Vulnerability intelligence

CVE-2025-20333 is a vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. It stems from improper validation of user-supplied input in HTTP(S) requests. An authenticated, remote attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. Successful exploitation could allow the attacker to execute arbitrary code as root, potentially leading to complete compromise of the device. Cisco has released software updates to address this vulnerability.

CVE-2025-53521 is a vulnerability affecting F5 BIG-IP Access Policy Manager (APM) systems when an access policy is configured on a virtual server. The flaw, categorized as CWE-770 (Allocation of Resources Without Limits or Throttling), allows undisclosed or specially crafted traffic to cause the Traffic Management Microkernel (TMM) process to terminate. This termination of the TMM process results in a disruption of all traffic handled by the BIG-IP device until the process restarts. The vulnerability can be exploited remotely by an unauthenticated attacker, leading to a denial-of-service condition on the BIG-IP APM system.

CVE-2025-20362 is a vulnerability found in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. It could allow an unauthenticated, remote attacker to access restricted URL endpoints that should normally require authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit it by sending crafted HTTP requests to a targeted web server, potentially gaining access to restricted URLs without proper authentication. Cisco has released software updates to address this vulnerability.

CVE-2025-29635 describes a command injection vulnerability found in specific firmware versions (240126 and 240802) of D-Link DIR-823X routers. This flaw allows an authorized attacker to execute arbitrary commands on affected remote devices. The vulnerability is triggered by sending a specially crafted POST request to the `/goform/set_prohibiting` function, which can lead to remote command execution. Reports indicate that this vulnerability has been exploited by the Mirai botnet.

CVE-2024-7399 is a path traversal vulnerability affecting Samsung MagicINFO 9 Server versions 21.1050 and earlier. This flaw stems from improper input verification, allowing unauthenticated attackers to upload arbitrary files, such as JavaServer Pages (JSP) files, to the server. By exploiting this, threat actors can execute arbitrary code with system authority on vulnerable servers. Although Samsung released a patch for this vulnerability in August 2024, active exploitation in the wild was observed starting in April 2025, shortly after a proof-of-concept (PoC) exploit was made public. Attackers have been leveraging CVE-2024-7399 to infect compromised MagicINFO servers with Mirai botnet malware.

CVE-2024-57728 is a path traversal vulnerability affecting SimpleHelp remote support software versions 5.5.7 and earlier. This flaw enables authenticated administrative users to upload arbitrary files to any location on the file system by exploiting a "zip slip" technique with a specially crafted zip file. Successful exploitation of this vulnerability can lead to the execution of arbitrary code on the host system, operating within the security context of the SimpleHelp server user. This CVE has been observed as part of a chain of vulnerabilities that could be exploited by attackers.