Here are the CVE updates for the week of November 24th through the 30th.
🔴 Critical Severity Vulnerabilities
Memory Management Module Permission Control Vulnerability | CVE-2025-64314
Description:
A permission control flaw exists in the memory management module, and because of this weakness, unauthorized users can access memory regions that should stay restricted. As attackers exploit this vulnerability, they may retrieve sensitive information stored in memory, which directly threatens confidentiality. Moreover, exposed memory often leads to deeper compromise since attackers can chain additional exploits.
Potential Impacts
- Confidentiality Breach: Attackers can view sensitive data, credentials, and internal system information.
- Unauthorized Data Exposure: Critical internal values, session details, and security-related memory structures may be leaked to unauthorized users.
- Further Exploitation: Once memory contents are exposed, attackers can craft more advanced attacks.
- Cross-Tenant Risks: Multi-tenant environments may unintentionally reveal data across users or processes.
Mitigation Recommendations
- Apply Vendor Patches Immediately: Update to the most recent version that resolves the flaw.
- Enable Memory Protections: Use ASLR, DEP, and other OS-level memory safeguards.
- Restrict Access to Sensitive Processes: Allow only trusted applications and users to interact with affected components.
- Monitor for Suspicious Memory Access: Deploy EDR tools to detect abnormal or unauthorized memory reads.
- Implement Least Privilege: Reduce permissions for processes that do not require memory-level access.
Mattermost Authentication Flow Token Validation Vulnerability | CVE-2025-12421
Description:
Mattermost versions 11.0.x ≤ 11.0.2, 10.12.x ≤ 10.12.1, 10.11.x ≤ 10.11.4, and 10.5.x ≤ 10.5.12 contain a flaw in the SSO code-exchange flow. Because the token used during the exchange isn’t validated properly, an authenticated attacker can take over accounts simply by crafting a malicious email address, switching authentication methods, and sending a request to /users/login/sso/code-exchange. The risk grows significantly when ExperimentalEnableAuthenticationTransfer is enabled (default) and RequireEmailVerification is disabled (default).
Potential Impacts
- Account Takeover: Attackers may gain full access to another user’s account.
- Unauthorized Data Access: Private messages, files, and channels may be exposed.
- Privilege Escalation: Attackers may target admin accounts for broader control.
- Data Integrity Risks: Compromised users can modify or delete information.
- Operational Disruption: Team communication and workflows may be interrupted.
Mitigation Recommendations
- Apply Vendor Patches Immediately: Update to the patched versions that fix token validation.
- Disable Authentication Transfer: Set ExperimentalEnableAuthenticationTransfer = false.
- Require Email Verification: Set RequireEmailVerification = true to strengthen identity checks.
- Monitor Authentication Logs: Track anomalies in SSO code-exchange activity or rapid login method changes.
- Restrict Account Settings Access: Limit who can modify email addresses or authentication methods.
- Strengthen Access Policies: Enforce MFA and apply least-privilege principles.
SDMC NE6037 Router Network Diagnostics Shell Command Injection | CVE-2025-8890
Description:
SDMC NE6037 routers running firmware before 7.1.12.2.44 contain a command injection flaw in the network diagnostics tool. Although the admin portal is typically LAN-only, an authenticated attacker can still exploit this function to execute system-level commands. Once exploited, this flaw grants elevated privileges on the device, which allows deep control of the router.
Potential Impacts
- Remote Command Execution: Attackers can run arbitrary commands with elevated privileges.
- Full Device Compromise: Router configurations or firmware may be modified.
- Traffic Interception: Attackers can intercept or redirect network traffic.
- Persistence Installation: Malicious users or scripts may be added.
- Lateral Movement: Attackers may pivot deeper into the internal network.
Mitigation Recommendations
- Upgrade Firmware Immediately: Install version 7.1.12.2.44 or later.
- Restrict Admin Portal Access: Keep the admin interface limited to trusted LAN hosts.
- Use Strong Authentication: Replace defaults and enforce complex passwords.
- Monitor Router Logs: Look for unusual diagnostic or command activity.
- Segment Networks: Use VLANs to reduce movement if the router becomes compromised.
- Disable Unused Tools: Turn off network diagnostic utilities when not needed.
Ray AI Compute Engine Browser-Exploitable Remote Code Execution Vulnerability | CVE-2025-62593
Description:
Ray versions prior to 2.52.0 contain a critical RCE vulnerability that becomes exploitable through a web browser. Because Ray relies on identifying a User-Agent beginning with “Mozilla,” attackers can bypass this weak check through the fetch specification. When this flaw combines with a DNS rebinding attack, simply visiting a malicious webpage can trigger remote code execution inside a developer’s Ray environment.
Potential Impacts
- Remote Code Execution (RCE): Arbitrary commands may run on the developer’s machine.
- Local Environment Compromise: Sensitive datasets, config files, and development assets can be accessed.
- AI Pipeline Manipulation: Attackers may alter models, training runs, or workflows.
- Malware Installation: Persistent backdoors or spyware may be deployed.
- Lateral Movement: Attackers may extend into internal networks.
Mitigation Recommendations
- Upgrade Immediately: Install Ray version 2.52.0 or later.
- Avoid Untrusted URLs: Don’t browse unknown sites while Ray is running.
- Use Network Isolation: Place Ray behind firewalls or run it on isolated networks.
- Restrict Dashboard Exposure: Limit dashboard access to
localhost. - Enable Browser Hardening: Block scripts and disable DNS-rebinding-prone settings.
🟠 High Severity Vulnerabilities
OpenPLC ScadaBR Cross-site Scripting Vulnerability (CISA KEV) | CVE-2021-26829: A stored XSS flaw exists in OpenPLC ScadaBR through Linux version 0.9.1 and Windows version 1.12.4. Because malicious input can be stored in system_settings.shtm, any user who views the page unknowingly triggers the payload, enabling persistent browser-side compromise.
Eaton Galileo Software Path Traversal Leading to Unauthorized Code Execution | CVE-2025-59890: A path traversal flaw allows attackers to escape intended directories and potentially execute unauthorized code, putting system integrity at significant risk.
Gorilla Tag Mods Console Path Traversal | CVE-2025-65952: Console versions prior to 2.8.0 allow attackers to use backslashes and periods to escape directory paths. As a result, they can write files outside the intended environment, leading to broader system compromise.
Mozart FM Transmitter DoS via unlink() Loop | CVE-2025-66252: Improper error handling causes the application to enter an infinite loop if unlink() repeatedly fails. This exhausts system resources and results in a denial of service.
🟡 Medium Severity Vulnerabilities
Netskope NS Client Improper Driver Loading (DoS) | CVE-2025-11156: A flaw in how the NS Client loads drivers allows an authenticated attacker to load it as a generic kernel service. Consequently, the system may crash (BSOD), resulting in a local denial of service.
Apache CloudStack Access Control Validation Flaw | CVE-2025-59454: Several APIs lack sufficient access validation. As a result, authenticated users may retrieve data outside their intended scope. The issue is fixed in versions 4.20.2.0 and 4.22.0.0.
WordPress AYS AI ChatBot Unauthorized Media Upload | CVE-2025-13381: Because the plugin fails to perform a proper capability check in ays_chatgpt_save_wp_media, unauthenticated users may upload files without permission, exposing the system to harmful uploads.