CVE Trends

CVE-2025-22457 is a stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways. It allows a remote, unauthenticated attacker to execute arbitrary code on the target device. The vulnerability is triggered by network access to the impacted appliances. Exploitation of CVE-2025-22457 has been observed in the wild, with attackers using a shell script dropper to inject the BRUSHFIRE passive backdoor into a running web process.

CVE-2025-31137 is a vulnerability found in React Router, specifically affecting Remix 2 and React Router 7 users utilizing the Express adapter. This flaw allows attackers to manipulate the URL pathname by exploiting the Host or X-Forwarded-Host headers in HTTP requests. By inserting a URL pathname in the port section of these headers, attackers can spoof the URL used in incoming requests. This vulnerability can lead to various exploits, including cache poisoning denial of service (CPDoS), WAF bypass, and escalated XSS attacks. The issue stems from the lack of port sanitization in React Router's Express adapter when handling the Host and X-Forwarded-Host headers. The vulnerability has been addressed in Remix 2.16.3 and React Router 7.4.1.

CVE-2025-24799 is a SQL injection vulnerability found in GLPI, a free IT asset management software package. It affects versions up to 10.0.17. The vulnerability exists in the inventory endpoint, allowing an unauthenticated user to perform SQL injection attacks. Specifically, the vulnerability stems from inadequate sanitization of SQL queries within the `handleAgent` function in `/src/Agent.php`, which is used for inventory purposes. By sending specially crafted HTTP requests, attackers can inject harmful SQL commands. Successful exploitation could lead to the retrieval of sensitive data, privilege escalation, and potentially remote code execution (RCE). GLPI version 10.0.18 fixes this vulnerability.

CVE-2024-10668 affects Google's Quick Share feature on Windows. It involves an authentication bypass that allows an attacker to send unauthorized files to a target device without the recipient's explicit approval. This vulnerability stems from the way Quick Share handles file transfers, specifically related to the processing of Payload Transfer frames. The vulnerability arises because Quick Share doesn't properly handle the deletion of unknown file types when two Payload Transfer frames of type FILE are sent with the same payload ID. The deletion logic only removes the first file, leaving the second one, which could be a malicious file, on the system. This can also be exploited to cause a denial-of-service (DoS) condition by using a filename that starts with an invalid UTF8 continuation byte. Google has addressed this vulnerability in Quick Share for Windows version 1.0.2002.2.

CVE-2025-31334 is a vulnerability affecting WinRAR versions prior to 7.11. It involves a bypass of the "Mark of the Web" (MotW) security warning. This function typically alerts users when opening files from untrusted sources, such as the internet. The vulnerability stems from how WinRAR handles symbolic links. An attacker can create a malicious .rar archive containing a specially crafted symbolic link that points to an executable file. When a user extracts and opens this symbolic link, the executable file runs without displaying the usual MotW warning, potentially leading to arbitrary code execution.

CVE-2025-29927 is an authorization bypass vulnerability affecting Next.js, a React framework. It stems from the improper handling of the `x-middleware-subrequest` header. By exploiting this vulnerability, attackers can bypass authorization checks implemented in Next.js middleware. This flaw allows attackers to skip running the middleware, potentially allowing requests to bypass critical checks like authorization cookie validation before reaching routes. Self-hosted Next.js applications using Middleware are affected, specifically those relying on it for authentication or security checks. The vulnerability is fixed in Next.js versions 14.2.25 and 15.2.3.

CVE-2025-3083 affects MongoDB. Specifically crafted MongoDB wire protocol messages can cause `mongos` to crash during command validation. This can occur even without an authenticated connection. The vulnerability impacts MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20, and MongoDB v7.0 versions prior to 7.0.16. To remediate this vulnerability, it is advised to upgrade to MongoDB version 5.0.31, 6.0.20, or version 7.0.16 or later.

CVE-2025-0401 refers to two distinct vulnerabilities. One is a local privilege escalation vulnerability found in systems where the `/usr/bin/passwd` binary is misconfigured. This misconfiguration can allow unintended root-level access when combined with specific syscall sequences, potentially enabling attackers to simulate root shell access by abusing SUID binaries. The other vulnerability is classified as critical and affects the download function in the `CommonController.java` file of the 1902756969 reggie 1.0 software. This vulnerability involves a path traversal issue due to the manipulation of the 'name' argument, making it possible to launch attacks remotely.