CVE Updates (June 30–July 6, 2025)

Vuln Recap Editor,

Here are the CVE updates for the week of June 30th through July 6th.

🔴 Critical Severity Vulnerabilities

Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability (CISA KEV) | CVE-2025-6543

Description:
A memory overflow vulnerability affected NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as an AAA virtual server. Attackers could exploit this issue to trigger unintended control flow, possibly resulting in a denial-of-service (DoS) condition. Consequently, affected services may crash or behave unpredictably. This could impact availability and create opportunities for further exploitation under certain conditions.

Potential Impacts:

  • Denial of Service: Services may crash or become unresponsive.
  • Unintended Control Flow: Exploitation might alter the application’s execution path.
  • Service Disruption: Users could lose access to critical remote access or authentication services.

Mitigation Recommendations:

  • Apply Vendor Patch: Update NetScaler ADC and Gateway to the latest secure version.
  • Restrict Access: Limit exposure of virtual servers to trusted networks.
  • Monitor Systems: Log and alert any service crashes or anomalies.
  • Review Configuration: Secure Gateway and AAA server configurations.

Cross-Site Scripting in MediaWiki SecurePoll Extension | CVE-2025-53484

Description:
MediaWiki’s SecurePoll extension contained a Cross-Site Scripting (XSS) vulnerability due to improperly escaped user-controlled inputs. Vulnerable components included VotePage.php and specific ResultPage functions. Attackers could exploit these flaws under certain conditions to inject malicious JavaScript. As a result, compromised sessions or client-side attacks could occur. Affected versions include 1.39.X before 1.39.13, 1.42.X before 1.42.7, and 1.43.X before 1.43.2.

Potential Impacts:

  • Session Hijacking: Malicious scripts might steal session cookies or tokens.
  • Privilege Escalation: Attackers may access accounts using stolen credentials.
  • Data Manipulation: Altered poll results or UI elements could mislead users.
  • Phishing Attacks: Malicious redirects may impersonate legitimate content.

Mitigation Recommendations:

  • Upgrade Immediately: Use SecurePoll versions 1.39.13, 1.42.7, or 1.43.2 or newer.
  • Apply Output Escaping: Sanitize inputs before rendering in browsers.
  • Enable CSP: Use Content Security Policies to block unauthorized scripts.
  • Review Custom Extensions: Check for similar issues in local plugins.

JavaScript Scheme Vulnerability in Whale Browser for iOS | CVE-2025-53599

Description:
Whale Browser for iOS (versions prior to 3.9.1.4206) failed to sanitize JavaScript-based URLs, allowing attackers to inject and execute arbitrary scripts. This vulnerability exposed users to XSS and script injection attacks. Consequently, attackers could compromise sessions, redirect users, or leak sensitive data.

Potential Impacts:

  • Arbitrary Script Execution: Malicious code may run within the browser.
  • Session Hijacking: Attackers could capture tokens or cookies.
  • Phishing Attacks: Users might be redirected to spoofed websites.
  • Data Exposure: Sensitive data accessed in the browser may be leaked.

Mitigation Recommendations:

  • Update Immediately: Use Whale Browser version 3.9.1.4206 or newer.
  • Avoid Untrusted Links: Do not interact with suspicious URLs.
  • Enforce URL Validation: Implement strict filtering for javascript: schemes.
  • Use Mobile Security Tools: Deploy defenses that detect malicious behavior.

🟠 High Severity Vulnerabilities

Google Chromium V8 Type Confusion Vulnerability (CISA KEV) | CVE-2025-6554: A high-severity flaw affected Google Chrome’s V8 engine (prior to 138.0.7204.96). Type confusion enabled attackers to trick users into loading malicious HTML pages, allowing arbitrary memory access and possible code execution or sandbox escape.

Netmake ScriptCase Admin Reset Bypass | CVE-2025-6554: An authentication bypass in ScriptCase’s Production Environment extension allowed attackers to reset the admin password by issuing both GET and POST requests. This granted full admin access without credentials.

Tunnelblick Root Code Execution | CVE-2025-43711: Tunnelblick (3.5beta06 to before 7.0) could be exploited post-uninstallation. Attackers could place a malicious app file in /Applications, which runs as root on the next reboot.

🟡 Medium Severity Vulnerabilities

TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability (CISA KEV) | CVE-2025-48928: A JSP-based vulnerability in TeleMessage exposed heap memory via core dumps. These could leak passwords and were exploited in May 2025.

TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability (CISA KEV) | CVE-2025-48927: The /heapdump endpoint in Spring Boot Actuator was exposed publicly, allowing heap memory access without authentication. Active exploitation occurred in May 2025.

Insecure Deserialization in run-llama/llama_index | CVE-2025-3108: JsonPickleSerializer (v0.12.27–v0.12.40) used pickle.loads() insecurely. Attackers could deserialize malicious objects to execute arbitrary code.

Stored XSS in Dashboard Names | CVE-2025-27448: Users with dashboard creation privileges could inject JavaScript into dashboard names, which executed when viewed by others.

Post Views: 79
What You Missed Last Week

Leave a Reply

Your email address will not be published. Required fields are marked *