home.social
Sign in Create account

#cve2025 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cve2025, aggregated by home.social.

  1. TechNadu @[email protected] ·

    Security Advisory Summary:
    SolarWinds Serv-U 15.5.4 patches four critical vulnerabilities:
    • CVE-2025-40538 – Broken access control → system admin creation + root RCE
    • Two type confusion flaws → root code execution
    • One IDOR vulnerability → elevated execution

    Attack prerequisites:
    High-privileged access required. Exploitation likely via credential compromise or chained privilege escalation.

    Exposure landscape:
    12K+ internet-facing instances observed (Shodan)
    File transfer platforms remain ransomware-favored entry vectors

    Historical context:
    Prior Serv-U CVEs exploited by ransomware groups and state-aligned actors.

    Immediate actions:
    - Patch to 15.5.4
    - Audit privileged accounts
    - Review FTP/SFTP exposure
    - Monitor for anomalous admin creation

    Source: bleepingcomputer.com/news/secu

    Follow us for tactical advisories and vulnerability intelligence.

    Comment with your detection or hardening recommendations.

    #Infosec #SolarWinds #ThreatIntel #CVE2025 #RCE #PrivilegeEscalation #BlueTeam #SecurityEngineering #AttackSurface #ZeroTrust

    #infosec #solarwinds #threatintel #cve2025 #rce #privilegeescalation
  2. TechNadu @[email protected] ·

    Security Advisory Summary:
    SolarWinds Serv-U 15.5.4 patches four critical vulnerabilities:
    • CVE-2025-40538 – Broken access control → system admin creation + root RCE
    • Two type confusion flaws → root code execution
    • One IDOR vulnerability → elevated execution

    Attack prerequisites:
    High-privileged access required. Exploitation likely via credential compromise or chained privilege escalation.

    Exposure landscape:
    12K+ internet-facing instances observed (Shodan)
    File transfer platforms remain ransomware-favored entry vectors

    Historical context:
    Prior Serv-U CVEs exploited by ransomware groups and state-aligned actors.

    Immediate actions:
    - Patch to 15.5.4
    - Audit privileged accounts
    - Review FTP/SFTP exposure
    - Monitor for anomalous admin creation

    Source: bleepingcomputer.com/news/secu

    Follow us for tactical advisories and vulnerability intelligence.

    Comment with your detection or hardening recommendations.

    #Infosec #SolarWinds #ThreatIntel #CVE2025 #RCE #PrivilegeEscalation #BlueTeam #SecurityEngineering #AttackSurface #ZeroTrust

    #infosec #solarwinds #threatintel #cve2025 #rce #privilegeescalation
  3. TechNadu @[email protected] ·

    Security Advisory Summary:
    SolarWinds Serv-U 15.5.4 patches four critical vulnerabilities:
    • CVE-2025-40538 – Broken access control → system admin creation + root RCE
    • Two type confusion flaws → root code execution
    • One IDOR vulnerability → elevated execution

    Attack prerequisites:
    High-privileged access required. Exploitation likely via credential compromise or chained privilege escalation.

    Exposure landscape:
    12K+ internet-facing instances observed (Shodan)
    File transfer platforms remain ransomware-favored entry vectors

    Historical context:
    Prior Serv-U CVEs exploited by ransomware groups and state-aligned actors.

    Immediate actions:
    - Patch to 15.5.4
    - Audit privileged accounts
    - Review FTP/SFTP exposure
    - Monitor for anomalous admin creation

    Source: bleepingcomputer.com/news/secu

    Follow us for tactical advisories and vulnerability intelligence.

    Comment with your detection or hardening recommendations.

    #Infosec #SolarWinds #ThreatIntel #CVE2025 #RCE #PrivilegeEscalation #BlueTeam #SecurityEngineering #AttackSurface #ZeroTrust

    #zerotrust #attacksurface #securityengineering #blueteam #privilegeescalation #rce
  4. TechNadu @[email protected] ·

    Security Advisory Summary:
    SolarWinds Serv-U 15.5.4 patches four critical vulnerabilities:
    • CVE-2025-40538 – Broken access control → system admin creation + root RCE
    • Two type confusion flaws → root code execution
    • One IDOR vulnerability → elevated execution

    Attack prerequisites:
    High-privileged access required. Exploitation likely via credential compromise or chained privilege escalation.

    Exposure landscape:
    12K+ internet-facing instances observed (Shodan)
    File transfer platforms remain ransomware-favored entry vectors

    Historical context:
    Prior Serv-U CVEs exploited by ransomware groups and state-aligned actors.

    Immediate actions:
    - Patch to 15.5.4
    - Audit privileged accounts
    - Review FTP/SFTP exposure
    - Monitor for anomalous admin creation

    Source: bleepingcomputer.com/news/secu

    Follow us for tactical advisories and vulnerability intelligence.

    Comment with your detection or hardening recommendations.

    #Infosec #SolarWinds #ThreatIntel #CVE2025 #RCE #PrivilegeEscalation #BlueTeam #SecurityEngineering #AttackSurface #ZeroTrust

    #infosec #solarwinds #threatintel #cve2025 #rce #privilegeescalation
  5. Hacker News @[email protected] ·

    All I Want for Xmas Is Your Secrets: LangGrinch Hits LangChain (CVE-2025-68664)

    cyata.ai/blog/langgrinch-langc

    #HackerNews #LangGrinch #LangChain #CVE2025 #cybersecurity #secrets

    #hackernews #langgrinch #langchain #cve2025 #cybersecurity #secrets
  6. Hacker News @[email protected] ·

    All I Want for Xmas Is Your Secrets: LangGrinch Hits LangChain (CVE-2025-68664)

    cyata.ai/blog/langgrinch-langc

    #HackerNews #LangGrinch #LangChain #CVE2025 #cybersecurity #secrets

    #hackernews #langgrinch #langchain #cve2025 #cybersecurity #secrets
  7. Hacker News @[email protected] ·

    All I Want for Xmas Is Your Secrets: LangGrinch Hits LangChain (CVE-2025-68664)

    cyata.ai/blog/langgrinch-langc

    #HackerNews #LangGrinch #LangChain #CVE2025 #cybersecurity #secrets

    #hackernews #langgrinch #langchain #cve2025 #cybersecurity #secrets
  8. Hacker News @[email protected] ·

    All I Want for Xmas Is Your Secrets: LangGrinch Hits LangChain (CVE-2025-68664)

    cyata.ai/blog/langgrinch-langc

    #HackerNews #LangGrinch #LangChain #CVE2025 #cybersecurity #secrets

    #secrets #cybersecurity #cve2025 #langchain #langgrinch #hackernews
  9. Hacker News @[email protected] ·

    All I Want for Xmas Is Your Secrets: LangGrinch Hits LangChain (CVE-2025-68664)

    cyata.ai/blog/langgrinch-langc

    #HackerNews #LangGrinch #LangChain #CVE2025 #cybersecurity #secrets

    #hackernews #langgrinch #langchain #cve2025 #cybersecurity #secrets
  10. Reddit Tech VN Bot @[email protected] ·

    Critical n8n flaw (CVE-2025-68613, CVSS 9.9) allows RCE via expression injection. Affected versions: >=0.211.0 <1.120.4. Update now! #n8n #CVE2025 #RCE #Security #AnhNguồn #CôngNghệ

    reddit.com/r/selfhosted/commen

    #n8n #cve2025 #rce #security #anhnguồn #congnghệ
  11. OffSequence @[email protected] ·

    🚨 CVE-2025-14388: CRITICAL vuln in PhastPress (≤3.7) lets unauth attackers read files like wp-config.php using double-encoded null bytes. Patch unavailable—disable plugin, block %2500 in URLs, monitor logs! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vulnerability #CVE2025

    #offseq #wordpress #vulnerability #cve2025
  12. OffSequence @[email protected] ·

    🚨 CVE-2025-14388: CRITICAL vuln in PhastPress (≤3.7) lets unauth attackers read files like wp-config.php using double-encoded null bytes. Patch unavailable—disable plugin, block %2500 in URLs, monitor logs! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vulnerability #CVE2025

    #offseq #wordpress #vulnerability #cve2025
  13. OffSequence @[email protected] ·

    🚨 CVE-2025-14388: CRITICAL vuln in PhastPress (≤3.7) lets unauth attackers read files like wp-config.php using double-encoded null bytes. Patch unavailable—disable plugin, block %2500 in URLs, monitor logs! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vulnerability #CVE2025

    #offseq #wordpress #vulnerability #cve2025
  14. OffSequence @[email protected] ·

    🚨 CVE-2025-14388: CRITICAL vuln in PhastPress (≤3.7) lets unauth attackers read files like wp-config.php using double-encoded null bytes. Patch unavailable—disable plugin, block %2500 in URLs, monitor logs! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vulnerability #CVE2025

    #cve2025 #vulnerability #wordpress #offseq
  15. OffSequence @[email protected] ·

    🚨 CVE-2025-14388: CRITICAL vuln in PhastPress (≤3.7) lets unauth attackers read files like wp-config.php using double-encoded null bytes. Patch unavailable—disable plugin, block %2500 in URLs, monitor logs! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vulnerability #CVE2025

    #offseq #wordpress #vulnerability #cve2025
  16. OffSequence @[email protected] ·

    🔎 CVE-2025-11544 (CRITICAL, CVSS 9.5): Sharp Display Solutions projectors let attackers upload unauthorized firmware—remote, no auth needed. All models vulnerable. Urgently segment, restrict, and monitor! radar.offseq.com/threat/cve-20 #OffSeq #CVE2025 #infosec #embeddedsecurity

    #offseq #cve2025 #infosec #embeddedsecurity
  17. OffSequence @[email protected] ·

    🔎 CVE-2025-11544 (CRITICAL, CVSS 9.5): Sharp Display Solutions projectors let attackers upload unauthorized firmware—remote, no auth needed. All models vulnerable. Urgently segment, restrict, and monitor! radar.offseq.com/threat/cve-20 #OffSeq #CVE2025 #infosec #embeddedsecurity

    #offseq #cve2025 #infosec #embeddedsecurity
  18. OffSequence @[email protected] ·

    🔎 CVE-2025-11544 (CRITICAL, CVSS 9.5): Sharp Display Solutions projectors let attackers upload unauthorized firmware—remote, no auth needed. All models vulnerable. Urgently segment, restrict, and monitor! radar.offseq.com/threat/cve-20 #OffSeq #CVE2025 #infosec #embeddedsecurity

    #embeddedsecurity #infosec #cve2025 #offseq
  19. OffSequence @[email protected] ·

    🔎 CVE-2025-11544 (CRITICAL, CVSS 9.5): Sharp Display Solutions projectors let attackers upload unauthorized firmware—remote, no auth needed. All models vulnerable. Urgently segment, restrict, and monitor! radar.offseq.com/threat/cve-20 #OffSeq #CVE2025 #infosec #embeddedsecurity

    #offseq #cve2025 #infosec #embeddedsecurity
  20. OffSequence @[email protected] ·

    🔴 CVE-2025-11545: CRITICAL vuln in all Sharp projectors—embedded HTTP server leaks sensitive info, enables unauth’d remote actions. Network access only! Segment, restrict HTTP, monitor for abuse. Patch ASAP when available. radar.offseq.com/threat/cve-20 #OffSeq #CVE2025 #IoTSecurity

    #offseq #cve2025 #iotsecurity
  21. OffSequence @[email protected] ·

    🔴 CVE-2025-11545: CRITICAL vuln in all Sharp projectors—embedded HTTP server leaks sensitive info, enables unauth’d remote actions. Network access only! Segment, restrict HTTP, monitor for abuse. Patch ASAP when available. radar.offseq.com/threat/cve-20 #OffSeq #CVE2025 #IoTSecurity

    #offseq #cve2025 #iotsecurity
  22. OffSequence @[email protected] ·

    🔴 CVE-2025-11545: CRITICAL vuln in all Sharp projectors—embedded HTTP server leaks sensitive info, enables unauth’d remote actions. Network access only! Segment, restrict HTTP, monitor for abuse. Patch ASAP when available. radar.offseq.com/threat/cve-20 #OffSeq #CVE2025 #IoTSecurity

    #iotsecurity #cve2025 #offseq
  23. OffSequence @[email protected] ·

    🔴 CVE-2025-11545: CRITICAL vuln in all Sharp projectors—embedded HTTP server leaks sensitive info, enables unauth’d remote actions. Network access only! Segment, restrict HTTP, monitor for abuse. Patch ASAP when available. radar.offseq.com/threat/cve-20 #OffSeq #CVE2025 #IoTSecurity

    #offseq #cve2025 #iotsecurity
  24. OffSequence @[email protected] ·

    🚨 CVE-2025-15016: CRITICAL flaw in Ragic Enterprise Cloud Database. Hard-coded crypto key enables remote, unauthenticated access as any user. Audit & restrict access urgently. No patch yet—mitigate now! radar.offseq.com/threat/cve-20 #OffSeq #CloudSecurity #Vulnerability #CVE2025

    #offseq #cloudsecurity #vulnerability #cve2025
  25. OffSequence @[email protected] ·

    🚨 CVE-2025-15016: CRITICAL flaw in Ragic Enterprise Cloud Database. Hard-coded crypto key enables remote, unauthenticated access as any user. Audit & restrict access urgently. No patch yet—mitigate now! radar.offseq.com/threat/cve-20 #OffSeq #CloudSecurity #Vulnerability #CVE2025

    #offseq #cloudsecurity #vulnerability #cve2025
  26. OffSequence @[email protected] ·

    🚨 CVE-2025-15016: CRITICAL flaw in Ragic Enterprise Cloud Database. Hard-coded crypto key enables remote, unauthenticated access as any user. Audit & restrict access urgently. No patch yet—mitigate now! radar.offseq.com/threat/cve-20 #OffSeq #CloudSecurity #Vulnerability #CVE2025

    #cve2025 #vulnerability #cloudsecurity #offseq
  27. OffSequence @[email protected] ·

    🚨 CVE-2025-15016: CRITICAL flaw in Ragic Enterprise Cloud Database. Hard-coded crypto key enables remote, unauthenticated access as any user. Audit & restrict access urgently. No patch yet—mitigate now! radar.offseq.com/threat/cve-20 #OffSeq #CloudSecurity #Vulnerability #CVE2025

    #offseq #cloudsecurity #vulnerability #cve2025
  28. hasamba @[email protected] ·

    🎯 Threat Intelligence
    ===================

    Executive summary: The ProjectDiscovery year-in-review highlights a small set of high-impact vulnerabilities that drove exploitation behaviour across 2025. Public disclosure, rapid PoCs, and immediate scanning activity shrank the window between advisories and operational exploitation for issues offering unauthenticated access, reliable RCE, or broad reach.

    Technical details:
    • CVE-2025-55182 — React Server Components deserialization flaw (branded React2Shell). The bug enabled unauthenticated remote code execution at framework level, increasing the number of viable targets across internal, staging, and production applications.
    • CVE-2025-31324 — SAP NetWeaver Visual Composer Metadata Uploader lacked authentication, allowing direct upload of JSP web shells and immediate code execution in affected deployments.
    • Additional notable mentions in the report include CVE-2025-0108 (PAN-OS authentication bypass), CVE-2025-20188 (Cisco IOS XE hardcoded JWT), and CVE-2025-32433 (Erlang/OTP SSH RCE).

    Analysis:
    • Attackers prioritized practicality over novelty: unauthenticated flaws and RCE at scale provided predictable, high-value access paths (e.g., SAP systems leading to enterprise-wide impact).
    • Framework-level flaws (React2Shell) blurred the boundary between application internals and external attack surface, making many otherwise non-exposed apps exploitable.
    • Exploitation progressed through observable phases: perimeter device compromise, runtime/software exposure, ubiquity as multiplier, and finally developer/update infrastructure targeting.

    Detection:
    • Community detection work and exposure scanning (including public Nuclei templates) were primary signals cited for tracking exploitation. Example template reference: Nuclei template: CVE-2025-55182.
    • Observable indicators included rapid, high-volume scanning for framework-specific endpoints and attempts to upload/execute web shell artifacts against upload endpoints.

    Mitigation and defender takeaways (reported):
    • The year demonstrated narrowing disclosure-to-exploit windows and emphasized treating widely deployed frameworks as part of the external attack surface.
    • Incident response priorities shifted toward faster detection of scanning/exploitation activity and inventorying framework exposure across environments.

    References:
    • ProjectDiscovery: Year in Review: The Vulnerabilities That Defined 2025 • CVE-2025-55182, CVE-2025-31324, CVE-2025-0108, CVE-2025-20188, CVE-2025-32433

    🔹 React2Shell #CVE2025 #SAPNetWeaver #Nuclei #ThreatIntel

    🔗 Source: projectdiscovery.io/blog/year-

    #cve2025 #sapnetweaver #nuclei #threatintel
  29. hasamba @[email protected] ·

    🎯 Threat Intelligence
    ===================

    Executive summary: The ProjectDiscovery year-in-review highlights a small set of high-impact vulnerabilities that drove exploitation behaviour across 2025. Public disclosure, rapid PoCs, and immediate scanning activity shrank the window between advisories and operational exploitation for issues offering unauthenticated access, reliable RCE, or broad reach.

    Technical details:
    • CVE-2025-55182 — React Server Components deserialization flaw (branded React2Shell). The bug enabled unauthenticated remote code execution at framework level, increasing the number of viable targets across internal, staging, and production applications.
    • CVE-2025-31324 — SAP NetWeaver Visual Composer Metadata Uploader lacked authentication, allowing direct upload of JSP web shells and immediate code execution in affected deployments.
    • Additional notable mentions in the report include CVE-2025-0108 (PAN-OS authentication bypass), CVE-2025-20188 (Cisco IOS XE hardcoded JWT), and CVE-2025-32433 (Erlang/OTP SSH RCE).

    Analysis:
    • Attackers prioritized practicality over novelty: unauthenticated flaws and RCE at scale provided predictable, high-value access paths (e.g., SAP systems leading to enterprise-wide impact).
    • Framework-level flaws (React2Shell) blurred the boundary between application internals and external attack surface, making many otherwise non-exposed apps exploitable.
    • Exploitation progressed through observable phases: perimeter device compromise, runtime/software exposure, ubiquity as multiplier, and finally developer/update infrastructure targeting.

    Detection:
    • Community detection work and exposure scanning (including public Nuclei templates) were primary signals cited for tracking exploitation. Example template reference: Nuclei template: CVE-2025-55182.
    • Observable indicators included rapid, high-volume scanning for framework-specific endpoints and attempts to upload/execute web shell artifacts against upload endpoints.

    Mitigation and defender takeaways (reported):
    • The year demonstrated narrowing disclosure-to-exploit windows and emphasized treating widely deployed frameworks as part of the external attack surface.
    • Incident response priorities shifted toward faster detection of scanning/exploitation activity and inventorying framework exposure across environments.

    References:
    • ProjectDiscovery: Year in Review: The Vulnerabilities That Defined 2025 • CVE-2025-55182, CVE-2025-31324, CVE-2025-0108, CVE-2025-20188, CVE-2025-32433

    🔹 React2Shell #CVE2025 #SAPNetWeaver #Nuclei #ThreatIntel

    🔗 Source: projectdiscovery.io/blog/year-

    #threatintel #nuclei #sapnetweaver #cve2025
  30. OffSequence @[email protected] ·

    🚨 CVE-2025-68398: CRITICAL vuln in Weblate (<5.15.1). Privileged users can overwrite Git configs, risking full system compromise. Patch to 5.15.1+ & audit Git settings now! radar.offseq.com/threat/cve-20 #OffSeq #Weblate #Infosec #CVE2025

    #offseq #weblate #infosec #cve2025
  31. OffSequence @[email protected] ·

    🚨 CVE-2025-68398: CRITICAL vuln in Weblate (<5.15.1). Privileged users can overwrite Git configs, risking full system compromise. Patch to 5.15.1+ & audit Git settings now! radar.offseq.com/threat/cve-20 #OffSeq #Weblate #Infosec #CVE2025

    #offseq #weblate #infosec #cve2025
  32. OffSequence @[email protected] ·

    🚨 CVE-2025-68398: CRITICAL vuln in Weblate (<5.15.1). Privileged users can overwrite Git configs, risking full system compromise. Patch to 5.15.1+ & audit Git settings now! radar.offseq.com/threat/cve-20 #OffSeq #Weblate #Infosec #CVE2025

    #offseq #weblate #infosec #cve2025
  33. OffSequence @[email protected] ·

    🚨 CVE-2025-68398: CRITICAL vuln in Weblate (<5.15.1). Privileged users can overwrite Git configs, risking full system compromise. Patch to 5.15.1+ & audit Git settings now! radar.offseq.com/threat/cve-20 #OffSeq #Weblate #Infosec #CVE2025

    #cve2025 #infosec #weblate #offseq
  34. OffSequence @[email protected] ·

    🚨 CVE-2025-68398: CRITICAL vuln in Weblate (<5.15.1). Privileged users can overwrite Git configs, risking full system compromise. Patch to 5.15.1+ & audit Git settings now! radar.offseq.com/threat/cve-20 #OffSeq #Weblate #Infosec #CVE2025

    #offseq #weblate #infosec #cve2025
  35. OffSequence @[email protected] ·

    ⚠️ CRITICAL: CVE-2025-47372 impacts Qualcomm Snapdragon (many models). Classic buffer overflow via oversized ELF files causes memory corruption—no auth required. Security teams: review exposure & monitor for updates. radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #Snapdragon #CVE2025

    #offseq #vulnerability #snapdragon #cve2025
  36. OffSequence @[email protected] ·

    ⚠️ CRITICAL: CVE-2025-47372 impacts Qualcomm Snapdragon (many models). Classic buffer overflow via oversized ELF files causes memory corruption—no auth required. Security teams: review exposure & monitor for updates. radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #Snapdragon #CVE2025

    #offseq #vulnerability #snapdragon #cve2025
  37. OffSequence @[email protected] ·

    ⚠️ CRITICAL: CVE-2025-47372 impacts Qualcomm Snapdragon (many models). Classic buffer overflow via oversized ELF files causes memory corruption—no auth required. Security teams: review exposure & monitor for updates. radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #Snapdragon #CVE2025

    #cve2025 #snapdragon #vulnerability #offseq
  38. OffSequence @[email protected] ·

    ⚠️ CRITICAL: CVE-2025-47372 impacts Qualcomm Snapdragon (many models). Classic buffer overflow via oversized ELF files causes memory corruption—no auth required. Security teams: review exposure & monitor for updates. radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #Snapdragon #CVE2025

    #offseq #vulnerability #snapdragon #cve2025
  39. OffSequence @[email protected] ·

    ⚠️ HIGH severity: CVE-2025-11924 impacts Ninja Forms (WordPress), letting unauthenticated attackers access form data via REST API. Patch 3.13.1 is ineffective. Restrict API, audit tokens, and monitor logs. More info: radar.offseq.com/threat/cve-20 #OffSeq #WordPress #CVE2025 #Security

    #offseq #wordpress #cve2025 #security
  40. OffSequence @[email protected] ·

    ⚠️ HIGH severity: CVE-2025-11924 impacts Ninja Forms (WordPress), letting unauthenticated attackers access form data via REST API. Patch 3.13.1 is ineffective. Restrict API, audit tokens, and monitor logs. More info: radar.offseq.com/threat/cve-20 #OffSeq #WordPress #CVE2025 #Security

    #offseq #wordpress #cve2025 #security
  41. OffSequence @[email protected] ·

    ⚠️ HIGH severity: CVE-2025-11924 impacts Ninja Forms (WordPress), letting unauthenticated attackers access form data via REST API. Patch 3.13.1 is ineffective. Restrict API, audit tokens, and monitor logs. More info: radar.offseq.com/threat/cve-20 #OffSeq #WordPress #CVE2025 #Security

    #security #cve2025 #wordpress #offseq
  42. OffSequence @[email protected] ·

    ⚠️ HIGH severity: CVE-2025-11924 impacts Ninja Forms (WordPress), letting unauthenticated attackers access form data via REST API. Patch 3.13.1 is ineffective. Restrict API, audit tokens, and monitor logs. More info: radar.offseq.com/threat/cve-20 #OffSeq #WordPress #CVE2025 #Security

    #offseq #wordpress #cve2025 #security
  43. OffSequence @[email protected] ·

    🚨 CRITICAL: CVE-2025-13955 in EZCast Pro II v1.17478.146 — Predictable default Wi-Fi password lets attackers nearby calculate access credentials. Review your AP configs & restrict access. More info: radar.offseq.com/threat/cve-20 #OffSeq #CVE2025 #IoTSecurity #Infosec

    #offseq #cve2025 #iotsecurity #infosec
  44. OffSequence @[email protected] ·

    🚨 CRITICAL: CVE-2025-13955 in EZCast Pro II v1.17478.146 — Predictable default Wi-Fi password lets attackers nearby calculate access credentials. Review your AP configs & restrict access. More info: radar.offseq.com/threat/cve-20 #OffSeq #CVE2025 #IoTSecurity #Infosec

    #offseq #cve2025 #iotsecurity #infosec
  45. OffSequence @[email protected] ·

    🚨 CRITICAL: CVE-2025-13955 in EZCast Pro II v1.17478.146 — Predictable default Wi-Fi password lets attackers nearby calculate access credentials. Review your AP configs & restrict access. More info: radar.offseq.com/threat/cve-20 #OffSeq #CVE2025 #IoTSecurity #Infosec

    #infosec #iotsecurity #cve2025 #offseq
  46. OffSequence @[email protected] ·

    🚨 CRITICAL: CVE-2025-13955 in EZCast Pro II v1.17478.146 — Predictable default Wi-Fi password lets attackers nearby calculate access credentials. Review your AP configs & restrict access. More info: radar.offseq.com/threat/cve-20 #OffSeq #CVE2025 #IoTSecurity #Infosec

    #offseq #cve2025 #iotsecurity #infosec
  47. TechNadu @[email protected] ·

    Cal.com has patched a critical authentication bypass (CVE-2025-66489) that allowed attackers to submit any non-empty TOTP field and skip password checks. Versions ≤5.9.7 were impacted.

    Update to 5.9.8 to ensure both password and TOTP verification are enforced.
    How should MFA implementations be validated to prevent logic gaps like this?

    Source: gbhackers.com/critical-cal-com

    Share your insights and follow us for more security reporting.

    #infosec #appsec #CVE2025 #authentication #MFA #ThreatIntel #SecureCoding #SoftwareSecurity #VulnerabilityManagement #SecurityUpdate

    #infosec #appsec #cve2025 #authentication #mfa #threatintel
  48. TechNadu @[email protected] ·

    Cal.com has patched a critical authentication bypass (CVE-2025-66489) that allowed attackers to submit any non-empty TOTP field and skip password checks. Versions ≤5.9.7 were impacted.

    Update to 5.9.8 to ensure both password and TOTP verification are enforced.
    How should MFA implementations be validated to prevent logic gaps like this?

    Source: gbhackers.com/critical-cal-com

    Share your insights and follow us for more security reporting.

    #infosec #appsec #CVE2025 #authentication #MFA #ThreatIntel #SecureCoding #SoftwareSecurity #VulnerabilityManagement #SecurityUpdate

    #infosec #appsec #cve2025 #authentication #mfa #threatintel
  49. TechNadu @[email protected] ·

    Cal.com has patched a critical authentication bypass (CVE-2025-66489) that allowed attackers to submit any non-empty TOTP field and skip password checks. Versions ≤5.9.7 were impacted.

    Update to 5.9.8 to ensure both password and TOTP verification are enforced.
    How should MFA implementations be validated to prevent logic gaps like this?

    Source: gbhackers.com/critical-cal-com

    Share your insights and follow us for more security reporting.

    #infosec #appsec #CVE2025 #authentication #MFA #ThreatIntel #SecureCoding #SoftwareSecurity #VulnerabilityManagement #SecurityUpdate

    #infosec #appsec #cve2025 #authentication #mfa #threatintel
  50. TechNadu @[email protected] ·

    Cal.com has patched a critical authentication bypass (CVE-2025-66489) that allowed attackers to submit any non-empty TOTP field and skip password checks. Versions ≤5.9.7 were impacted.

    Update to 5.9.8 to ensure both password and TOTP verification are enforced.
    How should MFA implementations be validated to prevent logic gaps like this?

    Source: gbhackers.com/critical-cal-com

    Share your insights and follow us for more security reporting.

    #infosec #appsec #CVE2025 #authentication #MFA #ThreatIntel #SecureCoding #SoftwareSecurity #VulnerabilityManagement #SecurityUpdate

    #securityupdate #vulnerabilitymanagement #softwaresecurity #securecoding #threatintel #mfa