Overview This article details CVE-2025-63800, a critical vulnerability discovered in Open Source Point of Sale (OSPOS) version 3.4.1. This flaw allows authenticated users to effectively disable their account authentication by setting their password to an empty string. Due to the lack of server-side validation, submitting an empty password during the password change process results in the password being cleared, potentially granting unauthorized access. Technical Details The vulnerability resides in the password change endpoint of OSPOS 3.4.1. The application fails to implement adequate server-side validation for the password and repeat_password parameters during a password change request. Specifically, if an authenticated user…

Published: 2025-11-18T16:15:46.060 Overview CVE-2025-63604 is a critical code injection vulnerability found in baryhuang/mcp-server-aws-resources-python version 0.1.0. This vulnerability allows for remote code execution due to insufficient input validation within the execute_query method. The exposure of dangerous Python built-in functions and the use of exec() to process user-supplied code make the application highly susceptible to malicious attacks. Technical Details The root cause of this vulnerability lies in the application’s handling of user-provided input within the execute_query method. The application exposes dangerous Python built-in functions such as __import__, getattr, and hasattr in the execution namespace. Combined with the use of exec() to execute…

Overview CVE-2025-63603 details a critical command injection vulnerability affecting the MCP Data Science Server (reading-plus-ai/mcp-server-data-exploration) version 0.1.6. This flaw resides in the safe_eval() function within the src/mcp_server_ds/server.py file. Due to improper sanitization and the use of Python’s exec() function without restricting access to built-in functions, an attacker can execute arbitrary code on the server. This vulnerability requires no authentication and can lead to complete system compromise. Technical Details The vulnerability stems from the safe_eval() function’s use of Python’s exec() without properly sandboxing the environment. Specifically, the globals parameter of exec() is not configured to restrict the __builtins__ dictionary. When __builtins__…

Overview CVE-2025-63602 identifies a critical vulnerability in Awesome Miner, versions up to and including 11.2.4. This vulnerability allows an unprivileged user to achieve arbitrary read and write access to kernel memory and Model-Specific Registers (MSRs), including the LSTAR register. This is due to the presence of an outdated and insecure version of WinRing0 (specifically version 1.2.0.5, renamed to IntelliBreeze.Maintenance.Service.sys) lacking a properly secured Discretionary Access Control List (DACL). This flaw enables unprivileged users to interact directly with the driver, effectively granting them control over the kernel. This can lead to local privilege escalation, information disclosure, denial of service, and other…

Overview CVE-2025-63408 identifies a critical security vulnerability affecting Local Agent DVR versions up to and including 6.6.1.0. This vulnerability is a directory traversal flaw that allows an unauthenticated, local attacker to gain unauthorized access to sensitive information, initiate server-side forgery requests (SSRF), and potentially execute arbitrary operating system commands on the affected system. Due to the severity of these potential impacts, immediate action is recommended. Technical Details The vulnerability resides in the application’s handling of file paths, allowing attackers to manipulate input parameters to access files and directories outside of the intended scope. By crafting malicious requests with directory traversal…

Overview CVE-2025-58122 is a security vulnerability identified in Checkmk version 2.4.0 before version 2.4.0p16. This vulnerability stems from insufficient permission validation within the REST API, allowing low-privileged users to modify notification parameters. This unauthorized access can lead to a variety of security risks, including unauthorized actions and potential information disclosure. Technical Details The vulnerability lies in the lack of proper authorization checks when handling requests to modify notification parameters via the Checkmk REST API. A low-privileged user, with limited access rights, can exploit this flaw to alter notification settings. This means they could potentially redirect notifications, modify their content, or…

Overview CVE-2025-58121 describes a critical security vulnerability found in Checkmk, a popular IT infrastructure monitoring solution. Specifically, the issue resides in the insufficient permission validation on multiple REST API endpoints within Checkmk versions 2.2.0, 2.3.0, and 2.4.0 (prior to version 2.4.0p16). This vulnerability allows low-privileged users to potentially perform unauthorized actions or gain access to sensitive information through the exposed REST API. Technical Details The vulnerability stems from inadequate checks on user permissions when accessing certain REST API endpoints. This lack of proper validation enables a low-privileged user, who should only have limited access, to bypass these restrictions and execute…

Overview CVE-2025-55074 is a low-severity information disclosure vulnerability affecting the Agents plugin within Mattermost. Specifically, versions 10.11.x up to 10.11.3 and 10.5.x up to 10.5.11 are vulnerable. This flaw allows unauthorized users to determine when other users had read channels by observing channel member objects. While the information exposed is limited, it can still be leveraged in certain attack scenarios. Technical Details The vulnerability stems from a failure to properly enforce access permissions on the Agents plugin’s API endpoints. This lack of proper access control allows unauthorized users to query channel member objects and, as a result, infer when other…

Overview CVE-2025-12383 identifies a significant security vulnerability affecting Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9. This vulnerability stems from a race condition that can potentially cause the application to ignore critical SSL configurations. This includes essential settings like mutual authentication, custom key/trust stores, and other security-related parameters. While the issue might manifest as an SSLHandshakeException under normal circumstances, specific conditions could lead to the application incorrectly trusting insecure servers, creating a significant security risk. Technical Details The root cause of this vulnerability is a race condition within the SSL context initialization process of Eclipse Jersey. When multiple threads attempt to…

Published: 2025-11-18T15:16:38.530 Overview CVE-2025-9312 describes a critical missing authentication enforcement vulnerability affecting certain WSO2 products. This vulnerability resides within the mutual TLS (mTLS) implementation used by System REST APIs and SOAP services. Improper validation of client certificate-based authentication, specifically within default configurations, allows unauthenticated requests to be processed even when mTLS is enabled. This flaw can lead to complete system compromise. Technical Details The core of the vulnerability lies in the insufficient validation of client certificates when using default mTLS configurations for System REST APIs or when the mTLS authenticator is enabled for SOAP services. Under these specific conditions, the…