Vulnerability intelligence

CVE-2025-6558 is a vulnerability affecting Google Chrome, specifically versions prior to 138.0.7204.157. It stems from insufficient validation of untrusted input in the ANGLE and GPU components of the browser. Clément Lecigne and Vlad Stolyarov from Google's Threat Analysis Group discovered and reported the zero-day vulnerability on June 23, 2025. Successful exploitation of CVE-2025-6558 could allow a remote attacker to perform a sandbox escape via a crafted HTML page. ANGLE, which stands for "Almost Native Graphics Layer Engine," translates between Chrome's rendering engine and device-specific graphics drivers; therefore, vulnerabilities in ANGLE can allow attackers to escape Chrome's security sandbox by abusing low-level GPU operations. Google has released a security update to address this vulnerability, which they report has been actively exploited in the wild.

CVE-2025-20337 is a vulnerability in a specific API of Cisco ISE (Identity Services Engine) and Cisco ISE-PIC (ISE Passive Identity Connector). It could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker doesn't need any valid credentials to exploit this vulnerability. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit it by submitting a crafted API request. Successful exploitation could allow the attacker to obtain root privileges on an affected device. This affects Cisco ISE and ISE-PIC releases 3.3 and 3.4, regardless of device configuration.

CVE-2024-2887 is a type confusion vulnerability found in WebAssembly in Google Chrome versions prior to 123.0.6312.86. It can be triggered by a remote attacker who crafts a malicious HTML page. The vulnerability stems from how WebAssembly handles recursive type groups, which can lead to exceeding the maximum number of declared heap types and create opportunities for type confusion. Successful exploitation of CVE-2024-2887 allows a remote attacker to execute arbitrary code. This can lead to arbitrary read/write within the V8 memory sandbox, the ability to obtain addresses of JavaScript objects, and manipulation of object pointers. It was demonstrated at the Pwn2Own Vancouver 2024 hacking competition. Google patched this vulnerability in Chrome version 123.0.6312.86.

CVE-2019-9621 is a Server-Side Request Forgery (SSRF) vulnerability affecting Zimbra Collaboration Suite (ZCS) versions before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3. It exists in the ProxyServlet component. The vulnerability allows a remote, unauthenticated attacker to send a crafted HTTP request to trick the Zimbra server into making unauthorized requests to internal or external systems. This can bypass network restrictions and potentially reach sensitive internal services, possibly exposing sensitive data.

CVE-2025-5777 is a vulnerability affecting NetScaler ADC and NetScaler Gateway. It is caused by insufficient input validation, which leads to a memory overread. The vulnerability can be exploited on devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an AAA virtual server. An unauthorized attacker could potentially grab valid session tokens from the memory of internet-facing NetScaler devices by sending a malformed request. Successful exploitation could allow the attacker to gain access to the appliances.

CVE-2025-47812 is a remote code execution vulnerability in Wing FTP Server. The vulnerability arises because the application doesn't properly handle NULL bytes in usernames. By appending a NULL byte to the username, an attacker can bypass authentication and inject Lua code into session files. Specifically, when a user authenticates with a NULL-byte injected username, the server creates a new session ID and stores the NULL byte in the session variable. This allows an attacker to inject arbitrary Lua code, leading to remote code execution with root privileges on Linux systems and SYSTEM rights on Windows systems because the wftpserver runs with elevated privileges by default.