Overview CVE-2025-63681 identifies an Incorrect Access Control vulnerability found in Open-WebUI version 0.6.33. This flaw allows a standard user to stop arbitrary Large Language Model (LLM) response tasks initiated by other users. The issue stems from a lack of proper authorization checks when accessing the /api/tasks/stop/ endpoint. Published on 2025-12-04T16:16:22.447, this vulnerability exposes the application to potential denial-of-service scenarios and unauthorized interference with user workflows. Technical Details The vulnerability resides in the /api/tasks/stop/ API endpoint. Specifically, the Open-WebUI backend code (as observed in the identified code snippet) directly accesses and cancels tasks based solely on the task ID provided in…

Overview CVE-2025-61148 details an Insecure Direct Object Reference (IDOR) vulnerability found in EduplusCampus version 3.0.1. This vulnerability resides within the Student Payment API and allows authenticated users to potentially access the personal and financial records of other students without proper authorization. By manipulating the rec_no parameter in the /student/get-receipt endpoint, an attacker can retrieve sensitive data belonging to different student accounts. This could lead to significant privacy breaches and potential financial harm. Technical Details The vulnerability stems from insufficient authorization checks within the /student/get-receipt API endpoint. The application uses the rec_no parameter to directly reference specific student payment records. However,…

Overview CVE-2025-57213 details an incorrect access control vulnerability found in Platform version 1.0.0. Specifically, the orderService.queryObject component is susceptible to unauthorized access, potentially allowing attackers to retrieve sensitive information through carefully crafted requests. This vulnerability was published on 2025-12-04 and poses a significant risk to systems running the affected version. Technical Details The vulnerability resides in the orderService.queryObject component. Due to flawed access control mechanisms, a malicious actor can bypass intended security checks and directly query the component, potentially extracting data related to orders, users, or other sensitive aspects of the platform. The exact nature of the “crafted request” requires…

Overview CVE-2025-57212 describes an incorrect access control vulnerability found in the ApiOrderService.java component of Platform version 1.0.0. This flaw allows attackers to potentially access sensitive information by sending a specially crafted request to the affected API endpoint. Due to the improper access controls, unauthorized users may be able to retrieve order details or other sensitive data that they should not have access to. Technical Details The vulnerability resides within the ApiOrderService.java file. The code responsible for handling order retrieval requests lacks proper authorization checks. This means that a malicious actor can manipulate the request parameters (e.g., order ID, user ID)…

Overview CVE-2025-57210 describes an incorrect access control vulnerability found within the ApiPayController.java component of platform version 1.0.0. This flaw allows unauthorized attackers to potentially gain access to sensitive information through unspecified attack vectors. Due to the nature of access control vulnerabilities, this can have significant implications for data confidentiality and integrity. Technical Details The vulnerability resides in the ApiPayController.java file of platform v1.0.0. The specific lines of code affected are not publicly specified beyond the GIST reference. The lack of proper access control checks within this controller allows attackers to bypass intended security mechanisms and potentially access or manipulate sensitive…

Overview CVE-2025-56427 describes a directory traversal vulnerability discovered in ComposioHQ version 0.7.20. This vulnerability allows a remote, unauthenticated attacker to potentially access sensitive information by exploiting the _download_file_or_dir function. By crafting malicious requests, an attacker can bypass intended security restrictions and read arbitrary files on the server’s file system. Technical Details The vulnerability resides within the _download_file_or_dir function, likely due to insufficient sanitization or validation of user-supplied input, specifically related to file paths. An attacker can manipulate the input to include directory traversal sequences (e.g., ../) to navigate outside the intended directory and access restricted files. The specific location in…

Overview A high-severity path traversal vulnerability, identified as CVE-2025-54160, has been discovered in Synology BeeDrive for desktop. This vulnerability allows local users to execute arbitrary code due to improper limitation of pathname to a restricted directory. Users of BeeDrive are strongly advised to update to the latest version to mitigate this risk. Technical Details The vulnerability resides in how BeeDrive handles file paths, specifically when processing user-supplied input for file operations. Due to insufficient validation, a local attacker can craft a malicious file path that traverses outside the intended restricted directory. This can lead to the execution of arbitrary code…

Overview A critical security vulnerability, identified as CVE-2025-54159, has been discovered in Synology BeeDrive for desktop. This missing authorization vulnerability allows remote attackers to delete arbitrary files on a vulnerable system. The severity of this issue is rated as HIGH, and immediate action is recommended to mitigate the risk. Technical Details CVE-2025-54159 is a missing authorization vulnerability in BeeDrive desktop application versions prior to 1.4.2-13960. The specifics of the attack vectors are currently undisclosed by Synology, however, the core issue lies in the lack of proper authorization checks when handling file deletion requests. This allows a remote attacker to craft…

Overview A high-severity security vulnerability, identified as CVE-2025-54158, has been discovered in Synology BeeDrive for desktop. This flaw allows a local attacker to execute arbitrary code due to a missing authentication check for a critical function. The vulnerability affects BeeDrive versions prior to 1.4.2-13960. Immediate action is required to mitigate this risk. Technical Details CVE-2025-54158 stems from the absence of proper authentication for a specific, yet unspecified, function within the BeeDrive desktop application. This lack of authentication allows a malicious local user to bypass security controls and execute arbitrary code with the privileges of the BeeDrive application. The exact nature…

Overview CVE-2025-40266 describes a vulnerability in the Kernel-based Virtual Machine (KVM) subsystem of the Linux kernel, specifically affecting the arm64 architecture. This vulnerability is related to the handling of FF-A (Firmware Framework for Arm) memory sharing between the host kernel and guest VMs. The issue could potentially allow a malicious host to trigger an out-of-bounds (OOB) access in the hypervisor by providing a specially crafted offset value. Technical Details The vulnerability stems from insufficient validation of the offset used to access the FF-A buffer. The host kernel can specify an offset value. If this offset is a large enough value…