Here are the CVE updates for the week of July 14th through the 20th.
🔴 Critical Severity Vulnerabilities
Wing FTP Server Null Byte Code Injection Vulnerability (CISA KEV) | CVE-2025-47812
Description:
Wing FTP Server (prior to version 7.4.4) contained a critical remote code execution vulnerability in the user and admin web interfaces. The vulnerability was due to improper handling of null byte (\0) characters, which allowed attackers to inject arbitrary Lua code into session files. When the server later accessed these files, the malicious code was executed with system-level privileges.
Potential Impacts:
- System Takeover: Attackers could execute arbitrary commands with elevated privileges
- Data Breach: Confidential files could be exposed or manipulated.
- Malware Installation: Attackers could persistently install malicious tools.
- Lateral Movement: A compromised server could be used to infiltrate other systems.
Mitigation Recommendations:
- Upgrade to version 7.4.4 or later.
- Disable anonymous FTP access.
- Run services with least-privilege accounts.
- Regularly audit session and log files.
- Use application-layer firewalls to monitor requests.
Remote Command Execution in Cisco ISE | CVE-2025-20337
Description:
Cisco Identity Services Engine (ISE) and ISE-PIC were vulnerable to unauthenticated remote code execution due to a flaw in input validation within a network API. Attackers could send specially crafted requests to execute operating system commands remotely.
Potential Impacts:
- Remote Takeover: Full control of the affected system.
- Unauthorized Access: Attackers could alter configurations or extract sensitive data.
- Infrastructure Disruption: Network authentication services could be impaired.
- Lateral Exploitation: Used as a foothold to access internal systems.
Mitigation Recommendations:
- Apply the latest Cisco security updates.
- Restrict API access to trusted sources only.
- Implement strict input validation and WAF rules.
- Monitor for unusual outbound connections or API calls.
NVIDIA Container Toolkit Privilege Escalation | CVE-2025-23266
Description:
A vulnerability in the NVIDIA Container Toolkit allowed attackers to manipulate hooks used during container initialization. Malicious inputs could be used to escalate privileges or execute code during container startup.
Potential Impacts:
- Host Escalation: Privilege gain beyond intended container limits.
- Data Tampering: Access to host resources or sensitive files.
- Denial of Service: Containers may be rendered inoperable.
- Persistence: Malware may survive across container reboots.
Mitigation Recommendations:
- Update to the latest NVIDIA Toolkit release.
- Enforce rootless containers where possible.
- Leverage AppArmor or SELinux for runtime control.
- Monitor initialization logs and restrict custom hooks.
🟠 High Severity Vulnerabilities
Leviton Energy Devices XSS | CVE-2025-6185: Leviton AcquiSuite and Energy Monitoring Hub devices were vulnerable to cross-site scripting. Unsanitized inputs allowed attackers to inject JavaScript that executed in the context of a logged-in user.
HPE Telco Orchestrator SQL Injection | CVE-2025-37104: A SQL injection flaw affected authenticated users in HPE Telco Service Orchestrator. Malformed service requests could be used to exfiltrate or manipulate backend data.
Tenda FH451 Buffer Overflow | CVE-2025-7807: A stack-based buffer overflow in the fromSafeUrlFilter function allowed unauthenticated remote attackers to crash or control Tenda FH451 routers. A public proof-of-concept (PoC) raised the risk of widespread exploitation.
🟡 Medium Severity Vulnerabilities
NVIDIA Jetson Linux Side-Channel Leak | CVE-2025-23269: Shared predictor states could allow local attackers to infer sensitive data from kernel-level operations via timing analysis.
Lenovo Vantage Local SQL Injection | CVE-2025-6230: Lenovo Vantage’s local SQLite database accepted unsanitized input, enabling local users to tamper with internal queries and extract or manipulate data.
MaxKB AI Assistant Sandbox Bypass | CVE-2025-53927: MaxKB (versions before 2.0.0) allowed untrusted code to escape the intended sandbox by abusing the shutil.copy2 method, resulting in unauthorized code execution.
Cisco Prime Infrastructure SQL Injection | CVE-2025-20272: Blind SQL injection was possible in Cisco Prime Infrastructure and EPNM APIs, allowing authenticated users with low privileges to probe and enumerate sensitive database content.