Vulnerability intelligence

CVE-2025-53770 involves a deserialization of untrusted data vulnerability within on-premises Microsoft SharePoint Server. This flaw allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for this vulnerability is currently in the wild. Microsoft is actively preparing and testing a comprehensive update to address CVE-2025-53770. In the meantime, it is recommended that organizations review and apply the mitigations specified in Microsoft's CVE documentation to protect against potential exploitation.

CVE-2025-49706 is a vulnerability affecting Microsoft Office SharePoint. It stems from improper authentication within the software. This vulnerability could allow an authorized attacker to perform spoofing attacks over a network, potentially compromising the integrity of SharePoint services. Microsoft has released a security update (KB5002751) to address this vulnerability.

CVE-2025-49704 is a code injection vulnerability in Microsoft Office SharePoint. An authorized attacker could exploit this vulnerability to execute code over a network. To exploit this vulnerability, the attacker needs to be authenticated with at least Site Owner privileges. Successful exploitation of CVE-2025-49704 allows an attacker to write arbitrary code into a vulnerable SharePoint server to gain remote code execution. The attack complexity is low and can be exploited remotely from the internet, potentially leading to complete compromise of affected SharePoint servers.

CVE-2025-47812 is a remote code execution vulnerability in Wing FTP Server. The vulnerability arises because the application doesn't properly handle NULL bytes in usernames. By appending a NULL byte to the username, an attacker can bypass authentication and inject Lua code into session files. Specifically, when a user authenticates with a NULL-byte injected username, the server creates a new session ID and stores the NULL byte in the session variable. This allows an attacker to inject arbitrary Lua code, leading to remote code execution with root privileges on Linux systems and SYSTEM rights on Windows systems because the wftpserver runs with elevated privileges by default.

CVE-2025-25257 is a critical SQL injection vulnerability found in Fortinet's FortiWeb web application firewall. This vulnerability, classified as CWE-89, stems from improper neutralization of special elements used in SQL commands. The vulnerability allows unauthenticated attackers to execute unauthorized SQL code or commands by sending crafted HTTP or HTTPS requests to the FortiWeb management interface. Successful exploitation could lead to attackers accessing sensitive data, altering database contents, or compromising backend systems.

CVE-2025-53770 involves a deserialization of untrusted data vulnerability within on-premises Microsoft SharePoint Server. This flaw allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for this vulnerability is currently in the wild. Microsoft is actively preparing and testing a comprehensive update to address CVE-2025-53770. In the meantime, it is recommended that organizations review and apply the mitigations specified in Microsoft's CVE documentation to protect against potential exploitation.