Vulnerability intelligence

CVE-2025-5777 is a vulnerability affecting NetScaler ADC and NetScaler Gateway. It is caused by insufficient input validation, which leads to a memory overread. The vulnerability can be exploited on devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an AAA virtual server. An unauthorized attacker could potentially grab valid session tokens from the memory of internet-facing NetScaler devices by sending a malformed request. Successful exploitation could allow the attacker to gain access to the appliances.

CVE-2025-6543 is a memory overflow vulnerability found in Citrix NetScaler ADC and NetScaler Gateway. It affects appliances configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. The vulnerability stems from improper restriction of operations within the bounds of a memory buffer. Successful exploitation of CVE-2025-6543 could lead to unintended control flow and a denial-of-service (DoS) condition. Exploits targeting this vulnerability have been observed in the wild, prompting Citrix to release security updates.

CVE-2025-6430 is a security vulnerability found in Mozilla Firefox browsers before version 140 and Firefox ESR (Extended Support Release) before version 128.12. It was discovered by Daniil Satyaev of Positive Technologies and publicly disclosed on June 24, 2025. The vulnerability arises when a file download is specified using the `Content-Disposition` header, but the directive is ignored if the file is included via HTML `<embed>` or `<object>` tags. This can expose websites to cross-site scripting (XSS) attacks, potentially allowing attackers to execute malicious scripts within the context of the vulnerable website, leading to unauthorized access or content manipulation. To mitigate this, users are advised to update their Firefox browsers to version 140 or ESR 128.12 or later.

CVE-2019-6693 involves the use of a hard-coded cryptographic key within Fortinet's FortiOS, FortiManager, and FortiAnalyzer. This key is used to encrypt sensitive data in CLI configurations and backup files. An attacker with access to these configurations or backup files can decrypt the data, including user passwords (excluding the administrator's password), private keys' passphrases, and High Availability passwords, by using the hard-coded key. The vulnerability affects FortiOS versions up to 6.2.0, 6.0.0 to 6.0.6, and 5.6.10, as well as specific versions of FortiManager and FortiAnalyzer. Fortinet has released updates that allow administrators to enable a setting that prompts for a user-defined cryptographic key, which is then used to encrypt sensitive data, mitigating the risk.

CVE-2024-0769 is a path traversal vulnerability affecting D-Link DIR-859 routers. It resides in the `/hedwig.cgi` component's HTTP POST request handler. By manipulating the `service` argument, remote attackers can bypass security restrictions and access sensitive files. The vulnerability allows unauthorized access to system files, potentially leading to complete system compromise and data theft. While the affected product is end-of-life, the public availability of the exploit makes it a threat if the device is still in operation.

CVE-2024-54085 is a vulnerability found in AMI's SPx Baseboard Management Controller (BMC) software. It allows a remote attacker to bypass authentication through the Redfish Host Interface. Successful exploitation of this vulnerability could lead to a complete compromise of the affected system, including loss of confidentiality, integrity, and availability. AMI has released updates to address this vulnerability in SPx versions SPx_12.7+ and SPx_13.5.