CyberSecurity news
FlagThis
Bill Toulas@BleepingComputer
//
Critical vulnerabilities have been disclosed in several software products, raising concerns about potential security breaches. Two significant flaws have been identified in vBulletin forum software, tracked as CVE-2025-48827 and CVE-2025-48828. These vulnerabilities, with CVSS v3 scores of 10.0 and 9.0 respectively, enable API abuse and remote code execution. One of the flaws is reportedly being actively exploited in the wild, posing an immediate threat to vBulletin users. The vulnerabilities affect vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 when running on PHP 8.1 or later, however the vulnerabilities were likely patched last year in Patch Level 1 of the 6.* release branch.
Exploit details for a serious vulnerability in Cisco IOS XE Wireless Controller, designated CVE-2025-20188, have been publicly released, increasing the risk of exploitation. This vulnerability allows an attacker to take over devices by uploading files, performing path manipulation, and executing arbitrary commands with root privileges. The issue stems from a hardcoded JSON Web Token (JWT) which allows unauthenticated, remote attackers to generate valid tokens without knowing any secret information. Cisco has advised affected users to take immediate action to secure their systems.
Horizon3's analysis shows the Cisco IOS XE WLC vulnerability is caused by a hardcoded JWT fallback secret ('notfound'). If the file ‘/tmp/nginx_jwt_key’ is missing, the script uses ‘notfound’ as the secret key to verify JWTs, allowing attackers to generate valid tokens without knowing any secret information. They can then send an HTTP POST request with a file upload to the ‘/ap_spec_rec/upload/’ endpoint via port 8443 using path manipulation in the file name to place an innocent file (foo.txt) outside the intended directory. To escalate the file upload vulnerability to remote code execution, an attacker can overwrite configuration files loaded by backend services, place web shells, or abuse monitored files to perform unauthorized actions. Users are advised to upgrade to a patched version (17.12.04 or newer) as soon as possible.
ImgSrc: www.bleepstatic
References :
Exploit details for a serious vulnerability in Cisco IOS XE Wireless Controller, designated CVE-2025-20188, have been publicly released, increasing the risk of exploitation. This vulnerability allows an attacker to take over devices by uploading files, performing path manipulation, and executing arbitrary commands with root privileges. The issue stems from a hardcoded JSON Web Token (JWT) which allows unauthenticated, remote attackers to generate valid tokens without knowing any secret information. Cisco has advised affected users to take immediate action to secure their systems.
Horizon3's analysis shows the Cisco IOS XE WLC vulnerability is caused by a hardcoded JWT fallback secret ('notfound'). If the file ‘/tmp/nginx_jwt_key’ is missing, the script uses ‘notfound’ as the secret key to verify JWTs, allowing attackers to generate valid tokens without knowing any secret information. They can then send an HTTP POST request with a file upload to the ‘/ap_spec_rec/upload/’ endpoint via port 8443 using path manipulation in the file name to place an innocent file (foo.txt) outside the intended directory. To escalate the file upload vulnerability to remote code execution, an attacker can overwrite configuration files loaded by backend services, place web shells, or abuse monitored files to perform unauthorized actions. Users are advised to upgrade to a patched version (17.12.04 or newer) as soon as possible.
ImgSrc: www.bleepstatic
Share:
References :
- securityaffairs.com: Security Affairs reports on two critical vBulletin flaws, tracked as CVE-2025-48827 and CVE-2025-48828, that enable API abuse and remote code execution.
- BleepingComputer: BleepingComputer reports on hackers exploiting a critical flaw in vBulletin forum software.
- Techzine Global: Techzine.eu reports on the public release of exploit details for a serious Cisco IOS XE vulnerability.
Classification:
- HashTags: #Vulnerabilities #Cybersecurity #PatchManagement
- Type: Vulnerability
- Severity: Major