Vulnerability intelligence

CVE-2025-64446 is a relative path traversal vulnerability affecting Fortinet FortiWeb versions 8.0.0 through 8.0.1, 7.6.0 through 7.6.4, 7.4.0 through 7.4.9, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.11. It can be exploited by sending crafted HTTP or HTTPS requests. This vulnerability allows remote, unauthenticated attackers to gain administrative access to the web application firewall appliances. Specifically, the vulnerability can be exploited by sending an HTTP POST request to `/api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi` with a payload designed to create an administrative account. Successful exploitation allows an attacker with no prior access to gain administrator-level access to the FortiWeb Manager panel and websocket command-line interface.

CVE-2025-33053 is a remote code execution vulnerability affecting the WebDAV client in Microsoft Windows. It stems from insufficient input validation in WebDAV file path handling, allowing an attacker to execute arbitrary code over a network. Successful exploitation requires a user to click on a specially crafted WebDAV URL, potentially leading to unauthorized access to sensitive system resources, compromise of system integrity and confidentiality, or even full control of the affected system. This vulnerability has been actively exploited in the wild.

CVE-2025-20337 is a vulnerability in a specific API of Cisco ISE (Identity Services Engine) and Cisco ISE-PIC (ISE Passive Identity Connector). It could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker doesn't need any valid credentials to exploit this vulnerability. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit it by submitting a crafted API request. Successful exploitation could allow the attacker to obtain root privileges on an affected device. This affects Cisco ISE and ISE-PIC releases 3.3 and 3.4, regardless of device configuration.

CVE-2025-9242 is an out-of-bounds write vulnerability found in WatchGuard Fireware OS. The vulnerability resides in the *iked* process. This flaw makes it possible for an unauthenticated, remote attacker to execute arbitrary code on affected systems. The vulnerability impacts both Mobile User VPN with IKEv2 and Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.

CVE-2025-62215 is an elevation-of-privilege vulnerability affecting the Windows Kernel. It stems from a race condition due to improper synchronization when multiple processes concurrently access shared resources. An attacker with local access and some level of system access can exploit this flaw to execute code with elevated privileges, potentially gaining SYSTEM-level access. The vulnerability is triggered by exploiting a race condition in the Windows Kernel's memory management subsystem. By carefully timing multiple threads or processes, an attacker can manipulate shared kernel resources to cause a double-free condition, potentially leading to memory corruption. This allows the attacker to execute arbitrary code in the kernel's context.

CVE-2025-12480 is an improper access control vulnerability affecting Triofox versions prior to 16.7.10368.56560. It allows unauthorized access to the initial setup pages even after the setup is complete. Attackers can bypass authentication and access configuration pages, potentially uploading and executing arbitrary payloads. In one observed case, a threat actor (UNC6485) exploited this vulnerability to create a new admin account and then used the built-in antivirus feature to execute malicious files. To remediate this vulnerability, it is recommended to upgrade to Triofox version 16.7.10368.56560 or later.