Vulnerability intelligence

CVE-2023-33538 is a command injection vulnerability found in TP-Link routers, specifically the TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 models. The vulnerability exists within the `/userRpm/WlanNetworkRpm` component. This vulnerability allows an attacker to inject arbitrary commands into the system by manipulating an unknown input. Successful exploitation could lead to a compromise of confidentiality, integrity, and availability of the affected device. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation in the wild.

CVE-2025-0133 is a reflected cross-site scripting (XSS) vulnerability found in the GlobalProtect gateway and portal features of Palo Alto Networks PAN-OS software. This vulnerability allows for the execution of malicious JavaScript within the browser of an authenticated Captive Portal user when they interact with a specially crafted link. The primary risk associated with this vulnerability is the potential for phishing attacks that could lead to the theft of user credentials, particularly if Clientless VPN is enabled. An attacker could create links that appear to be hosted on the GlobalProtect portal to steal credentials. Threat IDs 510003 and 510004 can be enabled to block attacks. Disabling Clientless VPN can also serve as mitigation.

CVE-2024-55591 is an authentication bypass vulnerability affecting Fortinet's FortiOS and FortiProxy products. A remote, unauthenticated attacker can exploit this flaw by sending specially crafted requests to the Node.js websocket module. Successful exploitation grants the attacker super-admin privileges on the targeted device. The vulnerability affects FortiOS versions 7.0.0 through 7.0.16, FortiProxy versions 7.0.0 through 7.0.19, and FortiProxy versions 7.2.0 through 7.2.12. Fortinet confirmed active exploitation of this vulnerability as early as November 2024, with reports of attackers creating new user accounts, modifying firewall settings, and establishing SSL VPN tunnels for internal network access. This vulnerability has been assigned a CVSSv3 score of 9.6, indicating its critical nature.

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

CVE-2023-33538 is a command injection vulnerability found in TP-Link routers, specifically the TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 models. The vulnerability exists within the `/userRpm/WlanNetworkRpm` component. This vulnerability allows an attacker to inject arbitrary commands into the system by manipulating an unknown input. Successful exploitation could lead to a compromise of confidentiality, integrity, and availability of the affected device. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation in the wild.

CVE-2025-43200 is a vulnerability related to how Apple devices process maliciously crafted photos or videos shared via iCloud Link. A logic issue existed that could be exploited through a zero-click attack, meaning it could be triggered without any user interaction. Apple has acknowledged that this vulnerability may have been used in targeted attacks against specific individuals. The vulnerability was addressed with improved checks in iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1, released on February 10, 2025. Citizen Lab has found forensic evidence that this vulnerability was leveraged to deploy Paragon's Graphite spyware against journalists.