VulnHub

Real-time Cybersecurity News

Articles tagged "CVE"

Found 73 articles

AWS: China-linked threat actors weaponized React2Shell hours after disclosure

Security Affairs

Actively Exploited

AWS Security has reported that multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) within hours of its disclosure. Although this flaw does not affect AWS services, the rapid exploitation highlights the urgency for organizations to address this vulnerability to prevent potential breaches.

Impact: CVE-2025-55182 (React2Shell) - Affects systems utilizing the React2Shell framework; specific products and vendors not detailed.
Remediation: Organizations should implement security patches for React2Shell as soon as they are available. Regularly update and monitor systems for vulnerabilities, and apply best practices in security configurations to mitigate risks associated with this flaw.
CVEVulnerability
Read Original
Exploitation of React2Shell Surges

SecurityWeek

Actively Exploited

The article discusses the rising exploitation of the React vulnerability CVE-2025-55182 by threat actors. This vulnerability poses a significant risk as it is being actively targeted in various attacks, highlighting the urgency for organizations to address it promptly.

Impact: React framework versions vulnerable to CVE-2025-55182. Specific versions and affected products are not detailed in the article.
Remediation: Organizations should apply security patches provided by React developers as soon as they are available. Additionally, implementing security best practices such as input validation and regular software updates can help mitigate the risk associated with this vulnerability.
CVEExploitVulnerability
Read Original
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

The Hacker News

CVE-2025-66516

A critical security vulnerability, CVE-2025-66516, has been identified in Apache Tika, posing a risk of XML external entity (XXE) injection attacks. With a CVSS score of 10.0, this flaw affects multiple modules and requires urgent attention from users to prevent exploitation.

Impact: Affected products include Apache Tika tika-core (versions 1.13-3.2.1), tika-pdf-module (versions 2.0.0-3.2.1), and tika-parsers (versions 1.13-1.28.5) across all platforms.
Remediation: Users are advised to apply the latest patches for the affected modules: tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1), and tika-parsers (1.13-1.28.5) to mitigate the vulnerability.
CVEVulnerabilityPatchCritical
Read Original
React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

SecurityWeek

Actively Exploited

The article discusses a critical vulnerability in React, identified as CVE-2025-55182, which affects only instances utilizing a newer feature. The researcher warns that exploitation of this vulnerability is expected in the wild, emphasizing the urgency for affected users to take action.

Impact: React instances using the newer feature associated with CVE-2025-55182.
Remediation: Users of affected React instances should review their implementations of the newer feature and apply any available security patches or updates from React's official repository. Additionally, it is advisable to implement security best practices such as input validation and access controls to mitigate potential exploitation.
CVEVulnerabilityCritical
Read Original
Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572)

Help Net Security

CVE-2025-48633
Actively Exploited

Google has addressed 51 vulnerabilities in Android, including two high-severity flaws (CVE-2025-48633 and CVE-2025-48572) that are potentially under targeted exploitation. Both vulnerabilities impact the Android Framework, which is essential for app development, and could allow malicious applications to access sensitive information.

Impact: Android Framework; potentially all devices running affected versions of Android.
Remediation: Patches have been released to address the vulnerabilities. Users are advised to update their devices to the latest Android version as per the December Android security bulletin.
AndroidCVEVulnerability
Read Original
Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers

SecurityWeek

The article discusses a critical vulnerability in OpenAI's Codex CLI, identified as CVE-2025-61260, which allows for command execution. This vulnerability poses a significant risk to developers, as it could be exploited to facilitate various attacks. Immediate attention is required to mitigate potential threats stemming from this issue.

Impact: OpenAI Codex CLI
Remediation: To mitigate the risk associated with CVE-2025-61260, users should apply any available patches for the Codex CLI and review their command execution permissions. Additionally, implementing strict access controls and monitoring for unusual activity can help reduce the likelihood of exploitation.
CVEVulnerabilityCritical
Read Original
Festo Compact Vision System, Control Block, Controller, and Operator Unit products

All CISA Advisories

The Festo Compact Vision System and related products have critical vulnerabilities that could allow unauthorized access and modification of configuration files, with a CVSS score of up to 9.8. Users are urged to implement security measures to mitigate the risk of exploitation, as these vulnerabilities could severely impact device security and integrity.

Impact: Affected products include: Festo Software Compact Vision System (All Versions), Control blocks (CPX-CEC-C1 Codesys V2, CPX-CEC-C1-V3 Codesys V3, CPX-CEC Codesys V2, CPX-CEC-M1 Codesys V2, CPX-CEC-M1-V3 Codesys V3, CPX-CEC-S1-V3 Codesys V3, CPX-CMXX), Controllers (CECC-D, CECC-D-BA, CECC-D-CS, CECC-LK, CECC-S, CECC-X-M1, CECC-X-M1-MV, CECC-X-M1-S1, CECX-X-C1, CECX-X-M1, CPX-E-CEC-C1, CPX-E-CEC-C1-EP, CPX-E-CEC-C1-PN, CPX-E-CEC-M1, CPX-E-CEC-M1-EP, CPX-E-CEC-M1-PN, FED-CEC), and Operator units (CDPX-X-A-S-10, CDPX-X-A-W-13, CDPX-X-A-W-4, CDPX-X-A-W-7, CDPX-X-E1-W-10, CDPX-X-E1-W-15, CDPX-X-E1-W-7). Vendor: Festo.
Remediation: For CVE-2022-22515: Use online user management to prevent unauthorized access. For CVE-2022-31806: Enable password protection at login if no password is set. Note that the password configuration file must be manually selected for backup as it is not included in the default FFT backup & Restore mechanism. CISA recommends minimizing network exposure for control systems, using firewalls, and employing secure remote access methods like VPNs.
PhishingCVEVulnerabilityUpdateCritical
Read Original
Rockwell Automation Arena Simulation

All CISA Advisories

Rockwell Automation's Arena Simulation software has a stack-based buffer overflow vulnerability that could allow local attackers to execute arbitrary code. The vulnerability, identified as CVE-2025-11918, has a CVSS v4 score of 7.1, indicating a significant risk for affected installations, particularly in critical manufacturing sectors.

Impact: Affected products include Rockwell Automation's Arena Simulation version 16.20.10 and prior.
Remediation: Users are advised to upgrade Arena Simulation to version 16.20.11 or later. For those unable to upgrade, Rockwell Automation recommends following security best practices. CISA also suggests minimizing network exposure for control systems, using firewalls, and implementing secure remote access methods like VPNs.
PhishingCVEExploitVulnerabilityUpdateCritical
Read Original
Zenitel TCIV-3+

All CISA Advisories

The Zenitel TCIV-3+ device has critical vulnerabilities, including OS Command Injection and Cross-site Scripting, with a CVSS v4 score of 10.0, indicating a severe risk of arbitrary code execution and denial-of-service. Users are strongly advised to upgrade to version 9.3.3.0 or later to mitigate these risks.

Impact: Zenitel TCIV-3+ (all versions prior to 9.3.3.0), vulnerabilities include OS Command Injection (CVE-2025-64126, CVE-2025-64127, CVE-2025-64128), Out-of-bounds Write (CVE-2025-64129), and Cross-site Scripting (CVE-2025-64130).
Remediation: Upgrade to Zenitel TCIV-3+ Version 9.3.3.0 or later. Implement defensive measures such as minimizing network exposure for control system devices, using firewalls, and secure remote access methods like VPNs. Conduct proper impact analysis and risk assessment before deploying defensive measures.
CVEVulnerabilityUpdateCritical
Read Original
SiRcom SMART Alert (SiSA)

All CISA Advisories

The SiRcom SMART Alert (SiSA) system has a critical vulnerability due to missing authentication for critical functions, allowing unauthorized remote access to backend APIs. This could enable attackers to manipulate emergency sirens, posing a significant risk to public safety and critical infrastructure.

Impact: SiRcom SMART Alert (SiSA): Version 3.0.48
Remediation: Minimize network exposure for control system devices, ensure they are not accessible from the Internet, locate control system networks behind firewalls, use secure remote access methods like VPNs, and perform proper impact analysis and risk assessment before deploying defensive measures.
PhishingCVEVulnerabilityUpdateCritical
Read Original
Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share

All CISA Advisories

The Ashlar-Vellum products Cobalt, Xenon, Argon, Lithium, and Cobalt Share have critical vulnerabilities, specifically an Out-of-Bounds Write and a Heap-based Buffer Overflow, which could allow attackers to disclose information or execute arbitrary code. The vulnerabilities have a CVSS v4 score of 8.4, indicating a high severity level, and users are urged to update their software to mitigate risks.

Impact: Affected products include Ashlar-Vellum Cobalt (versions 12.6.1204.207 and prior), Xenon (versions 12.6.1204.207 and prior), Argon (versions 12.6.1204.207 and prior), Lithium (versions 12.6.1204.207 and prior), and Cobalt Share (versions 12.6.1204.207 and prior). The vendor is Ashlar-Vellum.
Remediation: Users are recommended to update to the following versions: Cobalt (versions 12.6.1204.208 or higher), Xenon (versions 12.6.1204.208 or higher), Argon (versions 12.6.1204.208 or higher), Lithium (versions 12.6.1204.208 or higher), and Cobalt Share (versions 12.6.1204.208 or higher). Additionally, users should minimize network exposure for all control system devices, locate control system networks behind firewalls, and use secure remote access methods such as VPNs.
PhishingCVEVulnerabilityUpdateCritical
Read Original
Opto 22 groov View

All CISA Advisories

The article discusses a vulnerability in Opto 22's groov View that allows for the exposure of sensitive information through metadata, potentially leading to credential and key exposure as well as privilege escalation. This vulnerability, assigned CVE-2025-13084, has a CVSS v4 score of 6.1 and affects multiple versions of groov View, necessitating immediate remediation to mitigate risks.

Impact: Affected products include: groov View Server for Windows (Versions R1.0a to R4.5d), GRV-EPIC-PR1 Firmware (Versions prior to 4.0.3), GRV-EPIC-PR2 Firmware (Versions prior to 4.0.3). Vendor: Opto 22.
Remediation: Opto 22 recommends upgrading to groov View Server for Windows Version R4.5e and GRV-EPIC Firmware Version 4.0.3. Additionally, CISA advises minimizing network exposure for control system devices, using firewalls, securing remote access with VPNs, and performing impact analysis and risk assessment before deploying defensive measures.
WindowsCVEVulnerabilityPatchUpdatePrivilege Escalation+1 more
Read Original
Critical Flaw in Oracle Identity Manager Under Exploitation

darkreading

Actively Exploited

The article highlights the exploitation of CVE-2025-61757, which follows a breach of Oracle Cloud and an extortion campaign targeting Oracle E-Business Suite customers. This indicates a significant security threat that could impact numerous organizations relying on Oracle's services.

Impact: Oracle Identity Manager, Oracle Cloud, Oracle E-Business Suite
Remediation: Organizations should apply security patches provided by Oracle for Oracle Identity Manager and Oracle Cloud. Additionally, implementing strong access controls and monitoring for unusual activities can mitigate the risk of exploitation.
CVECritical
Read Original
CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability

SecurityWeek

Actively Exploited

CISA has confirmed the exploitation of a vulnerability in Oracle Identity Manager, identified as CVE-2025-61757, which has been added to its Known Exploited Vulnerabilities catalog. This indicates a significant security risk for organizations using the affected systems, necessitating immediate attention to mitigate potential breaches.

Impact: Oracle Identity Manager
Remediation: Organizations should apply the latest security patches for Oracle Identity Manager as soon as they are available. Additionally, it is recommended to review system configurations and access controls to mitigate risks associated with this vulnerability.
CVEVulnerability
Read Original
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access

The Hacker News

Actively Exploited

The ShadowPad malware is exploiting a recently patched vulnerability in Microsoft Windows Server Update Services (WSUS), identified as CVE-2025-59287, allowing attackers to gain full system access. This exploitation highlights the critical need for organizations to promptly apply security updates to vulnerable systems to prevent unauthorized access.

Impact: Microsoft Windows Server Update Services (WSUS) on Windows Servers.
Remediation: Organizations should apply the latest security patches provided by Microsoft for CVE-2025-59287 to mitigate the vulnerability. Additionally, it is recommended to review and secure WSUS configurations and monitor for any unauthorized access attempts.
WindowsCVEVulnerabilityUpdateMalwareCritical
Read Original
PreviousPage 4 of 5Next