Here are the CVE updates for the week of March 31st through April 6th.
CRITICAL SEVERITY VULNERABILITIES
Cisco Smart Licensing Utility Static Credential Vulnerability | CVE-2024-20439 (CISA KEV)
Description: A vulnerability in Cisco Smart Licensing Utility allows an unauthenticated, remote attacker to gain administrative access using hardcoded credentials. This flaw exists due to an undocumented static user credential for an administrative account, which can be exploited to log in and gain full control over the system via the API.
Potential Impacts:
- Unauthorized System Access: Attackers can log in remotely with admin privileges.
- System Takeover: Full administrative access could lead to complete system compromise.
- API Exploitation: Attackers can manipulate the Cisco Smart Licensing Utility application.
Mitigation Recommendations:
- Apply Security Patches: Update to the latest Cisco firmware or software release addressing this vulnerability.
- Disable Unnecessary API Access: Restrict remote access to the licensing utility.
- Enforce Strong Authentication: Implement multi-factor authentication (MFA) and monitor login attempts.
- Monitor for Unauthorized Access: Regularly audit system logs for suspicious login activities.
Apache Tomcat Path Equivalence Vulnerability | CVE-2025-24813 (CISA KEV)
Description: Apache Tomcat versions 11.0.0-M1 through 11.0.2, 10.1.0-M1 through 10.1.34, and 9.0.0.M1 through 9.0.98 are vulnerable to a path equivalence issue where improperly handled filenames containing internal dots (file.Name) can lead to remote code execution (RCE), information disclosure, or unauthorized file modifications. Exploitation is possible when write access is enabled for the default servlet, partial PUT requests are allowed, and security-sensitive file uploads occur in public directories. Attackers who know the names of these files can access or manipulate them. If the application uses file-based session persistence with the default storage location and contains a vulnerable deserialization library, an attacker may achieve remote code execution.
Potential Impacts:
- Information Disclosure: Attackers may access sensitive files.
- Remote Code Execution: Malicious file injections may lead to system compromise.
- Data Integrity Risks: Unauthorized modification of uploaded files.
Mitigation Recommendations:
- Upgrade Apache Tomcat to 11.0.3, 10.1.35, or 9.0.99 to patch the vulnerability.
- Disable Partial PUT Requests if not required.
- Restrict Write Permissions on the default servlet.
- Secure Upload Directories by ensuring security-sensitive files are stored separately.
- Monitor File Activity to detect unauthorized modifications.
Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability | CVE-2025-22457 (CISA KEV)
Description: A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure (before version 22.7R2.6), Ivanti Policy Secure (before version 22.7R1.4), and Ivanti ZTA Gateways (before version 22.8R2.2). This flaw can be exploited by a remote unauthenticated attacker to trigger a buffer overflow condition, which may lead to remote code execution. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected systems with potentially high-level privileges, leading to full system compromise.
Potential Impacts:
- Remote Code Execution (RCE): Attackers may execute arbitrary code on vulnerable devices.
- System Compromise: Exploitation could allow full control over affected systems.
- Service Disruption: Critical security services may be disabled or disrupted.
- Data Breach Risk: Unauthorized access to sensitive information may occur.
Mitigation Recommendations:
- Upgrade Affected Products: Apply updates to Ivanti Connect Secure (22.7R2.6 or later), Policy Secure (22.7R1.4 or later), and ZTA Gateways (22.8R2.2 or later).
- Network Segmentation: Restrict exposure of Ivanti systems to untrusted networks.
- Monitor for Exploits: Use intrusion detection systems (IDS) to detect abnormal activities.
- Implement Principle of Least Privilege: Limit user access and system permissions where possible.
Arbitrary File Upload Vulnerability in WordPress Front End Users Plugin Leading to Potential RCE | CVE-2025-2005
Description: The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to and including 3.2.32. This flaw allows unauthenticated attackers to upload arbitrary files to the affected site’s server, potentially leading to Remote Code Execution (RCE).
Potential Impacts:
- Remote Code Execution (RCE): Attackers may execute malicious code on the server.
- Unauthorized File Uploads: Arbitrary files can be stored on the server, leading to further exploitation.
- Website Takeover: Exploitation may allow attackers to gain full control over the WordPress site.
Mitigation Recommendations:
- Update the Plugin: Upgrade to a patched version (if available) or consider alternative plugins with secure file upload mechanisms.
- Implement File Type Validation: Restrict allowed file types to prevent malicious uploads.
- Restrict File Execution: Configure web server rules to prevent execution of uploaded scripts (e.g., .htaccess rules for Apache).
- Monitor File Uploads: Regularly audit and review uploaded files for suspicious activity.
HIGH SEVERITY VULNERABILITIES
File Spoofing Vulnerability in WhatsApp for Windows Leading to Arbitrary Code Execution | CVE-2025-30401: A spoofing vulnerability in WhatsApp for Windows prior to version 2.2450.6 arises from inconsistent handling of attachment file types. Specifically, WhatsApp displayed attachments based on their MIME type, but used the file extension to determine the appropriate file handler when opening them. An attacker could craft an attachment with a misleading MIME type and a dangerous file extension, tricking the recipient into executing arbitrary code when manually opening the file. This discrepancy poses a significant security risk, potentially leading to remote code execution on the victim’s machine.
Privilege Escalation Vulnerability in BambooHR | CVE-2025-29033: BambooHR Build v.25.0210.170831-83b08dd contains a vulnerability that allows remote attackers to escalate privileges through improper handling of the /saml/index.php?r= HTTP GET parameter. By manipulating this parameter, an attacker could potentially bypass normal access controls and gain unauthorized elevated privileges within the application. This flaw presents a significant security risk, particularly in environments where SAML-based authentication is in use.
MEDIUM SEVERITY VULNERABILITIES
Unauthorized Kubernetes Token Capture in JumpServer | CVE-2025-27095: JumpServer, an open-source bastion host and security audit system, contains a vulnerability in versions prior to 4.8.0 and 3.10.18. A low-privileged attacker can exploit the Kubernetes session feature to manipulate the kubeconfig file, redirecting API requests to an external attacker-controlled server. This enables the interception and capture of Kubernetes cluster tokens, potentially leading to unauthorized access and cluster compromise.
Missing Authorization in shiptrack Booking Calendar and Notification | CVE-2025-31381: A missing authorization vulnerability exists in the shiptrack Booking Calendar and Notification plugin, affecting versions up to 4.0.3. The flaw stems from improperly configured access control security levels, allowing attackers to exploit the system without proper authorization. This can result in unauthorized access to sensitive booking functionalities and potential misuse or manipulation of calendar and notification features, potentially leading to data exposure or service disruption.