Overview CVE-2025-66422 is a medium severity vulnerability affecting Tryton, an open-source ERP system. Specifically, versions of trytond before 7.6.11 are susceptible to information disclosure. Remote attackers can potentially obtain sensitive traceback information related to the server setup, which could aid in further malicious activities. This post provides a detailed analysis of the vulnerability, its impact, and the necessary steps to mitigate the risk. Technical Details The vulnerability stems from insufficient error handling or access controls within the trytond component. Under certain circumstances, an attacker can trigger an error that exposes detailed traceback information. This traceback can include configuration settings, file…

Overview A medium-severity Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-66421, has been discovered in Tryton SAO (aka tryton-sao) versions before 7.6.11. This flaw allows attackers to inject arbitrary web scripts or HTML into the user’s browser due to insufficient escaping of completion values. Users are strongly advised to upgrade to the patched versions as soon as possible. Technical Details The vulnerability stems from the lack of proper sanitization of completion values within Tryton SAO. When a user interacts with features that utilize completion (e.g., auto-complete in forms), the system doesn’t adequately escape the provided values before rendering them in the…

Overview CVE-2025-66420 describes a medium severity Cross-Site Scripting (XSS) vulnerability affecting Tryton SAO (aka tryton-sao) versions prior to 7.6.9. This vulnerability allows attackers to inject malicious scripts into the context of a user’s browser by exploiting the handling of HTML attachments. Successfully exploiting this vulnerability could lead to session hijacking, sensitive data theft, or defacement of the application interface. Technical Details The vulnerability stems from insufficient sanitization of HTML content within attachments processed by Tryton SAO. An attacker can craft a malicious HTML attachment containing JavaScript code. When a user opens or previews this attachment within the Tryton SAO application,…

Overview A critical security vulnerability, identified as CVE-2025-13615, has been discovered in the StreamTube Core plugin for WordPress. This flaw allows unauthenticated attackers to change user passwords, potentially leading to complete takeover of administrator accounts. This vulnerability affects versions up to and including 4.78 of the StreamTube Core plugin. This vulnerability stems from inadequate authorization checks when handling user-controlled access to objects, allowing bypasses that grant access to system resources which should be protected. Important Note: This vulnerability is only exploitable if the ‘registration password fields’ are enabled in the theme options of the StreamTube plugin. Technical Details The StreamTube…

Overview CVE-2025-6666 is a low-severity vulnerability affecting motogadget mo.lock Ignition Lock up to version 20251125. The vulnerability resides in the NFC handler component and can be exploited through manipulation to potentially utilize a hard-coded cryptographic key. This could allow an attacker with physical access to the device to bypass security measures. Technical Details The vulnerability lies within the NFC handler functionality of the motogadget mo.lock. An attacker with physical proximity to the device could potentially manipulate NFC communication to trigger the use of a hard-coded cryptographic key. The exact mechanism for exploiting this vulnerability is not publicly detailed, but it…

Overview A significant security vulnerability, identified as CVE-2025-66291, has been discovered in OrangeHRM, a widely used human resource management system. This flaw allows unauthorized users to access sensitive interview attachments within the Recruitment module. Specifically, users with Employee Self-Service (ESS) level access, who should not have access to recruitment workflows, can potentially retrieve confidential interview documents, including candidate CVs, evaluations, and supporting files. This exposure stems from inadequate authorization checks during the retrieval of interview attachments. Technical Details The vulnerability exists in OrangeHRM versions 5.0 through 5.7. The issue arises because the interview attachment retrieval endpoint relies solely on an…

Overview CVE-2025-66290 is a security vulnerability affecting OrangeHRM versions 5.0 through 5.7. This flaw allows unauthorized access to recruitment attachments, such as resumes and cover letters, by authenticated users, even those with limited ESS (Employee Self-Service) access who should not have access to the Recruitment module. Technical Details The vulnerability stems from a missing authorization check in the application’s recruitment attachment retrieval endpoint. When an authenticated request is made to this endpoint, OrangeHRM validates the user’s session but fails to verify whether the user possesses the necessary permissions to access the Recruitment module and candidate data. This oversight enables any…

Overview A critical vulnerability, identified as CVE-2025-66289, has been discovered in OrangeHRM, a widely used human resource management (HRM) system. This vulnerability impacts versions 5.0 through 5.7. The core issue lies in the application’s failure to properly invalidate existing user sessions upon account disablement or password changes. This allows already active sessions to remain valid indefinitely, posing a significant security risk. Technical Details The vulnerability stems from a lack of session revocation or session-store cleanup mechanisms within OrangeHRM when critical state changes occur, specifically when a user account is disabled or when the user’s password is changed. As a result,…

Published: 2025-11-29 Overview CVE-2025-66225 describes a critical vulnerability affecting OrangeHRM, a widely used human resource management system. This flaw allows an attacker to potentially take over any user account, including administrator accounts, by manipulating the password reset workflow. Versions 5.0 through 5.7 of OrangeHRM are affected. A patch is available in version 5.8. Technical Details The vulnerability resides within the password reset functionality. Specifically, the system fails to properly validate the username provided during the final password reset request. Here’s how the attack works: An attacker initiates a password reset for *any* account for which they can intercept email (even…

Overview This article details a critical vulnerability, identified as CVE-2025-66224, affecting OrangeHRM, a widely used human resource management system. Versions 5.0 to 5.7 are vulnerable to an input-neutralization flaw in the mail configuration and delivery workflow. This allows attackers to potentially write arbitrary files on the server, which in turn could lead to Remote Code Execution (RCE) if the written files are accessible via the web. Technical Details The vulnerability stems from the lack of proper sanitization of user-controlled input within the mail-sending logic. Specifically, when configuring and sending emails, user-provided values are directly incorporated into the system’s `sendmail` command.…