Vulnerability intelligence

CVE-2025-65717 is a security vulnerability identified in the Live Server extension for Visual Studio Code, affecting version 5.7.9 and potentially all versions. This flaw allows attackers to exfiltrate local files from a developer's machine. The vulnerability is exploited when a user, with the Live Server extension actively running, is enticed to visit a malicious website. Once the malicious website is accessed, embedded JavaScript within the page can crawl and extract files from the local development HTTP server that the Live Server extension operates, typically on `localhost:5500`. These stolen files can then be transmitted to a domain under the attacker's control. This issue was reported by OX Security researchers in August 2025, but as of recent reports, it remains unpatched.

CVE-2025-64446 is a relative path traversal vulnerability affecting Fortinet FortiWeb versions 8.0.0 through 8.0.1, 7.6.0 through 7.6.4, 7.4.0 through 7.4.9, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.11. It can be exploited by sending crafted HTTP or HTTPS requests. This vulnerability allows remote, unauthenticated attackers to gain administrative access to the web application firewall appliances. Specifically, the vulnerability can be exploited by sending an HTTP POST request to `/api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi` with a payload designed to create an administrative account. Successful exploitation allows an attacker with no prior access to gain administrator-level access to the FortiWeb Manager panel and websocket command-line interface.

CVE-2025-58034 is an OS command injection vulnerability affecting Fortinet FortiWeb. It may allow an authenticated attacker to execute unauthorized code on the underlying system. This can be achieved through crafted HTTP requests or CLI commands. Fortinet has released security updates to address this zero-day vulnerability, which has been actively exploited in attacks. It was reported by Jason McFadyen from Trend Micro's Trend Research team. Administrators are advised to upgrade their FortiWeb devices to the latest available software versions to block potential attacks.

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)