CVE Trends

CVE-2025-31161 is a critical authentication bypass vulnerability found in CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0. It stems from a flaw in the AWS4-HMAC authorization method within the HTTP component, allowing remote attackers to gain unauthorized access to systems running unpatched versions of the software via unauthenticated HTTP requests. The vulnerability allows attackers to impersonate any known or guessable user, including the "crushadmin" account, by sending a manipulated Authorization header. The server initially verifies user existence without requiring a password, enabling session authentication through HMAC verification before a subsequent user verification check. This bypass can lead to a full compromise of the system by obtaining an administrative account.

CVE-2024-48887 is an unverified password change vulnerability affecting the FortiSwitch GUI. It allows a remote, unauthenticated attacker to modify administrator passwords by sending a specially crafted request. The vulnerability exists in FortiSwitch versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.10, and 6.4.0 through 6.4.14. Fortinet has released updates to address this issue, and users are advised to upgrade to the respective fixed versions. As a workaround, disabling HTTP/HTTPS access from administrative interfaces and configuring trusted hosts can mitigate the risk.

CVE-2024-53197 is a privilege escalation vulnerability found in the USB sub-component of the Linux kernel. It stems from improper handling of the `bNumConfigurations` value in the ALSA USB audio subsystem, which can lead to out-of-bounds memory accesses. This vulnerability could allow an attacker with physical access to the system, through a malicious USB device, to manipulate system memory, potentially escalating privileges or executing arbitrary code. It has been identified as being exploited in targeted attacks, including being part of an exploit chain used to compromise an Android phone in December 2024.

CVE-2025-21293 is an elevation of privilege vulnerability in Microsoft Active Directory Domain Services. It allows attackers to gain elevated privileges on a system where they already have user-level access. The vulnerability stems from overly permissive access control lists (ACLs) associated with certain registry keys. Specifically, the "Network Configuration Operators" group has the "CreateSubKey" permission on sensitive registry keys. Exploitation of this vulnerability involves manipulating these registry keys, particularly those related to performance counters, to escalate privileges. This vulnerability was discovered by BirkeP while investigating the "Network Configuration Operators" group and its permissions within the registry. The researcher collaborated with Clément Labro, who developed a method to weaponize performance counters for exploitation.

CVE-2025-1932 involves an inconsistent comparator in `xslt/txNodeSorter` that could lead to potentially exploitable out-of-bounds access. This vulnerability affects Mozilla Firefox and Thunderbird. Specifically, it impacts Firefox versions prior to 136, Firefox ESR versions prior to 128.8, Thunderbird versions prior to 136, and Thunderbird versions prior to 128.8. The vulnerability resides in versions 122 and later. An attacker could potentially exploit this to gain unauthorized access to sensitive system memory, execute arbitrary code, and compromise the confidentiality and availability of affected systems.

CVE-2025-2945 is a Remote Code Execution (RCE) vulnerability affecting pgAdmin 4 versions prior to 9.2, specifically impacting the Query Tool and Cloud Deployment modules. The vulnerability stems from the insecure handling of user-supplied parameters in two POST endpoints: `/sqleditor/query_tool/download` and `/cloud/deploy`. In these endpoints, the `query_commited` and `high_availability` parameters are passed directly to Python's `eval()` function without proper sanitization. This allows attackers to inject and execute arbitrary code on the server, potentially leading to complete system compromise.

CVE-2025-31115 affects XZ Utils versions 5.3.3alpha to 5.8.0. It is a heap use-after-free bug found in the multithreaded decoder within the liblzma library. This vulnerability can be triggered by invalid input, potentially leading to a crash due to memory corruption. Specifically, the vulnerability occurs in the `lzma_stream_decoder_mt` function. Exploitation could result in "heap use after free and writing to an address based on the null pointer plus an offset," which may allow attackers to corrupt memory and potentially execute arbitrary code. A fix is available in XZ Utils version 5.8.1.

CVE-2025-27607 is a vulnerability in the 'python-json-logger' library, a popular Python tool used for creating JSON logs. Between December 30, 2024 and March 4, 2025, the library was susceptible to remote code execution (RCE) due to a missing optional dependency, 'msgspec-python313-pre'. This dependency was not available on the Python Package Index (PyPI), allowing a malicious actor to upload a counterfeit package with the same name. If a user installed 'python-json-logger' with optional dependencies in a Python 3.13.x environment, the malicious package could be installed automatically, potentially giving the attacker RCE capabilities. The vulnerability has been addressed in version 3.3.0 of 'python-json-logger'. Users are urged to update to this or a later version to mitigate the risk.

CVE-2025-2704 affects OpenVPN versions 2.6.1 through 2.6.13 when running in server mode with TLS-crypt-v2 enabled. This vulnerability allows remote attackers to cause a denial of service. The denial of service is triggered by corrupting and replaying network packets during the early handshake phase. A patch is available to address this vulnerability, and affected organizations should update their OpenVPN installations.