Vulnerability intelligence

CVE-2025-10035 is a deserialization vulnerability found in the License Servlet of Fortra's GoAnywhere MFT. It allows an attacker with a validly forged license response signature to deserialize an arbitrary, attacker-controlled object. This could potentially lead to command injection. To remediate this vulnerability, it is recommended to update GoAnywhere MFT to version 7.8.4. It is also advised to ensure that access to the GoAnywhere Admin Console is not open to the public, as exploitation of this vulnerability is highly dependent on systems being externally exposed to the internet.

CVE-2025-55241 is an elevation of privilege vulnerability affecting Microsoft Azure Entra ID. It is categorized under CWE-287 (Improper Authentication). An attacker can exploit a flaw in Azure Entra's code that incorrectly manages permissions by sending a specially crafted request to elevate their privilege level. This could lead to unauthorized data access or manipulation, potentially compromising the system's integrity and confidentiality. As of September 2025, there are no public technical details, exploitation code, or root cause analysis available for this specific vulnerability. However, similar Azure Entra ID privilege escalation vulnerabilities involve service principal permission abuse, OAuth scope misconfigurations, hybrid identity synchronization weaknesses, and exploitation of undocumented permissions in Microsoft first-party applications. Applying the vendor's patch is the best way to mitigate this vulnerability.

CVE-2025-10585 is a type confusion vulnerability in the V8 JavaScript engine of Google Chrome. This flaw can be exploited by attackers to cause unexpected software behavior, potentially leading to arbitrary code execution or program crashes. The vulnerability can be triggered when a program allocates a resource using one type but later accesses it with an incompatible type. To exploit this, an attacker could trick a user into visiting a specially crafted website containing malicious JavaScript code. Google's Threat Analysis Group discovered and reported the vulnerability on September 16, 2025, and confirmed that it was being actively exploited in the wild.

CVE-2025-5086 is a deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025. Exploitation of this vulnerability could lead to remote code execution. Specifically, the vulnerability exists because the application does not properly validate data during the deserialization process. An attacker could potentially execute arbitrary code remotely without requiring user interaction, leading to a full system compromise, unauthorized code execution, potential data theft or manipulation, or complete system availability disruption.

CVE-2025-53690 is a ViewState deserialization vulnerability affecting Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud. The vulnerability stems from the reuse of a sample ASP.NET machine key that was included in official Sitecore deployment guides prior to 2017 and, in some instances, mistakenly implemented in production environments. Attackers who possess this key can create malicious __VIEWSTATE payloads, bypassing validation and enabling code execution on the targeted server. This turns a misconfiguration into a Remote Code Execution (RCE) vector. The initial compromise can grant attackers access under the NETWORK SERVICE account. The WEEPSTEEL malware may be deployed to gather system, network, and user information.

CVE-2025-48543 is a vulnerability affecting the Android Runtime (ART), which is responsible for running applications on Android devices. This vulnerability could allow a local attacker to gain elevated privileges without requiring user interaction. Exploitation attempts of CVE-2025-48543 have been observed. The vulnerability stems from a use-after-free issue that could allow an attacker to escape the Chrome sandbox and attack the Android system server. Google has released security updates for Android-powered devices, including fixes for CVE-2025-48543.