In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between June 11-12, 2025.
During this period, The National Vulnerability Database published 73, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 5
High: 26
Medium: 22
Low: 3
Severity Not Assigned: 17
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-7457
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invokes AuthorizationCopyRights() using its own privileged context (root), effectively authorizing itself rather than the client. As a result, it grants the system.preferences.admin right internally, regardless of the requesting client's privileges. This flawed logic allows unprivileged clients to invoke privileged operations via XPC, including unauthorized changes to system-wide network preferences such as SOCKS, HTTP, and HTTPS proxy settings. The absence of proper code-signing checks further enables arbitrary processes to exploit this flaw, leading to man-in-the-middle (MITM) attacks through traffic redirection.
References: https://pentraze.com/
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-9062
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitrary file deletion and file permission changes—to this helper running as root. However, the helper does not verify the code signature, entitlements, or signing flags of the connecting client. Although macOS provides secure validation mechanisms like auditToken, these are not implemented. As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges.
References: https://pentraze.com/
https://pentraze.com/vulnerability-reports/
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
3. CVE-2025-32717
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32717
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-49091
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.
References: https://invent.kde.org/utilities/konsole/-/commit/09d20dea109050b4c02fb73095f327b5642a2b75
https://invent.kde.org/utilities/konsole/-/tags
https://kde.org/info/security/advisory-20250609-1.txt
https://konsole.kde.org/changelog.html
https://proofnet.de/publikationen/konsole_rce.html
https://www.openwall.com/lists/oss-security/2025/06/10/5
CWE-ID: CWE-670
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-4275
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Running the provided utility changes the certificate on any Insyde BIOS and then the attached .efi file can be launched.
References: https://www.insyde.com/security-pledge/sa-2025002/
https://www.kb.cert.org/vuls/id/211341
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-5958
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html
https://issues.chromium.org/issues/420150619
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-5959
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
References: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html
https://issues.chromium.org/issues/422313191
CWE-ID: CWE-843
Common Platform Enumerations (CPE): Not Found
8. CVE-2025-4799
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability can be paired with CVE-2025-4798 to delete any file within the WordPress root directory.
References: https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-manager.php#L215
https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L16
https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L42
https://plugins.trac.wordpress.org/changeset/3294467/
https://www.wordfence.com/threat-intel/vulnerabilities/id/f9d9e485-171f-4e36-943d-397d540e31f4?source=cve
CWE-ID: CWE-36
Common Platform Enumerations (CPE): Not Found
9. CVE-2025-5395
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://codecanyon.net/item/wordpress-automatic-plugin/1904470#item-description__changelog
https://www.wordfence.com/threat-intel/vulnerabilities/id/57be67fd-8485-495f-b5e9-6eb52af945b7?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-41661
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection in the Main Web Interface (endpoint event_mail_test).
References: https://certvde.com/en/advisories/VDE-2025-052
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-41662
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection in the Main Web Interface (endpoint tls_iotgen_setting).
References: https://certvde.com/en/advisories/VDE-2025-052
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-41663
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: An unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers and gain arbitrary command execution with elevated privileges.
References: https://certvde.com/en/advisories/VDE-2025-052
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
13. CVE-2025-4315
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the plugin allowing a user to update arbitrary user meta through the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
References: https://plugins.trac.wordpress.org/browser/cubewp-framework/tags/1.1.23/cube/classes/class-cubewp-rest-api.php#L691
https://plugins.trac.wordpress.org/changeset/3306925/cubewp-framework#file2
https://www.wordfence.com/threat-intel/vulnerabilities/id/430b7e72-72b8-4cf8-99f4-ee1d1d4b4f24?source=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-3302
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTP_REFERER’ parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 7.1.0.0.
References: https://plugins.trac.wordpress.org/browser/xagio-seo/tags/7.0.0.34/modules/redirects/models/xagio_log404.php#L263
https://plugins.trac.wordpress.org/browser/xagio-seo/tags/7.0.0.34/modules/redirects/models/xagio_log404.php#L335
https://plugins.trac.wordpress.org/browser/xagio-seo/tags/7.0.0.34/modules/redirects/redirects.js#L554
https://plugins.trac.wordpress.org/browser/xagio-seo/tags/7.0.0.34/modules/redirects/redirects.js#L662
https://plugins.trac.wordpress.org/changeset/3281174/
https://plugins.trac.wordpress.org/changeset/3305780/
https://wordpress.org/plugins/xagio-seo
https://www.wordfence.com/threat-intel/vulnerabilities/id/9e2afd66-c896-47c8-bf56-84a086087d55?source=cve
https://xagio.com/redirects/
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
15. CVE-2025-49709
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1966083
https://www.mozilla.org/security/advisories/mfsa2025-47/
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
16. CVE-2025-49710
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1970095
https://www.mozilla.org/security/advisories/mfsa2025-47/
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
17. CVE-2025-5687
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root.
*This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.28.0 < (macOS).
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1953736
https://www.mozilla.org/security/advisories/mfsa2025-48/
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
18. CVE-2025-32711
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32711
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
19. CVE-2025-40914
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow.
CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.
References: https://github.com/advisories/GHSA-j3xv-6967-cv88
https://github.com/libtom/libtommath/pull/546
https://metacpan.org/release/MIK/CryptX-0.086/source/src/ltm/bn_mp_grow.c
https://www.cve.org/CVERecord?id=CVE-2023-36328
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
20. CVE-2025-4922
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14.
References: https://discuss.hashicorp.com/t/hcsec-2025-12-nomad-vulnerable-to-incorrect-acl-policy-lookup-attached-to-a-job/75396
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
21. CVE-2025-48445
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.
References: https://www.drupal.org/sa-contrib-2025-066
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
22. CVE-2025-48446
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.
References: https://www.drupal.org/sa-contrib-2025-067
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
23. CVE-2025-48447
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.
References: https://www.drupal.org/sa-contrib-2025-069
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
24. CVE-2025-49146
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.
References: https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
25. CVE-2025-49148
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. This vulnerability is fixed in 3.8.5.
References: https://github.com/thevindu-w/clip_share_server/security/advisories/GHSA-rc47-h83g-2r8j
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
26. CVE-2025-22874
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
References: https://go.dev/cl/670375
https://go.dev/issue/73612
https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A
https://pkg.go.dev/vuln/GO-2025-3749
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
27. CVE-2025-40915
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 4.7
Description: Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.
That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.
References: https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/changes
https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/diff/GRYPHON/Mojolicious-Plugin-CSRF-1.03
CWE-ID: CWE-338
Common Platform Enumerations (CPE): Not Found
28. CVE-2025-6001
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager.
References: https://blog.blacklanternsecurity.com/p/doomla-zero-days
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
29. CVE-2025-6002
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend. Authenticated attackers can upload files with arbitrary extensions, including executable or malicious files, potentially leading to remote code execution or other security impacts depending on server configuration.
References: https://blog.blacklanternsecurity.com/p/doomla-zero-days
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
30. CVE-2025-25032
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.
References: https://www.ibm.com/support/pages/node/7234674
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
31. CVE-2025-40912
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode.
CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.
References: https://github.com/libtom/libtomcrypt/issues/507
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between June 11-12, 2025.
During this period, The National Vulnerability Database published 73, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 5
High: 26
Medium: 22
Low: 3
Severity Not Assigned: 17
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-7457
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invokes AuthorizationCopyRights() using its own privileged context (root), effectively authorizing itself rather than the client. As a result, it grants the system.preferences.admin right internally, regardless of the requesting client's privileges. This flawed logic allows unprivileged clients to invoke privileged operations via XPC, including unauthorized changes to system-wide network preferences such as SOCKS, HTTP, and HTTPS proxy settings. The absence of proper code-signing checks further enables arbitrary processes to exploit this flaw, leading to man-in-the-middle (MITM) attacks through traffic redirection.
References: https://pentraze.com/
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-9062
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitrary file deletion and file permission changes—to this helper running as root. However, the helper does not verify the code signature, entitlements, or signing flags of the connecting client. Although macOS provides secure validation mechanisms like auditToken, these are not implemented. As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges.
References: https://pentraze.com/
https://pentraze.com/vulnerability-reports/
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
3. CVE-2025-32717
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32717
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-49091
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.
References: https://invent.kde.org/utilities/konsole/-/commit/09d20dea109050b4c02fb73095f327b5642a2b75
https://invent.kde.org/utilities/konsole/-/tags
https://kde.org/info/security/advisory-20250609-1.txt
https://konsole.kde.org/changelog.html
https://proofnet.de/publikationen/konsole_rce.html
https://www.openwall.com/lists/oss-security/2025/06/10/5
CWE-ID: CWE-670
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-4275
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Running the provided utility changes the certificate on any Insyde BIOS and then the attached .efi file can be launched.
References: https://www.insyde.com/security-pledge/sa-2025002/
https://www.kb.cert.org/vuls/id/211341
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-5958
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html
https://issues.chromium.org/issues/420150619
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-5959
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
References: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html
https://issues.chromium.org/issues/422313191
CWE-ID: CWE-843
Common Platform Enumerations (CPE): Not Found
8. CVE-2025-4799
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability can be paired with CVE-2025-4798 to delete any file within the WordPress root directory.
References: https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-manager.php#L215
https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L16
https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L42
https://plugins.trac.wordpress.org/changeset/3294467/
https://www.wordfence.com/threat-intel/vulnerabilities/id/f9d9e485-171f-4e36-943d-397d540e31f4?source=cve
CWE-ID: CWE-36
Common Platform Enumerations (CPE): Not Found
9. CVE-2025-5395
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://codecanyon.net/item/wordpress-automatic-plugin/1904470#item-description__changelog
https://www.wordfence.com/threat-intel/vulnerabilities/id/57be67fd-8485-495f-b5e9-6eb52af945b7?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-41661
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection in the Main Web Interface (endpoint event_mail_test).
References: https://certvde.com/en/advisories/VDE-2025-052
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-41662
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection in the Main Web Interface (endpoint tls_iotgen_setting).
References: https://certvde.com/en/advisories/VDE-2025-052
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-41663
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: An unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers and gain arbitrary command execution with elevated privileges.
References: https://certvde.com/en/advisories/VDE-2025-052
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
13. CVE-2025-4315
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the plugin allowing a user to update arbitrary user meta through the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
References: https://plugins.trac.wordpress.org/browser/cubewp-framework/tags/1.1.23/cube/classes/class-cubewp-rest-api.php#L691
https://plugins.trac.wordpress.org/changeset/3306925/cubewp-framework#file2
https://www.wordfence.com/threat-intel/vulnerabilities/id/430b7e72-72b8-4cf8-99f4-ee1d1d4b4f24?source=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-3302
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTP_REFERER’ parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 7.1.0.0.
References: https://plugins.trac.wordpress.org/browser/xagio-seo/tags/7.0.0.34/modules/redirects/models/xagio_log404.php#L263
https://plugins.trac.wordpress.org/browser/xagio-seo/tags/7.0.0.34/modules/redirects/models/xagio_log404.php#L335
https://plugins.trac.wordpress.org/browser/xagio-seo/tags/7.0.0.34/modules/redirects/redirects.js#L554
https://plugins.trac.wordpress.org/browser/xagio-seo/tags/7.0.0.34/modules/redirects/redirects.js#L662
https://plugins.trac.wordpress.org/changeset/3281174/
https://plugins.trac.wordpress.org/changeset/3305780/
https://wordpress.org/plugins/xagio-seo
https://www.wordfence.com/threat-intel/vulnerabilities/id/9e2afd66-c896-47c8-bf56-84a086087d55?source=cve
https://xagio.com/redirects/
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
15. CVE-2025-49709
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1966083
https://www.mozilla.org/security/advisories/mfsa2025-47/
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
16. CVE-2025-49710
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1970095
https://www.mozilla.org/security/advisories/mfsa2025-47/
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
17. CVE-2025-5687
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root.
*This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.28.0 < (macOS).
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1953736
https://www.mozilla.org/security/advisories/mfsa2025-48/
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
18. CVE-2025-32711
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32711
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
19. CVE-2025-40914
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow.
CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.
References: https://github.com/advisories/GHSA-j3xv-6967-cv88
https://github.com/libtom/libtommath/pull/546
https://metacpan.org/release/MIK/CryptX-0.086/source/src/ltm/bn_mp_grow.c
https://www.cve.org/CVERecord?id=CVE-2023-36328
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
20. CVE-2025-4922
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14.
References: https://discuss.hashicorp.com/t/hcsec-2025-12-nomad-vulnerable-to-incorrect-acl-policy-lookup-attached-to-a-job/75396
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
21. CVE-2025-48445
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.
References: https://www.drupal.org/sa-contrib-2025-066
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
22. CVE-2025-48446
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.
References: https://www.drupal.org/sa-contrib-2025-067
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
23. CVE-2025-48447
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.
References: https://www.drupal.org/sa-contrib-2025-069
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
24. CVE-2025-49146
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.
References: https://github.com/pgjdbc/pgjdbc/commit/9217ed16cb2918ab1b6b9258ae97e6ede244d8a0
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-hq9p-pm7w-8p54
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
25. CVE-2025-49148
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. This vulnerability is fixed in 3.8.5.
References: https://github.com/thevindu-w/clip_share_server/security/advisories/GHSA-rc47-h83g-2r8j
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
26. CVE-2025-22874
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
References: https://go.dev/cl/670375
https://go.dev/issue/73612
https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A
https://pkg.go.dev/vuln/GO-2025-3749
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
27. CVE-2025-40915
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 4.7
Description: Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.
That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.
References: https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/changes
https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/diff/GRYPHON/Mojolicious-Plugin-CSRF-1.03
CWE-ID: CWE-338
Common Platform Enumerations (CPE): Not Found
28. CVE-2025-6001
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager.
References: https://blog.blacklanternsecurity.com/p/doomla-zero-days
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
29. CVE-2025-6002
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend. Authenticated attackers can upload files with arbitrary extensions, including executable or malicious files, potentially leading to remote code execution or other security impacts depending on server configuration.
References: https://blog.blacklanternsecurity.com/p/doomla-zero-days
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
30. CVE-2025-25032
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.
References: https://www.ibm.com/support/pages/node/7234674
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
31. CVE-2025-40912
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode.
CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.
References: https://github.com/libtom/libtomcrypt/issues/507
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found