Report Name: r_vision_compare.txt report
Generated: 2025-11-01 14:19:38

Product Name	Prevalence	U	C	H	M	L	A	Comment
Chromium	0.8	1					1	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
Cisco ASA	0.8	2					2	Cisco Secure Firewall Adaptive Security Appliance (ASA) Software is a security platform that combines firewall, VPN, intrusion prevention, and advanced threat protection capabilities.
Cisco IOS XE	0.8	1		1			2	IOS XE is a release train of Cisco Systems built on Linux and that provides a distributed software architecture that moves many operating system responsibilities out of the IOS process and has a copy of IOS running as a separate process
WinRAR	0.8	1					1	WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH
PostgreSQL	0.6			1			1	PostgreSQL also known as Postgres, is a free and open-source relational database management system emphasizing extensibility and SQL compliance.
7-Zip	0.5			1			1	7-Zip is a free and open-source file archiver, a utility used to place groups of files within compressed containers known as "archives"
NetScaler Application Delivery Controller	0.5	1					1	Product detected by a:citrix:netscaler_application_delivery_controller (exists in CPE dict)
SAP NetWeaver	0.5	2					2	SAP NetWeaver is a software stack for many of SAP SE's applications
Sudo	0.5	1					1	Product detected by a:sudo_project:sudo (exists in CPE dict)
TrueConf Server	0.5			1	2		3	TrueConf Server
Wing FTP Server	0.5	1					1	Product detected by a:wftpserver:wing_ftp_server (exists in CPE dict)

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0	7		2	1		10
Authentication Bypass	0.98	1			1		2
Code Injection	0.97			1			1
Elevation of Privilege	0.85	1					1
Arbitrary File Reading	0.83			1			1
Memory Corruption	0.5	1					1

Urgent (10)

1. Remote Code Execution - WinRAR (CVE-2025-8088) - Urgent [942]

Description: A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

2. Remote Code Execution - Cisco IOS XE (CVE-2025-20352) - Urgent [919]

Description: A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or Cisco IOS XE Software. To cause the DoS, the attacker must have the SNMPv2c or earlier read-only community string or valid SNMPv3 user credentials. An authenticated, remote attacker with high privileges could execute code as the root user on an affected device that is running Cisco IOS XE Software. To execute code as the root user, the attacker must have the SNMPv1 or v2c read-only community string or valid SNMPv3 user credentials and administrative or privilege 15 credentials on the affected device. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device over IPv4 or IPv6 networks. This vulnerability is due to a stack overflow condition in the SNMP subsystem of the affected software. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system. Note: This vulnerability affects all versions of SNMP.

3. Remote Code Execution - SAP NetWeaver (CVE-2025-31324) - Urgent [916]

Description: SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

4. Remote Code Execution - Wing FTP Server (CVE-2025-47812) - Urgent [916]

Description: In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.

5. Remote Code Execution - NetScaler Application Delivery Controller (CVE-2025-7775) - Urgent [904]

Description: Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX

6. Remote Code Execution - SAP NetWeaver (CVE-2025-42999) - Urgent [904]

Description: SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

7. Elevation of Privilege - Sudo (CVE-2025-32463) - Urgent [877]

Description: Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

8. Remote Code Execution - Cisco ASA (CVE-2025-20333) - Urgent [853]

Description: A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.

9. Memory Corruption - Chromium (CVE-2025-10585) - Urgent [829]

Description: Chromium: CVE-2025-10585 Type Confusion in V8

10. Authentication Bypass - Cisco ASA (CVE-2025-20362) - Urgent [814]

Description: A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication.

Critical (0)

High (4)

11. Code Injection - PostgreSQL (CVE-2025-8714) - High [594]

Description: Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.

12. Remote Code Execution - 7-Zip (CVE-2025-55188) - High [523]

Description: 7-Zip before 25.01 does not always properly handle symbolic links during extraction.

13. Remote Code Execution - Cisco IOS XE (CVE-2025-20363) - High [490]

Description: A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR Software) with low user privileges to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web service on an affected device after obtaining additional information about the system, overcoming exploit mitigations, or both. A successful exploit could allow the attacker to execute arbitrary code as root, which may lead to the complete compromise of the affected device. For more information about this vulnerability, see the Details ["#details"] section of this advisory.

14. Arbitrary File Reading - TrueConf Server (BDU:2025-10115) - High [427]

Description: The discovered vulnerability allows a potential attacker to read arbitrary files in the system.

Medium (2)

15. Remote Code Execution - TrueConf Server (BDU:2025-10116) - Medium [380]

Description: The discovered vulnerability allows a potential attacker to inject and execute arbitrary OS commands.

16. Authentication Bypass - TrueConf Server (BDU:2025-10114) - Medium [353]

Description: Insufficient access control allows a potential attacker to make requests to some administrative endpoints (/admin/*) without checking permissions and authentication.

Low (0)

Exploitation in the wild detected (10)

Remote Code Execution (7)

• WinRAR (CVE-2025-8088)
• Cisco IOS XE (CVE-2025-20352)
• SAP NetWeaver (CVE-2025-31324, CVE-2025-42999)
• Wing FTP Server (CVE-2025-47812)
• NetScaler Application Delivery Controller (CVE-2025-7775)
• Cisco ASA (CVE-2025-20333)

Elevation of Privilege (1)

• Sudo (CVE-2025-32463)

Memory Corruption (1)

• Chromium (CVE-2025-10585)

Authentication Bypass (1)

• Cisco ASA (CVE-2025-20362)

Public exploit exists, but exploitation in the wild is NOT detected (2)

Code Injection (1)

• PostgreSQL (CVE-2025-8714)

Remote Code Execution (1)

• 7-Zip (CVE-2025-55188)

Other Vulnerabilities (4)

Remote Code Execution (2)

• Cisco IOS XE (CVE-2025-20363)
• TrueConf Server (BDU:2025-10116)

Arbitrary File Reading (1)

• TrueConf Server (BDU:2025-10115)

Authentication Bypass (1)

• TrueConf Server (BDU:2025-10114)