CyberSecurity news

FlagThis - #cve

CISA@All CISA Advisories //

CISA Warns of Actively Exploited Apache, SonicWall Flaws

CISA has added two new vulnerabilities, CVE-2024-38475 and CVE-2023-44221, to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities affect Apache HTTP Server and SonicWall SMA100 series appliances, posing significant risks to organizations that utilize these technologies. The agency is urging organizations to take immediate action to mitigate potential exploits. The addition to the KEV catalog highlights the active exploitation of these flaws in the wild, increasing the urgency for patching and remediation.

The vulnerabilities impacting SonicWall SMA 100 devices are particularly concerning due to the potential for complete system takeover and session hijacking. Cybersecurity researchers at watchTowr have discovered that malicious actors are actively combining these vulnerabilities. CVE-2024-38475, an Apache HTTP pre-authentication arbitrary file read vulnerability discovered by Orange Tsai, allows unauthorized file reading. CVE-2023-44221, a post-authentication command injection flaw discovered by Wenjie Zhong (H4lo) of DBappSecurity Co., Ltd, enables attackers to execute arbitrary commands on affected systems.

The combination of these two vulnerabilities allows attackers to extract sensitive information, such as administrator session tokens, effectively bypassing login credentials. Once this initial foothold is established, the command injection vulnerability can be exploited to execute arbitrary commands, potentially leading to session hijacking and full system compromise. The vulnerabilities affect SMA 100 series appliances, including models SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v. watchTowr has warned of active exploitation of these vulnerabilities, urging organizations to apply available patches to secure their systems.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • watchTowr Labs: SonicBoom, From Stolen Tokens to Remote Shells - SonicWall SMA (CVE-2023-44221, CVE-2024-38475)
  • thecyberexpress.com: CISA Adds Two New Exploited Vulnerabilities to Its Catalog: CVE-2024-38475 and CVE-2023-44221
  • thecyberexpress.com: CISA Adds Two New Exploited Vulnerabilities to Its Catalog: CVE-2024-38475 and CVE-2023-44221
  • securityaffairs.com: U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog
Classification:
  • HashTags: #cve #vulnerability #patch
  • Company: Apache, SonicWall
  • Target: Systems using Apache HTTP Server, SonicWall SMA100
  • Product: Apache HTTP Server, SonicWall SMA100
  • Feature: OS Command Injection
  • Type: Vulnerability
  • Severity: Critical
Steve Zurier@scmagazine.com //

NIST to Defer Updates to Older Vulnerabilities

The National Institute of Standards and Technology (NIST) has announced that it will mark all Common Vulnerabilities and Exposures (CVEs) prior to January 1, 2018, as ‘deferred.’ This decision stems from the agency being overwhelmed by the surging volume of newly disclosed vulnerabilities and the agency will no longer prioritize updating National Vulnerability Database (NVD) enrichment for these older CVEs because of their age. This impacts a substantial number of CVEs, with estimates suggesting that over 94,000, or 34% of all CVEs, could be affected by this change. Despite this shift, NIST has stated it will continue to accept and review requests to update the metadata for these CVE records and prioritize updates if new information indicates it's appropriate, as time and resources allow.

This move has sparked concerns within the cybersecurity community. Many prolific cyber incidents have exploited older CVEs, like WannaCry, NotPetya, and the Colonial Pipeline attack. With limited resources, prioritizing newer vulnerabilities might protect a larger number of organizations. However, older vulnerabilities that are on the known exploited vulnerabilities KEV list will continue to be updated and worked on.

Experts are also worried about the potential for older CVEs to be revived using new AI-driven exploit techniques. Marc Gaffan, CEO of IONIX, noted the rapid advancement of AI capabilities and the concern that these techniques could catch organizations off guard, leaving them unprepared for re-emerging threats. Jon France, CISO at ISC2, emphasized the importance of keeping software patched and up-to-date. Despite the concerns, NIST's decision reflects the challenges of managing an ever-growing database of vulnerabilities with finite resources.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • www.scworld.com: NIST marks all CVEs prior to Jan. 1, 2018, as ‘deferred’
  • bsky.app: NIST gives up on enriching any CVE released before Jan 1, 2018
  • ComputerWeekly.com: NIST calls time on older vulnerabilities amid surging disclosures.
Classification:
@cyberalerts.io //

Critical Next.js Middleware Vulnerability

A critical vulnerability has been discovered in the widely-used Next.js framework, identified as CVE-2025-29927. This flaw allows attackers to bypass authorization checks within the framework's middleware system. Middleware is commonly used to enforce authentication, authorization, path rewriting, and security-related headers, making this vulnerability particularly severe. Vercel, the company behind Next.js, disclosed the issue on March 21st, 2025, highlighting its potential impact on services relying on vulnerable versions of the framework.

To mitigate the risk, developers using Next.js version 11 or higher are urged to update to the patched versions: 15.2.3, 14.2.25, 13.5.9, or 12.3.5. For those unable to immediately update, a temporary workaround involves blocking user requests with the 'x-middleware-subrequest' header. Some hosting platforms, like Vercel and Netlify, have already implemented this measure to protect their users. The vulnerability allows login screens to be bypassed without proper credentials, potentially compromising user data and sensitive information.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • securityonline.info: Urgent: Patch Your Next.js for Authorization Bypass (CVE-2025-29927)
  • Open Source Security: Re: CVE-2025-29927: Authorization Bypass in Next.js Middleware
  • isc.sans.edu: ISC SANS posting on the Next.js vulnerability
  • bsky.app: It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware.
  • Blog: How to find Next.js on your network
  • Strobes Security: When security vulnerabilities appear in popular frameworks, they can affect thousands of websites overnight. That’s exactly what’s happening with a newly discovered Next.js vulnerability, one of the most widely used...
  • securityaffairs.com: Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
  • Open Source Security: CVE-2025-29927: Authorization Bypass in Next.js Middleware
  • socradar.io: Next.js Middleware Vulnerability (CVE-2025-29927): What You Need to Know and How to Respond
  • thehackernews.com: Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
  • securityboulevard.com: CVE-2025-29927 – Understanding the Next.js Middleware Vulnerability
  • BleepingComputer: Critical flaw in Next.js lets hackers bypass authorization
  • Help Net Security: Help Net Security reports on the critical Next.js authentication bypass vulnerability.
  • cyberscoop.com: Researchers raise alarm about critical Next.js vulnerability
  • Legit Security Blog: Next.js Vulnerability: What You Need to Know
  • Resources-2: Discovered a critical vulnerability affecting Next.js middleware, tracked as CVE-2025-29927.
  • The DefendOps Diaries: Understanding and mitigating CVE-2025-29927: a critical Next.js vulnerability
  • Developer Tech News: Critical security flaw uncovered in Next.js framework
  • nsfocusglobal.com: Next.js Middleware Permission Bypass Vulnerability (CVE-2025-29927)
  • www.techradar.com: Critical security flaw in Next.js could spell big trouble for JavaScript users
  • infosec.exchange: : Critical in NextJS (CVE-2025-29927) impacts all NextJS versions before 15.2.3, 14.2.25, 13.5.9, 12.3.5 allowing attackers to bypass authorisation checks. Great explanation and a Proof-of-Concept demonstration by @_JohnHammond 👇
  • SOC Prime Blog: CVE-2025-29927 Next.js Middleware Authorization Bypass Vulnerability
  • Kali Linux Tutorials: CVE-2025-29927 : Next.js Middleware Authorization Bypass – Technical Analysis
  • DEVCLASS: Next.js team fixes vuln that allows authorization bypass when middleware is used, revises documentation recommending this method
  • Rescana: Executive Summary The discovery of CVE-2025-29927 , a critical vulnerability in Next.js , has raised significant cybersecurity concerns...
  • Stormshield: A critical authentication bypass vulnerability impacting the Next.js middleware has been reported. It has been assigned the reference CVE-2025-29927 and a CVSS 3.1 score of 9.1. It should be noted that proof of concept are publicly available about this CVE-2025-29927 vulnerability.
  • Fastly Security Blog: CVE-2025-29927: Authorization Bypass in Next.js
  • hackread.com: Researchers have uncovered a critical vulnerability (CVE-2025-29927) in Next.js middleware, allowing authorization bypass. Learn about the exploit and fixes.
  • NCSC News Feed: The NCSC is encouraging UK organisations to take immediate action to mitigate a vulnerability (CVE-2025-29927) affecting the Next.js framework used to build web applications.
Classification:
  • HashTags: #NextjsVulnerability #Cybersecurity #CVE
  • Company: Next.js
  • Target: Next.js
  • Product: Next.js Framework
  • Feature: Middleware
  • Type: Vulnerability
  • Severity: Major

Posts

Blogs

Research Tools