Here are the CVE updates for the week of January 20th through the 26th.
CRITICAL SEVERITY VULNERABILITIES
SQL Injection Vulnerability in WeGIA | CVE-2025-23219
Description: A SQL Injection vulnerability has been identified in the WeGIA application, an open-source web manager tailored to Portuguese-speaking users and charitable institutions. The flaw resides in the adicionar_cor.php endpoint, enabling attackers to inject arbitrary SQL commands into the database. Exploitation of this vulnerability could lead to unauthorized access to sensitive data and complete database compromise. Notably, attackers can perform a full dump of the application’s database, underlining the critical nature of the issue.
Potential Impacts:
- Data Breach: Unauthorized access to sensitive information stored in the database.
- Database Compromise: Complete exposure of the database contents, including potentially sensitive or critical data.
- Application Integrity: Potential manipulation or destruction of data, impacting application functionality.
Mitigation Recommendations:
- Upgrade Software: Update WeGIA to version 3.2.10 or later, where this vulnerability is resolved.
- Sanitize User Inputs: Implement robust input validation and sanitization mechanisms to prevent SQL injection attempts.
- Use Parameterized Queries: Replace dynamic SQL queries with prepared statements or parameterized queries to block malicious inputs.
- Restrict Database Permissions: Minimize database user privileges to restrict unauthorized access and mitigate potential damage.
- Monitor and Audit Logs: Regularly review application and database logs for signs of suspicious activity or attempted exploitation.
Type Confusion Vulnerability in Magma | CVE-2024-24421
Description: A type confusion vulnerability has been identified in the nas_message_decode function of Magma versions ≤ 1.8.0. This flaw allows attackers to exploit the improper handling of NAS packets, resulting in arbitrary code execution or a Denial of Service (DoS). The vulnerability is addressed in Magma v1.9 (commit 08472ba98b8321f802e95f5622fa90fec2dea486). By sending a crafted NAS packet, an attacker can manipulate program behavior, potentially compromising system security or availability.
Potential Impacts:
- Arbitrary Code Execution: Attackers may execute malicious code, leading to full system compromise.
- Denial of Service (DoS): The application may crash or become unresponsive, disrupting operations.
Mitigation Recommendations:
- Upgrade Software: Update to Magma v1.9 or later, which includes a patch for this vulnerability.
- Validate Input Data: Ensure rigorous validation and sanitation of incoming NAS packets to prevent exploitation.
- Apply Security Best Practices: Use segmentation and access controls to limit the potential impact of an exploited system.
- Monitor System Logs: Continuously monitor logs for abnormal behavior or signs of exploitation attempts.
Cross-Origin Resource Sharing (CORS) Vulnerability in IBM DevOps Velocity and UrbanCode Velocity | CVE-2024-22348
Description: A Cross-Origin Resource Sharing (CORS) vulnerability has been identified in IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity versions 4.0.0 through 4.0.25. The vulnerability stems from improper CORS configurations that fail to restrict domain access to trusted sources. This flaw allows attackers to exploit CORS policies to perform privileged actions and access sensitive information by interacting with the application from malicious or unauthorized origins.
Potential Impacts:
- Sensitive Data Exposure: Attackers can access critical information such as user credentials, tokens, or application data.
- Unauthorized Actions: Exploitation could enable attackers to execute privileged operations in the application.
- Security Bypass: Malicious domains can circumvent access controls and interact directly with the vulnerable system.
Mitigation Recommendations:
- Restrict CORS Domains: Configure CORS policies to allow only explicitly trusted domains and deny all others.
- Validate Server Responses: Ensure that the server verifies the Origin header of incoming requests against a whitelist of trusted domains.
- Update Software: Upgrade to a patched version of IBM DevOps Velocity and UrbanCode Velocity that addresses this vulnerability.
- Audit Application Settings: Regularly review CORS settings to ensure compliance with security best practices.
- Monitor and Log Access: Implement robust logging and monitoring to detect and respond to suspicious CORS requests promptly.
Deserialization Vulnerability in Muzaara Google Ads Report | CVE-2025-23914
Description: A deserialization vulnerability has been discovered in the Muzaara Google Ads Report application, affecting versions up to 3.1. This flaw allows attackers to inject malicious objects via untrusted data during the deserialization process. Exploiting this vulnerability could lead to unauthorized access, arbitrary code execution, or a complete system takeover, depending on the attacker’s intent and the system’s configuration.
Potential Impacts:
- Unauthorized Access: Attackers could gain access to sensitive data or system functions.
- Code Execution: Malicious payloads could execute arbitrary commands, potentially compromising the entire system.
- System Takeover: Exploitation might result in the complete control of affected systems by unauthorized users.
Mitigation Recommendations:
- Update Software: Upgrade to the latest patched version of Muzaara Google Ads Report that addresses this vulnerability.
- Validate and Sanitize Input: Ensure all inputs are properly validated and sanitized to prevent injection of malicious objects.
- Restrict Deserialization: Avoid deserializing data from untrusted sources or use libraries that enforce strict checks during the deserialization process.
- Implement Least Privilege: Restrict application permissions to minimize the impact of successful exploitation.
- Monitor and Audit Logs: Regularly review application and system logs for signs of suspicious or anomalous activity.
SonicWall SMA1000 Appliances Deserialization Vulnerability | CVE-2025-23006 (CISA KEV)
Description: A critical vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). This flaw stems from the deserialization of untrusted data prior to authentication. Under specific conditions, a remote, unauthenticated attacker could exploit this vulnerability to execute arbitrary operating system commands on the affected devices.
Potential Impacts:
- Arbitrary Command Execution: An attacker could execute malicious OS-level commands, potentially compromising the entire system.
- Unauthorized Access: Exploitation may lead to unauthorized control of affected appliances.
- System Takeover: The attacker could escalate their access, disrupt services, or exfiltrate sensitive information.
Mitigation Recommendations:
- Apply Security Patches: Update to the latest firmware versions provided by the vendor to address the vulnerability.
- Restrict Network Access: Limit access to the SMA1000 AMC and CMC interfaces to trusted networks only.
- Monitor System Activity: Regularly review system logs for unauthorized access attempts or suspicious activity.
- Enhance Input Validation: Ensure robust validation of all input data to prevent untrusted data processing.
- Segment Networks: Isolate critical systems from potential attacker entry points using network segmentation.
HIGH SEVERITY VULNERABILITIES
XML External Entity (XXE) Vulnerability in Ambari/Oozie | CVE-2025-23195: An XML External Entity (XXE) vulnerability has been discovered in the Ambari/Oozie project. The flaw arises from insecure XML input parsing using the DocumentBuilderFactory class without properly disabling external entity resolution. This allows attackers to inject malicious XML entities, potentially exploiting the vulnerability to read arbitrary files from the server or perform server-side request forgery (SSRF) attacks.
Cross-Site Request Forgery (CSRF) Vulnerability in Code Astro Internet Banking System 2.0.0 | CVE-2024-56924: A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Code Astro Internet Banking System version 2.0.0. This flaw allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), enabling unauthorized actions such as altering account settings or stealing sensitive user information. The vulnerability is caused by inadequate validation of user requests, allowing attackers to exploit the system by tricking an admin user into executing malicious scripts via specially crafted URLs or web pages.
Denial of Service Vulnerability in Cisco BroadWorks SIP Processing | CVE-2025-20165: A vulnerability has been identified in the SIP processing subsystem of Cisco BroadWorks. This flaw allows unauthenticated, remote attackers to trigger a denial-of-service (DoS) condition by sending a high volume of SIP requests. The vulnerability arises from improper memory handling when processing certain SIP requests, leading to memory exhaustion on Cisco BroadWorks Network Servers. Once memory is exhausted, the servers cannot process additional requests, causing a complete service disruption that requires manual intervention to restore.
MEDIUM SEVERITY VULNERABILITIES
Stored Cross-Site Scripting Vulnerability in Divi Carousel Maker Plugin | CVE-2025-0350: The Divi Carousel Maker plugin for WordPress (versions up to and including 2.0.4) contains a Stored Cross-Site Scripting (XSS) vulnerability. This flaw exists due to insufficient input sanitization and output escaping for user-supplied attributes in the plugin’s Image Carousel and Logo Carousel features. Authenticated attackers with contributor-level access or higher can exploit this vulnerability to inject arbitrary web scripts into pages. These scripts will execute whenever a user accesses an affected page.
JQuery Cross-Site Scripting (XSS) Vulnerability | CVE-2020-11023 (CISA KEV): A vulnerability exists in jQuery versions ranging from 1.0.3 to before 3.5.0. This issue arises when HTML containing <option> elements from untrusted sources is passed to jQuery’s DOM manipulation methods, such as .html() or .append(). Despite sanitization attempts, untrusted code may still execute, posing a significant security risk. The vulnerability is patched in jQuery version 3.5.0.