Here are the CVE updates for the week of July 28th through August 3rd.
🔴 Critical Severity Vulnerabilities
Cisco Identity Services Engine Injection Vulnerability (CISA KEV) | CVE-2025-20337
Description:
A critical flaw affects the Cisco Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC). It enables unauthenticated attackers to gain root access through a vulnerable API. Since the system fails to validate user input adequately, attackers can exploit this flaw by sending crafted requests. Notably, no credentials are required, which increases the threat significantly. Therefore, successful exploitation results in full system compromise.
Potential Impacts:
- Full System Takeover: Remote attackers gain administrative privileges.
- Privilege Escalation: The code executes with root-level access.
- Network Intrusion: Attackers can move laterally across the infrastructure.
- Service Interruption: Attackers might alter or disable security policies.
Mitigation Strategies:
- Immediately apply Cisco’s patch.
- Furthermore, segment networks to restrict access to APIs.
- Regularly monitor system logs for anomalous API requests.
- Lastly, follow Cisco’s advisory for ongoing updates.
Cisco Identity Services Engine Injection Vulnerability (CISA KEV) | CVE-2025-20281
Description:
This critical issue also impacts Cisco ISE and ISE-PIC. It stems from poor input validation, which allows unauthenticated attackers to execute arbitrary code as the root user. Essentially, attackers need only to send a malicious API request to fully compromise the system.
Potential Impacts:
- Remote Code Execution: Root-level control is possible without credentials.
- Security Override: Authentication and access controls can be bypassed.
- Policy Manipulation: Attackers may reconfigure authentication settings.
- Broader Attacks: This flaw provides a foothold for internal exploits.
Mitigation Strategies:
- Apply Cisco’s security fix without delay.
- Moreover, configure access controls to block unauthorized API calls.
- Consistently review logs for suspicious inputs.
- Always stay aligned with Cisco’s official guidance.
LocalSend Discovery Protocol MitM Attack | CVE-2025-54792
Description:
LocalSend, an open-source file-sharing app, includes a serious vulnerability in versions 1.16.1 and below. Due to insecure design in the discovery protocol, attackers on the same network can launch Man-in-the-Middle (MitM) attacks. Consequently, they can impersonate trusted devices to intercept or modify file transfers silently. Fortunately, version 1.17.0 resolves the issue.
Potential Impacts:
- Data Theft: Sensitive files may be intercepted without warning.
- Malware Injection: Attackers can modify files to include harmful payloads.
- Spoofing: Malicious users may impersonate trusted devices.
- Silent Eavesdropping: These attacks often go undetected.
Mitigation Strategies:
- Upgrade to LocalSend version 1.17.0 as soon as possible.
- In addition, limit usage to segmented and secure networks.
- Monitor for suspicious connections or unexpected file behavior.
- Educate users about the risks associated with outdated versions.
🟠 High Severity Vulnerabilities
PaperCut NG/MF CSRF Exploit | CVE-2023-2533: A Cross-Site Request Forgery (CSRF) vulnerability affects PaperCut NG/MF. If a logged-in administrator clicks a malicious link, attackers may change configurations or execute code without their knowledge. Consequently, systems can be altered without authorization.
Reflected XSS in Intelbras Routers | CVE-2025-26064: Intelbras RX1500 and RX3000 routers suffer from a reflected cross-site scripting (XSS) flaw. Improper sanitization of the device name field allows attackers to inject malicious JavaScript. As a result, this code then executes in the browser of a user viewing the web interface.
Remote Code Execution in Cursor IDE | CVE-2025-54136: Cursor, an AI-powered code editor, contains a vulnerability in versions up to 1.2.4. Specifically, attackers can alter trusted MCP configuration files to achieve remote and persistent code execution. Fortunately, version 1.3 addresses this issue.
ZPanel Command Injection | CVE-2013-10053: ZPanel version 10.0.0.2 has a remote code execution vulnerability in the htpasswd module. When a username is passed directly to a system command, it is not properly sanitized. As a result, attackers with valid accounts can inject shell commands.
Open Redirect in IBM Operational Decision Manager | CVE-2025-2824: Several versions of IBM Operational Decision Manager are vulnerable to an open redirect flaw. Attackers can trick users into visiting malicious sites by disguising links as trusted IBM domains. Because of this, phishing risks are significantly increased.
🟡 Medium Severity Vulnerabilities
HPE Telco NFV Improper Key Storage | CVE-2025-37112: HPE Telco NFV Orchestrator contains a vulnerability in its encryption key storage mechanism. Due to poor protection, unauthorized users may gain access to sensitive data. Therefore, exploitation could compromise the broader system.
Linksys Router Directory Traversal | CVE-2013-10062: Certain Linksys E1500 firmware versions include a directory traversal flaw in the /apply.cgi endpoint. Because the next_page POST parameter fails to sanitize input, authenticated users can read files outside the web root. Consequently, attackers might retrieve credentials and configuration data.