Cybersecurity Updates: Vulnerabilities, May 5 – 11, 2025

Vuln Recap Editor,

Here are the CVE updates for the week of May 5th through the 11th.

CRITICAL SEVERITY VULNERABILITIES

Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability | CVE-2025-3428 (CISA KEV)

Description: A critical vulnerability in Langflow versions prior to 1.3.0 allows remote, unauthenticated attackers to execute arbitrary code via the /api/v1/validate/code endpoint. This flaw stems from insufficient input validation, permitting maliciously crafted HTTP requests to be interpreted and executed as code by the application. The vulnerability significantly undermines the security of exposed Langflow instances.

Potential Impacts:

  • Remote Code Execution (RCE): Attackers can run arbitrary code on the server.
  • System Compromise: Successful exploitation may grant attackers full control over the affected host.
  • Data Breach: Sensitive information on the server may be exposed or stolen.
  • Lateral Movement: Compromised servers can be used to target internal network assets.

Mitigation Recommendations:

  • Upgrade Immediately: Update Langflow to version 1.3.0 or later to remediate the issue.
  • Restrict Endpoint Access: Limit access to the vulnerable endpoint using firewalls or access controls.
  • Input Validation: Implement strict input sanitization and code execution safeguards.
  • Monitor Server Activity: Review logs for signs of unauthorized code execution or suspicious HTTP requests.
  • Implement Intrusion Detection: Use intrusion detection systems (IDS) to identify abnormal behavior or malicious traffic patterns targeting the system.

GeoVision Devices OS Command Injection Vulnerability | CVE-2024-11120 (CISA KEV)

Description: A critical OS command injection vulnerability has been identified in certain end-of-life (EOL) GeoVision devices. The flaw allows unauthenticated remote attackers to inject and execute arbitrary system commands on vulnerable devices. Due to the lack of input validation in specific components, attackers can craft malicious requests that gain execution privileges on the device. Alarmingly, this vulnerability has already been exploited in the wild, with multiple reports confirming active abuse.

Potential Impacts:

  • Remote Code Execution (RCE): Attackers can run arbitrary commands on the device, leading to full system compromise.
  • Device Takeover: Compromised devices may be used for further intrusion or as part of a botnet.
  • Data Exposure: Attackers may gain access to video streams, credentials, or sensitive system data.
  • Network Pivoting: Gained access could be leveraged to launch attacks on other internal devices.

Mitigation Recommendations:

  • Disconnect EOL Devices: Immediately isolate or decommission unsupported GeoVision devices from the network.
  • Replace with Supported Hardware: Upgrade to currently supported and regularly patched surveillance systems.
  • Restrict Network Access: Use firewalls to block internet access to vulnerable devices.
  • Monitor Logs and Traffic: Check for unusual device behavior or unauthorized connections.
  • Report Incidents: Share IOCs (indicators of compromise) and incidents with relevant security communities.

GeoVision Devices OS Command Injection Vulnerability | CVE-2024-6047 (CISA KEV)

Description: A critical vulnerability exists in certain end-of-life (EOL) GeoVision devices due to insufficient input validation in specific functionalities. This flaw allows unauthenticated remote attackers to inject and execute arbitrary system commands. The vulnerability arises because the affected components fail to properly sanitize user-supplied input, exposing the system to command injection risks over the network.

Potential Impacts:

  • Remote Code Execution (RCE): Exploitation allows full command execution on the device.
  • System Compromise: Attackers can gain unauthorized access to the device and its configurations.
  • Surveillance Tampering: Compromised devices may have their video feeds accessed, disabled, or redirected.
  • Lateral Movement: Attackers may use the compromised device as a pivot point within the network.

Mitigation Recommendations:

  • Decommission EOL Devices: Replace unsupported GeoVision devices with modern, secure alternatives.
  • Restrict Network Access: Limit exposure by isolating devices from untrusted networks and implementing firewall rules.
  • Monitor Network Traffic: Use intrusion detection systems (IDS) to identify suspicious command patterns.
  • Harden Device Configurations: Where decommissioning is not immediately possible, disable unnecessary services and restrict remote access.
  • Report and Share IOCs: Share relevant indicators of compromise with security teams and communities.

HIGH SEVERITY VULNERABILITIES

FreeType Out-of-Bounds Write Vulnerability | CVE-2025-27363 (CISA KEV): An out-of-bounds write vulnerability exists in FreeType versions 2.13.0 and earlier when parsing font subglyph structures, particularly in TrueType GX and variable font files. The issue arises from assigning a signed short value to an unsigned long and then adding a static offset, which causes an integer wraparound and leads to the allocation of an undersized heap buffer. Subsequent operations write up to six signed long integers beyond the allocated buffer. This memory corruption issue may result in arbitrary code execution. Notably, there are indications that this vulnerability may have been exploited in the wild.

Command Injection Vulnerability in F5 BIG-IP Appliance Mode | CVE-2025-31644: A command injection vulnerability has been identified in F5 BIG-IP when operating in Appliance mode. The flaw exists in an undisclosed iControl REST and TMOS Shell (tmsh) command, allowing an authenticated attacker with administrator-level privileges to execute arbitrary system commands. This vulnerability enables the attacker to cross a critical security boundary, potentially compromising the entire system. F5 has stated that software versions that have reached End of Technical Support (EoTS) have not been evaluated for this issue.

Unauthenticated API Access Vulnerability in Cisco Catalyst Center | CVE-2025-20210: A vulnerability has been identified in the management API of Cisco Catalyst Center (formerly Cisco DNA Center) that allows an unauthenticated, remote attacker to read and modify outgoing proxy configuration settings. The root cause is the absence of authentication controls on a specific API endpoint. By sending a crafted request to this vulnerable endpoint, an attacker could gain unauthorized access to view or alter the proxy configuration. This could lead to the interception or redirection of outbound internet traffic and disruption of network connectivity.

Denial of Service Vulnerability in Cisco IOS XE Wireless Controller Software | CVE-2025-20202: A vulnerability has been identified in Cisco IOS XE Wireless Controller Software that could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The issue arises from insufficient input validation of Cisco Discovery Protocol (CDP) neighbor reports received from access points (APs). An attacker can exploit this flaw by sending specially crafted CDP packets to an AP. When these malformed packets are processed by the wireless controller, they may cause an unexpected reload of the controller, disrupting wireless network availability.

MEDIUM SEVERITY VULNERABILITIES

Authentication Bypass via Spoofing in Dell Wyse Management Suite | CVE-2025-27695: Dell Wyse Management Suite (WMS) versions prior to 5.1 are affected by an authentication bypass vulnerability due to improper handling of authentication tokens. A high-privileged remote attacker can exploit this flaw by spoofing authentication mechanisms, thereby gaining unauthorized access to sensitive data and system functionality without proper credentials.

Out-of-Bounds Write Vulnerability in Dell PowerScale OneFS | CVE-2025-30102: Dell PowerScale OneFS versions 9.4.0.0 through 9.10.1.0 are affected by an out-of-bounds write vulnerability. The flaw arises from improper memory handling that can be triggered by a local, low-privileged attacker. By exploiting this vulnerability, the attacker may be able to write data outside the intended memory boundaries, which can lead to a system crash or other unintended behavior, resulting in a denial-of-service (DoS) condition.

Privilege Escalation Vulnerability in Cisco IOS XE CLI | CVE-2025-20201: A vulnerability has been identified in the Command-Line Interface (CLI) of Cisco IOS XE Software that allows an authenticated local attacker with privilege level 15 to escalate privileges to root on the underlying operating system. The flaw results from insufficient input validation when handling specific configuration commands. By crafting malicious input within those commands, an attacker can exploit the vulnerability to gain root access. This escalation grants the attacker full control of the device at the OS level, enabling potentially undetected malicious activity. The attacker must already have high-level privileges (privilege level 15) to execute this exploit

Post Views: 77
What You Missed Last Week

Leave a Reply

Your email address will not be published. Required fields are marked *