CVE Trends

CVE-2025-31137 is a vulnerability found in React Router, specifically affecting Remix 2 and React Router 7 users utilizing the Express adapter. This flaw allows attackers to manipulate the URL pathname by exploiting the Host or X-Forwarded-Host headers in HTTP requests. By inserting a URL pathname in the port section of these headers, attackers can spoof the URL used in incoming requests. This vulnerability can lead to various exploits, including cache poisoning denial of service (CPDoS), WAF bypass, and escalated XSS attacks. The issue stems from the lack of port sanitization in React Router's Express adapter when handling the Host and X-Forwarded-Host headers. The vulnerability has been addressed in Remix 2.16.3 and React Router 7.4.1.

CVE-2025-30208 is a vulnerability affecting Vite, a frontend development tool. It exists in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. The vulnerability allows bypassing file access restrictions, which are normally in place to prevent access to files outside of a specified allow list. The bypass is achieved by adding "?raw??" or "?import&raw??" to the URL, which circumvents the intended restrictions and returns the file content. This occurs because trailing separators, such as "?", are removed in certain parts of the code but are not properly accounted for in query string regexes. Only applications that explicitly expose the Vite development server to the network (using the `--host` or `server.host` configuration options) are affected.

CVE-2025-0401 refers to two distinct vulnerabilities. One is a local privilege escalation vulnerability found in systems where the `/usr/bin/passwd` binary is misconfigured. This misconfiguration can allow unintended root-level access when combined with specific syscall sequences, potentially enabling attackers to simulate root shell access by abusing SUID binaries. The other vulnerability is classified as critical and affects the download function in the `CommonController.java` file of the 1902756969 reggie 1.0 software. This vulnerability involves a path traversal issue due to the manipulation of the 'name' argument, making it possible to launch attacks remotely.

CVE-2025-29927 is an authorization bypass vulnerability affecting Next.js, a React framework. It stems from the improper handling of the `x-middleware-subrequest` header. By exploiting this vulnerability, attackers can bypass authorization checks implemented in Next.js middleware. This flaw allows attackers to skip running the middleware, potentially allowing requests to bypass critical checks like authorization cookie validation before reaching routes. Self-hosted Next.js applications using Middleware are affected, specifically those relying on it for authentication or security checks. The vulnerability is fixed in Next.js versions 14.2.25 and 15.2.3.

CVE-2025-24813 is a vulnerability affecting Apache Tomcat versions 9.0.0.M1 through 9.0.98, 10.1.0.M1 through 10.1.34, and 11.0.0.M1 through 11.0.2. It stems from an issue in how Tomcat handles partial PUT requests. Specifically, the vulnerability arises from the use of a temporary file based on user-supplied filenames and paths, where the path separator is replaced by a dot. This can potentially allow unauthorized access to sensitive files, injection of malicious content, or even remote code execution under certain conditions. Exploitation of this vulnerability requires a specific set of circumstances. For information disclosure or content injection, the default servlet must have write access enabled (it's disabled by default), partial PUT support must be enabled (which it is by default), and the target URL for sensitive uploads must be a subdirectory of a public upload URL. The attacker also needs to know the names of the sensitive files being uploaded via partial PUT. For remote code execution, the same conditions apply, with the addition of the application using Tomcat's file-based session persistence in the default location and including a library vulnerable to deserialization attacks.

CVE-2025-24201 is a zero-day vulnerability found in Apple's WebKit browser engine. This vulnerability allows attackers to bypass the Web Content sandbox using maliciously crafted web content. It affects various Apple devices and operating systems, including iOS, macOS, iPadOS, visionOS, and Safari, as well as Linux and Windows systems where WebKit is utilized. The vulnerability is an out-of-bounds write issue, and Apple has addressed it with improved checks in updates iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, and Safari 18.3.1. This zero-day vulnerability was reportedly exploited in highly sophisticated attacks targeting specific individuals before the release of iOS 17.2, which contained a partial mitigation. While the attacks were not widespread, Apple urges users to install the latest security updates to prevent further exploitation attempts. The vulnerability was discovered by Bill Marczak of The Citizen Lab at the University of Toronto. It affects a wide range of Apple devices, including iPhone XS and later, several iPad models, Macs running macOS Sequoia, and Apple Vision Pro.

CVE-2025-24085 is a use-after-free vulnerability found in Apple's CoreMedia framework, a key component responsible for processing audio and video data across various Apple operating systems (iOS, macOS, tvOS). This flaw allows malicious applications already present on a device to escalate their privileges, potentially granting them unauthorized access to system resources. Exploitation is reportedly easy and can be initiated remotely. This vulnerability has been actively exploited in attacks targeting iOS versions prior to 17.2. Apple has addressed this issue with improved memory management in security updates released for affected operating systems. While the specific details of the exploit remain undisclosed, it's crucial for users to update their devices to mitigate the risk associated with this vulnerability.

CVE-2025-1219 is a vulnerability in PHP that affects versions 8.1 before 8.1.32, 8.2 before 8.2.28, 8.3 before 8.3.19, and 8.4 before 8.4.5. It occurs when requesting an HTTP resource using the DOM or SimpleXML extensions. The vulnerability stems from the incorrect handling of the content-type header when a redirected resource is requested. Specifically, the wrong content-type header is used to determine the charset. This can lead to the resulting document being parsed incorrectly or bypassing validations. This issue arises because, during HTTP redirects, PHP doesn't properly clear previously captured headers, potentially leading to the use of a content-type header that doesn't correspond to the final HTML body.

CVE-2025-24200 is an authorization issue in Apple's iOS and iPadOS, fixed with improved state management. This vulnerability could allow a physical attacker to disable USB Restricted Mode on a locked device. USB Restricted Mode, introduced in iOS 11.4.1, prevents USB accessories from connecting to an iOS device after it has been locked for a certain period. Disabling this feature could allow unauthorized access to the device's data. The vulnerability affects iPhone XS and later, iPad Pro (13-inch), iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later). Apple acknowledges that this vulnerability may have been actively exploited in highly targeted attacks, describing them as "extremely sophisticated" and directed at specific individuals. Patches for CVE-2025-24200 were released by Apple on February 9, 2025, and are included in iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5. The vulnerability was reported by Bill Marczak of the Citizen Lab at the University of Toronto's Munk School.