Overview CVE-2025-12097 is a high-severity relative path traversal vulnerability affecting the NI System Web Server. This vulnerability, present in versions 2012 and prior, allows a remote attacker to potentially read arbitrary files on the server by sending a specially crafted request. This could lead to sensitive information disclosure, posing a significant risk to affected systems. Technical Details The vulnerability stems from improper input validation within the NI System Web Server’s handling of file requests. By exploiting a relative path traversal vulnerability, an attacker can manipulate the requested file path using “..” sequences, allowing them to navigate outside the intended web…

Overview CVE-2025-65945 identifies a high-severity vulnerability in the auth0/node-jws library, a JSON Web Signature (JWS) implementation for Node.js. This vulnerability, affecting versions 3.2.2 and earlier, as well as version 4.0.0, could allow attackers to bypass signature verification when using the HS256 algorithm under specific conditions. This article provides a detailed analysis of the vulnerability, including technical details, its potential impact, and recommended mitigation steps. Technical Details The vulnerability stems from improper signature verification within the jws.createVerify() function when used for HMAC algorithms (like HS256). Specifically, the issue arises when: Applications utilize jws.createVerify() with HMAC algorithms. User-provided data from the JSON…

Overview CVE-2025-65637 is a denial-of-service (DoS) vulnerability affecting the popular Go logging library, github.com/sirupsen/logrus. This vulnerability can be exploited by sending a specially crafted log message, leading to application unavailability. Specifically, if you’re using `Entry.Writer()` to log very long single-line messages (larger than 64KB) without newline characters, you are susceptible. Technical Details The vulnerability stems from how Logrus handles large log messages when using `Entry.Writer()`. Internally, Logrus utilizes `bufio.Scanner` to read the input. `bufio.Scanner` has a default maximum token size. When a single log line exceeds this size (64KB), the `bufio.Scanner` encounters a “token too long” error. This error causes…

Overview CVE-2025-63362 describes a critical vulnerability affecting the Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway. Specifically, the firmware version V3.1.1.0 with hardware version HW 4.3.2.1 and webpage version V7.04T.07.002880.0301 allows attackers to set the Administrator password and username to blank values. This effectively bypasses authentication, granting unauthorized access to the device’s configuration and functionalities. Technical Details The vulnerability stems from a lack of proper input validation within the web-based administration interface. Attackers can exploit this flaw by submitting requests to the device’s web server that set both the username and password fields to empty strings during the…

Overview CVE-2025-63361 details a critical security vulnerability found in the Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway. Specifically, Firmware version V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 is susceptible to a flaw that renders the administrator password in plaintext. This means an attacker with access to the device’s webpage source code can easily obtain the administrator credentials, leading to a complete compromise of the device. Technical Details The vulnerability resides in how the Waveshare gateway’s web interface handles and stores the administrator password. Instead of using proper hashing or encryption techniques, the password is made directly available in the…

Overview CVE-2025-59788 is a cross-site scripting (XSS) vulnerability identified in the files_pdfviewer example directory of Nextcloud. This vulnerability affects versions prior to 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1. An attacker can exploit this vulnerability to execute arbitrary JavaScript code within a user’s browser session by crafting a malicious PDF file and targeting the viewer.html file. This issue stems from exposing executable example code on a same-origin basis. It is related to CVE-2024-4367, highlighting the importance of addressing insecure example code practices. Technical Details The vulnerability resides within the files_pdfviewer application, specifically in the example…

Overview CVE-2025-14016 identifies a medium severity security vulnerability present in macrozheng mall-swarm version up to 1.0.3. This flaw allows unauthorized remote attackers to delete read history entries due to improper authorization checks within the delete function of the /member/readHistory/delete endpoint. A publicly available exploit exists, making this vulnerability a significant risk. Technical Details The vulnerability stems from inadequate validation of the ids argument passed to the delete function. An attacker can manipulate this parameter to delete read history entries belonging to other users without proper authentication or authorization. This improper authorization allows for the potential deletion of sensitive user data.…

Overview CVE-2025-14015 is a high-severity buffer overflow vulnerability affecting H3C Magic B0 routers up to version 100R002. This flaw resides in the EditWlanMacList function within the /goform/aspForm file. A remote attacker can exploit this vulnerability by manipulating the param argument, leading to a buffer overflow. Exploit code is publicly available, increasing the risk of exploitation. Unfortunately, the vendor has not responded to initial disclosure attempts. Technical Details The vulnerability stems from insufficient input validation on the param argument passed to the EditWlanMacList function. By providing a string exceeding the allocated buffer size, an attacker can overwrite adjacent memory regions. This…

Overview CVE-2025-14013 details a stored Cross-Site Scripting (XSS) vulnerability discovered in JIZHICMS, specifically affecting versions up to 2.5.5. This vulnerability resides within the Comment Handler component, potentially allowing attackers to inject malicious scripts into the system through the body parameter of the /index.php/admins/Comment/addcomment.html endpoint. The exploit is publicly available, increasing the risk of exploitation. Attempts to contact the vendor regarding this vulnerability were unsuccessful. Technical Details The vulnerability stems from insufficient input sanitization of the body parameter when adding comments via the /index.php/admins/Comment/addcomment.html endpoint. An attacker can inject arbitrary JavaScript code into this parameter, which will then be stored in…

Overview CVE-2025-13488 describes a security vulnerability in Sonatype Nexus Repository. A regression introduced in version 3.83.0 caused a critical security header to no longer be applied to certain user-uploaded content served from repositories. This oversight creates a potential avenue for attackers with the appropriate privileges to inject malicious code via stored Cross-Site Scripting (XSS) vulnerabilities. Technical Details The vulnerability stems from a regression that disabled the application of a specific security header. This header is designed to prevent browsers from interpreting uploaded content (e.g., an HTML file uploaded as a text file) as executable code. Without this header, a malicious…