Here are the CVE updates for the week of May 19th through the 25th.
CRITICAL SEVERITY VULNERABILITIES
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability | CVE-2025-22462 (CISA KEV)
Description: A critical authentication bypass vulnerability has been discovered in Ivanti Neurons for ITSM (on-premises only) versions prior to 2023.4, 2024.2, and 2024.3 that have not applied the May 2025 Security Patch. The flaw allows a remote, unauthenticated attacker to gain administrative access to the system by exploiting improper authentication checks. Successful exploitation could result in full control over the ITSM environment.
Potential Impacts:
- Unauthorized Administrative Access: Attackers may gain full access to sensitive IT service management functions.
- Data Breach: Confidential organizational data managed by ITSM could be exposed or manipulated.
- Service Disruption: Malicious changes may disrupt IT operations and workflows.
- Privilege Escalation: Attackers can perform high-level actions without valid credentials.
Mitigation Recommendations:
- Security Patch: Ensure your Ivanti Neurons for ITSM system is updated to 2023.4, 2024.2, or 2024.3 with the latest patch.
- Restrict Network Access: Limit external access to the ITSM interface through firewalls and VPNs.
- Monitor Logs: Enable and review audit logs for unusual or unauthorized activity.
- Enforce MFA: Strengthen access controls by enforcing multi-factor authentication on all administrative interfaces.
Gmail Token Exposure Vulnerability in PrinterShare Android Application | CVE-2025-5098
Description: A vulnerability in the PrinterShare Android application allows unauthorized capture of Gmail authentication tokens. These tokens can be reused to gain access to a user’s Gmail account without requiring further authentication. The flaw stems from improper handling or exposure of sensitive authentication data within the app, enabling potential misuse by malicious actors or other applications with access to the same environment.
Potential Impacts:
- Unauthorized Account Access: Attackers can use captured tokens to access Gmail accounts without user consent.
- Data Exposure: Emails, contacts, and personal data may be exposed through unauthorized Gmail access.
- Account Compromise: Malicious use of the account could include sending phishing emails or deleting data.
- Privacy Violation: Sensitive personal or business correspondence may be leaked or misused.
Mitigation Recommendations:
- Update the Application: Users should ensure they are running the latest version of PrinterShare with security patches applied.
- Revoke Gmail Access: Users should revoke the app’s access to their Gmail account via Google Account settings and re-authenticate securely.
- Monitor Account Activity: Check recent Gmail login activity and enable alerts for suspicious sign-ins.
- Use App Passwords and OAuth Best Practices: Developers should adopt secure token handling and avoid storing or transmitting sensitive tokens insecurely.
- Enable Two-Factor Authentication (2FA): This adds a layer of protection even if a token is compromised.
HIGH SEVERITY VULNERABILITIES
ZKTeco BioTime Path Traversal Vulnerability | CVE-2023-38950 (CISA KEV): A path traversal vulnerability exists in the iclock API of ZKTeco BioTime version 8.5.5. This flaw allows unauthenticated remote attackers to read arbitrary files on the server by submitting specially crafted requests containing traversal sequences (e.g., ../). The vulnerability arises from improper input validation in file path handling, enabling access to sensitive files outside the intended directory structure.
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability | CVE-2023-38950(CISA KEV): A remote code execution vulnerability has been identified in the API component of Ivanti Endpoint Manager Mobile (EPMM) versions 12.5.0.0 and prior on unspecified platforms. The issue arises from insufficient validation of API input, allowing authenticated attackers to craft malicious API requests that result in the execution of arbitrary code on the underlying system. Exploitation of this flaw could lead to full system compromise.
MEDIUM SEVERITY VULNERABILITIES
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability | CVE-2024-27443 (CISA KEV): A Cross-Site Scripting (XSS) vulnerability has been identified in Zimbra Collaboration Suite (ZCS) versions 9.0 and 10.0, specifically in the CalendarInvite feature of the classic webmail user interface. The flaw is due to improper input validation in how the calendar header is processed. An attacker can exploit this vulnerability by sending a specially crafted email containing a malicious calendar header. When the victim views the message using the classic Zimbra webmail interface, the embedded XSS payload is executed within the victim’s session, allowing execution of arbitrary JavaScript.
Srimax Output Messenger Directory Traversal Vulnerability | CVE-2025-27920 (CISA KEV): A directory traversal vulnerability was discovered in Output Messenger versions prior to 2.0.63 due to improper handling of file paths in request parameters. Attackers could exploit this flaw by using ../ sequences to access files outside the intended directory scope. This could result in unauthorized disclosure of sensitive files, including configuration data or system files, potentially exposing credentials or internal logic.
MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability | CVE-2024-11182 (CISA KEV): A cross-site scripting (XSS) vulnerability has been identified in MDaemon Email Server versions prior to 24.5.1c. The flaw exists in the webmail component, where HTML email content is improperly sanitized. A remote attacker can exploit this vulnerability by sending a specially crafted HTML email containing JavaScript embedded within an <img> tag. When a recipient views the email through the webmail interface, the malicious script executes in the context of the user’s browser, potentially compromising session data or allowing further client-side attacks.
Access Control Vulnerability in Grafana OSS Enabling Deletion of Server Administrator Accounts | CVE-2025-3580: A vulnerability has been identified in Grafana OSS that allows an Organization administrator to permanently delete the Server administrator account via the DELETE /api/org/users/ endpoint. This issue arises when the Server administrator is either not assigned to any organization or shares the same organization as the Organization administrator. Exploitation of this vulnerability can lead to a total loss of administrative control over the Grafana instance, rendering it unmanageable if no other Server administrators remain.