Overview CVE-2025-53899 is a high-severity vulnerability affecting Kiteworks MFT (Managed File Transfer) versions prior to 9.1.0. This vulnerability stems from an incorrectly specified destination in a communication channel. An attacker with administrative privileges on the system, under specific circumstances, can exploit this flaw to intercept upstream communication, potentially leading to a significant escalation of privileges. Kiteworks has addressed this issue in version 9.1.0. Technical Details The vulnerability lies within the back-end communication channels of Kiteworks MFT. Specifically, the incorrect specification of the destination for certain internal communications allows an attacker possessing administrative privileges to redirect or intercept these communications. This…

Published: 2025-11-29 Overview CVE-2025-53897 describes a medium severity vulnerability affecting Kiteworks Managed File Transfer (MFT) versions prior to 9.1.0. This vulnerability could allow an attacker to potentially gain unauthorized access to sensitive log information by exploiting a cross-site scripting (XSS)-like flaw. By tricking an administrator into visiting a crafted, malicious page within the Kiteworks MFT system, an attacker can potentially access and exfiltrate log data. Technical Details The vulnerability stems from insufficient input validation and output encoding when an administrator interacts with specific pages within the Kiteworks MFT interface. An attacker could craft a malicious URL or embed malicious content…

Overview CVE-2025-53896 describes a high-severity vulnerability affecting Kiteworks Managed File Transfer (MFT) solutions. Specifically, a flaw exists that can prevent user sessions from timing out properly due to inactivity. This can leave sessions active longer than intended, potentially allowing unauthorized access to sensitive data. The vulnerability affects Kiteworks MFT versions prior to 9.1.0. A patch is available in version 9.1.0 to address this issue. Technical Details The vulnerability arises from a flaw in the session management mechanism within Kiteworks MFT. Under specific, but unspecified, circumstances, the inactivity timer that is intended to automatically terminate a user session fails to trigger.…

Overview CVE-2025-66219 describes a command injection vulnerability affecting versions 0.2.1 and prior of willitmerge, a command-line tool used to check if pull requests are mergeable. This vulnerability allows attackers to execute arbitrary commands on the system by injecting malicious code through user-controlled input passed to the `exec` function. This poses a significant risk to systems where willitmerge is deployed, particularly within CI/CD pipelines or development environments. Technical Details The root cause of the vulnerability lies in the insecure usage of the `exec` function within the `willitmerge.js` file. Specifically, the application concatenates user-provided input (either from command-line flags or from the…

Overview CVE-2025-66201 details a Server-Side Request Forgery (SSRF) vulnerability found in LibreChat, an open-source ChatGPT clone with extended functionalities. This flaw, present in versions prior to 0.8.1-rc2, allows an authenticated user with access to the “Actions” feature to potentially access internal resources and sensitive information by crafting malicious OpenAPI specifications. By exploiting this vulnerability, an attacker could make the LibreChat server initiate requests to arbitrary URLs, including those only accessible within the internal network, such as cloud metadata services. Technical Details The vulnerability lies in how LibreChat handles user-provided OpenAPI specifications within its “Actions” feature. An attacker can craft a…

Overview CVE-2025-66036 identifies a medium severity Cross-Site Scripting (XSS) vulnerability affecting the Retro platform, an online marketplace for vintage collections. This vulnerability exists in the input handling component of versions prior to 2.4.7. Successfully exploiting this flaw could allow attackers to inject malicious scripts into users’ browsers, potentially leading to account compromise, data theft, or other malicious activities. A patch is available in version 2.4.7, and immediate upgrading is highly recommended. Published: 2025-11-29T02:15:52.257 Technical Details The vulnerability stems from improper sanitization of user-supplied input within the Retro platform. Specifically, the application fails to adequately escape or validate data before rendering…

Overview CVE-2025-66034 is a medium severity vulnerability discovered in FontTools, a Python library used for manipulating fonts. This vulnerability, present in versions 4.33.0 to before 4.60.2, allows for arbitrary file writes, potentially leading to remote code execution (RCE) when processing a malicious .designspace file. Technical Details The vulnerability resides within the fontTools.varLib script, specifically affecting the main() code path. This code path is invoked by the fonttools varLib command-line interface (CLI) and any other code that directly calls fontTools.varLib.main(). By crafting a malicious .designspace file, an attacker can exploit this flaw to write arbitrary files to the system, ultimately enabling…

Overview CVE-2025-66027 describes an information disclosure vulnerability found in Rallly, an open-source scheduling and collaboration tool. Specifically, versions prior to 4.5.6 are affected. This vulnerability allows unauthorized access to participant details, including names and email addresses, even when privacy features intended to protect this information are enabled. This bypasses the intended privacy controls and exposes potentially sensitive user data. Technical Details The vulnerability resides in the /api/trpc/polls.get,polls.participants.list endpoint. An attacker, or any logged-in user, could potentially access this endpoint to retrieve a list of participants and their associated information (names and email addresses) for a specific poll. This occurs even…

Overview CVE-2025-65113 describes an authorization bypass vulnerability found in ClipBucket v5, a popular open-source video sharing platform. Prior to version 5.5.2 – #164, this flaw allows unauthenticated users to flag any content on the platform, including users, videos, photos, and collections. This can be exploited to launch mass flagging attacks, disrupt content availability, and abuse the moderation system. Technical Details The vulnerability resides in the AJAX flagging system. The application fails to properly verify user authentication before processing flagging requests. As a result, an attacker can craft malicious requests to flag content without needing to log in or authenticate. This…

Overview CVE-2025-65112 identifies a critical vulnerability in PubNet, a self-hosted Dart & Flutter package service. Prior to version 1.1.3, the `/api/storage/upload` endpoint was susceptible to unauthorized package uploads. This flaw allowed unauthenticated users to upload packages impersonating any user within the PubNet system. This could lead to severe consequences, including identity spoofing, privilege escalation, and potentially devastating supply chain attacks. This vulnerability has been addressed and patched in PubNet version 1.1.3. Users of earlier versions are strongly advised to upgrade immediately. Technical Details The vulnerability stems from a lack of authentication and authorization checks on the `/api/storage/upload` endpoint. An attacker…