Here are the CVE updates for the week of July 21st through the 27th.
🔴 Critical Severity Vulnerabilities
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability (CISA KEV) | CVE-2025-53770
Description:
Microsoft SharePoint Server (on-premises) suffers from a critical deserialization flaw caused by processing untrusted data. Consequently, unauthorized remote attackers can execute arbitrary code without authentication. Since this vulnerability is actively exploited, administrators should act immediately. Although Microsoft is still testing a full patch, interim mitigation guidance has been published.
Potential Impacts:
- Remote Code Execution (RCE): Attackers may run arbitrary code on affected systems.
- System Compromise: Complete control over the SharePoint environment can be gained.
- Data Breach: Sensitive SharePoint content might be exposed or altered.
- Persistence: Attackers could create backdoors for continued access.
Mitigation Recommendations:
- Apply Microsoft’s interim mitigation steps without delay.
- Restrict SharePoint access to only trusted networks.
- Enable detailed logging and monitor SharePoint traffic.
- Prepare systems for the forthcoming patch.
- Review deserialization logic in custom features and secure them accordingly.
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability (CISA KEV) | CVE-2025-2776
Description:
SysAid On-Prem (version 23.3.40 and earlier) contains an XML External Entity (XXE) vulnerability due to insecure XML parsing in the Server URL feature. Remote attackers can exploit this flaw by sending crafted XML payloads, which can read sensitive files or escalate privileges—without requiring authentication. Therefore, the threat is significant in exposed environments.
Potential Impacts:
- Admin Takeover: Unauthorized users could gain full administrative control.
- Sensitive File Access: Important files such as configurations or credentials might be leaked.
- System Breach: Attackers could use this as a starting point for further intrusions.
- Data Loss: Internal data may be exposed without detection.
Mitigation Recommendations:
- Upgrade to a version later than 23.3.40.
- Disable external entity processing in all XML parsers.
- Limit public network access to SysAid instances.
- Monitor server logs for unusual XML activities.
- Deploy a Web Application Firewall (WAF) to filter malicious requests.
CrushFTP Unprotected Alternate Channel Vulnerability (CISA KEV) | CVE-2025-54309
Description:
CrushFTP versions 10 (before 10.8.5) and 11 (before 11.3.4_23) are vulnerable when the DMZ proxy is disabled. Improper AS2 validation over HTTPS allows unauthenticated attackers to gain administrative access. Since active exploitation has been confirmed in July 2025, urgent remediation is required.
Potential Impacts:
- Admin Access: Attackers could fully control the CrushFTP server.
- System Compromise: Malicious actions such as data theft or server configuration changes become possible.
- Privilege Escalation: Attackers might affect other services or accounts
- Security Bypass: Crucial controls could be evaded.
Mitigation Recommendations:
- Upgrade to CrushFTP version 10.8.5 or 11.3.4_23 immediately.
- Enable the DMZ proxy feature as an extra defense layer.
- Limit access to the admin panel via VPN or IP allowlists.
- Review logs for suspicious AS2 activity.
- Enforce least privilege access across users and services.
🟠 High Severity Vulnerabilities
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability (CISA KEV) | CVE-2025-2775: SysAid On-Prem is also vulnerable through its check-in processing feature. Attackers can submit malicious XML payloads and access files or gain admin rights—all without authentication. Consequently, exposed environments face elevated risks.
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability (CISA KEV) | CVE-2025-6558: Google Chrome (before version 138.0.7204.157) fails to validate user input properly in ANGLE and GPU modules. When attackers trick users into opening crafted HTML pages, they can potentially bypass sandbox protections and execute code.
Command Injection via Line Breaks in Roo Code Autonomous Coding Agent | CVE-2025-54377: Roo Code, an autonomous AI coding assistant, fails to sanitize newline characters in command inputs (version ≤ 3.23.18). As a result, attackers can inject and execute unauthorized commands. Version 3.23.19 resolves this vulnerability.
🟡 Medium Severity Vulnerabilities
Microsoft SharePoint Improper Authentication Vulnerability (CISA KEV) | CVE-2025-49706: Microsoft SharePoint contains a spoofing vulnerability that allows attackers to impersonate users. Due to improper authentication handling, forged credentials may be accepted, which can lead to unauthorized access.
Inclusion of Functionality from Untrusted Control Sphere Leading to Remote Code Execution | CVE-2025-36728: This vulnerability allows attackers to trick users into triggering arbitrary code execution. It does not require authentication, but social engineering and manipulated content are usually necessary.
CNCF Harbor ORM Credential Leak | CVE-2025-30086: In CNCF Harbor versions 2.13.x (before 2.13.1) and 2.12.x (before 2.12.4), a flaw in the /api/v2.0/users endpoint exposes password hashes and salts. By manipulating the q parameter, attackers can retrieve these values character by character.