Vulnerability intelligence

CVE-2025-53770 involves a deserialization of untrusted data vulnerability within on-premises Microsoft SharePoint Server. This flaw allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for this vulnerability is currently in the wild. Microsoft is actively preparing and testing a comprehensive update to address CVE-2025-53770. In the meantime, it is recommended that organizations review and apply the mitigations specified in Microsoft's CVE documentation to protect against potential exploitation.

CVE-2025-53771 is a spoofing vulnerability affecting Microsoft Office SharePoint. It stems from an improper limitation of a pathname to a restricted directory, also known as a 'path traversal'. This vulnerability allows an authorized attacker to perform spoofing over a network. The vulnerability exists in on-premises SharePoint Servers and does not impact SharePoint Online in Microsoft 365. Microsoft has released updates to address this vulnerability, with the update including more robust protections than previous updates for similar vulnerabilities. It is related to other SharePoint vulnerabilities like CVE-2025-49706, and can be chained with other vulnerabilities to achieve remote code execution.

CVE-2025-3248 is a code injection vulnerability that affects Langflow versions prior to 1.3.0. It exists in the `/api/v1/validate/code` endpoint, where a remote, unauthenticated attacker can send crafted HTTP requests to execute arbitrary code on the server. This vulnerability allows attackers to gain control of vulnerable Langflow servers without needing authentication. To remediate this vulnerability, users are advised to upgrade to Langflow version 1.3.0 or restrict network access to the application.

CVE-2025-47812 is a remote code execution vulnerability in Wing FTP Server. The vulnerability arises because the application doesn't properly handle NULL bytes in usernames. By appending a NULL byte to the username, an attacker can bypass authentication and inject Lua code into session files. Specifically, when a user authenticates with a NULL-byte injected username, the server creates a new session ID and stores the NULL byte in the session variable. This allows an attacker to inject arbitrary Lua code, leading to remote code execution with root privileges on Linux systems and SYSTEM rights on Windows systems because the wftpserver runs with elevated privileges by default.

CVE-2025-25257 is a critical SQL injection vulnerability found in Fortinet's FortiWeb web application firewall. This vulnerability, classified as CWE-89, stems from improper neutralization of special elements used in SQL commands. The vulnerability allows unauthenticated attackers to execute unauthorized SQL code or commands by sending crafted HTTP or HTTPS requests to the FortiWeb management interface. Successful exploitation could lead to attackers accessing sensitive data, altering database contents, or compromising backend systems.

CVE-2025-53770 involves a deserialization of untrusted data vulnerability within on-premises Microsoft SharePoint Server. This flaw allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for this vulnerability is currently in the wild. Microsoft is actively preparing and testing a comprehensive update to address CVE-2025-53770. In the meantime, it is recommended that organizations review and apply the mitigations specified in Microsoft's CVE documentation to protect against potential exploitation.