Vulnerability intelligence

CVE-2025-5777 is a vulnerability affecting NetScaler ADC and NetScaler Gateway. It is caused by insufficient input validation, which leads to a memory overread. The vulnerability can be exploited on devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an AAA virtual server. An unauthorized attacker could potentially grab valid session tokens from the memory of internet-facing NetScaler devices by sending a malformed request. Successful exploitation could allow the attacker to gain access to the appliances.

CVE-2025-41646 is a vulnerability in the RevPi Webstatus application. It stems from an incorrect type conversion, which can be exploited by an unauthorized remote attacker to bypass authentication. This could lead to a complete compromise of the affected device. Specifically, the vulnerability allows a remote attacker to bypass authentication. Successful exploitation could grant the attacker full control of the device, potentially allowing them to access, modify, or delete sensitive information, and disrupt device operations. A patch is available from Kunbus, released on June 10, 2025.

CVE-2024-55591 is an authentication bypass vulnerability affecting Fortinet's FortiOS and FortiProxy products. A remote, unauthenticated attacker can exploit this flaw by sending specially crafted requests to the Node.js websocket module. Successful exploitation grants the attacker super-admin privileges on the targeted device. The vulnerability affects FortiOS versions 7.0.0 through 7.0.16, FortiProxy versions 7.0.0 through 7.0.19, and FortiProxy versions 7.2.0 through 7.2.12. Fortinet confirmed active exploitation of this vulnerability as early as November 2024, with reports of attackers creating new user accounts, modifying firewall settings, and establishing SSL VPN tunnels for internal network access. This vulnerability has been assigned a CVSSv3 score of 9.6, indicating its critical nature.

CVE-2025-48928 affects TeleMessage TM SGNL and involves the exposure of a core dump file to an unauthorized control sphere. The vulnerability stems from a JSP application where the heap content is similar to a "core dump," potentially including passwords transmitted over HTTP. If the heap dump is not properly secured, unauthorized parties could retrieve this sensitive data. This vulnerability, categorized as CWE-528, can allow attackers to extract credentials or confidential messages from exposed dump files, threatening both data privacy and system integrity. It has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation in the wild.

CVE-2025-48927 is a vulnerability found in the TeleMessage TM SGNL platform. It is due to an insecure default configuration of the Spring Boot Actuator, which exposes the `/heapdump` endpoint. This flaw is categorized as an Initialization of a Resource with an Insecure Default (CWE-1188). Attackers can exploit this exposed endpoint to access sensitive memory dumps. This could lead to unauthorized data access or privilege escalation. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog and has issued an urgent advisory, setting a remediation deadline of July 22, 2025, for federal agencies.

CVE-2025-6554 is a type confusion vulnerability found in the V8 JavaScript engine, which is used in Chrome and other Chromium-based browsers. This vulnerability can be exploited by remote, unauthenticated attackers by serving crafted HTML pages to targeted users. If successful, the attacker can trick V8 into misinterpreting memory types, potentially leading to arbitrary read/write operations. In some scenarios, this could allow for full remote code execution. Google is aware that the vulnerability is being actively exploited in the wild. A security update has been released for Chrome to address this zero-day vulnerability. The vulnerability was discovered by Clément Lecigne of Google's Threat Analysis Group (TAG) on June 25, 2025.