CyberSecurity news
FlagThis - #apache
|
@securityonline.info
//
A critical security vulnerability has been discovered in Apache Roller, a Java-based blogging server software. The flaw, identified as CVE-2025-24859 and carrying a maximum severity CVSS score of 10.0, allows attackers to retain unauthorized access even after a user changes their password. This session management issue affects Apache Roller versions up to and including 6.1.4, potentially exposing blogs to unauthorized actions and undermining the security measures intended by password changes.
The vulnerability stems from the failure to properly invalidate active user sessions when a password is changed, either by the user or an administrator. This means that an attacker who has compromised a user's credentials could maintain continued access through an old session, even after the user has taken steps to secure their account by changing their password. This poses a significant risk, as it could enable unauthorized individuals to access and manipulate blog content, potentially leading to data breaches or other malicious activities. To address this critical flaw, Apache Roller version 6.1.5 has been released with a fix that implements centralized session management. This ensures that all active sessions are invalidated when passwords are changed or users are disabled, effectively preventing attackers from maintaining unauthorized access. Users of Apache Roller are strongly advised to upgrade to version 6.1.5 as soon as possible to mitigate the risk of exploitation and safeguard their blog sites from potential security breaches. The vulnerability was discovered and reported by security researcher Haining Meng. Recommended read:
References :
Pierluigi Paganini@securityaffairs.com
//
CISA has added a new Apache Tomcat vulnerability, identified as CVE-2025-24813, to its Known Exploited Vulnerabilities (KEV) catalog. This action follows evidence that the flaw is being actively exploited in the wild, posing a significant risk to organizations utilizing affected versions of Apache Tomcat. The vulnerability is a path equivalence issue within Apache Tomcat.
To mitigate the risk posed by CVE-2025-24813, impacted users are urged to upgrade their Apache Tomcat installations to the latest secure versions. Specifically, upgrades to Apache Tomcat 11.0.3 or later, Apache Tomcat 10.1.35 or later, or Apache Tomcat 9.0.99 or later are recommended. The advisory also includes IPS protection measures to detect and block potential attack attempts targeting this vulnerability affecting the Apache Tomcat web server. Recommended read:
References :
Divya@gbhackers.com
//
References:
Cyber Security News
, gbhackers.com
,
A critical vulnerability, CVE-2025-27017, has been identified in Apache NiFi, a popular data flow automation tool used by thousands of companies. The flaw affects versions 1.13.0 through 2.2.0 and exposes MongoDB credentials. An authorized user with read access to the system provenance records may see the credentials used to connect to MongoDB databases, potentially extracting the MongoDB credentials and gaining unauthorized access to sensitive data.
The vulnerability stems from the inclusion of MongoDB usernames and passwords in NiFi provenance events. This poses a significant risk, potentially leading to data breaches or tampering. NiFi is widely used to automate data pipelines for cybersecurity, observability, event streams, and generative AI applications, making this a high-priority concern for organizations leveraging the affected versions. The vulnerability has been addressed in Apache NiFi 2.3.0, which removes the credentials from provenance event records. Users of affected versions are strongly urged to upgrade to the latest release to mitigate the risk of credential exposure. Organizations using Apache NiFi should prioritize updating their systems to the latest version to protect their MongoDB credentials and prevent potential data breaches. Recommended read:
References :
do son@Daily CyberSecurity
//
A critical security vulnerability, CVE-2025-24813, has been identified in Apache Tomcat, potentially exposing servers to remote code execution (RCE) and data leaks. The vulnerability stems from a path equivalence issue related to how Tomcat handles filenames with internal dots, particularly when writes are enabled for the default servlet and partial PUT support is enabled. This flaw could allow attackers to execute malicious code, disclose sensitive information, or inject malicious content into uploaded files.
Users of Apache Tomcat versions 11.0.0-M1 through 11.0.2, 10.1.0-M1 through 10.1.34, and 9.0.0.M1 through 9.0.98 are advised to upgrade immediately to versions 11.0.3, 10.1.35, or 9.0.99 respectively, which include the necessary fixes. The vulnerability exists if an application uses Tomcat's file-based session persistence with the default storage location and includes a library susceptible to deserialization attacks, potentially leading to remote code execution. COSCo Shipping Lines DIC and sw0rd1ight are credited with discovering and reporting the vulnerability. Recommended read:
References :
@securityonline.info
//
References:
buherator's timeline
, Open Source Security
,
Multiple critical vulnerabilities have been discovered in Apache Cassandra, raising concerns about unauthorized access, privilege escalation, and potential theft of JMX credentials. These flaws, identified as CVE-2024-27137, CVE-2025-24860, and CVE-2025-23015, impact a wide range of Cassandra versions, potentially exposing sensitive data to malicious actors. Organizations relying on the open-source NoSQL database are urged to take immediate action.
The most alarming vulnerability, CVE-2025-24860, allows attackers to bypass network authorization controls. Specifically, it affects the CassandraNetworkAuthorizer and CassandraCIDRAuthorizer, granting unauthorized access to different network regions. This issue impacts Apache Cassandra versions 4.0.0 through 4.0.15, 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer. Users with restricted data center access can even escalate their own permissions through Data Control Language (DCL) statements on affected versions. Operators are advised to review data access rules and upgrade to versions 4.0.16, 4.1.8, 5.0.3, which address the issue. Recommended read:
References :
|