Cybersecurity Updates: Vulnerabilities, April 28 – May 4, 2025

Vuln Recap Editor,

Here are the CVE updates for the week of April 28th through May 4th.

CRITICAL SEVERITY VULNERABILITIES

Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability | CVE-2025-42599 (CISA KEV)

Description: Active! Mail versions 6 BuildInfo: 6.60.05008561 and earlier contain a stack-based buffer overflow vulnerability. A remote, unauthenticated attacker can exploit this flaw by sending a specially crafted request. Successful exploitation may lead to arbitrary code execution or denial-of-service (DoS), due to improper input handling. This allows attackers to overwrite the memory stack and control program execution.

Potential Impacts

  • Arbitrary Code Execution: Attackers can run unauthorized code, potentially taking control of the affected system.
  • Denial of Service (DoS): The application may crash, resulting in downtime.
  • Data Corruption or Loss: Sensitive data may be altered, deleted, or exposed.
  • Privilege Escalation: If other misconfigurations exist, attackers could elevate their access level.

Recommended Mitigations

  • Update Immediately: Install the latest patch for Active! Mail to resolve this issue.
  • Enforce Input Validation: Sanitize all user inputs to prevent buffer overflows.
  • Limit Network Exposure: Restrict remote access, especially for unauthenticated users.
  • Monitor Logs: Track system logs continuously to detect unusual activities.
  • Deploy IDS Tools: Use intrusion detection systems to spot and block suspicious traffic.

SAP NetWeaver Unrestricted File Upload Vulnerability | CVE-2025-42599 (CISA KEV)

Description: SAP NetWeaver’s Visual Composer contains an unspecified flaw that allows remote, authenticated users to upload and execute malicious files (webshells). Attackers who use valid credentials can upload scripts to the webroot and execute arbitrary commands, compromising both Windows and Linux systems.

Potential Impacts

  • Remote Code Execution: Uploaded webshells can run system-level commands.
  • System Compromise: Attackers can gain full server control.
  • Data Breach: Sensitive files and business data may be accessed.
  • Service Disruption: Malicious scripts can degrade or halt system operations.

Recommended Mitigations

  • Apply SAP Security Patches: Upgrade NetWeaver to the latest version.
  • Secure File Uploads: Enforce strict authentication and authorization checks.
  • Monitor File Activity: Log and alert on unusual file uploads or modifications.
  • Isolate Critical Components: Use network segmentation to contain any breaches.
  • Audit Regularly: Check configurations and permissions to align with best practices.

Apache HTTP Server Improper Escaping of Output Vulnerability | CVE-2024-38475 (CISA KEV)

Description: Apache HTTP Server versions 2.4.59 and earlier contain a flaw in the mod_rewrite module due to improper output escaping. When rewrite rules use backreferences or variables at the start of substitution paths, attackers may bypass restrictions and access unintended filesystem locations. This can lead to remote code execution or source code disclosure.

Potential Impacts

  • Remote Code Execution: Attackers may trigger execution of unintended scripts.
  • Source Code Disclosure: Sensitive files could be exposed.
  • Bypassed Access Controls: Malicious users may gain unauthorized access to protected resources.

Recommended Mitigations

  • Update Apache Server: Use a version beyond 2.4.59 with the patch applied.
  • Review Rewrite Rules: Refactor any rule using unsafe substitutions.
  • Avoid Insecure Prefixes: Do not start substitutions with unvalidated variables.
  • Use UnsafePrefixStat with Caution: Only enable this for legacy support after ensuring safety.
  • Strengthen File Permissions: Lock down file system access wherever possible.

Yiiframework Yii Improper Protection of Alternate Path Vulnerability | CVE-2024-58136 (CISA KEV)

Description: A regression vulnerability in Yii 2 versions prior to 2.0.52 has reopened issues previously fixed in CVE-2024-4990. The flaw involves improper handling of behaviors using the __class array key. Attackers can manipulate these behavior definitions to override access controls or break application logic. Alarmingly, this vulnerability was actively exploited between February and April 2025, raising its risk profile significantly.

Potential Impacts:

  • Unauthorized Behavior Injection: Malicious behavior definitions may run unintended code.
  • Application Logic Bypass: Attackers could override controls or functions.
  • Security Regression: Old vulnerabilities might re-emerge.
  • Increased Attack Surface: Arbitrary classes might attach to models or components.

Mitigation Recommendations:

  • Upgrade Immediately: Move to Yii 2.0.52 or later, where this regression is fixed.
  • Audit Code: Review usage of dynamic behaviors throughout the application.
  • Enforce Type Safety: Avoid using untrusted dynamic arrays in behavior configurations.
  • Monitor Activity: Keep an eye on logs for abnormal behavior patterns.

HIGH SEVERITY VULNERABILITIES

Broadcom Brocade Fabric OS Code Injection Vulnerability | CVE-2025-1976 (CISA KEV) : Although root access is disabled in Brocade Fabric OS versions starting from 9.1.0, a local admin user can still inject code to gain root privileges. Versions affected include 9.1.0 through 9.1.1d6. This allows local attackers to fully compromise the system.

Commvault Web Server Unspecified Vulnerability | CVE-2025-3928 (CISA KEV) : This vulnerability mirrors the SAP NetWeaver issue and permits authenticated attackers to upload and execute webshells. The flaw provides attackers with deep control over server environments, affecting both Linux and Windows installations.

SonicWall SMA100 Appliances OS Command Injection Vulnerability | CVE-2023-44221:(CISA KEV) : SMA100 appliances contain an OS command injection flaw in the SSL-VPN management interface. An authenticated admin can inject commands executed as the ‘nobody’ user. This results from insufficient input sanitization and poses a serious security risk.

MEDIUM SEVERITY VULNERABILITIES

SQL Injection Vulnerability in Nero Social Networking Site 1.0 | CVE-2025-4250: (CISA KEV) :Nero Social Networking Site version 1.0 contains a serious SQL injection flaw in the /index.php endpoint. Multiple user-supplied parameters—such as fname, lname, login, password2, cpassword, address, cnumber, email, gender, propic, and month—lack proper input sanitization. Attackers can exploit this flaw remotely and without authentication to run arbitrary SQL queries. Notably, a publicly available proof-of-concept (PoC) increases the likelihood of real-world attacks.

Authorization Bypass in Casdoor SCIM User Creation Endpoint | CVE-2025-4210: A critical vulnerability has been identified in Casdoor versions up to 1.811.0, specifically affecting the HandleScim function within the controllers/scim.go file. This flaw enables unauthorized users to bypass authorization checks via the SCIM User Creation Endpoint. Remote attackers can exploit SCIM requests, allowing them to perform privileged actions without proper authentication. This poses a significant security threat.

Post Views: 59
What You Missed Last Week

Leave a Reply

Your email address will not be published. Required fields are marked *