Vulnerability intelligence

CVE-2025-53770 involves a deserialization of untrusted data vulnerability within on-premises Microsoft SharePoint Server. This flaw allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for this vulnerability is currently in the wild. Microsoft is actively preparing and testing a comprehensive update to address CVE-2025-53770. In the meantime, it is recommended that organizations review and apply the mitigations specified in Microsoft's CVE documentation to protect against potential exploitation.

CVE-2025-53771 is a spoofing vulnerability affecting Microsoft Office SharePoint. It stems from an improper limitation of a pathname to a restricted directory, also known as a 'path traversal'. This vulnerability allows an authorized attacker to perform spoofing over a network. The vulnerability exists in on-premises SharePoint Servers and does not impact SharePoint Online in Microsoft 365. Microsoft has released updates to address this vulnerability, with the update including more robust protections than previous updates for similar vulnerabilities. It is related to other SharePoint vulnerabilities like CVE-2025-49706, and can be chained with other vulnerabilities to achieve remote code execution.

CVE-2025-53816 is a vulnerability affecting 7-Zip, a file archiving tool. Specifically, it's a heap buffer overflow found in the RAR5 decoder component. This flaw can be triggered when 7-Zip attempts to process specially crafted RAR5 archive files. The vulnerability stems from a miscalculation in memory operations during the recovery of corrupted archive items, leading to a write of zero bytes beyond the allocated buffer. By exploiting this, an attacker can cause memory corruption and potentially crash the application or system, resulting in a denial-of-service condition. 7-Zip version 25.0.0 addresses this vulnerability.

CVE-2025-2776 is an unauthenticated XML External Entity (XXE) vulnerability found in SysAid On-Prem versions at or below 23.3.40. This vulnerability exists within the Server URL processing functionality. The XXE vulnerability allows for administrator account takeover and enables file read primitives.

CVE-2025-6558 is a vulnerability affecting Google Chrome, specifically versions prior to 138.0.7204.157. It stems from insufficient validation of untrusted input in the ANGLE and GPU components of the browser. Clément Lecigne and Vlad Stolyarov from Google's Threat Analysis Group discovered and reported the zero-day vulnerability on June 23, 2025. Successful exploitation of CVE-2025-6558 could allow a remote attacker to perform a sandbox escape via a crafted HTML page. ANGLE, which stands for "Almost Native Graphics Layer Engine," translates between Chrome's rendering engine and device-specific graphics drivers; therefore, vulnerabilities in ANGLE can allow attackers to escape Chrome's security sandbox by abusing low-level GPU operations. Google has released a security update to address this vulnerability, which they report has been actively exploited in the wild.

CVE-2025-54309 is a vulnerability in CrushFTP versions before 10.8.5 and 11.3.4_23. It stems from improper validation of the AS2 (Applicability Statement 2) protocol over HTTPS when the DMZ proxy feature is not in use. This mishandling allows unauthenticated remote attackers to gain administrative access to the system. Specifically, the server fails to correctly validate remote requests made to AS2 endpoints, which allows attackers to forge requests that the system interprets as coming from a trusted source, bypassing authentication checks. By sending malicious AS2 payloads over HTTPS to the exposed CrushFTP endpoint, an attacker can send administrative commands and potentially escalate privileges to execute arbitrary commands.