Tag Archives: vulnerability

About Elevation of Privilege – Sudo (CVE-2025-32463) vulnerability

Leave a reply

About Elevation of Privilege - Sudo (CVE-2025-32463) vulnerability

About Elevation of Privilege – Sudo (CVE-2025-32463) vulnerability. Sudo is a utility in Unix-like operating systems that allows a user to run a program with the privileges of another user, by default the superuser (root).

🔻 The vulnerability allows a local attacker to escalate privileges by forcing sudo to load an arbitrary dynamic library when using a root directory specified via the -R (–chroot) option. An attacker can execute arbitrary commands as root on systems that support (Name Service Switch configuration file).

⚙️ The vulnerability was fixed in sudo 1.9.17p1, released on June 30, 2025.

🛠 On the same day, a write-up by researcher Rich Mirch was published with a PoC exploit.

🐧 I noted Linux vendors’ remediation of this vulnerability in July Linux Patch Wednesday. Multiple public exploits for the vulnerability were available.

👾 On September 29, the vulnerability was added to CISA KEV.

На русском

About Remote Code Execution – Cisco ASA/FTD (CVE-2025-20333, CVE-2025-20362) vulnerability

Leave a reply

About Remote Code Execution - Cisco ASA/FTD (CVE-2025-20333, CVE-2025-20362) vulnerability

About Remote Code Execution – Cisco ASA/FTD (CVE-2025-20333, CVE-2025-20362) vulnerability. Cisco ASA and FTD are among the most widely used solutions for perimeter protection and for providing remote access to corporate infrastructure. 🔗 On September 25, Cisco released updates addressing a chain of vulnerabilities that could allow attackers take full control of affected devices:

🔻 Vulnerability CVE-2025-20362 allows an unauthenticated attacker to access a restricted URL.

🔻 Vulnerability CVE-2025-20333 allows an authenticated attacker to execute arbitrary code as root.

👾 Cisco reports that the vulnerability chain has been exploited in attacks since May 2025. The attacks are linked to the ArcaneDoor campaign and use the LINE VIPER and RayInitiator malware.

🛠 There are no public exploits yet.

🌐 Shadowserver shows over 45,000 vulnerable hosts, with more than 2,000 of them in Russia.

На русском

Vulners has added information on exploits

Leave a reply

Vulners has added information on exploits

Vulners has added information on exploits. But wasn’t that already available before? After all, Vulristics takes most of its exploit-related data from Vulners! 🤔

That’s true. ✅ But previously an exploit in Vulners was always a Vulners object from a specific collection. For example, an exploit page from ExploitDB. The centralized, collection-based approach works great for sources like vulnerability databases, security bulletins, and exploit packs.

However, quite often an exploit PoC is found in random places – for example, in a researcher’s blog post or on a vendor’s page. For such cases, Vulners now also stores exploits as sets of links in the vulnerability metadata. 🔗🧩 These links are collected from various sources, including NVD, GitHub, and Gitee.

The number of sources will expand, exploit information in Vulners will become more complete, and tools like Vulristics will be able to prioritize vulnerabilities even better based on that. 🧰📈

На русском

September “In the Trend of VM” (#19): vulnerabilities in the WinRAR and 7-Zip archivers, SAP NetWeaver, and TrueConf Server

1 Reply

September In the Trend of VM (#19): vulnerabilities in the WinRAR and 7-Zip archivers, SAP NetWeaver, and TrueConf Server

September “In the Trend of VM” (#19): vulnerabilities in the WinRAR and 7-Zip archivers, SAP NetWeaver, and TrueConf Server. A traditional monthly roundup – for the first time with NO Microsoft vulnerabilities! 😲🙂

🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)

A total of eight trending vulnerability IDs in four products:

🔻 Remote Code Execution – WinRAR (CVE-2025-6218, CVE-2025-8088). An exploitable RCE during archive extraction.
🔻 Remote Code Execution – SAP NetWeaver (CVE-2025-31324, CVE-2025-42999). An exploitable RCE in a component of a popular ERP system.
🔻 Remote Code Execution – 7-Zip (CVE-2025-55188). Mostly a Linux RCE during archive extraction – a public exploit is available.
🔻 Remote Code Execution – TrueConf Server (BDU:2025-10116, BDU:2025-10115, BDU:2025-10114). Critical flaws in Russian videoconferencing system.

На русском

About Remote Code Execution – TrueConf Server (BDU:2025-10116, BDU:2025-10115, BDU:2025-10114) vulnerability

Leave a reply

About Remote Code Execution - TrueConf Server (BDU:2025-10116, BDU:2025-10115, BDU:2025-10114) vulnerability

About Remote Code Execution – TrueConf Server (BDU:2025-10116, BDU:2025-10115, BDU:2025-10114) vulnerability. TrueConf Server is a popular Russian corporate messenger and video conferencing system. A chain of critical vulnerabilities in TrueConf Server was discovered by PT SWARM expert Nikita Petrov:

🔻 Vulnerability BDU:2025-10114 is related to insufficient access control and allows an attacker to send requests to certain administrative endpoints without permission checks or authentication.

🔻 Vulnerability BDU:2025-10115 allows an attacker to read arbitrary files on the system.

🔻 The most critical – BDU:2025-10116 – allows a potential attacker to inject and execute arbitrary OS commands.

⚙️ Security updates were released on August 27, 2025.

👾🛠 There are currently no signs of exploitation in the wild or public exploits.

🌐 According to Positive Technologies, there are over 7,000 TrueConf Server installations in Russia alone.

На русском

September Linux Patch Wednesday

Leave a reply

September Linux Patch Wednesday

September Linux Patch Wednesday. In September, Linux vendors began addressing 748 vulnerabilities, slightly fewer than in August. Of these, 552 are in the Linux Kernel. The share of Linux Kernel vulnerabilities is growing! One vulnerability shows signs of being actively exploited (CISA KEV):

🔻 MemCor – Chromium (CVE-2025-10585). Public exploits are available.

For 63 (❗️) vulnerabilities, public exploits are available or there are signs they exist. Notable ones include:

🔸 RCE – CivetWeb (CVE-2025-55763), ImageMagick (CVE-2025-55298), Asterisk (CVE-2025-49832), libbiosig (CVE-2025-46411 and 22 other CVEs), sail (CVE-2025-32468 and 7 other CVEs)
🔸 AuthBypass – OAuth2 Proxy (CVE-2025-54576), CUPS (CVE-2025-58060)
🔸 EoP – UDisks (CVE-2025-8067)
🔸 SQLi – Django (CVE-2025-57833)
🔸 SFB – CUPS (CVE-2025-58364)

🗒 Full Vulristics report

На русском

About Remote Code Execution – 7-Zip (CVE-2025-55188) vulnerability

Leave a reply

About Remote Code Execution - 7-Zip (CVE-2025-55188) vulnerability

About Remote Code Execution – 7-Zip (CVE-2025-55188) vulnerability. 7-Zip is a popular open-source archiver. It’s a Windows application, but the project also provides command-line versions for Linux and macOS. The gist of the vulnerability: 7-Zip improperly handles symbolic links and, when extracting a specially crafted archive, can overwrite arbitrary files outside the extraction directory. Sounds like the recent WinRAR vulnerability, right? 😉

🔻 It’s mainly exploited on Linux. Attackers can overwrite SSH keys, startup (autostart) scripts, etc.

🔻 Exploitation is also possible on Windows, but the 7-Zip extraction process must have permission to create symlinks (requires running as Administrator or enabling Developer Mode). 🤔

🩹 The vulnerability was fixed in 7-Zip 25.01, released on August 3.

🛠 The researcher lunbun reported it on Aug 9 and posted a write-up on Aug 28. PoCs have been available on GitHub since Aug 11.

👾 No signs of in-the-wild exploitation so far.

На русском