Overview A critical vulnerability, identified as CVE-2025-13595, has been discovered in the CIBELES AI WordPress plugin. This vulnerability allows unauthenticated attackers to upload arbitrary files, potentially leading to remote code execution. All versions of the plugin up to and including 1.10.8 are affected. It is imperative to update to the latest version or remove the plugin immediately. Technical Details The vulnerability stems from a missing capability check in the actualizador_git.php file within the CIBELES AI plugin. Specifically, the file fails to verify user permissions before allowing the download of arbitrary GitHub repositories and overwriting existing plugin files. This weakness enables…
-
-
Overview CVE-2025-63735 describes a reflected Cross-Site Scripting (XSS) vulnerability found in Ruckus Unleashed version 200.13.6.1.319. This vulnerability allows an attacker to inject arbitrary JavaScript code into a user’s browser by crafting a malicious URL targeting the `selfguestpass/guestAccessSubmit.jsp` endpoint. Specifically, the `name` parameter is vulnerable. Technical Details The vulnerability exists because the Ruckus Unleashed software fails to properly sanitize user-supplied input provided via the `name` parameter in the `selfguestpass/guestAccessSubmit.jsp` endpoint. An attacker can exploit this by crafting a URL containing malicious JavaScript code within the `name` parameter. When a user clicks on this manipulated URL, the injected JavaScript code is executed…
-
Overview CVE-2025-62703 is a critical remote code execution (RCE) vulnerability affecting versions 0.9.2 and prior of the Fugue framework. Fugue provides a unified interface for distributed computing, allowing users to execute Python, Pandas, and SQL code on platforms like Spark, Dask, and Ray with minimal code modifications. This vulnerability stems from insecure pickle deserialization within the FlaskRPCServer, potentially allowing attackers to execute arbitrary code on affected systems. Technical Details The vulnerability resides in the way Fugue handles RPC (Remote Procedure Call) communication. Specifically, the _decode() function located in fugue/rpc/flask.py uses cloudpickle.loads() to deserialize incoming data without proper sanitization. This means…
-
Overview CVE-2025-21621 is a reflected cross-site scripting (XSS) vulnerability affecting GeoServer, an open-source server used for sharing and editing geospatial data. This vulnerability exists in versions prior to 2.25.0 and stems from insufficient sanitization of user-supplied input in the WMS GetFeatureInfo HTML output format. Specifically, a malicious actor can inject arbitrary JavaScript code through specially crafted SLD_BODY parameters. Technical Details The vulnerability lies in how GeoServer handles user-provided SLD_BODY parameters within WMS GetFeatureInfo requests. By injecting malicious JavaScript code into this parameter, an attacker can exploit the lack of proper output encoding. When a victim clicks a crafted link or…
-
Overview A critical XML External Entity (XXE) vulnerability, identified as CVE-2025-58360, has been discovered in GeoServer, an open-source server used for sharing and editing geospatial data. This vulnerability affects versions 2.26.0 to before 2.26.2 and before 2.25.6. Unsanitized XML input through the /geoserver/wms endpoint, specifically the GetMap operation, allows attackers to define external entities within XML requests. This can lead to sensitive information disclosure, denial-of-service, or potentially remote code execution in some scenarios. Upgrading to a patched version is strongly recommended. Technical Details The vulnerability stems from insufficient input validation of XML data submitted to the GeoServer WMS service via…
-
Overview CVE-2025-51746 identifies a critical security vulnerability in jishenghua JSH_ERP version 2.3.1. The vulnerability resides in the /serialNumber/addSerialNumber endpoint and is susceptible to Fastjson deserialization attacks. This allows attackers to potentially execute arbitrary code on the server, leading to complete system compromise. Technical Details The vulnerability stems from the insecure deserialization of user-supplied data using Fastjson. When processing requests to the /serialNumber/addSerialNumber endpoint, the application fails to properly sanitize or validate the incoming serialized data. An attacker can craft a malicious JSON payload containing instructions to execute arbitrary code during the deserialization process. This can be achieved by injecting specific…
-
Overview CVE-2025-51745 identifies a critical security vulnerability affecting jishenghua JSH_ERP version 2.3.1. This vulnerability stems from the insecure use of Fastjson deserialization in the /role/addcan endpoint, potentially allowing attackers to execute arbitrary code on the server. Technical Details The /role/addcan endpoint in JSH_ERP 2.3.1 is susceptible to Fastjson deserialization attacks. Fastjson, a high-performance JSON library, can be exploited when handling untrusted data. If the application deserializes attacker-controlled JSON payloads without proper validation, it can lead to remote code execution (RCE). The specific details of how the payload is crafted and delivered are available in the referenced resources. Attackers can leverage…
-
Overview CVE-2025-51744 describes a critical security vulnerability affecting jishenghua JSH_ERP version 2.3.1. Specifically, the /user/addUser endpoint is susceptible to Fastjson deserialization attacks. This means a malicious actor could potentially inject arbitrary code into the application by crafting a specially designed JSON payload during the user creation process. Technical Details The vulnerability stems from the insecure deserialization of user-supplied data via the Fastjson library within the /user/addUser endpoint. Fastjson, when not configured securely, can be tricked into instantiating arbitrary Java classes present on the classpath. An attacker can leverage this to execute malicious code on the server. The attacker would craft…
-
Overview CVE-2025-51743 identifies a critical security vulnerability affecting jishenghua JSH_ERP version 2.3.1. This vulnerability stems from the improper handling of deserialization processes within the /materialCategory/addMaterialCategory endpoint, making the application susceptible to Fastjson deserialization attacks. Successful exploitation of this vulnerability could lead to remote code execution, data breaches, or other severe security compromises. Technical Details The /materialCategory/addMaterialCategory endpoint in JSH_ERP 2.3.1 is vulnerable because it doesn’t adequately sanitize or validate user-supplied input before deserializing it using Fastjson. An attacker can craft a malicious JSON payload containing instructions to execute arbitrary code on the server. This payload is then sent to the…
-
Overview CVE-2025-51741 details a vulnerability found in Veal98 Echo Open-Source Community System versions 2.2 through 2.3. This flaw allows an unauthenticated attacker to trigger the server to send email verification messages to arbitrary user email addresses. The vulnerable endpoint is located at /sendEmailCodeForResetPwd. This uncontrolled email sending can lead to a denial-of-service (DoS) condition, impacting both the server’s resources and the recipients’ inboxes. Technical Details The vulnerability resides in the /sendEmailCodeForResetPwd endpoint, which is intended to facilitate password resets. An attacker can make requests to this endpoint without any authentication, specifying arbitrary email addresses as the recipient. The system then…