CVE Updates (September 8 – 14, 2025)

Vuln Recap Editor,

Here are the CVE updates for the week of September 8th through the 14th.

🔴 Critical Severity Vulnerabilities

Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability (CISA KEV) | CVE-2025-5086

Description:
A deserialization of untrusted data vulnerability exists in DELMIA Apriso from Release 2020 through Release 2025. Because the system fails to properly validate serialized objects, attackers can supply crafted payloads. When processed, these payloads allow Remote Code Execution (RCE). Consequently, attackers can gain complete control of the affected system.

Potential Impacts:

  • Remote Code Execution (RCE): Execution of arbitrary commands on the vulnerable host.
  • Application Takeover: Consequently, attackers could assume full control of the DELMIA Apriso environment and dependent services.
  • Data Exposure/Manipulation: For example, sensitive manufacturing and supply chain data may be stolen, altered, or destroyed.
  • Persistence: Moreover, attackers may implant backdoors or malware for ongoing access.
  • Business Disruption: As a result, downtime and operational impact on production systems may occur.

Mitigation Recommendations:

  • Upgrade Software: Apply the latest security fixes or upgrade to a release beyond 2025 where this issue is patched.
  • Serialization Controls: In addition, restrict or disable deserialization of untrusted input and enforce strict validation.
  • Network Hardening: Furthermore, limit exposure of Apriso services to internal or trusted networks only.
  • Web Application Firewall (WAF): Configure rules to detect and block malicious deserialization payloads.
  • Monitoring & Incident Response: Finally, enable detailed logging and actively monitor for suspicious activity to detect exploitation attempts quickly.

Improper Access Control in Audi UTR 2.0 FTP Service | CVE-2025-45583

Description:
A vulnerability exists in the FTP protocol implementation of Audi UTR 2.0 Universal Traffic Recorder 2.0. Due to incorrect access control, the service accepts any combination of username and password as valid credentials. Therefore, unauthenticated attackers can access the FTP service without proper authentication, potentially exposing or modifying sensitive data.

Potential Impacts:

  • Unauthorized Access: Attackers authenticate with arbitrary credentials and gain access to stored files.
  • Data Exposure: Sensitive recordings, logs, or system data stored on the device may be exfiltrated.
  • Data Tampering: In addition, malicious actors may alter, replace, or delete files on the FTP service.
  • Device Compromise: Moreover, unauthorized modifications could affect the integrity of recordings or lead to further exploitation.
  • Privacy & Safety Risks: As a result, compromised data may impact user privacy and the reliability of traffic recording functions.

Mitigation Recommendations:

  • Apply Vendor Patch: Update the Audi UTR 2.0 firmware to the latest release where this flaw is addressed.
  • Restrict FTP Access: Limit FTP service exposure to trusted networks and disable it if not required.
  • Strong Access Controls: Furthermore, enforce proper authentication or replace FTP with secure alternatives such as SFTP/FTPS.
  • Monitor Access Logs: Regularly review connection attempts to detect unauthorized access.
  • Network Segmentation: Finally, isolate the device from untrusted networks to reduce the attack surface.

Arbitrary Code Execution via File Upload in SueamCMS v0.1.2 | CVE-2025-55835

Description:
A file upload vulnerability exists in SueamCMS v0.1.2, allowing remote attackers to upload malicious files without proper filtering or validation. By exploiting the lack of restrictions, attackers can upload crafted scripts that the server executes. Consequently, this results in Remote Code Execution (RCE).

Potential Impacts:

  • Remote Code Execution (RCE): Attackers can execute arbitrary commands on the hosting server.
  • Full Application Compromise: As a result, they may control SueamCMS, including altering website content or functionality.
  • Data Theft or Manipulation: Sensitive data stored on the CMS or backend database may be stolen or changed.
  • Persistence: Moreover, attackers can install backdoors or web shells to maintain ongoing access.
  • Lateral Movement: Attackers can pivot deeper into the environment.
  • Service Disruption: Attackers may deface or disable the application.

Mitigation Recommendations:

  • Update Software: Upgrade SueamCMS to a patched version once available.
  • Restrict File Uploads: Enforce strict file type and MIME validation.
  • Execute Files Outside Webroot: Prevent execution of uploaded files by storing them outside public directories.
  • Apply Principle of Least Privilege: Limit server permissions to reduce attack impact.
  • Web Application Firewall (WAF): Deploy rules to detect and block suspicious uploads.
  • Monitoring & Incident Response: Track upload events and investigate anomalies.

🟠 High Severity Vulnerabilities

Information Exposure in Palo Alto Networks User-ID Credential Agent (Windows) | CVE-2025-4235: Certain non-default configurations may expose the service account password. Attackers with Domain User access can escalate privileges depending on account permissions.

Secret Disclosure via Crafted LUKS2 Volume in dstack | CVE-2025-59054: Versions before 0.5.4 allow attackers to mount malicious LUKS2 volumes. Because metadata is unauthenticated, secrets such as WireGuard keys may be disclosed. Fixed in version 0.5.4.

Command Injection via smartctl Parameters in Zabbix Agent 2 (smartctl plugin) | CVE-2025-27234: Improper sanitization of parameters lets attackers inject commands into smartctl, enabling Remote Code Execution (RCE).

Denial of Service via Large SAML Responses in GitLab CE/EE | CVE-2025-2256: Sending multiple large SAML responses overwhelms the application, causing outages in affected versions.

Authorization Bypass in Daikin Security Gateway | CVE-2025-10127: Improper key handling enables attackers to bypass authentication and gain unauthorized access.

🟡 Medium Severity Vulnerabilities

Cross-Site Scripting (XSS) in Portabilis i-Educar (≤ 2.10) | CVE-2025-10373: Exploitable via the nm_tipo parameter in /educar_turma_tipo_cad.php, allowing injection of malicious scripts.

Command Injection in Wavlink WL-WN578W2 | CVE-2025-10325: Unsanitized ipaddr parameter in login.cgi lets attackers execute shell commands remotely. Public exploit exists.

Stored Cross-Site Scripting in Spotify Embed Creator WordPress Plugin (≤ 1.0.5) | CVE-2025-9879: Malicious input in the spotify shortcode allows stored XSS by contributor-level users or higher.

Stored Cross-Site Scripting in Embed Google Datastudio WordPress Plugin (≤ 1.0.0) | CVE-2025-9877: Contributor-level users can inject persistent JavaScript via the egds shortcode.

Post Views: 1
What You Missed Last Week

Leave a Reply

Your email address will not be published. Required fields are marked *