In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 21-22, 2025.
During this period, The National Vulnerability Database published 70, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 2
High: 14
Medium: 40
Low: 4
Severity Not Assigned: 10
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-44199
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause unexpected system termination or read kernel memory.
References: https://support.apple.com/en-us/120911
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-44305
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.6. An app may be able to gain root privileges.
References: https://support.apple.com/en-us/120911
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-54551
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.
References: https://support.apple.com/en-us/120909
https://support.apple.com/en-us/120911
https://support.apple.com/en-us/120913
https://support.apple.com/en-us/120914
https://support.apple.com/en-us/120915
https://support.apple.com/en-us/120916
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-29807
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29807
CWE-ID: CWE-94 CWE-502
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-29814
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 5.8
Description: Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29814
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-2585
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: EBM Maintenance Center From EBM Technologies has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents.
References: https://www.twcert.org.tw/en/cp-139-10022-8e28e-2.html
https://www.twcert.org.tw/tw/cp-132-10021-8786e-1.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-26336
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.
References: https://www.dell.com/support/kbdoc/en-us/000297463/dsa-2025-123-security-update-for-dell-chassis-management-controller-firmware-for-dell-poweredge-fx2-and-vrtx-vulnerabilities
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
8. CVE-2025-25068
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes.
References: https://mattermost.com/security-updates
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
9. CVE-2025-24915
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
References: https://www.tenable.com/security/tns-2025-02
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-29927
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 14.2.25 and 15.2.3.
References: https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-29230
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. The vulnerability can be triggered via the `pt["email"]` parameter.
References: https://github.com/JZP018/Vuln/blob/main/linsys/E5600/CI_emailReg_email/CI_emailReg_email.md
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-30349
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute (that may use base64-encoded JavaScript code), as exploited in the wild in March 2025.
References: https://github.com/horde/base/releases/tag/v5.2.23
https://github.com/horde/imp/blob/fd9212ca3b72ff834504af4886f7d95138619bd4/doc/INSTALL.rst?plain=1#L23-L25
https://github.com/horde/imp/blob/fd9212ca3b72ff834504af4886f7d95138619bd4/doc/INSTALL.rst?plain=1#L61-L62
https://github.com/horde/imp/releases/tag/v6.2.27
https://github.com/horde/webmail/releases/tag/v5.2.22
https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057781.html
https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057784.html
https://web.archive.org/web/20250321152616/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057781.html
https://web.archive.org/web/20250321162434/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057784.html
https://www.horde.org/apps/horde
https://www.horde.org/apps/imp
https://www.horde.org/download/horde
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
13. CVE-2025-25035
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.This issue affects JPlatform 10: before 10.0.8 (SP8), before 10.0.7 (SP7), before 10.0.6 (SP6) and Jalios Workplace 6.2, Jalios Workplace 6.1, Jalios Workplace 6.0, and Jalios Workplace 5.3 to 5.5
References: https://community.jalios.com/jcms/jc1_893720/en/security-alert-2025-02-19
https://issues.jalios.com/browse/JCMS-11246
https://issues.jalios.com/browse/JCMS-11248
https://issues.jalios.com/browse/JCMS-11259
https://vulncheck.com/advisories/jalios-jplatform-xss
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-30204
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: golang-jwt is a Go implementation of JSON Web Tokens. Prior to
5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
References: https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3
https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp
CWE-ID: CWE-405
Common Platform Enumerations (CPE): Not Found
15. CVE-2025-2609
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is associated with program files protected/components/MagnusLog.Php.
This issue affects MagnusBilling: through 7.3.0.
References: https://chocapikk.com/posts/2025/magnusbilling/
https://github.com/magnussolution/magnusbilling7/commit/f0f083c76157e31149ae58342342fb1bf1629e22
https://vulncheck.com/advisories/magnusbilling-logs-xss
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
16. CVE-2025-2610
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php.
This issue affects MagnusBilling: through 7.3.0.
References: https://chocapikk.com/posts/2025/magnusbilling/
https://github.com/magnussolution/magnusbilling7/commit/f0f083c76157e31149ae58342342fb1bf1629e22
https://vulncheck.com/advisories/magnusbilling-alarm-xss
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 21-22, 2025.
During this period, The National Vulnerability Database published 70, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 2
High: 14
Medium: 40
Low: 4
Severity Not Assigned: 10
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-44199
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause unexpected system termination or read kernel memory.
References: https://support.apple.com/en-us/120911
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-44305
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.6. An app may be able to gain root privileges.
References: https://support.apple.com/en-us/120911
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-54551
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.
References: https://support.apple.com/en-us/120909
https://support.apple.com/en-us/120911
https://support.apple.com/en-us/120913
https://support.apple.com/en-us/120914
https://support.apple.com/en-us/120915
https://support.apple.com/en-us/120916
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-29807
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29807
CWE-ID: CWE-94 CWE-502
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-29814
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 5.8
Description: Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29814
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-2585
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: EBM Maintenance Center From EBM Technologies has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents.
References: https://www.twcert.org.tw/en/cp-139-10022-8e28e-2.html
https://www.twcert.org.tw/tw/cp-132-10021-8786e-1.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-26336
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.
References: https://www.dell.com/support/kbdoc/en-us/000297463/dsa-2025-123-security-update-for-dell-chassis-management-controller-firmware-for-dell-poweredge-fx2-and-vrtx-vulnerabilities
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
8. CVE-2025-25068
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes.
References: https://mattermost.com/security-updates
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
9. CVE-2025-24915
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
References: https://www.tenable.com/security/tns-2025-02
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-29927
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 14.2.25 and 15.2.3.
References: https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-29230
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. The vulnerability can be triggered via the `pt["email"]` parameter.
References: https://github.com/JZP018/Vuln/blob/main/linsys/E5600/CI_emailReg_email/CI_emailReg_email.md
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-30349
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute (that may use base64-encoded JavaScript code), as exploited in the wild in March 2025.
References: https://github.com/horde/base/releases/tag/v5.2.23
https://github.com/horde/imp/blob/fd9212ca3b72ff834504af4886f7d95138619bd4/doc/INSTALL.rst?plain=1#L23-L25
https://github.com/horde/imp/blob/fd9212ca3b72ff834504af4886f7d95138619bd4/doc/INSTALL.rst?plain=1#L61-L62
https://github.com/horde/imp/releases/tag/v6.2.27
https://github.com/horde/webmail/releases/tag/v5.2.22
https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057781.html
https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057784.html
https://web.archive.org/web/20250321152616/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057781.html
https://web.archive.org/web/20250321162434/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057784.html
https://www.horde.org/apps/horde
https://www.horde.org/apps/imp
https://www.horde.org/download/horde
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
13. CVE-2025-25035
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.This issue affects JPlatform 10: before 10.0.8 (SP8), before 10.0.7 (SP7), before 10.0.6 (SP6) and Jalios Workplace 6.2, Jalios Workplace 6.1, Jalios Workplace 6.0, and Jalios Workplace 5.3 to 5.5
References: https://community.jalios.com/jcms/jc1_893720/en/security-alert-2025-02-19
https://issues.jalios.com/browse/JCMS-11246
https://issues.jalios.com/browse/JCMS-11248
https://issues.jalios.com/browse/JCMS-11259
https://vulncheck.com/advisories/jalios-jplatform-xss
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-30204
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: golang-jwt is a Go implementation of JSON Web Tokens. Prior to
5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
References: https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3
https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp
CWE-ID: CWE-405
Common Platform Enumerations (CPE): Not Found
15. CVE-2025-2609
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is associated with program files protected/components/MagnusLog.Php.
This issue affects MagnusBilling: through 7.3.0.
References: https://chocapikk.com/posts/2025/magnusbilling/
https://github.com/magnussolution/magnusbilling7/commit/f0f083c76157e31149ae58342342fb1bf1629e22
https://vulncheck.com/advisories/magnusbilling-logs-xss
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
16. CVE-2025-2610
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php.
This issue affects MagnusBilling: through 7.3.0.
References: https://chocapikk.com/posts/2025/magnusbilling/
https://github.com/magnussolution/magnusbilling7/commit/f0f083c76157e31149ae58342342fb1bf1629e22
https://vulncheck.com/advisories/magnusbilling-alarm-xss
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found