In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between April 23-24, 2025.
During this period, The National Vulnerability Database published 85, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 29
Medium: 20
Low: 5
Severity Not Assigned: 28
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2025-1021
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_25_03
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
2. CVE-2025-3529
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital product without paying for it.
References: https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/includes/wpsc-shortcodes-related.php#L92
https://plugins.trac.wordpress.org/changeset/3275373/
https://wordpress.org/plugins/wordpress-simple-paypal-shopping-cart/#developers
https://www.tipsandtricks-hq.com/ecommerce/wp-simple-cart-sell-digital-downloads-2468
https://www.wordfence.com/threat-intel/vulnerabilities/id/8fecc015-518f-4aab-a17e-17cf4b8cf123?source=cve
CWE-ID: CWE-201
Common Platform Enumerations (CPE): Not Found
3. CVE-2025-3530
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter 'product_tmp_two' for computing a security hash against price tampering while using 'wspsc_product' to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item.
References: https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L156
https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L165
https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L171
https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L261
https://plugins.trac.wordpress.org/changeset/3275373/
https://www.tipsandtricks-hq.com/wordpress-simple-paypal-shopping-cart-plugin-768
https://www.wordfence.com/threat-intel/vulnerabilities/id/e0a3910b-adc4-4633-a6a1-32ba50894be4?source=cve
CWE-ID: CWE-472
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-45427
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
References: https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/WifiBasicSet-security.md
https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/WifiBasicSet-security.md
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-45428
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
References: https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/SetSysAutoRebbotCfg-rebootTime.md
https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/SetSysAutoRebbotCfg-rebootTime.md
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-21605
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients (see client-output-buffer-limit). Therefore, the output buffer can grow unlimitedly over time. As a result, the service is exhausted and the memory is unavailable. When password authentication is enabled on the Redis server, but no password is provided, the client can still cause the output buffer to grow from "NOAUTH" responses until the system will run out of memory. This issue has been patched in version 7.4.3. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways. Either using network access control tools like firewalls, iptables, security groups, etc, or enabling TLS and requiring users to authenticate using client side certificates.
References: https://github.com/redis/redis/releases/tag/7.4.3
https://github.com/redis/redis/security/advisories/GHSA-r67f-p999-2gff
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-45429
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution.
References: https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/WifiWpsStart-index.md
https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/WifiWpsStart-index.md
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
8. CVE-2025-1045
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24586.
References: https://download.keyshot.com/cert/ksa-113962/ksa-113962.pdf?version=1.0&_gl=1*1x6i3a*_gcl_au*MTU0ODMwNDI4Ny4xNzQzNTUyMjcx
https://www.zerodayinitiative.com/advisories/ZDI-25-233/
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
9. CVE-2025-1046
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23646.
References: https://download.keyshot.com/cert/ksa-113962/ksa-113962.pdf?version=1.0&_gl=1*1x6i3a*_gcl_au*MTU0ODMwNDI4Ny4xNzQzNTUyMjcx
https://www.zerodayinitiative.com/advisories/ZDI-25-231/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-1047
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of pvs files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23694.
References: https://download.keyshot.com/cert/ksa-113962/ksa-113962.pdf?version=1.0&_gl=1*1x6i3a*_gcl_au*MTU0ODMwNDI4Ny4xNzQzNTUyMjcx
https://www.zerodayinitiative.com/advisories/ZDI-25-232/
CWE-ID: CWE-824
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-1048
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of SMB data. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25535.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-223/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-1049
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of ID3 data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25601.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-224/
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
13. CVE-2025-1050
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of HLS playlist data. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25606.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-225/
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-1520
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability.
The specific flaw exists within the implementation of the SQL parser. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the database account. Was ZDI-CAN-25350.
References: https://github.com/PostHog/posthog/commit/6e8f035f9acd339c5ba87ba6ea40fc1ab3053d42
https://www.zerodayinitiative.com/advisories/ZDI-25-099/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2025-1521
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability.
The specific flaw exists within the processing of the slack_incoming_webhook parameter. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25352.
References: https://github.com/PostHog/posthog/commit/6e8f035f9acd339c5ba87ba6ea40fc1ab3053d42
https://www.zerodayinitiative.com/advisories/ZDI-25-096/
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
16. CVE-2025-1522
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability.
The specific flaw exists within the implementation of the database_schema method. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-25358.
References: https://github.com/PostHog/posthog/commit/3732c0fd9551ed29521b58611bf1e44d918c1032
https://www.zerodayinitiative.com/advisories/ZDI-25-097/
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
17. CVE-2025-2760
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-203/
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
18. CVE-2025-2761
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25100.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-204/
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
19. CVE-2025-2762
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of a properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-25948.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-176/
CWE-ID: CWE-1326
Common Platform Enumerations (CPE): Not Found
20. CVE-2025-2764
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of update packages provided to update.cgi. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24355.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-178/
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
21. CVE-2025-2765
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the wireless hotspot. The issue results from the use of hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-24349.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-177/
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
22. CVE-2025-2767
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability.
The specific flaw exists within the processing of the User-Agent HTTP header. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24407.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-181/
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
23. CVE-2025-2768
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25041.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-182/
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
24. CVE-2025-2769
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25295.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-183/
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
25. CVE-2025-2773
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BEC Technologies Multiple Routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the management interface, which listens on TCP port 22 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-25903.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-187/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
26. CVE-2025-3903
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Vulnerability in Drupal UEditor - 百度编辑器.This issue affects UEditor - 百度编辑器: *.*.
References: https://www.drupal.org/sa-contrib-2025-044
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
27. CVE-2025-3904
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Vulnerability in Drupal Sportsleague.This issue affects Sportsleague: *.*.
References: https://www.drupal.org/sa-contrib-2025-045
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
28. CVE-2025-32818
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.
References: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0009
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
29. CVE-2025-46397
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via bezier_spline function.
References: https://sourceforge.net/p/mcj/tickets/192/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
30. CVE-2025-46398
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function.
References: https://sourceforge.net/p/mcj/tickets/191/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
31. CVE-2025-46399
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via genge_itp_spline function.
References: https://sourceforge.net/p/mcj/tickets/190/
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
32. CVE-2025-46400
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function.
References: https://sourceforge.net/p/mcj/tickets/187/
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between April 23-24, 2025.
During this period, The National Vulnerability Database published 85, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 29
Medium: 20
Low: 5
Severity Not Assigned: 28
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2025-1021
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.
References: https://www.synology.com/en-global/security/advisory/Synology_SA_25_03
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
2. CVE-2025-3529
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital product without paying for it.
References: https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/includes/wpsc-shortcodes-related.php#L92
https://plugins.trac.wordpress.org/changeset/3275373/
https://wordpress.org/plugins/wordpress-simple-paypal-shopping-cart/#developers
https://www.tipsandtricks-hq.com/ecommerce/wp-simple-cart-sell-digital-downloads-2468
https://www.wordfence.com/threat-intel/vulnerabilities/id/8fecc015-518f-4aab-a17e-17cf4b8cf123?source=cve
CWE-ID: CWE-201
Common Platform Enumerations (CPE): Not Found
3. CVE-2025-3530
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter 'product_tmp_two' for computing a security hash against price tampering while using 'wspsc_product' to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item.
References: https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L156
https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L165
https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L171
https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.1.2/wp_shopping_cart.php#L261
https://plugins.trac.wordpress.org/changeset/3275373/
https://www.tipsandtricks-hq.com/wordpress-simple-paypal-shopping-cart-plugin-768
https://www.wordfence.com/threat-intel/vulnerabilities/id/e0a3910b-adc4-4633-a6a1-32ba50894be4?source=cve
CWE-ID: CWE-472
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-45427
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
References: https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/WifiBasicSet-security.md
https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/WifiBasicSet-security.md
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-45428
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
References: https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/SetSysAutoRebbotCfg-rebootTime.md
https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/SetSysAutoRebbotCfg-rebootTime.md
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-21605
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients (see client-output-buffer-limit). Therefore, the output buffer can grow unlimitedly over time. As a result, the service is exhausted and the memory is unavailable. When password authentication is enabled on the Redis server, but no password is provided, the client can still cause the output buffer to grow from "NOAUTH" responses until the system will run out of memory. This issue has been patched in version 7.4.3. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways. Either using network access control tools like firewalls, iptables, security groups, etc, or enabling TLS and requiring users to authenticate using client side certificates.
References: https://github.com/redis/redis/releases/tag/7.4.3
https://github.com/redis/redis/security/advisories/GHSA-r67f-p999-2gff
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-45429
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution.
References: https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/WifiWpsStart-index.md
https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/WifiWpsStart-index.md
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
8. CVE-2025-1045
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24586.
References: https://download.keyshot.com/cert/ksa-113962/ksa-113962.pdf?version=1.0&_gl=1*1x6i3a*_gcl_au*MTU0ODMwNDI4Ny4xNzQzNTUyMjcx
https://www.zerodayinitiative.com/advisories/ZDI-25-233/
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
9. CVE-2025-1046
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23646.
References: https://download.keyshot.com/cert/ksa-113962/ksa-113962.pdf?version=1.0&_gl=1*1x6i3a*_gcl_au*MTU0ODMwNDI4Ny4xNzQzNTUyMjcx
https://www.zerodayinitiative.com/advisories/ZDI-25-231/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-1047
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of pvs files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23694.
References: https://download.keyshot.com/cert/ksa-113962/ksa-113962.pdf?version=1.0&_gl=1*1x6i3a*_gcl_au*MTU0ODMwNDI4Ny4xNzQzNTUyMjcx
https://www.zerodayinitiative.com/advisories/ZDI-25-232/
CWE-ID: CWE-824
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-1048
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of SMB data. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25535.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-223/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-1049
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of ID3 data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25601.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-224/
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
13. CVE-2025-1050
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of HLS playlist data. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25606.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-225/
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-1520
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability.
The specific flaw exists within the implementation of the SQL parser. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the database account. Was ZDI-CAN-25350.
References: https://github.com/PostHog/posthog/commit/6e8f035f9acd339c5ba87ba6ea40fc1ab3053d42
https://www.zerodayinitiative.com/advisories/ZDI-25-099/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2025-1521
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability.
The specific flaw exists within the processing of the slack_incoming_webhook parameter. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25352.
References: https://github.com/PostHog/posthog/commit/6e8f035f9acd339c5ba87ba6ea40fc1ab3053d42
https://www.zerodayinitiative.com/advisories/ZDI-25-096/
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
16. CVE-2025-1522
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability.
The specific flaw exists within the implementation of the database_schema method. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-25358.
References: https://github.com/PostHog/posthog/commit/3732c0fd9551ed29521b58611bf1e44d918c1032
https://www.zerodayinitiative.com/advisories/ZDI-25-097/
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
17. CVE-2025-2760
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-203/
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
18. CVE-2025-2761
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25100.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-204/
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
19. CVE-2025-2762
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of a properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-25948.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-176/
CWE-ID: CWE-1326
Common Platform Enumerations (CPE): Not Found
20. CVE-2025-2764
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of update packages provided to update.cgi. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24355.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-178/
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
21. CVE-2025-2765
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the wireless hotspot. The issue results from the use of hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-24349.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-177/
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
22. CVE-2025-2767
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability.
The specific flaw exists within the processing of the User-Agent HTTP header. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24407.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-181/
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
23. CVE-2025-2768
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25041.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-182/
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
24. CVE-2025-2769
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25295.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-183/
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
25. CVE-2025-2773
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BEC Technologies Multiple Routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the management interface, which listens on TCP port 22 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-25903.
References: https://www.zerodayinitiative.com/advisories/ZDI-25-187/
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
26. CVE-2025-3903
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Vulnerability in Drupal UEditor - 百度编辑器.This issue affects UEditor - 百度编辑器: *.*.
References: https://www.drupal.org/sa-contrib-2025-044
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
27. CVE-2025-3904
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Vulnerability in Drupal Sportsleague.This issue affects Sportsleague: *.*.
References: https://www.drupal.org/sa-contrib-2025-045
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
28. CVE-2025-32818
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.
References: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0009
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
29. CVE-2025-46397
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via bezier_spline function.
References: https://sourceforge.net/p/mcj/tickets/192/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
30. CVE-2025-46398
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function.
References: https://sourceforge.net/p/mcj/tickets/191/
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
31. CVE-2025-46399
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via genge_itp_spline function.
References: https://sourceforge.net/p/mcj/tickets/190/
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
32. CVE-2025-46400
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function.
References: https://sourceforge.net/p/mcj/tickets/187/
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found