CVE Trends

CVE-2025-43865 is a vulnerability affecting React Router, a routing library for React applications. Specifically, versions on the 7.0 branch prior to 7.5.2 are susceptible. The vulnerability stems from the possibility of modifying pre-rendered data by adding a header to the request. By exploiting this vulnerability, an attacker can completely spoof the contents and modify all the values of the data object passed to the HTML. This is achieved by manipulating the `X-React-Router-Prerender-Data` header. The issue has been addressed and patched in version 7.5.2 of React Router.

CVE-2025-43864 affects React Router, a routing library for React applications. Specifically, versions 7.2.0 up to 7.5.1 are vulnerable. It is possible to force an application to switch to SPA (Single Page Application) mode by adding a specific header (`X-React-Router-SPA-Mode`) to the request. If an application using server-side rendering (SSR) is forced into SPA mode, it can cause an error that corrupts the page. Furthermore, if a caching system is in place, this error response can be cached, leading to a cache poisoning issue that impacts the application's availability. The vulnerability is fixed in version 7.5.2 of React Router.

CVE-2025-24091 is a vulnerability in iOS that leverages the "Darwin notification" system. This vulnerability allows any application, even those with sandbox restrictions, to trigger an unrecoverable "restore in progress" state on the device with a single line of code. The issue stems from the lack of sender verification or privilege gating in the Darwin notifications API, which enables a third-party app to send critical system-level notifications. A proof-of-concept app called "EvilNotify" demonstrated the vulnerability by using the `notify_post("com.apple.MobileSync.BackupAgent.RestoreStarted")` function call. This tricks the system into thinking a device restore is underway, freezing user interactions and requiring a device restart. Furthermore, embedding this exploit in a widget extension can cause a persistent loop, effectively "soft-bricking" the phone until a full device erase and restore from backup is performed. The vulnerability is addressed in iOS/iPadOS 18.3.

CVE-2025-31324 is a vulnerability affecting SAP NetWeaver Visual Composer Metadata Uploader. The core issue is a missing authorization check, which allows unauthenticated attackers to upload potentially malicious executable binaries to the system. This vulnerability can be exploited by crafting malicious POST requests to deliver webshells, enabling attackers to execute system commands, upload unauthorized files, seize control of compromised systems, execute remote code, and potentially steal sensitive data.

CVE-2025-23016 affects FastCGI fcgi2 (aka fcgi) versions 2.x through 2.4.4. It involves an integer overflow vulnerability within the `ReadParams` function in `fcgiapp.c`. This overflow occurs when processing `nameLen` or `valueLen` values from data sent to the IPC socket. The integer overflow can lead to a heap-based buffer overflow. Specifically, the overflow happens during the calculation of `nameLen + valueLen`, potentially resulting in a smaller-than-required buffer being allocated.

CVE-2025-32432 is a remote code execution (RCE) vulnerability affecting Craft CMS, a content management system. The vulnerability stems from an issue in the Yii PHP framework that Craft CMS utilizes. Specifically, it affects Craft CMS versions 3.0.0-RC1 before 3.9.15, 4.0.0-RC1 before 4.14.15, and 5.0.0-RC1 before 5.6.17. The vulnerability allows attackers to send specially crafted requests, potentially leading to the execution of malicious PHP code on the server. Security researchers have observed attackers chaining CVE-2025-32432 with another vulnerability (CVE-2024-58136) in zero-day attacks to breach servers, install PHP-based file managers, upload backdoors, and exfiltrate sensitive data. Patched versions (3.9.15, 4.14.15, and 5.6.17) have been released to address this issue.

CVE-2024-27876 is a race condition vulnerability that affects multiple Apple operating systems. It resides in the Archive Handler component of visionOS, but also impacts macOS Ventura, iOS, iPadOS, macOS Sonoma, and macOS Sequoia. The vulnerability occurs when unpacking a maliciously crafted archive, potentially allowing an attacker to write arbitrary files. This issue was resolved through improved locking mechanisms in the patched versions of the operating systems.

CVE-2025-29306 is a vulnerability found in FoxCMS version 1.2.5. It allows a remote attacker to execute arbitrary code through the "case display page" located in the `index.html` component. Specifically, the vulnerability resides within the FoxCMS software. An unauthenticated, remote attacker can exploit this vulnerability to inject and execute arbitrary code on the system by accessing the case display page.

CVE-2025-3914 affects the Aeropage Sync for Airtable plugin for WordPress. It stems from a lack of file type validation in the `aeropage_media_downloader` function. This vulnerability is present in all versions up to and including 3.2.0. The absence of file type validation allows authenticated attackers with subscriber-level access or higher to upload arbitrary files to the affected server. This could potentially lead to remote code execution, thereby compromising the WordPress site.

CVE-2025-24901 is a SQL Injection vulnerability found in WeGIA, a web manager for charitable institutions. The vulnerability exists within the `deletar_permissao.php` endpoint of the WeGIA application. This flaw could allow an authorized attacker to execute arbitrary SQL queries. Successful exploitation could lead to unauthorized access or deletion of sensitive information. The vulnerability has been addressed in WeGIA version 3.2.12, and users are advised to upgrade.