CVE Updates (November 10 – 16, 2025)

Vuln Recap Editor,

Here are the CVE updates for the week of November 10th through the 16th.

🔴 Critical Severity Vulnerabilities

Samsung Mobile Devices Out-of-Bounds Write Vulnerability (CISA KEV) | CVE-2025-21042

Description:
An out-of-bounds write vulnerability exists in the libimagecodec.quram.so library on Samsung devices prior to SMR Apr-2025 Release 1. Typically, a remote attacker exploits this flaw by sending a maliciously crafted image file, which triggers memory corruption. Consequently, the attacker can execute arbitrary code on the affected device.

Potential Impacts:

  • Remote Code Execution (RCE): If the user opens or processes a malicious image, the device could be fully compromised.
  • Data Exposure: Photos, messages, credentials, and app data may be accessed.
  • Privilege Escalation: Attackers might gain elevated privileges depending on the attack vector.
  • Device Takeover: Installation of apps, spying on user activity, or pivoting to other attacks becomes possible.

Mitigation Recommendations:

  • Update immediately to SMR Apr-2025 Release 1 or later.
  • Avoid opening untrusted or suspicious image files until patched.
  • Enable Google Play Protect and keep apps updated.
  • Use Mobile Device Management (MDM) to enforce patch compliance, especially in enterprises.

Gladinet Triofox Improper Access Control Vulnerability (CISA KEV) | CVE-2025-12480

Description:
An Improper Access Control flaw affects Triofox versions before 16.7.10368.56560. Despite completing installation and configuration, unauthorized users can access the platform’s initial setup pages. These pages may expose sensitive configuration options or allow unintended system reconfiguration.

Potential Impacts:

  • Unauthorized Configuration Changes: Attackers might modify system settings or initial parameters.
  • Exposure of Sensitive Information: Credentials, server details, or internal environment info could be revealed.
  • Privilege Escalation: If setup pages permit admin changes, attackers could gain elevated access.
  • Service Disruption: Misconfigurations might cause downtime or performance degradation.
  • Increased Attack Surface: Setup functions may open further exploitation paths.

Mitigation Recommendations:

  • Upgrade Triofox to version 16.7.10368.56560 or later where this issue is fixed.
  • Restrict external access to management interfaces using firewalls or VPNs.
  • Monitor logs for suspicious attempts to access setup-related paths.
  • Disable leftover or obsolete setup components.
  • Enforce MFA for all administrative access.
  • Conduct regular security audits post-deployment.

WatchGuard Firebox Out-of-Bounds Write Vulnerability (CISA KEV) | CVE-2025-9242

Description:
An Out-of-Bounds Write vulnerability affects WatchGuard Fireware OS configured with IKEv2 in Mobile User VPN and Branch Office VPN using dynamic gateway peers. A remote, unauthenticated attacker can send crafted network traffic that triggers memory corruption, potentially leading to arbitrary code execution.

Potential Impacts:

  • Remote Code Execution: Attackers may gain full device control.
  • Firewall & Network Takeover: Compromised devices can facilitate lateral movement or firewall policy changes.
  • Traffic Manipulation: VPN traffic interception, decryption, or alteration becomes possible.
  • Persistent Access: Attackers might implant backdoors or modify binaries for long-term footholds.
  • Service Disruption: Device crashes or instability may occur.

Mitigation Recommendations:

  • Update Fireware OS to the latest patched version immediately.
  • Disable IKEv2-based VPNs if not in active use.
  • Restrict VPN gateway exposure through network segmentation and access-control policies.
  • Monitor logs for unusual VPN activity or failed tunnel initiations.
  • Apply IPS/IDS rules with updated signatures.
  • Limit administrative interface access to trusted networks only.

Fortinet FortiWeb Path Traversal Vulnerability (CISA KEV) | CVE-2025-64446

Description:
A relative path traversal vulnerability exists in Fortinet FortiWeb versions 7.x and 8.x. This flaw allows attackers to manipulate file paths via crafted HTTP(S) requests, bypassing directory restrictions. Consequently, attackers may execute administrative commands with elevated privileges, leading to full system compromise.

Potential Impacts:

  • Remote Admin Command Execution: Attackers can run privileged commands on the appliance.
  • Full System Compromise: Configuration, policies, logging, certificates, and system files could be modified.
  • WAF Bypass: Protections may be disabled, exposing downstream applications.
  • Data Exfiltration: Sensitive logs, credentials, and backend configuration may be accessed.
  • Lateral Movement: The compromised WAF could pivot attacks into internal networks.
  • Service Disruption: Malicious commands might cause downtime or instability.

Mitigation Recommendations:

  • Upgrade FortiWeb to the latest patched version immediately.
  • Restrict admin interface access to trusted IPs or network segments.
  • Deploy web filtering and WAF rules that block path traversal patterns (e.g., “../”).
  • Monitor logs for suspicious path elements.
  • Segment networks to isolate FortiWeb appliances from open external networks.
  • Maintain regular offline backups for recovery.

🟠 High Severity Vulnerabilities

Microsoft Windows Race Condition Vulnerability (CISA KEV) | CVE-2025-62215: A race condition exists in the Windows Kernel caused by improper synchronization of shared system resources. Local authorized attackers can exploit this to elevate privileges by timing concurrent operations. As a result, attackers may manipulate kernel processes to gain higher permissions.

Information Disclosure in SourceCodester Simple Online Book Store System | CVE-2025-63891: The Simple Online Book Store System has a severe info disclosure flaw. Its database backup file (/obs/database/obs_db.sql) is publicly accessible without authentication, exposing the entire schema, data, and credential hashes to remote attackers.

Improper Email Parsing Leading to Misdirected Emails | CVE-2025-13033: An email parsing library flaw causes misdirected emails due to improper handling of crafted recipient addresses. Attackers can trick the system into sending sensitive emails to external addresses, bypassing filters and exposing confidential info.

Use-After-Free Vulnerability in Google Chrome on iOS (UI Gesture Exploit) | CVE-2024-9126: Google Chrome on iOS versions before 127.0.6533.88 contains a use-after-free vulnerability triggered by crafted UI gestures. This flaw leads to heap corruption, potentially allowing arbitrary code execution or browser instability.

🟡 Medium Severity Vulnerabilities

Authenticated SQL Injection Vulnerability in Cloudlog (vucc_details_ajax Function) | CVE-2025-64084: Cloudlog versions 2.7.5 and earlier contain an authenticated SQL injection in the vucc_details_ajax function. Insufficient sanitization of the Gridsquare POST parameter lets logged-in attackers inject SQL commands, risking full backend database compromise.

Information Disclosure via Search Enumeration in Directus | CVE-2025-64084: Directus versions prior to 11.13.0 leak information during searches on masked fields. Authenticated users with read access can infer sensitive data through response patterns, despite actual field values being hidden.

Post Views: 4
What You Missed Last Week

Leave a Reply

Your email address will not be published. Required fields are marked *