Overview CVE-2025-13807 describes a medium severity vulnerability found in OrionSec Orion-Ops up to version 5925824997a3109651bbde07460958a7be249ed1. Specifically, the vulnerability resides within the MachineKeyController function located in the orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java file of the API component. This flaw allows for improper authorization, potentially enabling attackers to bypass security controls and gain unauthorized access. The vulnerability is remotely exploitable and a proof-of-concept exploit is publicly available. The vendor has been unresponsive to disclosure attempts. Technical Details The vulnerability stems from insufficient authorization checks within the MachineKeyController. An attacker can manipulate requests to this controller to potentially bypass intended authorization mechanisms. The specific manipulation leading to…

Overview CVE-2025-13806 describes a high-severity security vulnerability affecting nutzam NutzBoot up to version 2.6.0-SNAPSHOT. The vulnerability resides within the Transaction API, specifically in the EthModule.java file of the nutzboot-demo-simple-web3j component. Successful exploitation allows for unauthorized transaction manipulation. Technical Details The vulnerability stems from improper authorization checks when handling arguments related to transaction execution, specifically the from, to, and wei parameters. An attacker can manipulate these parameters to bypass intended authorization controls, potentially leading to unauthorized fund transfers or other malicious actions. The affected file is nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java. The exploit has been publicly disclosed, meaning that proof-of-concept (PoC) code is available and…

Overview CVE-2025-13805 describes a deserialization vulnerability identified in NutzBoot up to version 2.6.0-SNAPSHOT. This weakness resides within the getInputStream function of the HttpServletRpcEndpoint.java file, part of the LiteRpc-Serializer component. Successful exploitation of this vulnerability could potentially lead to remote code execution (RCE), although the attack complexity is considered high, and the exploitability is rated as difficult. Technical Details The vulnerability lies within the getInputStream function of the nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java file. The component LiteRpc-Serializer is susceptible to manipulation that can lead to deserialization of untrusted data. The precise mechanism that triggers the deserialization isn’t explicitly stated but generally involves crafting a malicious…

Overview CVE-2025-13804 describes an information disclosure vulnerability found in nutzam NutzBoot up to version 2.6.0-SNAPSHOT. The vulnerability resides within the Ethereum Wallet Handler component, specifically in the EthModule.java file. Successful exploitation allows remote attackers to potentially access sensitive information. Technical Details The vulnerability lies in an unknown function within the nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java file. By manipulating specific inputs, an attacker can trigger the information disclosure. The publicly available exploit demonstrates that this vulnerability is exploitable remotely. CVSS Analysis CVSS Score: 4.3 (Medium) This score reflects the potential impact of information disclosure and the relative ease of remote exploitation. Possible Impact Successful exploitation…

Overview CVE-2025-13803 is a high-severity vulnerability affecting MediaCrush versions 1.0.0 and 1.0.1. This vulnerability allows a remote attacker to inject arbitrary HTTP headers by manipulating the Host header, potentially leading to various security risks. Technical Details The vulnerability resides in the /mediacrush/paths.py file, specifically within an unknown function of the Header Handler component. By crafting a malicious Host header, an attacker can bypass input sanitization and inject arbitrary HTTP headers. This improper neutralization of HTTP headers for scripting syntax enables the attacker to influence server-side behavior. The vulnerable code does not adequately sanitize the Host header, allowing an attacker to…

Overview CVE-2025-13802 describes a cross-site scripting (XSS) vulnerability found in jairiidriss RestaurantWebsite. This vulnerability affects an unknown function within the “Make a Reservation” component. A malicious actor can exploit this weakness by manipulating the `selected_date` argument, injecting arbitrary JavaScript code into the website, and potentially compromising user data or website functionality. The vendor has not responded to disclosure attempts, making mitigation challenging. The product uses continuous delivery with rolling releases, making version identification difficult. Technical Details The vulnerability resides within the “Make a Reservation” functionality of jairiidriss RestaurantWebsite. Specifically, the `selected_date` parameter is not properly sanitized, allowing an attacker to…

Overview CVE-2025-13800 is a medium severity command injection vulnerability identified in ADSLR NBR1005GPEV2 routers running firmware version 250814-r037c. This flaw allows remote attackers to execute arbitrary commands on the affected device by manipulating the mac argument within the set_mesh_disconnect function of the /send_order.cgi file. The exploit for this vulnerability is publicly available, increasing the risk of exploitation. Technical Details The vulnerability resides in the set_mesh_disconnect function within the /send_order.cgi script. Improper sanitization of the mac argument allows an attacker to inject arbitrary commands into the system’s shell. By crafting a malicious request containing shell metacharacters within the mac parameter, an…

Overview A critical security vulnerability, identified as CVE-2025-64772, has been discovered in the installer of Sony’s INZONE Hub software, specifically versions 1.0.10.3 to 1.0.17.0. This vulnerability stems from an insecure DLL search path, which could allow a malicious actor to execute arbitrary code on a user’s system with the same privileges as the user running the installer. Technical Details The vulnerability is rooted in the way the INZONE Hub installer searches for and loads Dynamic Link Libraries (DLLs). Due to an improperly configured search path, the installer may inadvertently load a malicious DLL from a location controlled by an attacker…

Overview CVE-2025-13799 is a medium-severity command injection vulnerability identified in the ADSLR NBR1005GPEV2 router, specifically affecting firmware version 250814-r037c. This flaw allows a remote attacker to execute arbitrary commands on the device by manipulating the mac argument within the ap_macfilter_del function of the /send_order.cgi file. The vulnerability has been publicly disclosed and an exploit is available. Unfortunately, the vendor has not responded to vulnerability reports. Technical Details The vulnerability resides in the ap_macfilter_del function within the /send_order.cgi script of the ADSLR NBR1005GPEV2 router. The script fails to properly sanitize user-supplied input for the mac parameter. By injecting malicious commands into…

Overview CVE-2025-13798 is a medium-severity vulnerability affecting ADSLR NBR1005GPEV2 routers with firmware version 250814-r037c. This flaw allows a remote attacker to inject arbitrary commands through the ap_macfilter_add function in the /send_order.cgi file. The vulnerability stems from improper sanitization of the mac argument, leading to command execution with elevated privileges. This issue has been publicly disclosed and a proof-of-concept exploit is available, increasing the risk of exploitation in the wild. The vendor was contacted regarding this vulnerability but has not yet provided a response. Technical Details The vulnerability lies within the ap_macfilter_add function, accessed via the /send_order.cgi endpoint. By manipulating the…