CVE Updates (December 8 – 14, 2025)

Vuln Recap Editor,

Here are the CVE updates for the week of December 8th through the 14th.

🔴 Critical Severity Vulnerabilities

D-Link Routers Buffer Overflow Vulnerability (CISA KEV) | CVE-2025-55182

Description:
A buffer overflow vulnerability affects D-Link Go-RT-AC750 routers running firmware versions GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02. Specifically, the flaw exists in the router’s web management components, particularly within the cgibin and hnap_main interfaces. Because of improper handling of user-supplied input, attackers can trigger a buffer overflow condition. Consequently, this may lead to arbitrary code execution on the device.

Potential Impacts

  • Remote Code Execution: Attackers can exploit the buffer overflow to run arbitrary code on the router.
  • Full Device Compromise: Exploitation may grant complete control over the affected router.
  • Network Traffic Interception: Compromised routers could be used to monitor, redirect, or manipulate network traffic.
  • Denial of Service (DoS): Exploitation might crash router services or render the device unstable or unusable.
  • Botnet Enrollment: Vulnerable devices risk being recruited into botnets for large-scale attacks.
  • Loss of Network Security: Attackers could weaken firewall rules, change DNS settings, or open backdoors.

Mitigation Recommendations

  • Apply firmware updates immediately by upgrading to the latest versions provided by D-Link that address this vulnerability.
  • Restrict management interface access by limiting router web interface availability to trusted internal networks only.
  • Disable remote management when WAN-side access is not strictly required.
  • Use strong administrative credentials by enforcing unique, complex passwords for router administration.
  • Monitor router behavior carefully for unexpected reboots, configuration changes, or abnormal network activity.
  • Segment the network by isolating critical systems from consumer-grade networking equipment where possible.

Array Networks ArrayOS AG OS Command Injection Vulnerability (CISA KEV) | CVE-2025-66644

Description:
Array Networks ArrayOS AG versions prior to 9.4.5.9 contain a command injection vulnerability. This flaw enables attackers to inject and execute arbitrary system commands because of improper input validation. Since August through December 2025, active exploitation has increased risk to unpatched systems. Successful attacks lead to unauthorized command execution on affected appliances.

Potential Impacts

  • Remote Code Execution: Attackers may execute arbitrary OS-level commands on the appliance.
  • Full Appliance Compromise: Successful exploitation allows attackers complete control over the device.
  • Credential and Configuration Exposure: Sensitive configuration files, credentials, and keys may be accessed or modified.
  • Service Disruption: Malicious commands can crash services, alter traffic handling, or cause denial of service.
  • Network Pivoting: Compromised appliances could serve as footholds for lateral movement into internal networks.
  • Persistent Backdoors: Attackers may install backdoors to maintain long-term access.

Mitigation Recommendations

  • Apply vendor patches immediately by upgrading ArrayOS AG to version 9.4.5.9 or later.
  • Restrict management access to trusted IP addresses only.
  • Monitor for indicators of compromise by reviewing logs for suspicious command execution, configuration changes, or unusual activity.
  • Disable unused services to reduce the attack surface.
  • Segment networks by isolating Array Networks appliances from critical internal systems.
  • Conduct incident response reviews and rotate credentials immediately if exploitation is suspected.

OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability (CISA KEV) | CVE-2025-58360

Description:
An XML External Entity (XXE) vulnerability affects GeoServer versions 2.26.0 up to but not including 2.26.2, and versions prior to 2.25.6. The flaw exists in the /geoserver/wms endpoint during GetMap operations, where XML input is accepted but not properly sanitized or restricted. As a result, attackers can define and process external XML entities, potentially enabling unauthorized access to internal resources. This vulnerability has been fixed in GeoServer versions 2.25.6, 2.26.3, and 2.27.0.

Potential Impacts

  • Sensitive File Disclosure: Attackers may read arbitrary files from the GeoServer host system.
  • Internal Network Exposure: XXE can be leveraged to access internal services or perform server-side request forgery (SSRF).
  • Information Leakage: Configuration files, credentials, or environment details may be exposed.
  • Denial of Service (DoS): Malicious XML payloads might cause excessive resource consumption.
  • Pivoting Opportunities: Exposed internal endpoints could be used for further network attacks.
  • Security Control Bypass: Improper XML handling may allow bypassing intended input validation mechanisms.

Mitigation Recommendations

  • Upgrade GeoServer immediately to version 2.25.6, 2.26.3, 2.27.0, or later.
  • Disable external entity processing by configuring XML parsers to disallow external entities and DTDs.
  • Restrict network exposure by limiting public access to GeoServer WMS endpoints when possible.
  • Apply Web Application Firewall (WAF) rules to block malicious XML payloads and XXE patterns.
  • Monitor logs for abuse by watching for unusual WMS GetMap requests or XML parsing errors.
  • Apply least privilege principles by running GeoServer with minimal system permissions to reduce impact.

🟠 High Severity Vulnerabilities

RARLAB WinRAR Path Traversal Vulnerability (CISA KEV) | CVE-2025-6218: This directory traversal flaw in WinRAR allows remote attackers to execute arbitrary code by extracting malicious archives to unintended directories. Exploitation requires user interaction, such as opening a malicious file or visiting a malicious webpage.

Microsoft Windows Use After Free Vulnerability (CISA KEV) | CVE-2025-62221: A use-after-free bug in the Windows Cloud Files Mini Filter Driver lets authorized local attackers elevate privileges by manipulating freed memory.

Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability (CISA KEV) | CVE-2018-4063: This remote code execution vulnerability allows authenticated attackers to upload and execute arbitrary files on Sierra Wireless AirLink ES450 devices.

Google Chromium Out of Bounds Memory Access Vulnerability (CISA KEV) | CVE-2025-14174: A high-severity flaw in the ANGLE component on macOS versions prior to 143.0.7499.110 can be exploited via crafted HTML pages to read or manipulate memory outside intended bounds.

🟡 Medium Severity Vulnerabilities

Qualitor Cross-Site Scripting (XSS) Vulnerability | CVE-2025-14580: Qualitor versions up to 8.24.73 suffer from an XSS flaw due to improper sanitization of the cdscript parameter. This allows remote attackers to inject malicious JavaScript, potentially compromising users’ browsers. The vendor released patched versions after public disclosure.

Grassroots DICOM (GDCM) Out-of-Bounds Write Denial-of-Service Vulnerability | CVE-2025-11266: A parsing bug in the Grassroots DICOM library causes invalid memory access during malformed file handling, leading to segmentation faults and denial of service.

Google Chrome for Android Toolbar Domain Spoofing Vulnerability | CVE-2025-14373: An implementation flaw in Chrome’s Android Toolbar allows attackers to spoof domains by displaying misleading trusted URLs. Exploitation requires victim visitation of malicious pages.

Post Views: 17
What You Missed Last Week

Leave a Reply

Your email address will not be published. Required fields are marked *