Trending now

CVE-2025-9961 is a remote code execution (RCE) vulnerability found in TP-Link routers, specifically affecting the CWMP (CPE WAN Management Protocol) binary. An authenticated attacker can exploit this flaw to remotely execute arbitrary code on the affected devices. The vulnerability can be triggered by sending malformed SOAP requests. The vulnerability is a stack-based buffer overflow within the cwmp process. Security researchers bypassed Address Space Layout Randomization (ASLR) by brute-forcing the base address of the standard C library. Successful exploitation allows an attacker to gain full control of the router, potentially intercepting traffic, launching attacks on the local network, or adding the device to a botnet. The exploit often involves using a return-to-libc (ret2libc) technique to call the system() function with a command to download and execute a malicious binary from an attacker-controlled server.

CVE-2025-21042 is an out-of-bounds write vulnerability found in Samsung's libimagecodec.quram.so library. This library is responsible for handling image parsing and decoding on Samsung Galaxy devices. The vulnerability is triggered when processing a specially crafted image file, leading to a write operation outside the allocated memory boundaries. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on affected devices. This can be achieved through various channels such as email attachments, messaging apps, or web browsing, where the device processes an attacker-supplied image. A patch has been released in the SMR Apr-2025 Release 1 security update to address this vulnerability.

CVE-2025-49844 is a vulnerability in Redis that stems from improper memory management within its embedded Lua interpreter. The core issue is a use-after-free bug that can be triggered via a specially crafted Lua script. An authenticated user can manipulate the garbage collection process, exploiting freed memory pointers to potentially execute arbitrary code within the Redis server's process. This vulnerability exists in all Redis versions that include Lua scripting support. Redis has released patches to address this vulnerability. For more information on remediation, see the security advisory from Redis.

CVE-2025-64495 affects Open WebUI, a self-hosted AI platform, specifically versions 0.6.34 and below. The vulnerability is a Stored DOM-based Cross-Site Scripting (XSS) issue that occurs when the "Insert Prompt as Rich Text" feature is enabled. The application doesn't sanitize the prompt body when inserting custom prompts into the chat window, which allows the injection of malicious code. An attacker with permission to create prompts can inject a malicious JavaScript payload that could be triggered when other users run the corresponding command to insert the prompt. Successful exploitation could lead to account takeover or even remote code execution. Version 0.6.35 addresses this vulnerability.

CVE-2025-6554 is a type confusion vulnerability found in the V8 JavaScript engine, which is used in Chrome and other Chromium-based browsers. This vulnerability can be exploited by remote, unauthenticated attackers by serving crafted HTML pages to targeted users. If successful, the attacker can trick V8 into misinterpreting memory types, potentially leading to arbitrary read/write operations. In some scenarios, this could allow for full remote code execution. Google is aware that the vulnerability is being actively exploited in the wild. A security update has been released for Chrome to address this zero-day vulnerability. The vulnerability was discovered by Clément Lecigne of Google's Threat Analysis Group (TAG) on June 25, 2025.

CVE-2025-64459 is an SQL injection vulnerability affecting Django, a widely-used Python web framework. The vulnerability resides in the `QuerySet` methods (`filter()`, `exclude()`, `get()`) and the `Q()` class. It occurs when a crafted dictionary with dictionary expansion is used as the `_connector` argument. Attackers can exploit this vulnerability by injecting malicious SQL commands through manipulating the `_connector` argument in `QuerySet` methods. This can lead to unauthorized database access, data manipulation, or exposure of sensitive information. Django versions 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8 are affected. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) might also be affected.

CVE-2025-20343 is a vulnerability in the RADIUS setting "Reject RADIUS requests from clients with repeated failures" on Cisco Identity Services Engine (ISE). This vulnerability could allow an unauthenticated, remote attacker to cause the Cisco ISE to restart unexpectedly. The vulnerability is due to a logic error when processing a RADIUS access request for a MAC address that is already a rejected endpoint. An attacker could exploit this vulnerability by sending a specific sequence of multiple crafted RADIUS access request messages to Cisco ISE.

CVE-2025-21043 is a vulnerability affecting Samsung devices running Android versions 13, 14, 15, and 16. It is an out-of-bounds write vulnerability found in `libimagecodec.quram.so`, a closed-source image parsing library developed by Quramsoft. This library is used to process image formats. The vulnerability allows remote attackers to execute arbitrary code on affected devices. Samsung has released a security patch in their September 2025 Security Maintenance Release (SMR) to address the "incorrect implementation" that caused the vulnerability. It was reported that this vulnerability was exploited in zero-day attacks.

CVE-2025-41244 is a local privilege escalation vulnerability affecting VMware Tools and VMware Aria Operations. It stems from overly broad regular expression patterns in the `get-versions.sh` component used by both VMware Tools and Aria Operations' Service Discovery Management Pack (SDMP). The `get_version()` function in this script scans for listening sockets and then executes matched binaries to retrieve version information. However, the use of the non-whitespace shorthand `\S` unintentionally includes user-writable directories such as `/tmp/httpd`. Attackers can exploit this by staging malicious binaries in these user-writable locations. The privileged VMware context then executes these binaries, leading to a local privilege escalation. By mimicking system binaries in writable paths, CVE-2025-41244 violates CWE-426: Untrusted Search Path, offering trivial local privilege escalation opportunities.