Overview CVE-2025-66021 details a Cross-Site Scripting (XSS) vulnerability identified in version 20240325.1 of the OWASP Java HTML Sanitizer. This library is widely used to sanitize HTML input, preventing malicious scripts from being injected into web applications. The vulnerability arises when the HtmlPolicyBuilder allows both <noscript> and <style> tags with allowTextIn inside the style tag. This configuration can be exploited to bypass sanitization and inject arbitrary JavaScript code. Published on 2025-11-26T02:15:49.723, this issue highlights a potential weakness in the HTML sanitization process when specific configurations are used. Technical Details The vulnerability lies in the specific configuration of the HtmlPolicyBuilder. When <noscript>…

Overview CVE-2025-66020 is a high-severity vulnerability affecting the Valibot data validation library. Specifically, it’s a Regular Expression Denial of Service (ReDoS) vulnerability found within the EMOJI_REGEX used in the emoji validation action. This flaw allows attackers to craft relatively short input strings (less than 100 characters) that can cause the regular expression engine to consume excessive CPU time, potentially leading to a Denial of Service (DoS) condition for applications utilizing the vulnerable Valibot versions. The affected versions of Valibot are those ranging from 0.31.0 to 1.1.0. A patch addressing this issue is available in version 1.2.0. Technical Details The vulnerability…

Overview CVE-2025-12848 details a cross-site scripting (XSS) vulnerability affecting the Webform Multiple File Upload module for Drupal 7.x. This vulnerability allows an unauthenticated attacker to inject malicious JavaScript code by uploading a file with a crafted filename. When a victim views the Webform node with the uploaded file, the malicious script is executed in their browser, potentially leading to data theft, session hijacking, or other malicious activities. Technical Details The vulnerability exists in the file name renderer of the Webform Multiple File Upload module. Specifically, the module fails to properly sanitize filenames before displaying them. An attacker can exploit this…

Overview CVE-2025-66265 describes a critical privilege escalation vulnerability affecting CMService.exe. This vulnerability arises from the creation of the C:\usr directory and its subdirectories with overly permissive permissions, specifically granting write access to all authenticated users. This flaw allows malicious actors with standard user accounts to potentially overwrite critical configuration files or inject malicious DLLs, ultimately leading to privilege escalation and system compromise. Technical Details The root cause of CVE-2025-66265 lies in the insecure default permissions assigned to the C:\usr directory and its subdirectories when created by CMService.exe. Authenticated users, even those with low privileges, can modify files within these directories.…

Overview CVE-2025-66264 describes a critical vulnerability found in the CMService.exe service. This service, which runs with SYSTEM privileges, contains an unquoted service path. This flaw allows a local attacker with write access to the filesystem to potentially escalate their privileges to SYSTEM by injecting a malicious executable into a directory within the service’s path. Technical Details The vulnerability stems from the way the Windows operating system parses service paths that lack quotation marks. When a service path is not enclosed in quotes, Windows attempts to execute each space-separated segment of the path as a separate executable. For example, if the…

Overview CVE-2025-66263 is a security vulnerability affecting DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000. This vulnerability allows an unauthenticated attacker to read arbitrary files on the system due to a null byte injection flaw in the download_setting.php endpoint. Technical Details The vulnerability lies in the /var/tdf/download_setting.php endpoint, which is intended for downloading configuration settings. This endpoint constructs file paths by concatenating a user-controlled $_GET['filename'] parameter with the .tgz extension. Due to the application running on PHP 5.3.2 (pre-5.3.4), it is susceptible to null byte injection. By injecting a…

Overview CVE-2025-66262 is a critical vulnerability affecting DB Elettronica Telecomunicazioni S.p.A. Mozart FM Transmitters. This vulnerability allows an attacker to overwrite arbitrary files on the system due to improper handling of Tar archive extraction. Specifically, the restore_mozzi_memories.sh script uses the -C / flag during Tar extraction without proper path validation, leading to a path traversal vulnerability. Technical Details The core of the vulnerability lies in the restore_mozzi_memories.sh script. This script extracts user-controlled Tar archives using the command tar -xzf [archive_name] -C /. The -C / option instructs Tar to change the directory to the root directory (/) before extracting files.…

Overview CVE-2025-66261 details a critical unauthenticated OS command injection vulnerability found in DB Elettronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000. This vulnerability allows an attacker to execute arbitrary commands on the underlying operating system without authentication, potentially leading to complete system compromise. Technical Details The vulnerability resides in the /var/tdf/restore_settings.php endpoint. The application improperly handles the name parameter passed via the $_GET array. Specifically, the value of the name parameter is processed through the urldecode() function and then directly passed to the exec() function without any validation or…

Overview CVE-2025-66260 details a critical SQL injection vulnerability found in DB Elettronica Telecomunicazioni S.p.A. Mozart FM Transmitters. Specifically, versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000 are affected. The vulnerability resides within the `status_sql.php` endpoint, potentially allowing attackers to execute arbitrary SQL commands on the underlying PostgreSQL database. Technical Details The vulnerability stems from the `status_sql.php` endpoint’s improper handling of user-supplied input. The script constructs SQL `UPDATE` queries by directly concatenating the values of the `sw1` and `sw2` parameters without proper sanitization or the use of parameterized queries. Crucially, the code fails to use functions…

Overview CVE-2025-66259 details a critical remote code execution (RCE) vulnerability affecting DB Elettronica Telecomunicazioni S.p.A. Mozart FM Transmitters. The vulnerability allows an authenticated attacker with administrative privileges to execute arbitrary code with root privileges on the affected device. This is due to insufficient user input validation within the main_ok.php script. Affected versions include 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000. Technical Details The vulnerability stems from the main_ok.php script, where user-supplied data related to date and time settings (data, hour, time) is passed directly into the date shell command without proper sanitization. This lack of…