Cybersecurity Updates: Vulnerabilities, March 24 – 30, 2025

Vuln Recap Editor,

Here are the CVE updates for the week of March 24th through the 30th.

CRITICAL SEVERITY VULNERABILITIES

Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability | CVE-2019-9874 (CISA KEV)

This vulnerability affects Sitecore CMS versions 7.0 to 7.2 and Sitecore XP versions 7.5 to 8.2, specifically in the Sitecore.Security.AntiCSRF module. The flaw stems from the deserialization of untrusted data, which allows an unauthenticated attacker to execute arbitrary code. By sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN, the attacker can trigger remote code execution (RCE) on the affected server. This vulnerability exposes Sitecore environments to serious security risks, enabling malicious actors to take full control of the system.

Potential Impacts:

  • Remote Code Execution: Attackers can execute arbitrary .NET code on the Sitecore server, gaining unauthorized access and control.
  • Data Breach: Sensitive information, including customer data and credentials, could be exfiltrated.
  • System Compromise: Malicious actors could deploy backdoors, install malware, or disrupt services.
  • Privilege Escalation: Exploitation may lead to administrative access and control over Sitecore environments.
  • Persistence and Lateral Movement: Attackers could maintain persistence and spread across the network.

Mitigation Recommendations:

  • Upgrade Sitecore: Update to a patched version beyond Sitecore CMS 7.2 and XP 8.2 to mitigate the vulnerability.
  • Sanitize and Validate Inputs: Implement strict input validation to prevent deserialization of untrusted data.
  • Apply .NET Security Patches: Ensure all .NET security updates are applied to reduce exploitation risks.
  • Restrict Access: Limit access to Sitecore environments, especially admin panels, and enforce strong authentication.
  • Monitor and Audit: Regularly review logs for suspicious HTTP POST requests and unusual serialized object activity.
  • Use Web Application Firewall (WAF): Deploy a WAF to block malicious deserialization attempts and prevent RCE exploits.
  • Perform Security Assessments: Conduct regular security audits and penetration tests to identify and address vulnerabilities.

Argument Injection in Pagure Leading to Remote Code Execution | CVE-2024-47516

Description: This vulnerability affects Pagure, an open-source Git-based repository management system. The flaw arises from improper argument handling during the retrieval of repository history, resulting in an argument injection in Git. This vulnerability allows a remote attacker to inject malicious arguments, which can lead to remote code execution (RCE) on the Pagure instance.

Potential Impacts:

  • Remote Code Execution: Attackers can execute arbitrary commands on the Pagure server, potentially gaining full control over the instance.
  • Data Breach: Unauthorized access to repositories, including sensitive source code, credentials, and configuration files.
  • Privilege Escalation: Exploiting the RCE could enable attackers to escalate privileges and gain administrative access.
  • Service Disruption: Malicious commands may disrupt the Pagure service, leading to downtime or data corruption.
  • Repository Tampering: Attackers could alter repository history, inject malicious code, or create backdoors.

Mitigation Recommendations:

  • Upgrade to a Patched Version: Apply the latest security patches or upgrade to a fixed version of Pagure.
  • Validate and Sanitize Input: Implement strict input validation to prevent argument injection vulnerabilities.
  • Restrict Git Operations: Limit the arguments and commands accepted during Git operations to reduce the attack surface.
  • Access Controls: Enforce strict access controls and permissions on repositories and Pagure instances.
  • Monitor for Suspicious Activity: Review server logs for unexpected Git commands or unauthorized access attempts.
  • Use Web Application Firewall (WAF): Deploy a WAF to block malicious requests targeting the Pagure instance.
  • Regular Security Audits: Conduct regular code reviews and vulnerability assessments to identify and fix flaws.

HIGH SEVERITY VULNERABILITIES

reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability | CVE-2025-30154 (CISA KEV): This vulnerability affects reviewdog/action-setup, a GitHub Action used to install reviewdog. On March 11, 2025, between 18:42 and 20:31 UTC, the action was compromised with malicious code that dumps exposed secrets into GitHub Actions Workflow Logs. The breach also impacts other reviewdog actions that use reviewdog/action-setup@v1, regardless of version or pinning method, including reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos. This vulnerability may result in the leakage of sensitive information, such as API keys, tokens, and credentials.

Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability | CVE-2019-9875 (CISA KEV): This vulnerability affects Sitecore versions up to 9.1, specifically in the anti-CSRF module. The flaw arises from the deserialization of untrusted data, which allows an authenticated attacker to execute arbitrary code. By sending a serialized .NET object in an HTTP POST parameter, the attacker can trigger remote code execution (RCE) on the affected server. This vulnerability poses a significant risk to Sitecore environments by enabling malicious actors to take full control of the system.

Google Chromium Mojo Sandbox Escape Vulnerability | CVE-2025-2783 (CISA KEV): A vulnerability in Mojo in Google Chrome on Windows, prior to version 134.0.6998.177, allows a remote attacker to perform a sandbox escape by exploiting an incorrect handle in unspecified circumstances. The flaw can be triggered via a malicious file, potentially enabling the attacker to bypass Chrome’s security sandbox. This issue is classified with high severity by Chromium security.

Insecure File Permissions in Fast CAD Reader on macOS | CVE-2025-2098: Fast CAD Reader on macOS has incorrect file permissions (rwxrwxrwx) instead of the standard drwxr-xr-x, allowing unauthorized modification. This flaw enables Dylib hijacking, where guest accounts, other users, or applications can inject malicious libraries, potentially leading to privilege escalation. The issue affects version 4.1.5 and possibly all versions, as the vendor has not responded.

MEDIUM SEVERITY VULNERABILITIES

Path Traversal Vulnerability in zhijiantianya ruoyi-vue-pro | CVE-2025-2742: This vulnerability affects zhijiantianya ruoyi-vue-pro version 2.4.1, specifically the Material Upload Interface component. The flaw resides in the /admin-api/mp/material/upload-permanent endpoint, where the File parameter is improperly validated, allowing for path traversal attacks. A remote attacker can exploit this vulnerability by manipulating the File argument, enabling unauthorized access to arbitrary files on the server.

Cross-Site Scripting (XSS) in RabbitMQ Management UI | CVE-2025-30219: RabbitMQ versions prior to 4.0.3 are vulnerable to XSS in the management UI. When a virtual host fails to start, RabbitMQ displays an error message containing the virtual host name. In vulnerable versions, this name is not properly escaped, allowing attackers to inject malicious JavaScript. This could lead to arbitrary code execution in the browser of any user viewing the management UI. The issue is fixed in open-source RabbitMQ 4.0.3, Tanzu RabbitMQ 4.0.3, and 3.13.8.

Post Views: 12
What You Missed Last Week

Leave a Reply

Your email address will not be published. Required fields are marked *