The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Phishing e-mail that hides malicious link from Outlook users

Published: 2025-06-04

Last Updated: 2025-06-04 09:23:19 UTC

by Jan Kopriva (Version: 1)

I recently came across an interesting phishing e-mail. At first glance, it looked like a 'normal' phishing that tried to pass itself off as a message from one of the Czech banks asking account holders to update their information ...

Nevertheless, when I hovered above the rectangle that a recipient was expected to click on, I was surprised to see that the link in the pop-up actually pointed to the legitimate domain of the bank ...

My first thought was that threat actors behind the phishing made a mistake. My assumption was that they used a real e-mail from the bank as a baseline that they wanted to modify to create a message that would point recipients to a malicious site, and mistakenly sent it out before it was finished - strange as it may sound, it wouldnÕt have been nowhere near the first case of something like that IÕve seen ...

Read the full entry: https://isc.sans.edu/diary/Phishing+email+that+hides+malicious+link+from+Outlook+users/32010/

vBulletin Exploits

Published: 2025-06-03

Last Updated: 2025-06-03 20:58:01 UTC

by Johannes Ullrich (Version: 1)

Last week, Egidio Romano disclosed an interesting and easily exploitable vulnerability in vBulletin. These days, bulletin boards are not quite as popular as they used to be, but they are still being used, and vBulletin is one of the most common commercially supported platforms to create a bulletin board. The vulnerability is remarkable as it exemplifies some common issues with patching and keeping your software up to date.

vBulletin is written in PHP (just like this website). To create a modern single-page application in PHP, one typically needs to create an API. This API often exposes internal classes. A URL like https<:>//example.com/api/test may be called the "test" method in our "API" class. Of course, you may not want to expose all your methods to the API, but only select methods you think are safe to use. 

One way to restrict access to specific methods has been to mark them as "private." Only "public" methods are typically accessible from outside the particular class. To evaluate any function, vBulletin uses "Reflection," an API that allows your code to interrogate classes to see what is available and how to call specific methods. As brilliantly explained by Karmainsecurity, this is where the problem arises ...

Read the full entry: https://isc.sans.edu/diary/vBulletin+Exploits+CVE202548827+CVE202548828/32006/

Simple SSH Backdoor

Published: 2025-06-02

Last Updated: 2025-06-02 05:20:14 UTC

by Xavier Mertens (Version: 1)

For most system and network administrators, the free SSH client Putty has been their best friend for years! This tool was also (ab)used by attackers that deployed a trojanized version. Microsoft had the good idea to include OpenSSH (beta version) in Windows 10 Fall Creators Update. One year later, it became a default component with Windows 10 version 1803. I remember the join of type for the first time "ssh" or "scp" in a cmd.exe! SSH is a very powerful tool that can be used in multiple ways, and it was de-facto categorized as a "LOLBIN" ... 

Read the full entry: https://isc.sans.edu/diary/Simple+SSH+Backdoor/32000/

YARA 4.5.3 Release (2025.06.01)

https://isc.sans.edu/diary/YARA+453+Release/31976/

A PNG Image With an Embedded Gift (2025.05.31)

https://isc.sans.edu/diary/A+PNG+Image+With+an+Embedded+Gift/31998/

Usage of "passwd" Command in DShield Honeypots (2025.05.30)

https://isc.sans.edu/diary/Usage+of+passwd+Command+in+DShield+Honeypots/31994/

Alternate Data Streams ? Adversary Defense Evasion and Detection [Guest Diary] (2025.05.28)

https://isc.sans.edu/diary/Alternate+Data+Streams+Adversary+Defense+Evasion+and+Detection+Guest+Diary/31990/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

Product: vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3CVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48827ISC Podcast: https://isc.sans.edu/podcastdetail/9478NVD References: - https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce- https://kevintel.com/CVE-2025-48827- https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/CVE-2025-48828 - vBulletin versions are vulnerable to arbitrary PHP code execution through Template Conditionals abuse, allowing attackers to bypass security checks and execute code in an alternative function syntax.Product: vBulletin, certain versionsCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48828ISC Podcast: https://isc.sans.edu/podcastdetail/9478NVD References: - https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce- https://kevintel.com/CVE-2025-48828- https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/CVE-2025-21479 & CVE-2025-21480 - Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.Product: NVIDIA GPU micronode CVSS Score: 8.6** KEV since 2025-06-03 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21479NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21480NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.htmlCVE-2025-27038 - Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.Product: Adreno GPU Drivers in ChromeCVSS Score: 7.5** KEV since 2025-06-03 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27038NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.htmlCVE-2025-20188 - Cisco IOS XE Software for Wireless LAN Controllers (WLCs) is vulnerable to an unauthenticated attacker uploading arbitrary files through the Out-of-Band Access Point (AP) Image Download feature.Product: Cisco Wireless LAN Controllers (WLCs)CVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20188ISC Podcast: https://isc.sans.edu/podcastdetail/9474CVE-2025-4008 - Meteobridge web interface allows remote attackers to execute arbitrary commands as root through a vulnerable endpoint.Product: Meteobridge web interfaceCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4008ISC Podcast: https://isc.sans.edu/podcastdetail/9468CVE-2025-41651 - Weidmueller industrial ethernet switches allow unauthenticated remote attackers to execute arbitrary commands and potentially compromise the entire system by exploiting missing authentication on a critical function.Product: Weidmueller industrial ethernet switchesCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41651NVD References:- https://certvde.com/en/advisories/VDE-2025-044/- https://www.cisa.gov/news-events/bulletins/sb25-153CVE-2025-41652 - Weidmueller industrial ethernet switches are at risk of authentication bypass from flaws in the authorization mechanism, allowing unauthenticated remote attackers to compromise the device through brute-force attacks or MD5 collision techniques.Product: Weidmueller industrial ethernet switches CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41652NVD References:- https://certvde.com/en/advisories/VDE-2025-044/- https://www.cisa.gov/news-events/bulletins/sb25-153CVE-2025-32440 - NetAlertX allows attackers to bypass authentication and trigger sensitive functions by sending crafted requests to /index.php prior to version 25.4.14.Product: NetAlertXCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32440NVD References: https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-h4x5-vr54-vjrxCVE-2025-22252 - Fortinet products have a missing authentication vulnerability that could allow an attacker to access the device as an admin without proper credentials.Product: Fortinet FortiProxyCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22252NVD References: https://fortiguard.fortinet.com/psirt/FG-IR-24-472CVE-2025-27528 - Apache InLong is susceptible to a deserialization of untrusted data vulnerability allowing attackers to bypass security mechanisms and lead to arbitrary file reading.Product: Apache InLongCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27528NVD References: - https://github.com/apache/inlong/pull/11747- https://lists.apache.org/thread/b807rqzgyv4qgvxw3nhkq8tl6g90gqgj- http://www.openwall.com/lists/oss-security/2025/05/28/3CVE-2025-5277 - aws-mcp-server is vulnerable to command injection, allowing an attacker to execute arbitrary commands on the host system via a crafted prompt.Product: aws-mcp-server MCP serverCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5277NVD References: - https://github.com/alexei-led/aws-mcp-server/blob/94d20ae1798a43ac7e3a28e71900d774e5159c8a/src/aws_mcp_server/cli_executor.py#L92- https://github.com/alexei-led/aws-mcp-server/commit/94d20ae1798a43ac7e3a28e71900d774e5159c8aCVE-2025-3357 - IBM Tivoli Monitoring 6.3.0.7 through 6.3…

Product: vBulletin, certain versionsCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48828ISC Podcast: https://isc.sans.edu/podcastdetail/9478NVD References: - https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce- https://kevintel.com/CVE-2025-48828- https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/CVE-2025-21479 & CVE-2025-21480 - Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.Product: NVIDIA GPU micronode CVSS Score: 8.6** KEV since 2025-06-03 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21479NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21480NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.htmlCVE-2025-27038 - Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.Product: Adreno GPU Drivers in ChromeCVSS Score: 7.5** KEV since 2025-06-03 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27038NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.htmlCVE-2025-20188 - Cisco IOS XE Software for Wireless LAN Controllers (WLCs) is vulnerable to an unauthenticated attacker uploading arbitrary files through the Out-of-Band Access Point (AP) Image Download feature.Product: Cisco Wireless LAN Controllers (WLCs)CVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20188ISC Podcast: https://isc.sans.edu/podcastdetail/9474CVE-2025-4008 - Meteobridge web interface allows remote attackers to execute arbitrary commands as root through a vulnerable endpoint.Product: Meteobridge web interfaceCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4008ISC Podcast: https://isc.sans.edu/podcastdetail/9468CVE-2025-41651 - Weidmueller industrial ethernet switches allow unauthenticated remote attackers to execute arbitrary commands and potentially compromise the entire system by exploiting missing authentication on a critical function.Product: Weidmueller industrial ethernet switchesCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41651NVD References:- https://certvde.com/en/advisories/VDE-2025-044/- https://www.cisa.gov/news-events/bulletins/sb25-153CVE-2025-41652 - Weidmueller industrial ethernet switches are at risk of authentication bypass from flaws in the authorization mechanism, allowing unauthenticated remote attackers to compromise the device through brute-force attacks or MD5 collision techniques.Product: Weidmueller industrial ethernet switches CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41652NVD References:- https://certvde.com/en/advisories/VDE-2025-044/- https://www.cisa.gov/news-events/bulletins/sb25-153CVE-2025-32440 - NetAlertX allows attackers to bypass authentication and trigger sensitive functions by sending crafted requests to /index.php prior to version 25.4.14.Product: NetAlertXCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32440NVD References: https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-h4x5-vr54-vjrxCVE-2025-22252 - Fortinet products have a missing authentication vulnerability that could allow an attacker to access the device as an admin without proper credentials.Product: Fortinet FortiProxyCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22252NVD References: https://fortiguard.fortinet.com/psirt/FG-IR-24-472CVE-2025-27528 - Apache InLong is susceptible to a deserialization of untrusted data vulnerability allowing attackers to bypass security mechanisms and lead to arbitrary file reading.Product: Apache InLongCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27528NVD References: - https://github.com/apache/inlong/pull/11747- https://lists.apache.org/thread/b807rqzgyv4qgvxw3nhkq8tl6g90gqgj- http://www.openwall.com/lists/oss-security/2025/05/28/3CVE-2025-5277 - aws-mcp-server is vulnerable to command injection, allowing an attacker to execute arbitrary commands on the host system via a crafted prompt.Product: aws-mcp-server MCP serverCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5277NVD References: - https://github.com/alexei-led/aws-mcp-server/blob/94d20ae1798a43ac7e3a28e71900d774e5159c8a/src/aws_mcp_server/cli_executor.py#L92- https://github.com/alexei-led/aws-mcp-server/commit/94d20ae1798a43ac7e3a28e71900d774e5159c8aCVE-2025-3357 - IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 is vulnerable to remote code execution due to improper validation of an index value in a dynamically allocated array.Product: IBM Tivoli MonitoringCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3357NVD References: https://www.ibm.com/support/pages/node/7234923CVE-2025-45343 - Tenda W18E v.2.0 v.16.01.0.11 is vulnerable to code execution through account module editing.Product: Tenda W18ECVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45343NVD References: - http://w18e.com- https://gist.github.com/isstabber/b363d47966965e5c0a8ec26d4…

Product: NVIDIA GPU micronode 

CVSS Score: 8.6

** KEV since 2025-06-03 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21479

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21480

NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

Product: Adreno GPU Drivers in Chrome

CVSS Score: 7.5

** KEV since 2025-06-03 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27038

NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

Product: Cisco Wireless LAN Controllers (WLCs)

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20188

ISC Podcast: https://isc.sans.edu/podcastdetail/9474

Product: Meteobridge web interface

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4008

ISC Podcast: https://isc.sans.edu/podcastdetail/9468

Product: Weidmueller industrial ethernet switches

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41651

NVD References:

- https://certvde.com/en/advisories/VDE-2025-044/

- https://www.cisa.gov/news-events/bulletins/sb25-153

Product: Weidmueller industrial ethernet switches 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41652

NVD References:

- https://certvde.com/en/advisories/VDE-2025-044/

- https://www.cisa.gov/news-events/bulletins/sb25-153

Product: NetAlertX

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32440

NVD References: https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-h4x5-vr54-vjrx

Product: Fortinet FortiProxy

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22252

NVD References: https://fortiguard.fortinet.com/psirt/FG-IR-24-472

Product: Apache InLong

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27528

NVD References: 

- https://github.com/apache/inlong/pull/11747

- https://lists.apache.org/thread/b807rqzgyv4qgvxw3nhkq8tl6g90gqgj

- http://www.openwall.com/lists/oss-security/2025/05/28/3

Product: aws-mcp-server MCP server

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5277

NVD References: 

- https://github.com/alexei-led/aws-mcp-server/blob/94d20ae1798a43ac7e3a28e71900d774e5159c8a/src/aws_mcp_server/cli_executor.py#L92

- https://github.com/alexei-led/aws-mcp-server/commit/94d20ae1798a43ac7e3a28e71900d774e5159c8a

Product: IBM Tivoli Monitoring

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3357

NVD References: https://www.ibm.com/support/pages/node/7234923

Product: Tenda W18E

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45343

NVD References: 

- http://w18e.com

- https://gist.github.com/isstabber/b363d47966965e5c0a8ec26d445e090b

- https://www.tenda.com.cn/

Product: Netwrix Directory Manager (formerly Imanami GroupID)CVSS Score: 10.0NVD: - https://nvd.nist.gov/vuln/detail/CVE-2025-48748- https://community.netwrix.com/t/adv-2025-013-hard-coded-password-in-netwrix-directory-manager-formerly-imanami-groupid-v10-and-earlier/13945CVE-2025-48749 - Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data.Product: Netwrix Directory ManagerCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48749NVD References: - https://community.netwrix.com/t/adv-2025-014-critical-vulnerabilities-in-netwrix-directory-manager-formerly-imanami-groupid-v11/13951- https://netwrix.comCVE-2025-3755 - Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules are vulnerable to improper validation of input, allowing a remote attacker to cause a denial-of-service condition or stop the CPU module.Product: Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modulesCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3755NVD References: - https://jvn.jp/vu/JVNVU94070048/- https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-003_en.pdfCVE-2023-41591 - Open Network Foundation ONOS v2.7.0 enables attackers to perform man-in-the-middle attacks by generating counterfeit IP/MAC addresses.Product: Open Network Foundation ONOSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41591NVD References: - https://gist.github.com/kjw6855/9764e3f51b89119473e4d2c4f64dca27- https://wiki.onosproject.org/pages/viewpage.action?pageId=16122675CVE-2025-47933 - Argo CD prior to versions 2.13.8, 2.14.13, and 3.0.4 allows for arbitrary actions via the API and cross-site scripting due to improper URL protocol filtering on the repository page, now patched in the mentioned versions.Product: Argo CDCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47933NVD References: - https://github.com/argoproj/argo-cd/commit/a5b4041a79c54bc7b3d090805d070bcdb9a9e4d1- https://github.com/argoproj/argo-cd/security/advisories/GHSA-2hj5-g64g-fp6pCVE-2025-4967 - Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections.Product: Esri Portal for ArcGISCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4967NVD References: https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2025-update-2-patchCVE-2025-30466 - Safari 18.4, iOS 18.4, iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4 are vulnerable to SOP bypass due to poor state management, resolved in software updates.Product: Multiple Apple productsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30466NVD References: - https://support.apple.com/en-us/122371- https://support.apple.com/en-us/122373- https://support.apple.com/en-us/122378- https://support.apple.com/en-us/122379CVE-2025-31263 - macOS Sequoia 15.4 is vulnerable to memory corruption, allowing an app to potentially corrupt coprocessor memory.Product: Apple macOSCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31263NVD References: https://support.apple.com/en-us/122373CVE-2025-1907 - Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected.Product: Instantel MicromateCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1907NVD References: - https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-04- https://www.instantel.com/service-and-support/contact-technical-supportCVE-2025-41438 - The CS5000 Fire Panel is vulnerable due to an unchanged default account with high-level permissions that could impact its operation if exploited.Product: CS5000 Fire PanelCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41438NVD References: - https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03- https://www.consiliumsafety.com/en/support/CVE-2025-46352 - The CS5000 Fire Panel is vulnerable to remote access due to a hard-coded password in the VNC server, posing serious safety risks.Product: CS5000 Fire PanelCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46352NVD References: - https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03- https://www.consiliumsafety.com/en/support/CVE-2020-36846 - IO::Compress::Brotli versions prior to 0.007 are vulnerable to a buffer overflow in the embedded Brotli library, allowing an attacker to trigger a crash by controlling the input length of a decompression request.Product: IO::Compress BrotliCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-36846NVD References: https://github.com/advisories/GHSA-5v8v-66v8-mwm7CVE-2025-44619 - Tinxy WiFi Lock Controller v1 RF is configured to transmit on an open Wi-Fi network, enabling unauthorized network access.Product: Tinxy WiFi Lock Controller v1 RFCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44619NVD References: - http://tinxy.com- http://wifi.comCVE-2…

Product: Netwrix Directory Manager

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48749

NVD References: 

- https://community.netwrix.com/t/adv-2025-014-critical-vulnerabilities-in-netwrix-directory-manager-formerly-imanami-groupid-v11/13951

- https://netwrix.com

Product: Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3755

NVD References: 

- https://jvn.jp/vu/JVNVU94070048/

- https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-003_en.pdf

Product: Open Network Foundation ONOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41591

NVD References: 

- https://gist.github.com/kjw6855/9764e3f51b89119473e4d2c4f64dca27

- https://wiki.onosproject.org/pages/viewpage.action?pageId=16122675

Product: Argo CD

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47933

NVD References: 

- https://github.com/argoproj/argo-cd/commit/a5b4041a79c54bc7b3d090805d070bcdb9a9e4d1

- https://github.com/argoproj/argo-cd/security/advisories/GHSA-2hj5-g64g-fp6p

Product: Esri Portal for ArcGIS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4967

NVD References: https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2025-update-2-patch

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30466

NVD References: 

- https://support.apple.com/en-us/122371

- https://support.apple.com/en-us/122373

- https://support.apple.com/en-us/122378

- https://support.apple.com/en-us/122379

Product: Apple macOS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31263

NVD References: https://support.apple.com/en-us/122373

Product: Instantel Micromate

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1907

NVD References: 

- https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-04

- https://www.instantel.com/service-and-support/contact-technical-support

Product: CS5000 Fire Panel

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41438

NVD References: 

- https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03

- https://www.consiliumsafety.com/en/support/

Product: CS5000 Fire Panel

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46352

NVD References: 

- https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03

- https://www.consiliumsafety.com/en/support/

Product: IO::Compress Brotli

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-36846

NVD References: https://github.com/advisories/GHSA-5v8v-66v8-mwm7

Product: Tinxy WiFi Lock Controller v1 RF

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44619

NVD References: 

- http://tinxy.com

- http://wifi.com

Product: Lovable Database Row-Level Security

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48757

NVD References: 

- https://docs.lovable.dev/changelog

- https://gist.github.com/lhchavez/625ee42a6c408a850d35e50f8e649de9

Product: Fabio HTTP(S) and TCP router

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48865

NVD References: https://github.com/fabiolb/fabio/security/advisories/GHSA-q7p4-7xjv-j3wf

Product: YAML LibYAML

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40908

NVD References: https://github.com/ingydotnet/yaml-libyaml-pm/issues/120

Product: WAVLINK QUANTUM D2G

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5408

NVD References: https://github.com/CH13hh/tmp_store_cc/blob/main/wavlink/1.md

Product: Mediatek Bluetooth driver

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20672

NVD References: https://corp.mediatek.com/product-security-bulletin/June-2025

Product: Qualcomm WLAN AP driver 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20674

NVD References: https://corp.mediatek.com/product-security-bulletin/June-2025

Product: Roundcube Webmail

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49113

NVD References: 

- https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10

- http://www.openwall.com/lists/oss-security/2025/06/02/3

Product: Axis Communications VAPIX Device Configuration framework 

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0324

NVD References: https://www.axis.com/dam/public/04/f3/1c/cve-2025-0324pdf-en-US-483807.pdf

Product: HPE StoreOnce Software

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-37093

NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US

Product: DELMIA Apriso

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5086

NVD References: https://www.3ds.com/vulnerability/advisories

Product: Samsung Exynos 1480 and 2400

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23099

NVD References: 

- https://semiconductor.samsung.com/support/quality-support/product-security-updates/

- https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-23099/

Product: Python Software Foundation

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4517

NVD References: 

- https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f

- https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/

Product: IBM QRadar Suite Software

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25022

NVD References: https://www.ibm.com/support/pages/node/7235432

Product: MailEnable

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44148

NVD References: 

- http://mailenable.com

- https://github.com/barisbaydur/CVE-2025-44148

Product: JEHC-BPM v2.0.1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45854

NVD References: 

- https://gist.github.com/Cafe-Tea/bc14b38f4bfd951de2979a24c3358460

- https://gitee.com/jehc/JEHC-BPM

Product: Sangoma IMG2020

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32105

NVD References: https://github.com/austin2111/papers/blob/main/Software_Vulnerabilities_in_Telecommunications_Hardware.pdf

Product: Audiocodes Mediapack MP-11x

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32106

NVD References: 

- https://Audiocodes.com

- https://github.com/austin2111/papers/blob/main/Software_Vulnerabilities_in_Telecommunications_Hardware.pdf

Product: Evertz SDVN 3080ipx-10G

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4009

ISC Podcast: https://isc.sans.edu/podcastdetail/9470

NVD References: https://www.onekey.com/resource/security-advisory-remote-code-execution-on-evertz-svdn-cve-2025-4009

Product: Zohocorp ManageEngine ADAudit Plus

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41407

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-36527

ISC Podcast: https://isc.sans.edu/podcastdetail/9468

Product: ThimPress Course Builder

Active Installations: Unknown. Update to version 3.6.6 or later.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48336

NVD References: https://patchstack.com/database/wordpress/theme/course-builder/vulnerability/wordpress-course-builder-3-6-6-php-object-injection-vulnerability?_s_id=cve

Product: PSW Front-end Login & Registration plugin

Active Installations: This plugin has been closed as of May 29, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4607

NVD References: 

- https://wordpress.org/plugins/psw-login-and-registration/#developers

- https://www.wordfence.com/threat-intel/vulnerabilities/id/a2d6e595-0682-4a41-a432-afbcb50144e8?source=cve

Product: WordPress Profitori plugin

Active Installations: This plugin has been closed as of May 29, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4631

NVD References: 

- https://wordpress.org/plugins/profitori/#developers

- https://www.wordfence.com/threat-intel/vulnerabilities/id/c764811f-e9dc-4c3d-b696-5792e70ff0b6?source=cve

Product: Golo City Travel Guide WordPress Theme

Active Installations: Unknown. Update to version 1.7.1, or a newer patched version

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4797

NVD References: 

- https://themeforest.net/item/golo-directory-listing-travel-wordpress-theme/25397810

- https://www.wordfence.com/threat-intel/vulnerabilities/id/e7b56ec1-8735-4404-8069-219f5d8866d0?source=cve