In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 10-11, 2025.
During this period, The National Vulnerability Database published 83, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 16
Medium: 17
Low: 4
Severity Not Assigned: 43
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-41724
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.8
Description: Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server.
This issue affects all versions of Gallagher Command Centre prior to 9.20.1043.
References: https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-41724
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-43107
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin.
This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior.
References: https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43107
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-11638
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a crafted URL as the request made to analysed the URL contains such cookies.
References: https://wpscan.com/vulnerability/2f20336f-e12e-4b09-bcaf-45f7249f6495/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-27254
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.5
Description: Improper Authentication vulnerability in GE Vernova EnerVista UR Setup allows Authentication Bypass.
The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify.
References: https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-27255
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.5
Description: Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code.
References: https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-27256
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network.
References: https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-13918
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.8
Description: The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
References: https://github.com/laravel/framework/pull/53869
https://github.com/laravel/framework/releases/tag/v11.36.0
https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page
http://www.openwall.com/lists/oss-security/2025/03/10/3
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-13919
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.8
Description: The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
References: https://github.com/laravel/framework/pull/53869
https://github.com/laravel/framework/releases/tag/v11.36.0
https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-02_Laravel_Reflected_XSS_via_Route_Parameter_in_Debug-Mode_Error_Page
http://www.openwall.com/lists/oss-security/2025/03/10/4
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-12604
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025.
References: https://docs.tapandsign.com/tap-and-sign/tap-and-sign-v.1.025-surum-notlari
https://www.usom.gov.tr/bildirim/tr-25-0063
CWE-ID: CWE-526 CWE-640
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-25614
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.
References: https://github.com/armaansidana2003/CVE-2025-25614
https://github.com/changeweb/Unifiedtransform
https://github.com/armaansidana2003/CVE-2025-25614
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-26910
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1.
References: https://patchstack.com/database/wordpress/plugin/wpbookit/vulnerability/wordpress-wpbookit-plugin-1-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-26916
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EPC Massive Dynamic. This issue affects Massive Dynamic: from n/a through 8.2.
References: https://patchstack.com/database/wordpress/theme/massive-dynamic/vulnerability/wordpress-massive-dynamic-theme-8-2-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
13. CVE-2025-26933
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment allows PHP Local File Inclusion. This issue affects WC Place Order Without Payment: from n/a through 2.6.7.
References: https://patchstack.com/database/wordpress/plugin/wc-place-order-without-payment/vulnerability/wordpress-place-order-without-payment-for-woocommerce-plugin-2-6-7-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-26936
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Fresh Framework allows Code Injection. This issue affects Fresh Framework: from n/a through 1.70.0.
References: https://patchstack.com/database/wordpress/plugin/fresh-framework/vulnerability/wordpress-fresh-framework-plugin-1-70-0-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
15. CVE-2025-25306
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the `id` and `url` fields of ActivityPub objects. An attacker can forge an object where they claim authority in the `url` field even if the specific ActivityPub object type require authority in the `id` field. Version 2025.2.1 addresses the issue.
References: https://github.com/misskey-dev/misskey/releases/tag/2025.2.1
https://github.com/misskey-dev/misskey/security/advisories/GHSA-6w2c-vf6f-xf26
CWE-ID: CWE-346 CWE-441 CWE-1025
Common Platform Enumerations (CPE): Not Found
16. CVE-2025-27615
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit 5d81a3412bc0051754a3095d89a06d6d743f2b16 uses `127.0.0.1:8080:8080` to limit access to the local network. For those who are unable to use this proposed patch, a firewall on Port 8080 may block remote access, but the workaround may not be perfect because Docker may also bypass a firewall by its iptable based rules for port forwarding.
References: https://github.com/umati/umatiGateway/blob/abe73096a17307327f0d6dc0ed4db1fb93464521/README.md?plain=1#L34-L35
https://github.com/umati/umatiGateway/commit/5d81a3412bc0051754a3095d89a06d6d743f2b16
https://github.com/umati/umatiGateway/pull/101
https://github.com/umati/umatiGateway/security/advisories/GHSA-qf9w-x9qx-2mq7
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
17. CVE-2025-27616
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to a separate repository. These secrets could be exfiltrated by follow up builds to the repository. Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit, and any user with access to the CI instance and the linked source control manager can perform the exploit. Versions 0.25.3 and 0.26.3 fix the issue. No known workarounds are available.
References: https://github.com/go-vela/server/commit/257886e5a3eea518548387885894e239668584f5
https://github.com/go-vela/server/commit/67c1892e2464dc54b8d2588815dfb7819222500b
https://github.com/go-vela/server/releases/tag/v0.25.3
https://github.com/go-vela/server/releases/tag/v0.26.3
https://github.com/go-vela/server/security/advisories/GHSA-9m63-33q3-xq5x
CWE-ID: CWE-290 CWE-345
Common Platform Enumerations (CPE): Not Found
18. CVE-2025-27610
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly. The vulnerability occurs because `Rack::Static` does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. By exploiting this vulnerability, an attacker can gain access to all files under the specified `root:` directory, provided they are able to determine then path of the file. Versions 2.2.13, 3.0.14, and 3.1.12 contain a patch for the issue. Other mitigations include removing usage of `Rack::Static`, or ensuring that `root:` points at a directory path which only contains files which should be accessed publicly. It is likely that a CDN or similar static file server would also mitigate the issue.
References: https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583
https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
CWE-ID: CWE-23
Common Platform Enumerations (CPE): Not Found
19. CVE-2025-27925
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.
References: https://help.nintex.com/en-US/platform/ReleaseNotes/K2Five.htm
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 10-11, 2025.
During this period, The National Vulnerability Database published 83, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 16
Medium: 17
Low: 4
Severity Not Assigned: 43
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-41724
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.8
Description: Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server.
This issue affects all versions of Gallagher Command Centre prior to 9.20.1043.
References: https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-41724
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-43107
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin.
This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior.
References: https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43107
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-11638
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a crafted URL as the request made to analysed the URL contains such cookies.
References: https://wpscan.com/vulnerability/2f20336f-e12e-4b09-bcaf-45f7249f6495/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-27254
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.5
Description: Improper Authentication vulnerability in GE Vernova EnerVista UR Setup allows Authentication Bypass.
The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify.
References: https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-27255
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.5
Description: Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code.
References: https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-27256
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network.
References: https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-13918
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.8
Description: The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
References: https://github.com/laravel/framework/pull/53869
https://github.com/laravel/framework/releases/tag/v11.36.0
https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page
http://www.openwall.com/lists/oss-security/2025/03/10/3
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-13919
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.8
Description: The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
References: https://github.com/laravel/framework/pull/53869
https://github.com/laravel/framework/releases/tag/v11.36.0
https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-02_Laravel_Reflected_XSS_via_Route_Parameter_in_Debug-Mode_Error_Page
http://www.openwall.com/lists/oss-security/2025/03/10/4
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-12604
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025.
References: https://docs.tapandsign.com/tap-and-sign/tap-and-sign-v.1.025-surum-notlari
https://www.usom.gov.tr/bildirim/tr-25-0063
CWE-ID: CWE-526 CWE-640
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-25614
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.
References: https://github.com/armaansidana2003/CVE-2025-25614
https://github.com/changeweb/Unifiedtransform
https://github.com/armaansidana2003/CVE-2025-25614
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-26910
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1.
References: https://patchstack.com/database/wordpress/plugin/wpbookit/vulnerability/wordpress-wpbookit-plugin-1-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-26916
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EPC Massive Dynamic. This issue affects Massive Dynamic: from n/a through 8.2.
References: https://patchstack.com/database/wordpress/theme/massive-dynamic/vulnerability/wordpress-massive-dynamic-theme-8-2-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
13. CVE-2025-26933
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment allows PHP Local File Inclusion. This issue affects WC Place Order Without Payment: from n/a through 2.6.7.
References: https://patchstack.com/database/wordpress/plugin/wc-place-order-without-payment/vulnerability/wordpress-place-order-without-payment-for-woocommerce-plugin-2-6-7-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-26936
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Fresh Framework allows Code Injection. This issue affects Fresh Framework: from n/a through 1.70.0.
References: https://patchstack.com/database/wordpress/plugin/fresh-framework/vulnerability/wordpress-fresh-framework-plugin-1-70-0-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
15. CVE-2025-25306
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the `id` and `url` fields of ActivityPub objects. An attacker can forge an object where they claim authority in the `url` field even if the specific ActivityPub object type require authority in the `id` field. Version 2025.2.1 addresses the issue.
References: https://github.com/misskey-dev/misskey/releases/tag/2025.2.1
https://github.com/misskey-dev/misskey/security/advisories/GHSA-6w2c-vf6f-xf26
CWE-ID: CWE-346 CWE-441 CWE-1025
Common Platform Enumerations (CPE): Not Found
16. CVE-2025-27615
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit 5d81a3412bc0051754a3095d89a06d6d743f2b16 uses `127.0.0.1:8080:8080` to limit access to the local network. For those who are unable to use this proposed patch, a firewall on Port 8080 may block remote access, but the workaround may not be perfect because Docker may also bypass a firewall by its iptable based rules for port forwarding.
References: https://github.com/umati/umatiGateway/blob/abe73096a17307327f0d6dc0ed4db1fb93464521/README.md?plain=1#L34-L35
https://github.com/umati/umatiGateway/commit/5d81a3412bc0051754a3095d89a06d6d743f2b16
https://github.com/umati/umatiGateway/pull/101
https://github.com/umati/umatiGateway/security/advisories/GHSA-qf9w-x9qx-2mq7
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
17. CVE-2025-27616
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to a separate repository. These secrets could be exfiltrated by follow up builds to the repository. Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit, and any user with access to the CI instance and the linked source control manager can perform the exploit. Versions 0.25.3 and 0.26.3 fix the issue. No known workarounds are available.
References: https://github.com/go-vela/server/commit/257886e5a3eea518548387885894e239668584f5
https://github.com/go-vela/server/commit/67c1892e2464dc54b8d2588815dfb7819222500b
https://github.com/go-vela/server/releases/tag/v0.25.3
https://github.com/go-vela/server/releases/tag/v0.26.3
https://github.com/go-vela/server/security/advisories/GHSA-9m63-33q3-xq5x
CWE-ID: CWE-290 CWE-345
Common Platform Enumerations (CPE): Not Found
18. CVE-2025-27610
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly. The vulnerability occurs because `Rack::Static` does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. By exploiting this vulnerability, an attacker can gain access to all files under the specified `root:` directory, provided they are able to determine then path of the file. Versions 2.2.13, 3.0.14, and 3.1.12 contain a patch for the issue. Other mitigations include removing usage of `Rack::Static`, or ensuring that `root:` points at a directory path which only contains files which should be accessed publicly. It is likely that a CDN or similar static file server would also mitigate the issue.
References: https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583
https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
CWE-ID: CWE-23
Common Platform Enumerations (CPE): Not Found
19. CVE-2025-27925
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.
References: https://help.nintex.com/en-US/platform/ReleaseNotes/K2Five.htm
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found