Category Archives: Topics

About Remote Code Execution – Control Web Panel (CVE-2025-48703) vulnerability

Leave a reply

About Remote Code Execution - Control Web Panel (CVE-2025-48703) vulnerability

About Remote Code Execution – Control Web Panel (CVE-2025-48703) vulnerability. Control Web Panel (CWP) is a free web-hosting control panel for RPM-based distributions. This web application provides a convenient interface for configuring and managing web servers (Apache, NGINX), databases (MySQL, MariaDB), mail systems (Postfix, Dovecot, Roundcube), DNS (BIND), and security tools (CSF, ModSecurity).

💡 Essence of the vulnerability: in the changePerm request of the filemanager module, there is a parameter called t_total, and its value is used as an argument to the system command chmod without sufficient validation. 🤷‍♂️ This allows an unauthenticated attacker to execute arbitrary shell commands on the CWP server. 😏

⚙️ Fixed in version 0.9.8.1205 on June 18, 2025.

🛠 On June 22, a detailed write-up appeared, followed soon by GitHub exploits.

👾 On November 4, the vulnerability was added to CISA KEV.

🌐 Shodan detects about 220,000 CWP installations online.

На русском

About Remote Code Execution – expr-eval (CVE-2025-12735) vulnerability

Leave a reply

About Remote Code Execution - expr-eval (CVE-2025-12735) vulnerability

About Remote Code Execution – expr-eval (CVE-2025-12735) vulnerability. expr-eval is a JavaScript library for parsing and evaluating mathematical expressions, providing safe handling of user-supplied variables. It is used in online calculators, educational programs, modeling tools, financial applications, AI systems, and natural language processing (NLP). Insufficient input validation may allow arbitrary JavaScript code execution in the application’s context.

🛠 The vulnerability was discovered on November 5. A PoC has been on GitHub since November 11.

⚙️ The vulnerability is still in the process of being fixed in the main (effectively abandoned 🤷‍♂️) expr-eval project and is not fully fixed in its fork, expr-eval-fork. Secure versions are expected to appear in the corresponding GHSA.

🌐 The library is popular: expr-eval has 800k weekly downloads on npm, and expr-eval-fork has 88k.

👾 No in-the-wild exploitation has been observed so far.

На русском

December Microsoft Patch Tuesday

Leave a reply

December Microsoft Patch Tuesday

December Microsoft Patch Tuesday. A total of 56 vulnerabilities were fixed – 9 fewer than in November. There is one vulnerability with confirmed in-the-wild exploitation:

🔻 EoP – Windows Cloud Files Mini Filter Driver (CVE-2025-62221)

There are currently no vulnerabilities with publicly available exploits. Among the remaining vulnerabilities, the following stand out:

🔹 RCE – Microsoft Office (CVE-2025-62554, CVE-2025-62557), Microsoft PowerShell (CVE-2025-54100), Microsoft Outlook (CVE-2025-62562), GitHub Copilot for JetBrains (CVE-2025-64671)
🔹 EoP – Windows Win32k (CVE-2025-62458), Windows Cloud Files Mini Filter Driver (CVE-2025-62454, CVE-2025-62457), Windows Common Log File System Driver (CVE-2025-62470), Windows Remote Access Connection Manager (CVE-2025-62472), Windows Storage (CVE-2025-59516)

🗒 Full Vulristics report

На русском

About Elevation of Privilege – Windows Kernel (CVE-2025-62215) vulnerability

Leave a reply

About Elevation of Privilege - Windows Kernel (CVE-2025-62215) vulnerability

About Elevation of Privilege – Windows Kernel (CVE-2025-62215) vulnerability. The vulnerability was addressed in the November Microsoft Patch Tuesday. Exploitation of this vulnerability allows a local attacker to gain SYSTEM privileges. The root cause of the vulnerability is a Race Condition (CWE-362) and a Double Free (CWE-415).

⚙️ Updates are available for Windows 10/11 and Windows Server 2019/2022/2025.

👾 Microsoft reported active exploitation of the vulnerability in attacks on November 11 as part of MSPT, and the following day the vulnerability was added to the CISA KEV catalog. No details about the attacks have been disclosed so far.

🛠 Public exploits have been available on GitHub since November 18.

На русском

About SQL Injection – Django (CVE-2025-64459) vulnerability

1 Reply

About SQL Injection - Django (CVE-2025-64459) vulnerability

About SQL Injection – Django (CVE-2025-64459) vulnerability. Django is a free and open-source high-level Python web framework. The vulnerability allows attackers to manipulate database query logic by injecting internal query parameters (_connector and _negated) when applications pass user-controlled input directly into filter(), exclude(), or get() calls. Exploiting this SQL injection may lead to unauthorized access to data, authentication bypass, or privilege escalation.

⚙️ The vulnerability was patched in Django versions 5.2.8, 5.1.14, and 4.2.26, released on November 5, 2025. Earlier unsupported versions of Django (such as 5.0.x, 4.1.x, and 3.2.x) were not tested and may be vulnerable.

🛠 A public exploit for the vulnerability appeared on November 6.

👾 No active exploitation has been reported so far.

🌐 According to 6sense, Django holds 32% of the web framework market share and is used by more than 42,000 companies. Ful.io tracks over 2.9 million websites running Django.

На русском

November Linux Patch Wednesday

Leave a reply

November Linux Patch Wednesday

November Linux Patch Wednesday. In November, Linux vendors began fixing 516 vulnerabilities, one and a half times fewer than in October. Of these, 232 are in the Linux Kernel. One vulnerability is exploited in the wild:

🔻 MemCor – Chromium (CVE-2025-13223). Added to CISA KEV on November 19.

For 64 more vulnerabilities, public or suspected exploits exist. Notable ones:

🔸 RCE – Samba (CVE-2025-10230), Apache Tomcat (CVE-2025-55752), NVIDIA Container Toolkit (CVE-2024-0132, CVE-2025-23359), Lasso (CVE-2025-47151), QuickJS (CVE-2025-62494), Keras (CVE-2025-9905)
🔸 SQLi – Django (CVE-2025-64459)
🔸 InfDisc – Webmin (CVE-2024-44762), Squid (CVE-2025-62168), BIND (CVE-2025-31133), QuickJS (CVE-2025-62492, CVE-2025-62493)
🔸 SFB – BIND (CVE-2025-40778)
🔸 AuthBypass – Webmin (CVE-2025-61541)
🔸 MemCor – Suricata (CVE-2025-59150)

🗒 Full Vulristics report

На русском

November “In the Trend of VM” (#21): vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux

Leave a reply

November In the Trend of VM (#21): vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux

November “In the Trend of VM” (#21): vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux. The usual monthly roundup. After several months, here’s a big one. 🔥

🗞 Post on Habr (rus)
🗞 Post on SecurityLab (rus)
🗒 Digest on the PT website (rus)

A total of nine vulnerabilities:

🔻 RCE – Windows Server Update Services (WSUS) (CVE-2025-59287)
🔻 RCE – Microsoft SharePoint “ToolShell” (CVE-2025-49704)
🔻 RCE – Windows LNK File (CVE-2025-9491)
🔻 EoP – Windows Remote Access Connection Manager (CVE-2025-59230)
🔻 EoP – Windows Agere Modem Driver (CVE-2025-24990)
🔻 RCE – Redis “RediShell” (CVE-2025-49844)
🔻 RCE – XWiki Platform (CVE-2025-24893)
🔻 XSS – Zimbra Collaboration (CVE-2025-27915)
🔻 EoP – Linux Kernel (CVE-2025-38001)

🟥 Trending Vulnerabilities Portal

На русском