Overview A critical open redirect vulnerability, identified as CVE-2025-13819, has been discovered in the web server component of MiR (Mobile Industrial Robots) Robot and Fleet software. This flaw allows a remote attacker to potentially redirect users to malicious external websites by crafting a specific URL parameter. This could be exploited to facilitate phishing attacks or other social engineering schemes, putting sensitive user data and system integrity at risk. Technical Details The vulnerability stems from insufficient validation of user-supplied input within the redirection functionality of the MiR Robot and Fleet web server. An attacker can manipulate a specific parameter in a…

Overview A medium severity security vulnerability, identified as CVE-2025-13816, has been discovered in Mogu Blog v2 up to version 5.2. This vulnerability stems from a path traversal flaw within the ZIP file handling functionality. An attacker can exploit this flaw to potentially read or write arbitrary files on the server, leading to significant security risks. The vulnerability is located within the FileOperation.unzip function of the /networkDisk/unzipFile component. Successful exploitation requires no authentication and can be performed remotely. Technical Details The root cause of CVE-2025-13816 is insufficient sanitization of the fileUrl argument passed to the FileOperation.unzip function. This lack of proper…

Overview CVE-2025-13815 is a medium-severity vulnerability identified in Mogu Blog v2, up to and including version 5.2. This vulnerability allows for unrestricted file uploads, potentially enabling attackers to upload malicious files and execute arbitrary code on the affected server. The vendor was contacted but did not respond. Technical Details The vulnerability resides in the /file/pictures endpoint of Mogu Blog v2. Specifically, the issue lies within an unknown function responsible for handling file uploads. By manipulating the filedatas argument, an attacker can bypass upload restrictions and upload any file type, including executable files. The exploit is publicly available, increasing the risk…

Overview CVE-2025-61619 describes a high-severity vulnerability found in NR (New Radio) modems. This vulnerability stems from improper input validation and can be exploited to cause a system crash, leading to a remote denial-of-service (DoS) condition. Critically, exploitation requires no additional execution privileges. Technical Details The vulnerability lies within the NR modem’s processing of specific input data. Due to insufficient validation of this input, a crafted malicious input can trigger an unhandled exception or error condition within the modem’s firmware. This, in turn, results in a system crash and the subsequent denial of service. The specific nature of the vulnerable input…

Overview CVE-2025-61618 is a high-severity vulnerability affecting nr modems. This vulnerability stems from improper input validation, which can be exploited by remote attackers to trigger a system crash, leading to a denial-of-service (DoS) condition. No additional execution privileges are required to exploit this vulnerability. Technical Details The root cause of CVE-2025-61618 lies in the inadequate validation of input data processed by the nr modem. Specifically, a malformed or unexpectedly large input can cause the modem’s processing logic to enter an unhandled state, leading to a system crash. The specific input vector and impacted function are detailed in the vendor’s advisory…

Overview CVE-2025-61617 is a high-severity vulnerability affecting NR (New Radio) modems. This vulnerability, stemming from improper input validation, can lead to a system crash and result in a remote denial of service (DoS) attack. Exploitation of this vulnerability does not require any additional execution privileges, making it a significant security concern. Technical Details The vulnerability lies in the way the NR modem handles specific input data. Due to insufficient validation, a malformed input can trigger a fatal error within the modem’s firmware, causing it to crash and rendering the device unusable. The specific input vector is not publicly disclosed to…

Overview CVE-2025-61610 is a high-severity vulnerability affecting NR (New Radio) modems. This vulnerability stems from improper input validation, potentially leading to a system crash and resulting in a remote denial of service (DoS) condition. Exploitation of this vulnerability requires no additional execution privileges. This article provides a detailed analysis of CVE-2025-61610, including technical details, CVSS analysis, potential impact, and mitigation strategies. Technical Details The vulnerability lies in the NR modem’s handling of input data. Insufficient validation of the input allows a malicious actor to send crafted data packets that trigger a system crash within the modem. The exact mechanism of…

Overview CVE-2025-61609 is a high-severity vulnerability affecting certain modem implementations. This vulnerability stems from improper input validation within the modem’s firmware, potentially leading to a system crash and resulting in a remote denial of service (DoS) condition. Exploitation of this vulnerability requires no additional execution privileges. Technical Details The core issue lies in the modem’s handling of specific input data. Due to insufficient validation, a malformed input can trigger a buffer overflow or other memory corruption issues, leading to a system crash. The specific input vector and vulnerable functions are detailed in the vendor’s advisory (see references). An attacker can…

Overview CVE-2025-61608 is a high-severity vulnerability identified in nr modems. This vulnerability stems from improper input validation and can be exploited by remote attackers to trigger a system crash, resulting in a denial-of-service (DoS) condition. No additional execution privileges are required for a successful exploit. Technical Details The vulnerability lies in the way the nr modem handles incoming data. Specifically, the modem fails to properly validate certain input parameters. An attacker can craft malicious input that exploits this lack of validation, leading to unexpected behavior within the modem’s processing logic. This then results in a system crash and DoS. The…

Overview CVE-2025-61607 is a high-severity vulnerability identified in nr modem. This vulnerability stems from improper input validation, potentially leading to a system crash and resulting in a remote denial of service (DoS). Exploitation of this vulnerability requires no additional execution privileges, making it a significant security concern. Technical Details The root cause of CVE-2025-61607 lies within the nr modem’s input validation mechanisms. Specifically, the software fails to adequately sanitize or validate input data received from a remote source. This lack of validation allows an attacker to craft malicious input that, when processed by the modem, triggers a critical error or…