CVE Updates (January 19 – 25, 2026)

Vuln Recap Editor,

Here are the CVE updates for the week of January 19th through 25th.

🔴 Critical Severity Vulnerabilities

Versa Concerto Improper Authentication Vulnerability (CISA KEV) | CVE-2025-34026

Description:
An authentication bypass vulnerability affects the Versa Concerto SD-WAN orchestration platform. Specifically, a misconfiguration in the Traefik reverse proxy allows attackers to bypass authentication controls. As a result, unauthorized users can reach sensitive administrative endpoints. Most importantly, the exposed Actuator endpoint reveals heap dumps and trace logs, which often contain diagnostic details and sensitive system data. Therefore, attackers can gather internal information without valid credentials. This issue impacts Versa Concerto versions 12.1.2 through 12.2.0, and it may affect additional builds as well.

Potential Impacts

  • Authentication Bypass: Attackers can access administrative interfaces without credentials.
  • Information Disclosure: Heap dumps and logs may expose sensitive system data.
  • System Reconnaissance: Attackers can map application components and runtime details.
  • Privilege Escalation: Exposed data may help attackers gain higher privileges.
  • Service Disruption: Unauthorized administrative actions could interrupt operations.

Mitigation Recommendations

  • Upgrade Software: Install the latest patched version of Versa Concerto.
  • Secure Traefik Configuration: Enforce authentication on all proxy routes.
  • Restrict Access: Limit Actuator endpoints to trusted internal networks.
  • Monitor Logs: Detect and investigate suspicious administrative access attempts.
  • Strengthen Authentication: Require MFA and strong credential policies.
  • Perform Security Audits: Regularly review reverse proxy and platform configurations.

Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability (CISA KEV) | CVE-2024-37079

Description:
VMware vCenter Server contains a heap overflow vulnerability in its DCERPC protocol implementation. An attacker with network access can send a specially crafted packet to trigger the flaw. Consequently, the server may execute arbitrary code. Because vCenter manages virtual infrastructure, successful exploitation can lead to full system compromise.

Potential Impacts

  • Remote Code Execution: Attackers can run arbitrary code without authentication.
  • Full System Compromise: Attackers may gain control of the host OS.
  • Service Disruption: The server may crash or become unavailable.
  • Lateral Movement: Attackers may pivot to other virtual infrastructure systems.

Mitigation Recommendations

  • Apply Patches: Update vCenter Server to the latest secure release.
  • Segment Networks: Restrict access to trusted management networks only.
  • Monitor Traffic: Watch for unusual or malformed DCERPC activity.
  • Harden Access Controls: Use strict firewall and admin access policies.
  • Conduct Security Audits: Regularly assess virtual infrastructure security.

free5GC NRF Access Token Scope Validation Bypass | CVE-2025-66719

Description:
free5GC NRF v1.4.0 contains a logic flaw in the AccessTokenScopeCheck() function. When attackers supply a specially crafted targetNF value, the system skips scope validation. Consequently, the platform may issue tokens with unauthorized or elevated scopes. Therefore, attackers can access restricted network functions without proper authorization.

Potential Impacts

  • Privilege Escalation: Attackers can obtain high-privilege tokens.
  • Unauthorized Access: Malicious actors may reach protected 5G services.
  • Service Abuse: Attackers could manipulate signaling or subscriber data.
  • Lateral Movement: Broad token scopes may enable cross-function access.

Mitigation Recommendations

  • Upgrade free5GC: Install a version that properly validates scopes.
  • Validate Token Requests: Enforce strict checks on targetNF and scopes.
  • Apply Least Privilege: Limit default token permissions.
  • Monitor Token Usage: Log and review abnormal token activity.
  • Segment Network Functions: Restrict communication paths between services.

🟠 High Severity Vulnerabilities

Cisco Unified Communications Products Code Injection Vulnerability (CISA KEV) | CVE-2026-20045: Cisco Unified Communications products fail to properly validate HTTP input in their management interface. Therefore, an unauthenticated attacker can send crafted requests that execute OS commands. Initially, the attacker gains user-level access; however, privilege escalation may follow, leading to full device control.

Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability (CISA KEV) | CVE-2025-68645: Zimbra ZCS improperly handles request parameters in the Webmail Classic UI. As a result, attackers can manipulate requests to include arbitrary files from the WebRoot directory. Consequently, sensitive files may become accessible.

Vite Vitejs Improper Access Control Vulnerability (CISA KEV) | CVE-2025-31125: Vite exposes restricted files when applications publicly expose the development server. Specifically, attackers can use crafted query parameters to retrieve unintended file contents. Therefore, sensitive project files may leak.

Prettier eslint-config-prettier Embedded Malicious Code Vulnerability (CISA KEV) | CVE-2025-31125: Compromised versions of eslint-config-prettier include malicious install scripts. When developers install the package, the script executes malware on Windows systems. Consequently, attacker code can compromise development environments.

🟡 Medium Severity Vulnerabilities

Firecracker Jailer UNIX Symbolic Link Following Vulnerability | CVE-2026-1386: Firecracker’s jailer component follows symbolic links during initialization. Therefore, a local attacker can create malicious symlinks that redirect file operations. When the jailer runs as root, it may overwrite critical host files.

YetiShare File Hosting Script Server-Side Request Forgery (SSRF) Vulnerability | CVE-2021-47899: YetiShare allows remote file uploads through a URL parameter. However, attackers can supply a file:/// path instead. As a result, the system may read arbitrary local files such as /etc/passwd.

miniserve Arbitrary File Overwrite via TOCTOU and Symlink Race | CVE-2025-67124: miniserve contains a race condition in its upload finalization process. An attacker can replace a validated path with a malicious symlink before the write occurs. Consequently, uploaded content may overwrite files outside the intended directory.

Post Views: 7
What You Missed Last Week

Leave a Reply

Your email address will not be published. Required fields are marked *