Vulnerability intelligence

CVE-2025-11953 is a vulnerability in the `@react-native-community/cli` NPM package, specifically affecting versions 4.8.0 through 20.0.0-alpha.2. This flaw stems from the Metro development server, used by React Native, binding to external interfaces by default and exposing an "/open-url" endpoint susceptible to OS command injection. The vulnerability allows unauthenticated network attackers to send a POST request to the server, running arbitrary executables. On Windows, attackers can execute arbitrary shell commands with fully controlled arguments. While macOS and Linux systems have slightly more restricted exploitation paths, researchers believe arbitrary command execution is achievable. The package has been patched in version 20.0.0.

CVE-2025-14321 is identified as a use-after-free (UAF) vulnerability found within the WebRTC Signaling component of Mozilla Firefox and Thunderbird. Specifically, the AISLE Research Team discovered this UAF in Firefox's WebRTC Encoded Transforms mechanism, occurring via an "undetached ArrayBuffer". This vulnerability impacts Firefox versions earlier than 146, Firefox ESR versions prior to 140.6, and Thunderbird versions before 146 and 140.6. The UAF could potentially be exploited to facilitate remote code execution by providing primitives for heap corruption (write) and information leakage (read).

CVE-2024-54529 is a logic flaw identified in Apple macOS, specifically within its Audio component. This vulnerability enables an application to execute arbitrary code with kernel-level privileges. The underlying cause is attributed to insufficient validation or improper checks within the kernel code, allowing a local application to escalate its privileges beyond its intended scope. Disclosed on December 11, 2024, this issue was discovered by Dillon Franke in collaboration with Google Project Zero. Apple has since addressed CVE-2024-54529 by implementing improved checks. The fix is available in macOS Sequoia 15.2, macOS Ventura 13.7.2, and macOS Sonoma 14.7.2.

CVE-2025-40551 is a remote code execution (RCE) vulnerability identified in SolarWinds Web Help Desk (WHD) software. This flaw originates from an untrusted data deserialization weakness, which allows an attacker to execute commands on the host machine. Exploitation of CVE-2025-40551 can occur without requiring authentication. This vulnerability is often discussed alongside other related issues in SolarWinds WHD, forming potential attack chains.

CVE-2025-64328 identifies a command injection vulnerability within the FreePBX Endpoint Manager module. Specifically, the flaw resides in the `check_ssh_connect()` function of the Filestore component. This post-authentication vulnerability allows an authenticated attacker to execute arbitrary shell commands as the `asterisk` user on the affected system. This vulnerability impacts FreePBX Endpoint Manager versions 17.0.2.36 and above, prior to version 17.0.3. Reports indicate that a financially motivated hacker group, INJ3CTOR3, has actively exploited CVE-2025-64328 since early December 2025 to deploy a persistent webshell known as "EncystPHP," enabling them to gain administrative control over compromised VoIP systems.

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API