In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between April 29-30, 2025.
During this period, The National Vulnerability Database published 105, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 2
High: 10
Medium: 51
Low: 4
Severity Not Assigned: 38
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2025-24206
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.2
Description: An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy.
References: https://support.apple.com/en-us/122371
https://support.apple.com/en-us/122372
https://support.apple.com/en-us/122373
https://support.apple.com/en-us/122374
https://support.apple.com/en-us/122375
https://support.apple.com/en-us/122377
https://support.apple.com/en-us/122378
CWE-ID: CWE-863
Common Platform Enumerations (CPE): cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
2. CVE-2025-24252
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.
References: https://support.apple.com/en-us/122371
https://support.apple.com/en-us/122372
https://support.apple.com/en-us/122373
https://support.apple.com/en-us/122374
https://support.apple.com/en-us/122375
https://support.apple.com/en-us/122377
https://support.apple.com/en-us/122378
CWE-ID: CWE-416
Common Platform Enumerations (CPE): cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
3. CVE-2025-30194
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service.
The remedy is: upgrade to the patched 1.9.9 version.
A workaround is to temporarily switch to the h2o provider until DNSdist has been upgraded to a fixed version.
We would like to thank Charles Howes for bringing this issue to our attention.
References: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-02.html
http://www.openwall.com/lists/oss-security/2025/04/29/1
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-2817
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird ESR < 128.10.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1917536
https://www.mozilla.org/security/advisories/mfsa2025-28/
https://www.mozilla.org/security/advisories/mfsa2025-29/
https://www.mozilla.org/security/advisories/mfsa2025-30/
https://www.mozilla.org/security/advisories/mfsa2025-31/
https://www.mozilla.org/security/advisories/mfsa2025-32/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-23177
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: CWE-427: Uncontrolled Search Path Element
References: https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-23178
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
References: https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0
CWE-ID: CWE-923
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-23180
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: CWE-250: Execution with Unnecessary Privileges
References: https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
8. CVE-2025-23181
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: CWE-250: Execution with Unnecessary Privileges
References: https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
9. CVE-2025-46349
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been patched in version 4.5.4.
References: https://github.com/YesWiki/yeswiki/pull/1264/commits/6edde40eb7eeb5d60619ac4d1e0a0422d92e9524
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-2f8p-qqx2-gwr2
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-2f8p-qqx2-gwr2
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-3501
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.
References: https://access.redhat.com/errata/RHSA-2025:4335
https://access.redhat.com/security/cve/CVE-2025-3501
https://bugzilla.redhat.com/show_bug.cgi?id=2358834
CWE-ID: CWE-297
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-46348
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated. This could result in a malicious attacker making numerous requests to create archives and fill up the file system, or by downloading the archive which contains sensitive site information. This issue has been patched in version 4.5.4.
References: https://github.com/YesWiki/yeswiki/commit/0d4efc880a727599fa4f6d7a64cc967afe475530
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-wc9g-6j9w-hr95
CWE-ID: CWE-287 CWE-862
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-29906
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the `tty` configuration directive that can bypass `/bin/login`, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.11.
References: https://github.com/troglobit/finit/commit/6528628b5c771c25ffa0cb1a46c6c89d9d0d69e0
https://github.com/troglobit/finit/security/advisories/GHSA-563g-p98j-mc9q
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between April 29-30, 2025.
During this period, The National Vulnerability Database published 105, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 2
High: 10
Medium: 51
Low: 4
Severity Not Assigned: 38
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2025-24206
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.2
Description: An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy.
References: https://support.apple.com/en-us/122371
https://support.apple.com/en-us/122372
https://support.apple.com/en-us/122373
https://support.apple.com/en-us/122374
https://support.apple.com/en-us/122375
https://support.apple.com/en-us/122377
https://support.apple.com/en-us/122378
CWE-ID: CWE-863
Common Platform Enumerations (CPE): cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
2. CVE-2025-24252
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.
References: https://support.apple.com/en-us/122371
https://support.apple.com/en-us/122372
https://support.apple.com/en-us/122373
https://support.apple.com/en-us/122374
https://support.apple.com/en-us/122375
https://support.apple.com/en-us/122377
https://support.apple.com/en-us/122378
CWE-ID: CWE-416
Common Platform Enumerations (CPE): cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
3. CVE-2025-30194
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service.
The remedy is: upgrade to the patched 1.9.9 version.
A workaround is to temporarily switch to the h2o provider until DNSdist has been upgraded to a fixed version.
We would like to thank Charles Howes for bringing this issue to our attention.
References: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-02.html
http://www.openwall.com/lists/oss-security/2025/04/29/1
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-2817
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird ESR < 128.10.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1917536
https://www.mozilla.org/security/advisories/mfsa2025-28/
https://www.mozilla.org/security/advisories/mfsa2025-29/
https://www.mozilla.org/security/advisories/mfsa2025-30/
https://www.mozilla.org/security/advisories/mfsa2025-31/
https://www.mozilla.org/security/advisories/mfsa2025-32/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-23177
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: CWE-427: Uncontrolled Search Path Element
References: https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-23178
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
References: https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0
CWE-ID: CWE-923
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-23180
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: CWE-250: Execution with Unnecessary Privileges
References: https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
8. CVE-2025-23181
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: CWE-250: Execution with Unnecessary Privileges
References: https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
9. CVE-2025-46349
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been patched in version 4.5.4.
References: https://github.com/YesWiki/yeswiki/pull/1264/commits/6edde40eb7eeb5d60619ac4d1e0a0422d92e9524
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-2f8p-qqx2-gwr2
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-2f8p-qqx2-gwr2
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-3501
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.
References: https://access.redhat.com/errata/RHSA-2025:4335
https://access.redhat.com/security/cve/CVE-2025-3501
https://bugzilla.redhat.com/show_bug.cgi?id=2358834
CWE-ID: CWE-297
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-46348
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated. This could result in a malicious attacker making numerous requests to create archives and fill up the file system, or by downloading the archive which contains sensitive site information. This issue has been patched in version 4.5.4.
References: https://github.com/YesWiki/yeswiki/commit/0d4efc880a727599fa4f6d7a64cc967afe475530
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-wc9g-6j9w-hr95
CWE-ID: CWE-287 CWE-862
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-29906
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the `tty` configuration directive that can bypass `/bin/login`, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.11.
References: https://github.com/troglobit/finit/commit/6528628b5c771c25ffa0cb1a46c6c89d9d0d69e0
https://github.com/troglobit/finit/security/advisories/GHSA-563g-p98j-mc9q
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found