Vulnerability intelligence

CVE-2025-32463 is a vulnerability that affects Sudo versions 1.9.14 to 1.9.17 inclusive. It allows a local user to gain root access. This is possible because the `/etc/nsswitch.conf` file from a user-controlled directory is used with the `--chroot` option. An attacker can exploit this vulnerability by using Sudo's `-R` or `--chroot` option to execute arbitrary commands as root, even if they are not listed in the `sudoers` file. The vulnerability was fixed in Sudo version 1.9.17p1.

CVE-2025-41244 is a local privilege escalation vulnerability affecting VMware Tools and VMware Aria Operations. It stems from overly broad regular expression patterns in the `get-versions.sh` component used by both VMware Tools and Aria Operations' Service Discovery Management Pack (SDMP). The `get_version()` function in this script scans for listening sockets and then executes matched binaries to retrieve version information. However, the use of the non-whitespace shorthand `\S` unintentionally includes user-writable directories such as `/tmp/httpd`. Attackers can exploit this by staging malicious binaries in these user-writable locations. The privileged VMware context then executes these binaries, leading to a local privilege escalation. By mimicking system binaries in writable paths, CVE-2025-41244 violates CWE-426: Untrusted Search Path, offering trivial local privilege escalation opportunities.

CVE-2022-41352 is a vulnerability in Zimbra Collaboration Suite (ZCS) versions 8.8.15 and 9.0. It stems from how the Amavis content filter, which is part of Zimbra, uses the cpio utility to unpack archives. An attacker can exploit this by crafting a malicious archive (e.g., a .tar file) containing a web-shell and sending it to a vulnerable Zimbra server. When the Amavis filter scans the archive, it uses cpio to extract the contents, including the malicious web-shell, to a public directory. This allows the attacker to then execute arbitrary commands on the compromised server via the web-shell. The vulnerability exists because cpio lacks a secure mode for handling untrusted files, potentially allowing writes to any path accessible to the Zimbra user.

CVE-2025-59689 is a command injection vulnerability affecting Libraesva Email Security Gateway (ESG) versions 4.5 through 5.5.x before 5.5.7. It stems from improper sanitization when the software removes active code from files within certain compressed archive formats. Attackers can exploit this vulnerability by sending emails containing specially crafted compressed attachments. The payload files are designed to manipulate the application's sanitization logic, allowing the execution of arbitrary shell commands under a non-privileged user account. Fixes have been released for ESG versions 5.0, 5.1, 5.2, 5.4, and 5.5.

CVE-2025-32463 is a vulnerability that affects Sudo versions 1.9.14 to 1.9.17 inclusive. It allows a local user to gain root access. This is possible because the `/etc/nsswitch.conf` file from a user-controlled directory is used with the `--chroot` option. An attacker can exploit this vulnerability by using Sudo's `-R` or `--chroot` option to execute arbitrary commands as root, even if they are not listed in the `sudoers` file. The vulnerability was fixed in Sudo version 1.9.17p1.

CVE-2025-20352 is a vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software. It stems from a stack overflow condition. An attacker can exploit this vulnerability by sending a crafted SNMP packet to an affected device over IPv4 or IPv6 networks. Cisco confirmed that the vulnerability is being actively exploited in the wild. The vulnerability allows for two distinct attack scenarios based on the attacker's privilege level. A low-privileged, authenticated, remote attacker with an SNMPv2c read-only community string or valid SNMPv3 user credentials can cause a denial-of-service (DoS) condition on an affected device. A high-privileged attacker with SNMPv1 or v2c read-only community strings combined with administrative credentials can execute code as the root user, gaining full control of the affected system.