@cert.europa.eu
//
A number of critical security vulnerabilities have been identified and addressed in several software products, highlighting the persistent need for vigilance and timely updates. One of the most severe issues is a critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-23121, in Veeam Backup & Replication. This flaw, which received a CVSS score of 9.9, allows an authenticated domain user to execute code remotely on the Backup Server, specifically impacting domain-joined backup servers. Veeam has released security updates to fix this and other vulnerabilities, urging users to upgrade to the latest version, 12.3.2 (build 12.3.2.3617), as soon as possible.
Affected products include Veeam Backup & Replication versions 12, 12.1, 12.2, 12.3, and 12.3.1, along with Veeam Agent for Microsoft Windows versions 6.0, 6.1, 6.2, 6.3, and 6.3.1. In addition to the critical RCE in Veeam, a high severity Arbitrary Code Execution (ACE) vulnerability (CVE-2025-24286) in Veeam Backup & Replication was also addressed, allowing an authenticated user with the Backup Operator role to modify backup jobs, potentially leading to arbitrary code execution. Further more, a medium severity local privilege escalation bug (CVE-2025-24287) was identified affecting the Windows Veeam agent, which allows local system users to execute arbitrary code with elevated permissions by modifying specific directory contents. Users are strongly advised to update their software to the latest versions to mitigate the risks associated with these vulnerabilities. For Veeam users, it is recommended to implement best practices provided by the vendor, such as using a separate management workgroup or domain for Veeam components. The discovery of an undocumented root shell access (CVE-2025-26412) in the SIMCom SIM7600G modem, highlighting the dangers of backdoors and undocumented features in embedded devices. Furthermore, a critical vulnerability (CVE-2025-3464) in Asus Armoury Crate allows attackers to gain SYSTEM privileges via hard link manipulation, advising users to update or disable the software. References :
Classification:
Bill Toulas@BleepingComputer
//
Critical vulnerabilities have been disclosed in several software products, raising concerns about potential security breaches. Two significant flaws have been identified in vBulletin forum software, tracked as CVE-2025-48827 and CVE-2025-48828. These vulnerabilities, with CVSS v3 scores of 10.0 and 9.0 respectively, enable API abuse and remote code execution. One of the flaws is reportedly being actively exploited in the wild, posing an immediate threat to vBulletin users. The vulnerabilities affect vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 when running on PHP 8.1 or later, however the vulnerabilities were likely patched last year in Patch Level 1 of the 6.* release branch.
Exploit details for a serious vulnerability in Cisco IOS XE Wireless Controller, designated CVE-2025-20188, have been publicly released, increasing the risk of exploitation. This vulnerability allows an attacker to take over devices by uploading files, performing path manipulation, and executing arbitrary commands with root privileges. The issue stems from a hardcoded JSON Web Token (JWT) which allows unauthenticated, remote attackers to generate valid tokens without knowing any secret information. Cisco has advised affected users to take immediate action to secure their systems. Horizon3's analysis shows the Cisco IOS XE WLC vulnerability is caused by a hardcoded JWT fallback secret ('notfound'). If the file ‘/tmp/nginx_jwt_key’ is missing, the script uses ‘notfound’ as the secret key to verify JWTs, allowing attackers to generate valid tokens without knowing any secret information. They can then send an HTTP POST request with a file upload to the ‘/ap_spec_rec/upload/’ endpoint via port 8443 using path manipulation in the file name to place an innocent file (foo.txt) outside the intended directory. To escalate the file upload vulnerability to remote code execution, an attacker can overwrite configuration files loaded by backend services, place web shells, or abuse monitored files to perform unauthorized actions. Users are advised to upgrade to a patched version (17.12.04 or newer) as soon as possible. References :
Classification:
|