CVE Updates (December 22 – 28, 2025)

Vuln Recap Editor,

Here are the CVE updates for the week of December 22nd through the 28th.

🔴 Critical Severity Vulnerabilities

Eigent 1-Click Remote Code Execution (RCE) Vulnerability | CVE-2025-68952

Description:
Eigent, a multi-agent workforce platform (version 0.0.60), suffers a critical 1-click remote code execution vulnerability. This flaw allows attackers to execute arbitrary code on a victim’s machine or server with minimal user interaction—just a single click. Consequently, attackers can fully compromise the affected system. Fortunately, Eigent patched this issue in version 0.0.61.

Potential Impacts

  • Remote Code Execution: Attackers execute arbitrary commands on the victim’s system.
  • Full System Compromise: Successful attacks grant full control over the host or server.
  • Data Breach Risk: Sensitive data, credentials, and configuration files may be accessed or exfiltrated.
  • Privilege Escalation: Depending on execution context, attackers may elevate their privileges.
  • Persistent Backdoor Installation: Malicious payloads may install backdoors for long-term access.
  • Service Disruption: Executed code could crash agents or disrupt workflows.
  • Lateral Movement: Compromised systems may pivot to connected environments.

Mitigation Recommendations

  • Upgrade Immediately: Update Eigent to version 0.0.61 or later, where the issue is fixed.
  • Restrict User Interactions: Limit exposure to untrusted links or inputs that trigger exploits.
  • Apply Least Privilege: Run Eigent agents with minimal required permissions.
  • Monitor Suspicious Activity: Review logs for unusual executions or commands.
  • Segment Networks: Isolate Eigent systems from critical infrastructure.
  • Deploy Endpoint Protection: Use EDR or antivirus solutions to detect malicious actions.
  • Promote Security Awareness: Educate users about risks of interacting with untrusted content.

Telenium Online Web Application Perl Code Injection Remote Code Execution | CVE-2025-8769

Description:
The Telenium Online Web Application contains a critical remote code execution vulnerability in a Perl script responsible for loading the login page. Because it fails to properly validate input, attackers can inject arbitrary Perl code via crafted HTTP requests. This enables remote attackers to execute commands on the server hosting the application, potentially leading to full system compromise.

Potential Impacts

  • Remote Code Execution: Attackers execute arbitrary Perl code on the server.
  • Full System Compromise: Attackers gain complete control over the host.
  • Data Breach Risk: Sensitive application data and credentials may be exposed.
  • Privilege Escalation: Code execution may lead to privilege elevation depending on server setup.
  • Persistent Malware Installation: Attackers may install backdoors for long-term access.
  • Service Disruption: Malicious code could crash services or disrupt availability.
  • Lateral Movement: Attackers may use compromised servers to attack internal systems.

Mitigation Recommendations

  • Apply Vendor Fixes: Update Telenium to patched versions as soon as possible.
  • Harden Input Validation: Enforce strict server-side checks and sanitization.
  • Restrict Script Execution: Limit Perl script permissions and avoid dynamic code evaluation.
  • Deploy WAF: Use firewall rules to block code injection attempts in HTTP requests.
  • Use Least Privilege: Run the application under a low-privilege account.
  • Monitor Logs: Watch for abnormal requests or execution errors.
  • Segment Networks: Isolate application servers to minimize impact.

FaceSentry Access Control System Hard-Coded Credentials & Privilege Escalation | CVE-2019-25241

Description:
FaceSentry Access Control System version 6.4.8 contains hard-coded SSH credentials for the wwwuser account. Attackers who obtain SSH access with these credentials can exploit an insecure sudoers configuration that allows passwordless sudo commands. Thus, attackers can escalate privileges and gain root access.

Potential Impacts

  • Unauthorized System Access: Attackers log in via SSH using hard-coded credentials.
  • Privilege Escalation: Sudoers misconfiguration allows root access without authentication.
  • Full System Compromise: Root access leads to complete OS control.
  • Data Exposure/Manipulation: Sensitive data and logs may be accessed or altered.
  • Persistence: Attackers can install backdoors or additional accounts.
  • Operational Disruption: Physical access control operations may be interrupted.
  • Lateral Movement: The compromised system could serve as a pivot point.

Mitigation Recommendations

  • Remove Hard-Coded Credentials: Immediately change or remove the wwwuser SSH credentials.
  • Restrict SSH Access: Disable SSH where not needed or limit it using IP whitelists and keys.
  • Fix sudoers Config: Enforce authentication for sudo commands and remove passwordless permissions.
  • Update or Patch: Apply vendor fixes or upgrade FaceSentry to secure versions.
  • Audit Logs and Accounts: Check system users, SSH, and sudo logs for suspicious activity.
  • Enforce Least Privilege: Limit permissions on service accounts.
  • Segment Networks: Isolate access control systems from broader IT networks.
  • Enable Continuous Monitoring: Use IDS or endpoint detection for abnormal privilege usage.

Microhard Systems IPn4G Hardcoded Default Credentials Vulnerability | CVE-2018-25147

Description:
Microhard Systems IPn4G version 1.1.0 contains hardcoded default credentials that administrators cannot change. These credentials provide root-level access permanently embedded in the system. Attackers who discover these credentials can remotely log in and control the device, as administrators cannot revoke or rotate these credentials.

Potential Impacts

  • Unauthorized Root Access: Attackers use hardcoded credentials for full root control.
  • Complete Device Compromise: Attackers control configuration, services, and firmware.
  • Network Exposure: Compromised devices can serve as entry points into networks.
  • Configuration Manipulation: Attackers alter routing, firewall rules, or network parameters.
  • Persistent Backdoor: Credentials cannot be disabled, allowing repeated access.
  • Data Interception/Manipulation: Traffic passing through may be monitored or altered.
  • Service Disruption: Malicious changes may cause outages or denial of service.

Mitigation Recommendations

  • Apply Vendor Patches: Upgrade to firmware versions removing hardcoded credentials.
  • Restrict Management Access: Limit admin interfaces to trusted IPs only.
  • Disable Remote Management: Turn off SSH, Telnet, or web admin if unused.
  • Segment Networks: Isolate IPn4G devices from critical systems and public networks.
  • Monitor Logins: Check logs for unexpected root access or config changes.
  • Implement Controls: Use firewalls, VPNs, or jump hosts to restrict admin access.
  • Replace Devices: If unfixable, migrate to supported hardware without hardcoded credentials.

🟠 High Severity Vulnerabilities

Digiever DS-2105 Pro Missing Authorization Vulnerability (CISA KEV) | CVE-2023-52163: The DS-2105 Pro’s time_tzsetup.cgi component suffers from insufficient input validation, allowing attackers to inject and execute arbitrary commands. Exploitation leads to OS-level command execution.

LibreDesk Stored HTML Injection | CVE-2025-68927: LibreDesk’s contact notes feature improperly sanitizes input, enabling attackers to inject arbitrary HTML elements by removing wrapping <p> tags, leading to stored HTML injection affecting users viewing the contact record.

Yealink T21P_E2 Remote Code Execution | CVE-2025-68927: A flaw in the diagnostic ping function permits remote attackers with normal privileges to execute arbitrary code, potentially fully compromising affected IP phones.

Smartwares HOME easy Authentication Bypass Vulnerability | CVE-2019-25235: Smartwares HOME easy relies on client-side JavaScript for authentication. Attackers can bypass access controls by disabling JavaScript, gaining unauthorized admin access.

Rifatron 5brid DVR Unauthenticated Live Video Access Vulnerability | CVE-2019-25240: An unauthenticated flaw in the Mobile Web Viewer allows attackers to retrieve live video snapshots without login, exposing live feeds.

🟡 Medium Severity Vulnerabilities

PandaXGO PandaX Hard-Coded JWT Secret Vulnerability | CVE-2025-15108: PandaXGO uses a hardcoded JWT cryptographic key, weakening authentication security. Although difficult to exploit, the vulnerability has been publicly disclosed; vendor response is pending.

Sciter Sensitive Information Disclosure | CVE-2024-29720: Local attackers can obtain sensitive information due to improper handling of internal data during the adopt operation in the video rendering component.

Nozomi Networks ICS XML Validation Cross-Site Scripting (XSS) Vulnerability | CVE-2025-8075: Poor XML validation in Nozomi Networks products allows attackers to inject malicious scripts, leading to unauthorized actions via the management interface. Patched firmware is available.

Post Views: 10
What You Missed Last Week

Leave a Reply

Your email address will not be published. Required fields are marked *