CyberSecurity news

FlagThis - #securityvulnerability

@securityonline.info //

Progress Software Patches High-Severity LoadMaster Flaws - Multiple high-severity vulnerabilities in Progress Software's LoadMaster software could allow attackers to execute arbitrary system commands through improper input validation; patches are available and should be applied immediately.
Progress Software has released patches to address multiple high-severity vulnerabilities in its LoadMaster software. These flaws could allow remote, authenticated attackers to execute arbitrary system commands on affected systems. The vulnerabilities stem from improper input validation, where attackers who gain access to the management interface can inject malicious commands via crafted HTTP requests.

The affected software includes LoadMaster versions from 7.2.48.12 and prior, 7.2.49.0 to 7.2.54.12 (inclusive), and 7.2.55.0 to 7.2.60.1 (inclusive), as well as Multi-Tenant LoadMaster version 7.1.35.12 and prior. Progress Software has implemented input sanitization to mitigate these vulnerabilities, preventing arbitrary system commands from being executed. Users are advised to update to the latest patched versions to ensure the security of their systems.

Recommended read:
References :
  • community.progress.com: Progress security advisory "05" February 2024: (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection Remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate could issue a carefully crafted HTTP request that allows arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed.   We have not received any reports that these vulnerabilities have been exploited and we are not aware of any direct impact on customers.
  • securityaffairs.com: Progress Software fixed multiple high-severity LoadMaster flaws - SecurityAffairs
  • securityonline.info: Progress LoadMaster Security Update: Multiple Vulnerabilities Addressed - SecurityOnline
  • The Hacker News: Progress Software Patches High-Severity LoadMaster Flaws Affecting Multiple Versions - The Hacker News
  • securityonline.info: Security Online Article about Progress LoadMaster Security Update
  • : Progress security advisory "05" February 2024: (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
Ameer Owda@socradar.io //

Cisco ISE Critical Flaws Allow Remote Execution - Cisco addressed two critical remote code execution flaws in its Identity Services Engine (ISE) that could allow a remote attacker with read-only administrative privileges to execute arbitrary commands on affected devices.
Cisco has released patches to address two critical remote code execution vulnerabilities in its Identity Services Engine (ISE). The flaws, tracked as CVE-2025-20124 (CVSS score 9.9) and CVE-2025-20125 (CVSS score 9.1), could allow a remote attacker with read-only administrative privileges to execute arbitrary commands on affected devices. The vulnerabilities could prevent privilege escalation and system configuration changes.

The first vulnerability, CVE-2025-20124, is due to insecure deserialization of user-supplied Java byte streams, allowing attackers to execute arbitrary commands and elevate privileges by sending a crafted serialized Java object to an affected API. The second, CVE-2025-20125, is an authorization bypass issue that could allow attackers to obtain sensitive information, modify system configurations, and restart the node by sending a crafted HTTP request to a specific API. Cisco warns that there are no workarounds, advising customers to migrate to a fixed software release as soon as possible.

Recommended read:
References :
  • securityaffairs.com: Cisco addressed critical flaws in Identity Services Engine, preventing privilege escalation and system configuration changes.
  • securityonline.info: CVE-2025-20124 (CVSS 9.9) & CVE-2025-20125 (CVSS 9.1): Cisco Patches Critical Flaws in Identity Services Engine
  • ciso2ciso.com: Cisco addressed two critical flaws in its Identity Services Engine (ISE) – Source: securityaffairs.com
  • ciso2ciso.com: Cisco addressed two critical flaws in its Identity Services Engine (ISE) – Source: securityaffairs.com
  • securityonline.info: Cisco has issued a security advisory addressing two critical vulnerabilities in its Identity Services Engine (ISE), a network
  • Pyrzout :vm:: Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities – Source:sec.cloudapps.cisco.com #'Cyber
  • BleepingComputer: Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root.
  • socradar.io: Critical Cisco ISE Vulnerabilities Patched: CVE-2025-20124 & CVE-2025-20125
  • The Hacker News: Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
  • www.csoonline.com: Cisco’s ISE bugs could allow root-level command execution
  • www.bleepingcomputer.com: Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root.
  • ciso2ciso.com: Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc – Source:thehackernews.com
  • ciso2ciso.com: Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc – Source:thehackernews.com
  • ciso2ciso.com: Cisco’s ISE bugs could allow root-level command execution – Source: www.csoonline.com
@ciso2ciso.com //

AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection - CVE-2024-56161 is discovered in AMD’s Secure Encrypted Virtualization (SEV-SNP) that could allow an attacker with admin access to load malicious CPU microcode and Google security researchers disclosed it to AMD.
References: ciso2ciso.com , , The Hacker News ...
A high-severity security vulnerability, identified as CVE-2024-56161, has been discovered in AMD's Secure Encrypted Virtualization (SEV), specifically impacting SEV-SNP-powered systems. The flaw allows an attacker with local administrator privileges to inject malicious CPU microcode due to improper signature verification in the AMD CPU ROM microcode patch loader. Successfully exploiting this vulnerability could lead to the loss of confidentiality and integrity of confidential guests running under AMD SEV-SNP, potentially compromising virtual machine guests and exposing sensitive workloads. The vulnerability has been assigned a CVSS score of 7.2 out of 10.0, indicating a high level of severity.

AMD has released security advisories and provided mitigations through updated microcode and SEV firmware releases. System administrators are strongly advised to apply the latest Platform Initialization (PI) updates and ensure their BIOS firmware contains the necessary fixes to prevent exploitation of CVE-2024-56161. The vulnerability was responsibly disclosed to AMD by Google security researchers, including Josh Eads, Kristoffer Janke, Eduardo Vela, Tavis Ormandy, and Matteo Rizzo. AMD credited the Google team and has taken steps to deliver mitigations promptly. Organizations utilizing AMD EPYC processors with SEV-enabled workloads should immediately contact their Original Equipment Manufacturer (OEM).

Recommended read:
References :
  • ciso2ciso.com: AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access – Source:thehackernews.com
  • : AMD security advisories 03 February 2025: CVE-2024-56161 (7.2 high) improper signature verification in AMD CPU ROM microcode patch loader could lead to the loss of SEV-based protection of a confidential guest.
  • cyberpress.org: AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access
  • The Hacker News: AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access
  • ciso2ciso.com: AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access
  • Cyber Security News: An AMD vulnerability (CVE-2024-56161) enables malicious microcode injection under specific circumstances.
  • socca.tech: Vulnerability Assessment Report: CVE-2024-56161 Vulnerability Overview Description CVE-2024-56161 refers to an improper signature verification vulnerability found in the AMD CPU ROM microcode patch loader.
  • securityaffairs.com: AMD fixed a flaw that allowed to load malicious microcode
  • Cyber Security News: Cybersecuritynews article detailing the AMD SEV vulnerability allowing malicious microcode injection.
  • : Improper signature verification in AMD CPU ROM's microcode patch loader leads to a security vulnerability.
@www.heise.de //

VMware Avi Load Balancer SQL Injection Vulnerability - A critical blind SQL injection vulnerability (CVE-2025-22217) has been discovered in the VMware Avi Load Balancer, allowing attackers to gain unauthorized database access.
A critical blind SQL injection vulnerability, identified as CVE-2025-22217, has been discovered in the VMware Avi Load Balancer. This flaw allows attackers with network access to send specially crafted SQL queries, potentially gaining unauthorized access to the underlying database. The vulnerability poses a significant risk, enabling attackers to bypass authentication and directly access sensitive information stored within the database. This access could lead to substantial data breaches and system compromise, making it a major concern for organizations using Avi Load Balancer.

The vulnerability, which scores 8.6 on the CVSS scale, stems from insufficient input validation, allowing for the injection of arbitrary SQL code. Broadcom, the vendor, urges users to apply the necessary patches immediately, as no workarounds are available. The affected versions are primarily within the 30.x range; specifically 30.1.1, 30.1.2, 30.2.1 and 30.2.2 all require patching. It is also important that if you are running 30.1.1 you MUST upgrade to at least 30.1.2 before applying the patch to resolve this issue. Versions 22.x and 21.x are not susceptible to this particular flaw.

Recommended read:
References :
  • securityaffairs.com: VMware fixed a flaw in Avi Load Balancer
  • socca.tech: CVE-2025-22217: (VMware Avi Load Balancer: High)
  • The Hacker News: Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
  • www.heise.de: VMware: High-risk SQL injection vulnerability compromises Avi Load Balancer
  • heise online English: VMware: High-risk SQL injection vulnerability compromises Avi Load Balancer
  • securityonline.info: VMware Avi Load Balancer Flaw (CVE-2025-22217) Exposes Networks to Blind SQLi Attacks
  • securityonline.info: VMware Avi Load Balancer Flaw (CVE-2025-22217) Exposes Networks to Blind SQLi Attacks
  • Security Risk Advisors: Critical SQL Injection Vulnerability Threatens VMware Avi Load Balancer Security
  • support.broadcom.com: Critical SQL Injection Vulnerability Threatens VMware Avi Load Balancer Security

Posts

Blogs

Research Tools