In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between June 19-20, 2025.
During this period, The National Vulnerability Database published 67, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 7
High: 7
Medium: 40
Low: 0
Severity Not Assigned: 13
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-45208
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versions of Versa Director bound to these ports on all interfaces. An attacker that can access the Versa Director could access the NCS service on port 4566 and exploit it to perform unauthorized administrative actions and perform remote code execution. Customers are recommended to follow the hardening guide.
Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.
References: https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Harden_Port_4566
https://security-portal.versa-networks.com/emailbulletins/68526c3cdc94d6b9f2faf718
https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3
https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2
https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3
https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2025-23121
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user
References: https://www.veeam.com/kb4743
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2025-23171
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director discloses the full filename of uploaded temporary files, including the UUID prefix. Insecure UCPE image upload in Versa Director allows an authenticated attacker to upload a webshell.
Exploitation Status:
Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.
Workarounds or Mitigation:
There are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.
References: https://security-portal.versa-networks.com/emailbulletins/68526dbbdc94d6b9f2faf71a
https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3
https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2
https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3
https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-23172
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP requests to localhost. This can be leveraged to execute commands on behalf of the versa user, who has sudo privileges, potentially leading to privilege escalation or remote code execution.
Exploitation Status:
Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.
Workarounds or Mitigation:
There are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.
References: https://security-portal.versa-networks.com/emailbulletins/68526e7bdc94d6b9f2faf71b
https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3
https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2
https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3
https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-23173
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces significant risk, as websockify has known weaknesses that can be exploited, potentially leading to remote code execution.
Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.
Workarounds or Mitigation:
Restrict access to TCP port 6080 if uCPE console access is not necessary. Versa recommends that Director be upgraded to one of the remediated software versions.
References: https://security-portal.versa-networks.com/emailbulletins/68526ee0dc94d6b9f2faf71c
https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3
https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2
https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3
https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-24286
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.
References: https://www.veeam.com/kb4743
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-24288
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most with sudo access) that utilize the same default credentials. By default, Versa director exposes ssh and postgres to the internet, alongside a host of other services.
Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.
Workarounds or Mitigation:
Versa recommends the following security controls:
1) Change default passwords to complex passwords
2) Passwords must be complex with at least 8 characters that comprise of upper case, and lower case alphabets, as well as at at least one digit, and one special character
3) Passwords must be changed at least every 90 days
4) Password change history is checked to ensure that the at least the last 5 passwords must be used when changing password.
5) Review and audit logs for all authentication attempts to check for unauthorized/suspicious login attempts and enforce remediation steps.
References: https://security-portal.versa-networks.com/emailbulletins/68526d12dc94d6b9f2faf719
https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2025-52467
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUB_TOKEN with write permissions for the repository, allowing an attacker to tamper with all aspects of the repository, including pushing arbitrary code and releases. This issue has been patched in commit 8eb3567.
References: https://github.com/timescale/pgai/commit/8eb356729c33560ce54b88b9a956960ad1e3ede8
https://github.com/timescale/pgai/pull/742
https://github.com/timescale/pgai/security/advisories/GHSA-89qq-hgvp-x37m
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
9. CVE-2025-50201
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debug_info.php endpoint. The branch parameter is not properly sanitized before being concatenated and executed in a shell command on the server's operating system. This flaw allows an unauthenticated attacker to execute arbitrary commands on the server with the privileges of the web server user (www-data). This issue has been patched in version 3.4.2.
References: https://github.com/LabRedesCefetRJ/WeGIA/commit/45f32ad1d52775fc99f3c90075c8136c6d4d1d3d
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-52p5-5fmw-9hrf
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-5071
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like 'wp_create_user', 'wp_update_user' and 'wp_update_option', which can be used for privilege escalation, and 'wp_update_post', 'wp_delete_post', 'wp_update_comment' and 'wp_delete_comment', which can be used to edit and delete posts and comments.
References: https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.8.1/labs/mcp.php#L43
https://plugins.trac.wordpress.org/changeset/3313554/ai-engine#file21
https://www.wordfence.com/threat-intel/vulnerabilities/id/0e7654a1-0020-4bf1-86be-bdb238a9fe0d?source=cve
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-6019
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
References: https://access.redhat.com/security/cve/CVE-2025-6019
https://bugzilla.redhat.com/show_bug.cgi?id=2370051
http://www.openwall.com/lists/oss-security/2025/06/17/5
http://www.openwall.com/lists/oss-security/2025/06/17/6
http://www.openwall.com/lists/oss-security/2025/06/18/1
https://lists.debian.org/debian-lts-announce/2025/06/msg00018.html
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-4738
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ERP allows SQL Injection.This issue affects MY ERP: before 1.170.
References: https://www.usom.gov.tr/bildirim/tr-25-0132
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2025-33117
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands.
References: https://www.ibm.com/support/pages/node/7237317
CWE-ID: CWE-73
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-33121
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
References: https://www.ibm.com/support/pages/node/7237317
CWE-ID: CWE-611
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between June 19-20, 2025.
During this period, The National Vulnerability Database published 67, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 7
High: 7
Medium: 40
Low: 0
Severity Not Assigned: 13
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-45208
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versions of Versa Director bound to these ports on all interfaces. An attacker that can access the Versa Director could access the NCS service on port 4566 and exploit it to perform unauthorized administrative actions and perform remote code execution. Customers are recommended to follow the hardening guide.
Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.
References: https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Harden_Port_4566
https://security-portal.versa-networks.com/emailbulletins/68526c3cdc94d6b9f2faf718
https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3
https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2
https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3
https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2025-23121
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user
References: https://www.veeam.com/kb4743
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2025-23171
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director discloses the full filename of uploaded temporary files, including the UUID prefix. Insecure UCPE image upload in Versa Director allows an authenticated attacker to upload a webshell.
Exploitation Status:
Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.
Workarounds or Mitigation:
There are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.
References: https://security-portal.versa-networks.com/emailbulletins/68526dbbdc94d6b9f2faf71a
https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3
https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2
https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3
https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-23172
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP requests to localhost. This can be leveraged to execute commands on behalf of the versa user, who has sudo privileges, potentially leading to privilege escalation or remote code execution.
Exploitation Status:
Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.
Workarounds or Mitigation:
There are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.
References: https://security-portal.versa-networks.com/emailbulletins/68526e7bdc94d6b9f2faf71b
https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3
https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2
https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3
https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-23173
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces significant risk, as websockify has known weaknesses that can be exploited, potentially leading to remote code execution.
Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.
Workarounds or Mitigation:
Restrict access to TCP port 6080 if uCPE console access is not necessary. Versa recommends that Director be upgraded to one of the remediated software versions.
References: https://security-portal.versa-networks.com/emailbulletins/68526ee0dc94d6b9f2faf71c
https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3
https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2
https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3
https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-24286
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.
References: https://www.veeam.com/kb4743
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-24288
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most with sudo access) that utilize the same default credentials. By default, Versa director exposes ssh and postgres to the internet, alongside a host of other services.
Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.
Workarounds or Mitigation:
Versa recommends the following security controls:
1) Change default passwords to complex passwords
2) Passwords must be complex with at least 8 characters that comprise of upper case, and lower case alphabets, as well as at at least one digit, and one special character
3) Passwords must be changed at least every 90 days
4) Password change history is checked to ensure that the at least the last 5 passwords must be used when changing password.
5) Review and audit logs for all authentication attempts to check for unauthorized/suspicious login attempts and enforce remediation steps.
References: https://security-portal.versa-networks.com/emailbulletins/68526d12dc94d6b9f2faf719
https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2025-52467
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUB_TOKEN with write permissions for the repository, allowing an attacker to tamper with all aspects of the repository, including pushing arbitrary code and releases. This issue has been patched in commit 8eb3567.
References: https://github.com/timescale/pgai/commit/8eb356729c33560ce54b88b9a956960ad1e3ede8
https://github.com/timescale/pgai/pull/742
https://github.com/timescale/pgai/security/advisories/GHSA-89qq-hgvp-x37m
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
9. CVE-2025-50201
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debug_info.php endpoint. The branch parameter is not properly sanitized before being concatenated and executed in a shell command on the server's operating system. This flaw allows an unauthenticated attacker to execute arbitrary commands on the server with the privileges of the web server user (www-data). This issue has been patched in version 3.4.2.
References: https://github.com/LabRedesCefetRJ/WeGIA/commit/45f32ad1d52775fc99f3c90075c8136c6d4d1d3d
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-52p5-5fmw-9hrf
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-5071
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like 'wp_create_user', 'wp_update_user' and 'wp_update_option', which can be used for privilege escalation, and 'wp_update_post', 'wp_delete_post', 'wp_update_comment' and 'wp_delete_comment', which can be used to edit and delete posts and comments.
References: https://plugins.trac.wordpress.org/browser/ai-engine/tags/2.8.1/labs/mcp.php#L43
https://plugins.trac.wordpress.org/changeset/3313554/ai-engine#file21
https://www.wordfence.com/threat-intel/vulnerabilities/id/0e7654a1-0020-4bf1-86be-bdb238a9fe0d?source=cve
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-6019
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
References: https://access.redhat.com/security/cve/CVE-2025-6019
https://bugzilla.redhat.com/show_bug.cgi?id=2370051
http://www.openwall.com/lists/oss-security/2025/06/17/5
http://www.openwall.com/lists/oss-security/2025/06/17/6
http://www.openwall.com/lists/oss-security/2025/06/18/1
https://lists.debian.org/debian-lts-announce/2025/06/msg00018.html
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-4738
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ERP allows SQL Injection.This issue affects MY ERP: before 1.170.
References: https://www.usom.gov.tr/bildirim/tr-25-0132
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2025-33117
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands.
References: https://www.ibm.com/support/pages/node/7237317
CWE-ID: CWE-73
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-33121
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
References: https://www.ibm.com/support/pages/node/7237317
CWE-ID: CWE-611
Common Platform Enumerations (CPE): Not Found