Overview CVE-2025-66293 is a high-severity vulnerability affecting libpng, a widely used library for handling PNG image files. This vulnerability, specifically an out-of-bounds read, resides within the simplified API of libpng and can be triggered when processing certain valid PNG images. Successful exploitation could lead to information disclosure or denial-of-service. Technical Details The vulnerability stems from an out-of-bounds read in libpng’s simplified API when processing valid palette PNG images with partial transparency and gamma correction. Specifically, the issue occurs when reading beyond the `png_sRGB_base[512]` array, potentially reading up to 1012 bytes beyond the allocated memory. The vulnerability is triggered due to…

Overview This article provides a detailed analysis of CVE-2025-65868, a critical XML External Entity (XXE) injection vulnerability discovered in eyoucms version 1.7.1. This vulnerability allows remote attackers to potentially cause a denial-of-service (DoS) condition by exploiting the CMS’s XML parsing capabilities. Understanding the technical details, potential impact, and available mitigation strategies is crucial for securing eyoucms installations. Technical Details CVE-2025-65868 stems from insufficient input validation when processing XML data submitted through POST requests in eyoucms v1.7.1. An attacker can craft a malicious XML payload containing an external entity declaration that references a local or remote resource. When the CMS parses…

Overview CVE-2025-64055 describes a critical security vulnerability affecting Fanvil x210 V2 VoIP phones running firmware version 2.12.20. This vulnerability allows unauthenticated attackers on the same local network to bypass authentication mechanisms and gain access to sensitive administrative functions of the device. This includes, but is not limited to, file uploads, firmware updates, and device reboot. Technical Details The vulnerability resides in the authentication process of the Fanvil x210 V2. A crafted request, exploiting a flaw in how the device handles authentication tokens or session management, can circumvent the normal login procedures. Attackers can leverage this to access administrative interfaces without…

Overview CVE-2025-66489 is a critical security vulnerability affecting Cal.com, the open-source scheduling software. This flaw allows an attacker to bypass password verification by manipulating the TOTP code during login, potentially leading to unauthorized access to user accounts. The vulnerability exists in versions prior to 5.9.8 and is due to problematic conditional logic within the authentication flow. Technical Details The vulnerability stems from a flaw in Cal.com’s login credentials provider. The authentication process incorrectly handles TOTP code verification, leading to a bypass of the standard password check. An attacker providing a valid (or potentially even specially crafted) TOTP code, in conjunction…

Overview CVE-2025-66453 describes a potential Denial of Service (DoS) vulnerability affecting the Rhino JavaScript engine, an open-source implementation of JavaScript written entirely in Java. This vulnerability exists in versions prior to 1.8.1, 1.7.15.1, and 1.7.14.1. The issue stems from how the toFixed() function handles attacker-controlled floating-point numbers, leading to excessive CPU consumption and potentially crashing the application. Technical Details The vulnerability is triggered when an application passes a float value controlled by an attacker into the toFixed() function of the Rhino JavaScript engine. Specifically, small numbers processed by toFixed() can lead to an inefficient calculation. The call stack follows this…

Overview CVE-2025-66411 is a high-severity vulnerability affecting Coder, a platform used for provisioning remote development environments via Terraform. This vulnerability allows unauthorized access to sensitive information due to the logging of Workspace Agent manifests containing sensitive values in plaintext. This issue can be exploited by attackers with limited local access to a Coder Workspace or third-party systems with access to the logs. Technical Details The vulnerability stems from the fact that Workspace Agent manifests, which may contain sensitive data like API keys, passwords, or other credentials, were being logged in plaintext without proper sanitization. An attacker gaining access to these…

Overview CVE-2025-66406 describes a medium-severity vulnerability affecting Step CA, a popular online certificate authority used for secure, automated certificate management in DevOps environments. Specifically, an improper authorization check for SSH certificate revocation exists in versions prior to 0.29.0. This flaw impacts deployments configured with the SSHPOP provisioner, potentially allowing unauthorized users to revoke valid SSH certificates. Upgrading to version 0.29.0 is crucial to address this security issue. Technical Details The vulnerability stems from insufficient validation of user permissions when attempting to revoke SSH certificates using the SSHPOP provisioner in Step CA. This means that under certain conditions, an attacker with…

Overview CVE-2025-65345 describes a directory traversal vulnerability found in alexusmai’s Laravel File Manager, specifically versions 3.3.1 and below. This flaw allows a malicious actor to craft archives (ZIP files) that, when extracted using the file manager’s built-in functionality, can create files and directories outside the intended web application’s scope. This is due to insufficient validation of file paths during the archiving process. Technical Details The vulnerability resides in the zip/archiving component of the Laravel File Manager. When a user creates an archive, the file manager doesn’t properly sanitize or validate the paths of files and directories included in the archive.…

Overview CVE-2025-65097 identifies a security vulnerability within RomM (ROM Manager), a software application that allows users to organize and manage their game collections. This vulnerability allows an authenticated user to delete collections belonging to other users without proper authorization checks. This means if you have an account on a RomM instance affected by this bug, you could potentially delete the game collections of other users on the same instance. This vulnerability was present in versions prior to 4.4.1 and 4.4.1-beta.2 and has been fixed in versions 4.4.1 and 4.4.1-beta.2. Technical Details The vulnerability stems from the lack of ownership verification…

Overview CVE-2025-65096 describes a vulnerability in RomM (ROM Manager), a popular application used for managing game ROM collections. Prior to versions 4.4.1 and 4.4.1-beta.2, the application lacked proper authorization checks, allowing malicious users to potentially access and read private game collection data belonging to other users via direct API calls. This vulnerability could expose sensitive information about a user’s game collection, potentially leading to privacy breaches. Technical Details The vulnerability stems from a missing authorization check when retrieving collection data via the RomM API. Specifically, the application fails to verify ownership or the public/private status of a collection before returning…