Category Archives: Vulnerability

September Linux Patch Wednesday

Leave a reply

September Linux Patch Wednesday

September Linux Patch Wednesday. In September, Linux vendors began addressing 748 vulnerabilities, slightly fewer than in August. Of these, 552 are in the Linux Kernel. The share of Linux Kernel vulnerabilities is growing! One vulnerability shows signs of being actively exploited (CISA KEV):

🔻 MemCor – Chromium (CVE-2025-10585). Public exploits are available.

For 63 (❗️) vulnerabilities, public exploits are available or there are signs they exist. Notable ones include:

🔸 RCE – CivetWeb (CVE-2025-55763), ImageMagick (CVE-2025-55298), Asterisk (CVE-2025-49832), libbiosig (CVE-2025-46411 and 22 other CVEs), sail (CVE-2025-32468 and 7 other CVEs)
🔸 AuthBypass – OAuth2 Proxy (CVE-2025-54576), CUPS (CVE-2025-58060)
🔸 EoP – UDisks (CVE-2025-8067)
🔸 SQLi – Django (CVE-2025-57833)
🔸 SFB – CUPS (CVE-2025-58364)

🗒 Full Vulristics report

На русском

About Remote Code Execution – 7-Zip (CVE-2025-55188) vulnerability

Leave a reply

About Remote Code Execution - 7-Zip (CVE-2025-55188) vulnerability

About Remote Code Execution – 7-Zip (CVE-2025-55188) vulnerability. 7-Zip is a popular open-source archiver. It’s a Windows application, but the project also provides command-line versions for Linux and macOS. The gist of the vulnerability: 7-Zip improperly handles symbolic links and, when extracting a specially crafted archive, can overwrite arbitrary files outside the extraction directory. Sounds like the recent WinRAR vulnerability, right? 😉

🔻 It’s mainly exploited on Linux. Attackers can overwrite SSH keys, startup (autostart) scripts, etc.

🔻 Exploitation is also possible on Windows, but the 7-Zip extraction process must have permission to create symlinks (requires running as Administrator or enabling Developer Mode). 🤔

🩹 The vulnerability was fixed in 7-Zip 25.01, released on August 3.

🛠 The researcher lunbun reported it on Aug 9 and posted a write-up on Aug 28. PoCs have been available on GitHub since Aug 11.

👾 No signs of in-the-wild exploitation so far.

На русском

About Remote Code Execution – SAP NetWeaver (CVE-2025-31324, CVE-2025-42999) vulnerability

Leave a reply

About Remote Code Execution - SAP NetWeaver (CVE-2025-31324, CVE-2025-42999) vulnerability

About Remote Code Execution – SAP NetWeaver (CVE-2025-31324, CVE-2025-42999) vulnerability. SAP NetWeaver is the core SAP platform for running applications and integrating systems. Vulnerabilities were found in its Visual Composer component – a web tool for business app modeling. A lack of authorization checks (CVE-2025-31324) and insecure deserialization (CVE-2025-42999) allows unauthenticated attackers to perform remote code execution and compromise SAP systems, data, and processes.

🩹 The vulnerabilities were fixed by SAP in April and May 2025.

👾 On May 13, Onapsis researchers reported that CVE-2025-31324 had been exploited since February 10. The CVEs were added to CISA KEV on April 29 and May 15.

🛠 PoCs for CVE-2025-31324 began appearing on GitHub in late April. A public exploit combining CVE-2025-31324 and CVE-2025-42999 was reported by Onapsis on August 15.

📊 According to estimates, SAP products are still used by around 2,000 Russian organizations.

На русском

September Microsoft Patch Tuesday

1 Reply

September Microsoft Patch Tuesday

September Microsoft Patch Tuesday. A total of 103 vulnerabilities, 29 fewer than in August. Of these, 25 vulnerabilities were added between the August and September MSPT. So far, no vulnerabilities are known to be exploited in the wild. Two have public PoC exploits:

🔸 DoS – Newtonsoft.Json (CVE-2024-21907)
🔸 EoP – Azure Networking (CVE-2025-54914)

Notable among the other vulnerabilities without public exploits:

🔹 RCE – Microsoft Office (CVE-2025-54910), Windows Graphics Component (CVE-2025-55228), NTFS (CVE-2025-54916), SharePoint (CVE-2025-54897), Microsoft HPC Pack (CVE-2025-55232), Hyper-V (CVE-2025-55224), Graphics Kernel (CVE-2025-55226, CVE-2025-55236)
🔹 EoP – Windows NTLM (CVE-2025-54918), Windows Kernel (CVE-2025-54110), Windows SMB (CVE-2025-55234), Windows TCP/IP Driver (CVE-2025-54093), Hyper-V (CVE-2025-54091, CVE-2025-54092, CVE-2025-54098, CVE-2025-54115)

🗒 Full Vulristics report

На русском

August Linux Patch Wednesday

Leave a reply

August Linux Patch Wednesday

August Linux Patch Wednesday. I’m late with this LPW since I was improving the generation of LPW bulletin lists and the operation of Vulristics. 🙂 In August, Linux vendors addressed 867 vulnerabilities, nearly twice July’s total, including 455 in the Linux Kernel. One vulnerability is confirmed exploited in the wild (CISA KEV):

🔻 SFB – Chromium (CVE-2025-6558) – an exploited SFB in Chromium for the fourth month in a row. 🙄

Public exploits are available or suspected for 72 (❗️) vulnerabilities. The most important are:

🔸 RCE – WordPress (CVE-2024-31211) – from last year, but recently fixed in Debian; Kubernetes (CVE-2025-53547), NVIDIA Container Toolkit (CVE-2025-23266), Kafka (CVE-2025-27819)
🔸 Command Injection – Kubernetes (CVE-2024-7646)
🔸 Code Injection – PostgreSQL (CVE-2025-8714/8715), Kafka (CVE-2025-27817)
🔸 Arbitrary File Writing – 7-Zip (CVE-2025-55188)

🗒 Full Vulristics report

На русском

About Remote Code Execution – WinRAR (CVE-2025-6218, CVE-2025-8088) vulnerabilities

1 Reply

About Remote Code Execution - WinRAR (CVE-2025-6218, CVE-2025-8088) vulnerabilities

About Remote Code Execution – WinRAR (CVE-2025-6218, CVE-2025-8088) vulnerabilities. A crafted file path inside an archive may cause the extraction process to move into unintended directories (including the Startup directories 😈), which can result in archive extraction leading to the execution of malicious code in the context of the current user.

🩹 Vulnerability CVE-2025-6218 was reported to the vendor on June 5. It was fixed on June 25 in version 7.12. A month later, on July 30, version 7.13 was released, which addressed CVE-2025-8088 with the same description.

🛠 A public exploit for CVE-2025-6218 has been available on GitHub since June 27.

👾 On August 8, BiZone reported phishing attacks against Russian organizations exploiting CVE-2025-6218 and CVE-2025-8088 since early July, linked to the group Paper Werewolf (GOFFEE). ESET also observed attacks exploiting these vulnerabilities to deploy RomCom backdoors.

На русском

🔍 Vulners Lookup – augmented CVE reality

Leave a reply

🔍 Vulners Lookup – augmented CVE reality🔍 Vulners Lookup – augmented CVE reality🔍 Vulners Lookup – augmented CVE reality🔍 Vulners Lookup – augmented CVE reality🔍 Vulners Lookup – augmented CVE reality🔍 Vulners Lookup – augmented CVE reality🔍 Vulners Lookup – augmented CVE reality

🔍 Vulners Lookup – augmented CVE reality.

Yesterday, VulnCheck unveiled a prototype Chrome/Chromium plugin that highlights CVE identifiers on any website and shows a popup with vulnerability details, including whether the vulnerability is in the VulnCheck KEV (an extended CISA KEV). ⚡️

The Vulners team saw this news, loved the idea, and built their own plugin in just one day. 👨‍💻 CVEs are highlighted, and hovering over them shows up-to-date details: description, evidence of exploitation in the wild, and public exploits. Clicking takes you to the Vulners website, where you can explore actual exploits and attack details. 😉🚀

The wow factor is definitely here! 🤯🙂👍 News, regulatory bulletins, vulnerability top lists, and blogs are suddenly bursting with new colors. 🎨 So cool! 😎 And best of all – it’s free! 🆓

📦 While Vulners Lookup is under review in the Google plugin store, you can download and install it from the archive.

На русском