overview A critical vulnerability, identified as CVE-2025-13051, has been discovered in ASUSTOR Backup Plan (ABP) and ASUSTOR EZ Sync (AES). This vulnerability allows a local attacker to escalate privileges to LocalSystem, potentially leading to complete system compromise. The vulnerability stems from insecure file permissions on the installation directory, allowing non-administrative users to plant malicious DLL files. Technical Details CVE-2025-13051 arises when the ABP and AES services are installed in a directory where non-administrative users have write access. An attacker can exploit this by placing a malicious Dynamic Link Library (DLL) file with the same name as one that the service…

Overview A critical security vulnerability, identified as CVE-2025-12777, has been discovered in the YITH WooCommerce Wishlist plugin for WordPress. This vulnerability affects all versions up to and including 4.10.0. It allows unauthenticated attackers to bypass authorization checks and potentially disclose wishlist tokens for any user, and consequently, delete items from those wishlists. Technical Details The vulnerability stems from two primary issues: REST API Authorization Bypass: The plugin’s REST API endpoint /wp-json/yith/wishlist/v1/lists uses permission_callback => '__return_true', effectively bypassing any authorization checks. This allows unauthenticated users to access wishlist data. Specifically, the vulnerability exists in the following files: class-yith-wcwl-rest-v1-lists-controller.php#L56 class-yith-wcwl-rest-v1-lists-controller.php#L96 AJAX Handler…

Overview CVE-2025-12770 is a medium-severity vulnerability affecting the New User Approve plugin for WordPress, versions up to and including 3.0.9. This vulnerability allows unauthenticated attackers to retrieve sensitive user information, including usernames and email addresses, by exploiting a weakness in the Zapier REST API endpoint’s API key validation. Technical Details The vulnerability stems from insufficient API key validation within the rest-api.php file of the plugin’s Zapier integration. The code utilizes loose equality comparison (==) when checking the provided api_key parameter against the configured Zapier API key. This allows for PHP type juggling, where a string value of “0” can be…

Overview CVE-2025-12427 is a medium severity vulnerability affecting the YITH WooCommerce Wishlist plugin for WordPress. This vulnerability allows unauthenticated attackers to discover and manipulate any user’s wishlist, potentially leading to defacement, social engineering attacks, and data exfiltration. This vulnerability exists in versions up to, and including, 4.10.0 of the plugin. Technical Details The vulnerability stems from an Insecure Direct Object Reference (IDOR) flaw in the plugin’s REST API endpoint and AJAX handler. Specifically, the plugin lacks sufficient validation on user-controlled keys when handling wishlist requests. This allows an unauthenticated attacker to: Discover any user’s wishlist token ID. Rename the victim’s…

Overview CVE-2025-13225 describes an arbitrary file deletion vulnerability identified in TanOS, a component of the Tanium platform. This vulnerability allows an attacker, under specific conditions, to delete arbitrary files on the system. Tanium has addressed this vulnerability with a patch. This article provides a detailed analysis of the vulnerability, its potential impact, and the necessary mitigation steps. Technical Details The specific details of how the arbitrary file deletion can be achieved are not explicitly outlined here for security reasons. However, the vulnerability resides within TanOS and relates to insufficient input validation or authorization checks during file deletion operations. Successfully exploiting…

Overview CVE-2025-12852 describes a DLL loading vulnerability found in all versions of NEC Corporation’s RakurakuMusen Start EX software. This vulnerability allows an attacker to manipulate the PC environment, potentially leading to unintended and malicious operations on the user’s device. Technical Details DLL (Dynamic Link Library) loading vulnerabilities occur when an application loads a DLL without properly validating its source or integrity. In the case of CVE-2025-12852, RakurakuMusen Start EX appears to be susceptible to loading a malicious DLL placed in a predictable or attacker-controlled location. By exploiting this, an attacker can inject arbitrary code into the application’s process, leading to…

Overview A medium severity security vulnerability, identified as CVE-2025-65093, has been discovered in LibreNMS, a popular auto-discovering PHP/MySQL/SNMP based network monitoring tool. This vulnerability is a boolean-based blind SQL injection located in the /ajax_output.php endpoint. Successful exploitation could allow an attacker to extract sensitive information from the LibreNMS database. Technical Details The vulnerability resides in the way the hostname parameter is handled within the /ajax_output.php endpoint. This parameter is directly interpolated into an SQL query without proper sanitization or the use of parameterized queries. This allows an attacker to inject malicious SQL code into the query by manipulating the hostname…

Overview CVE-2025-65015 describes a vulnerability found in the joserfc Python library, which is used for implementing JSON Object Signing and Encryption (JOSE) standards. Specifically, versions 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2 are affected. This vulnerability allows an attacker to potentially flood logs with large, forged JWT payloads, leading to resource exhaustion or exposing sensitive information present in the JWT to unintended recipients through log aggregation tools. The core issue lies in how the ExceededSizeError exception handles and logs excessively large JWTs during the decoding or validation process. Technical Details The vulnerability stems from the fact that…

Overview CVE-2025-65014 is a low-severity security vulnerability identified in LibreNMS, a popular auto-discovering PHP/MySQL/SNMP based network monitoring tool. This vulnerability resides in the user management functionality and stems from a weak password policy that allows administrators to create user accounts with extremely weak and predictable passwords, such as “12345678”. This significantly increases the risk of successful brute-force and credential stuffing attacks against the LibreNMS platform. Technical Details The vulnerability lies in the lack of robust password policy enforcement within the LibreNMS user management interface. Administrators can create new user accounts or modify existing ones without being forced to adhere to…

Overview A reflected cross-site scripting (XSS) vulnerability, identified as CVE-2025-65013, has been discovered in LibreNMS, a popular auto-discovering PHP/MySQL/SNMP based network monitoring tool. This vulnerability affects versions prior to 25.11.0. The flaw resides in the /maps/nodeimage endpoint, specifically how the “Image Name” parameter is handled. This vulnerability allows an attacker to inject arbitrary JavaScript code into the victim’s browser by crafting a malicious URL. When a user clicks on this specially crafted link, the injected script will execute within the context of their browser session, potentially leading to data theft, session hijacking, or other malicious activities. LibreNMS users are strongly…