Here are the CVE updates for the week of June 23rd through 29th.
🔴 Critical Severity Vulnerabilities
D-Link DIR-859 Router – Path Traversal (CISA KEV) | CVE-2024-0769
Description:
A critical path traversal vulnerability affected the D-Link DIR-859 router firmware version 1.06B01. The flaw occurred in the HTTP POST request handler of the /hedwig.cgi endpoint. Here, attackers could manipulate the service parameter with directory traversal input (e.g., ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml) to access unauthorized system files. Since the exploit is publicly available, the likelihood of real-world attacks is high. Notably, the product has reached end-of-life and is no longer supported by the vendor.
Potential Impacts:
- Unauthorized File Access: Attackers can read arbitrary files, including network configurations or credentials.
- Information Disclosure: Data retrieved through traversal can assist attackers in further exploiting the system.
- Increased Attack Surface: Public exploits make this vulnerability easily used in automated attacks.
Mitigation Recommendations:
- Retire the Device: Replace DIR-859 routers with actively supported hardware
- Restrict Network Access: Allow only trusted IPs to reach the device’s web interface.
- Monitor for Exploitation: Check for suspicious requests targeting
/hedwig.cgi. - Use Firewall Rules: Block HTTP POST traffic to the endpoint from unknown sources.
AMI MegaRAC SPx – Authentication Bypass (CISA KEV) | CVE-2024-54085
Description:
A critical vulnerability in AMI’s SPx firmware for the Baseboard Management Controller (BMC) allowed remote attackers to bypass authentication using the Redfish Host Interface. When exploited, attackers could gain unauthorized access to sensitive BMC functionality, significantly compromising system security and reliability.
Potential Impacts:
- Unauthorized Access: Attackers might remotely access critical BMC functions without proper credentials.
- System Compromise: They may change settings, push firmware updates, or restart the system.
- Data Breach: Sensitive system-level data might be exposed.
- Service Disruption: Attackers could degrade or disable BMC operations.
Mitigation Recommendations:
- Apply Vendor Patches: Upgrade to the latest firmware version from AMI or your vendor.
- Restrict Redfish Access: Use firewall rules or VLANs to limit interface access.
- Enable Strong Authentication: Apply multi-layered authentication and disable unused services.
- Monitor for Anomalies: Review logs for unauthorized access to BMC interfaces.
IBM WebSphere – Remote Code Execution via Deserialization | CVE-2025-36038
Description:
IBM WebSphere Application Server versions 8.5 and 9.0 contained a critical remote code execution vulnerability. Unsafe deserialization of user input enabled attackers to send crafted serialized objects to the server. Consequently, this could result in arbitrary code execution without authentication.
Potential Impacts:
- Remote Code Execution: Attackers may run commands on the server.
- Full System Compromise: Attackers could gain complete control over the WebSphere environment.
- Data Breach: Sensitive enterprise data could be accessed.
- Lateral Movement: Attackers may move across systems using the compromised server.
Mitigation Recommendations:
- Apply Security Updates: Upgrade to patched versions of WebSphere.
- Restrict Access: Limit WebSphere admin access to trusted IPs.
- Implement Input Validation: Block deserialization of untrusted data.
- Monitor Logs: Enable logging to detect abnormal serialization activity.
- Use WAF: Deploy a web application firewall to filter malicious payloads.
🟠 High Severity Vulnerabilities
Open VSX – Arbitrary Build Script Execution | CVE-2025-6705: A flaw in the Open VSX publishing pipeline allowed auto-published extensions to run arbitrary build scripts due to lack of CI sandboxing. Attackers could hijack the extension’s service account. Fortunately, the issue was resolved on June 24, 2025.
Dell Unisphere – Static Code Injection | CVE-2025-36595: In version 9.2.4.x of Dell Unisphere for PowerMax, improper directive handling enabled high-privileged remote attackers to inject and execute static code, potentially resulting in full system compromise.
Trusty Whistleblowing – Missing Authorization | CVE-2025-52818: In Trusty Whistleblowing versions up to 1.5.2, a missing authorization control allowed unauthenticated users to access protected functions and data. The flaw arose from incorrect access control level configuration.
🟡 Medium Severity Vulnerabilities
Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability (CISA KEV) | CVE-2019-6693: FortiOS backup files used a static cryptographic key to encrypt data. Attackers with access to backup files could use the known key to decrypt confidential information such as passwords and HA credentials.
Arbitrary Code Execution via DevTools in Google Chrome for Windows | CVE-2025-6557: Chrome DevTools on Windows, before version 138.0.7204.49, suffered from a validation flaw. By tricking a user into opening DevTools on a malicious HTML page, attackers could execute arbitrary code.
Clickjacking Vulnerability in IBM Datacap | CVE-2025-36027: IBM Datacap versions 9.1.7–9.1.9 were vulnerable to clickjacking. Malicious websites could overlay invisible UI elements and trick users into performing unauthorized actions within the Datacap interface.