CVE Updates (September 15 – 21, 2025)

Vuln Recap Editor,

Here are the CVE updates for the week of September 15th through the 21st.

🔴 Critical Severity Vulnerabilities

Remote Code Execution via Model Name in NVIDIA Triton Python Backend | CVE-2025-23316

Description:
Researchers identified a vulnerability in the Python backend of NVIDIA Triton Inference Server for Windows and Linux. Attackers can supply a manipulated model name parameter to the model control APIs. Consequently, they may trigger remote code execution in the context of the server process. The flaw stems from insufficient validation of model-identifying input passed to the backend.

Potential Impacts:

  • Remote Code Execution (RCE): Attackers can execute arbitrary code on the Triton host.
  • Denial of Service: Exploitation may crash or destabilize the inference server, disrupting ML workloads.
  • Information Disclosure: Sensitive model data, configuration, or runtime secrets may be exposed.
  • Data Tampering: Attackers can alter models, inference results, or configuration, undermining trust.
  • Lateral Movement: Compromised hosts may be used to pivot into other systems.

Mitigation Recommendations:

  • Apply Vendor Fixes: Install NVIDIA’s official patch or upgrade Triton to the fixed version.
  • Restrict Model Control Access: Allow only trusted networks and enforce authentication with RBAC.
  • Disable Unused Backends: Remove the Python backend if it is unnecessary.
  • Validate Inputs: Enforce strict server-side validation of model names and inputs.
  • Run with Least Privilege: Use dedicated low-privilege accounts rather than root/Administrator.
  • Isolate & Harden: Segment Triton servers on dedicated VLANs and use sandboxing.
  • Monitor & Alert: Log model API calls and alert on suspicious or abnormal activity.
  • Temporary Controls: Deploy a WAF or API gateway in front of endpoints if a patch is unavailable.
  • Post-Incident Actions: If compromise occurs, stop the server, rotate secrets, and rebuild from trusted images.

Authentication Bypass via SAS Token in Wondershare Repairit | CVE-2025-10644

Description:
A vulnerability in Wondershare Repairit lets attackers bypass authentication because of incorrect SAS token permissions. Exploiting this flaw grants access to protected functions without valid credentials. Therefore, attackers may execute arbitrary code on endpoints and launch supply-chain attacks.

Potential Impacts:

  • Authentication Bypass: Attackers can access services without credentials.
  • Remote Code Execution (RCE): Arbitrary code may run on affected endpoints.
  • Supply-Chain Compromise: Malicious payloads could reach downstream customers.
  • System & Data Compromise: Attackers may exfiltrate or modify sensitive information.

Mitigation Recommendations:

  • Apply Vendor Fixes: Install Wondershare’s patch once available.
  • Revoke & Regenerate Tokens: Rotate SAS tokens and enforce least-privilege permissions.
  • Restrict Exposure: Use firewalls, allowlists, or VPNs to control Repairit access.
  • Monitor for Abuse: Track abnormal SAS token usage and raise alerts.
  • Harden Endpoints: Deploy EDR/AV and limit endpoint privileges.
  • Incident Preparedness: If compromise occurs, revoke tokens, isolate endpoints, and rebuild securely.

Sandbox Escape & RCE in jinjava (< 2.8.1) | CVE-2025-59340

Description:
Before jinjava 2.8.1, attacker-supplied input could be passed to constructFromCanonical(). This call instructs Jackson’s ObjectMapper to build arbitrary Java types. As a result, attackers can escape the template sandbox and access files or remote resources. With chaining, this flaw may escalate to full RCE.

Potential Impacts:

  • Sandbox Escape: Attackers can bypass template isolation.
  • Local File / URL Access: They may read local files or contact malicious URLs.
  • Remote Code Execution (RCE): Exploitation may enable arbitrary code execution.
  • Data Exposure: Sensitive files, credentials, or secrets could be stolen.
  • Integrity & Availability Risks: Attackers may alter behavior, deploy payloads, or crash the app.

Mitigation Recommendations:

  • Upgrade jinjava: Move to version 2.8.1 or later.
  • Audit Code Paths: Ensure untrusted input never flows to constructFromCanonical().
  • Harden Jackson Config: Disable polymorphic typing and block arbitrary deserialization.
  • Allowlist Types: Permit only explicitly safe classes for construction.
  • Validate Inputs: As a safeguard, sanitize template strings before processing.
  • Sandboxing & Least Privilege: Additionally, run rendering in containers or VMs with minimal privileges.
  • Runtime Controls: Furthermore, enforce restrictions using Java security policies or container rules.
  • Dependency Scanning: For proactive defense, add checks in CI/CD pipelines for vulnerable versions.
  • Detect & Respond: Moreover, monitor for unusual file reads or outbound requests.
  • Compensating Controls: Finally, restrict template-rendering endpoints with allowlists or WAFs.

🟠 High Severity Vulnerabilities

Heap Buffer Overflow in ANGLE | CVE-2025-10502: A flaw in memory handling during graphics operations lets attackers write outside allocated buffers. Consequently, exploitation may cause corruption, crashes, or code execution.

Type Confusion in V8 | CVE-2025-10585: Mishandled object types in V8 enable memory corruption or attacker-controlled code execution. As a result, attackers may hijack the browser or application.

Ashlar-Vellum Cobalt XE File Parsing | CVE-2025-8006: Improper validation of XE files leads to out-of-bounds reads. Because exploitation requires user interaction, such as opening malicious files, attackers may execute code with the current process privileges.

🟡 Medium Severity Vulnerabilities

Privilege Escalation in NVIDIA HGX & DGX Management | CVE-2025-23337: Attackers with BMC admin rights can escalate to HMC administrator. Consequently, they gain full platform management control.

SQL Injection in PHPGurukul User Management System 1.0 | CVE-2025-10624: Unsanitized input in /login.php allows attackers to alter database queries. Therefore, they can manipulate data or extract credentials.

OS Command Injection in sequa-ai sequa-mcp (≤ 1.0.13) | CVE-2025-10619: Attackers can inject OS commands via redirectToAuthorization. Because input validation fails, remote exploitation is possible. Updating to 1.0.14 resolves the issue.

Reflected Cross-Site Scripting (XSS) in Web Management Interface of Network Access Control Services | CVE-2025-37122: Unsanitized input reflected in responses lets attackers craft malicious URLs. Consequently, arbitrary JavaScript executes in victims’ browsers.

Post Views: 33
What You Missed Last Week

Leave a Reply

Your email address will not be published. Required fields are marked *