In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between November 24-25, 2025.
During this period, The National Vulnerability Database published 100, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 26
Medium: 51
Low: 0
Severity Not Assigned: 20
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2025-7402
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘site_id’ parameter in all versions up to, and including, 4.95 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://codecanyon.net/item/ads-pro-plugin-multipurpose-wordpress-advertising-manager/10275010
https://www.wordfence.com/threat-intel/vulnerabilities/id/5548b97d-14f0-4f50-b213-a19c02c240be?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-14015
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: The WordPress eCommerce Plugin WordPress plugin through 2.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
References: https://wpscan.com/vulnerability/1a70927a-e345-4e2f-98da-1235f4482cc0/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2025-12629
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
References: https://wpscan.com/vulnerability/528e9775-3a2d-4e52-92f7-f123ad787e7d/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-41729
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service.
References: https://certvde.com/de/advisories/VDE-2025-094
CWE-ID: CWE-1287
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-65493
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.
References: https://github.com/obgm/libcoap/issues/1743
https://github.com/obgm/libcoap/pull/1750
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-65494
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL.
References: https://github.com/obgm/libcoap/issues/1745
https://github.com/obgm/libcoap/pull/1750
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-65495
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter.
References: https://github.com/obgm/libcoap/issues/1744
https://github.com/obgm/libcoap/pull/1750
CWE-ID: CWE-195
Common Platform Enumerations (CPE): Not Found
8. CVE-2025-65503
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between io_context and endpoint objects.
References: https://github.com/redboltz/async_mqtt/issues/436
https://github.com/redboltz/async_mqtt/pull/437
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
9. CVE-2025-65998
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option.
When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained access to the internal database content, to reconstruct the original cleartext password values.
This is not affecting encrypted plain attributes, whose values are also stored using AES encryption.
Users are recommended to upgrade to version 3.0.15 / 4.0.3, which fix this issue.
References: https://lists.apache.org/thread/fjh0tb0d1xkbphc5ogdsc348ppz88cts
http://www.openwall.com/lists/oss-security/2025/11/24/1
CWE-ID: CWE-321
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-12970
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution.
References: https://fluentbit.io/announcements/v4.1.0/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-12977
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.
References: https://fluentbit.io/announcements/v4.1.0/
CWE-ID: CWE-1287
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-10554
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
References: https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10554
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
13. CVE-2025-10555
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in DELMIA Service Process Engineer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
References: https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10555
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-44018
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2230
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2230
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
15. CVE-2025-56401
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookupsByTableNameAndColumnName.
References: http://wbrm.com
https://mstreet97.github.io/security/cve/sqli/2025/07/25/Zira-WBRM-SQL-Injection-CVE-2025-56401.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
16. CVE-2025-60638
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API.
References: https://github.com/free5gc/free5gc
https://github.com/free5gc/free5gc/issues/704
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
17. CVE-2025-60915
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request.
References: https://www.sec4you-pentest.com/schwachstelle/openatlas-schwachstelle-lfi-konfigurationsdatei-exfiltration/
https://www.sec4you-pentest.com/schwachstellen/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
18. CVE-2025-63434
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control the update metadata can serve a malicious package, which the application will accept, extract, and later execute, leading to arbitrary code execution.
References: https://github.com/ab3lson/cve-references/tree/master/CVE-2025-63434
https://www.nowsecure.com/blog/2025/07/16/remote-code-execution-discovered-in-xtool-anyscan-app-risks-to-phones-and-vehicles/
CWE-ID: CWE-494
Common Platform Enumerations (CPE): Not Found
19. CVE-2025-63958
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (/MILLENSYS/settings) that is accessible without authentication. This page leaks plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An unauthenticated attacker can retrieve this information by accessing the endpoint directly, potentially leading to full system compromise. The vulnerability is due to missing access controls on a privileged administrative function.
References: https://ozex.gitlab.io/tricks_hacks/2025-11-19-cve-2025-63958/index.html
https://www.millensys.com/
CWE-ID: CWE-200 CWE-284 CWE-306
Common Platform Enumerations (CPE): Not Found
20. CVE-2025-13609
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.3
Description: A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.
References: https://access.redhat.com/security/cve/CVE-2025-13609
https://bugzilla.redhat.com/show_bug.cgi?id=2416761
CWE-ID: CWE-694
Common Platform Enumerations (CPE): Not Found
21. CVE-2025-0005
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.7
Description: Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in crash or denial of service.
References: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-8014.html
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
22. CVE-2025-52539
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.7
Description: A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface (AXI), potentially resulting in loss of confidentiality, integrity, and/or availability.
References: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-8014.html
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
23. CVE-2025-56400
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa account to a victim's Tuya account. The applications fail to validate the OAuth state parameter during the account linking flow, enabling a cross-site request forgery (CSRF)-like attack. By tricking the victim into clicking a crafted authorization link, an attacker can complete the OAuth flow on the victim's behalf, resulting in unauthorized Alexa access to the victim's Tuya-connected devices. This affects users regardless of prior Alexa linkage and does not require the Tuya application to be active at the time. Successful exploitation may allow remote control of devices such as cameras, doorbells, door locks, or alarms.
References: http://tuya.com
https://src.tuya.com/announcement/30
CWE-ID: CWE-352 CWE-384
Common Platform Enumerations (CPE): Not Found
24. CVE-2025-0003
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 5.3
Description: Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability
References: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-8014.html
CWE-ID: CWE-413
Common Platform Enumerations (CPE): Not Found
25. CVE-2025-48510
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability.
References: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html
CWE-ID: CWE-394
Common Platform Enumerations (CPE): Not Found
26. CVE-2025-52538
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.5
Description: Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in loss of confidentiality or availability.
References: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-8014.html
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
27. CVE-2025-54338
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to disclose user hashes.
References: https://desktopalert.net/cve-2025-54338/
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
28. CVE-2025-54347
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain conditions.
References: https://desktopalert.net/cve-2025-54347/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
29. CVE-2025-54563
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Incorrect Access Control, leading to Remote Information Disclosure.
References: https://desktopalert.net/cve-2025-54563/
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between November 24-25, 2025.
During this period, The National Vulnerability Database published 100, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 26
Medium: 51
Low: 0
Severity Not Assigned: 20
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2025-7402
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘site_id’ parameter in all versions up to, and including, 4.95 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://codecanyon.net/item/ads-pro-plugin-multipurpose-wordpress-advertising-manager/10275010
https://www.wordfence.com/threat-intel/vulnerabilities/id/5548b97d-14f0-4f50-b213-a19c02c240be?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-14015
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: The WordPress eCommerce Plugin WordPress plugin through 2.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
References: https://wpscan.com/vulnerability/1a70927a-e345-4e2f-98da-1235f4482cc0/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2025-12629
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
References: https://wpscan.com/vulnerability/528e9775-3a2d-4e52-92f7-f123ad787e7d/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2025-41729
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service.
References: https://certvde.com/de/advisories/VDE-2025-094
CWE-ID: CWE-1287
Common Platform Enumerations (CPE): Not Found
5. CVE-2025-65493
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.
References: https://github.com/obgm/libcoap/issues/1743
https://github.com/obgm/libcoap/pull/1750
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
6. CVE-2025-65494
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL.
References: https://github.com/obgm/libcoap/issues/1745
https://github.com/obgm/libcoap/pull/1750
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
7. CVE-2025-65495
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter.
References: https://github.com/obgm/libcoap/issues/1744
https://github.com/obgm/libcoap/pull/1750
CWE-ID: CWE-195
Common Platform Enumerations (CPE): Not Found
8. CVE-2025-65503
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between io_context and endpoint objects.
References: https://github.com/redboltz/async_mqtt/issues/436
https://github.com/redboltz/async_mqtt/pull/437
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
9. CVE-2025-65998
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option.
When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained access to the internal database content, to reconstruct the original cleartext password values.
This is not affecting encrypted plain attributes, whose values are also stored using AES encryption.
Users are recommended to upgrade to version 3.0.15 / 4.0.3, which fix this issue.
References: https://lists.apache.org/thread/fjh0tb0d1xkbphc5ogdsc348ppz88cts
http://www.openwall.com/lists/oss-security/2025/11/24/1
CWE-ID: CWE-321
Common Platform Enumerations (CPE): Not Found
10. CVE-2025-12970
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution.
References: https://fluentbit.io/announcements/v4.1.0/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
11. CVE-2025-12977
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.
References: https://fluentbit.io/announcements/v4.1.0/
CWE-ID: CWE-1287
Common Platform Enumerations (CPE): Not Found
12. CVE-2025-10554
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
References: https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10554
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
13. CVE-2025-10555
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in DELMIA Service Process Engineer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
References: https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10555
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
14. CVE-2025-44018
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2230
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2230
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
15. CVE-2025-56401
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookupsByTableNameAndColumnName.
References: http://wbrm.com
https://mstreet97.github.io/security/cve/sqli/2025/07/25/Zira-WBRM-SQL-Injection-CVE-2025-56401.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
16. CVE-2025-60638
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API.
References: https://github.com/free5gc/free5gc
https://github.com/free5gc/free5gc/issues/704
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
17. CVE-2025-60915
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request.
References: https://www.sec4you-pentest.com/schwachstelle/openatlas-schwachstelle-lfi-konfigurationsdatei-exfiltration/
https://www.sec4you-pentest.com/schwachstellen/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
18. CVE-2025-63434
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control the update metadata can serve a malicious package, which the application will accept, extract, and later execute, leading to arbitrary code execution.
References: https://github.com/ab3lson/cve-references/tree/master/CVE-2025-63434
https://www.nowsecure.com/blog/2025/07/16/remote-code-execution-discovered-in-xtool-anyscan-app-risks-to-phones-and-vehicles/
CWE-ID: CWE-494
Common Platform Enumerations (CPE): Not Found
19. CVE-2025-63958
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (/MILLENSYS/settings) that is accessible without authentication. This page leaks plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An unauthenticated attacker can retrieve this information by accessing the endpoint directly, potentially leading to full system compromise. The vulnerability is due to missing access controls on a privileged administrative function.
References: https://ozex.gitlab.io/tricks_hacks/2025-11-19-cve-2025-63958/index.html
https://www.millensys.com/
CWE-ID: CWE-200 CWE-284 CWE-306
Common Platform Enumerations (CPE): Not Found
20. CVE-2025-13609
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.3
Description: A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.
References: https://access.redhat.com/security/cve/CVE-2025-13609
https://bugzilla.redhat.com/show_bug.cgi?id=2416761
CWE-ID: CWE-694
Common Platform Enumerations (CPE): Not Found
21. CVE-2025-0005
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.7
Description: Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in crash or denial of service.
References: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-8014.html
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
22. CVE-2025-52539
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.7
Description: A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface (AXI), potentially resulting in loss of confidentiality, integrity, and/or availability.
References: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-8014.html
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
23. CVE-2025-56400
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa account to a victim's Tuya account. The applications fail to validate the OAuth state parameter during the account linking flow, enabling a cross-site request forgery (CSRF)-like attack. By tricking the victim into clicking a crafted authorization link, an attacker can complete the OAuth flow on the victim's behalf, resulting in unauthorized Alexa access to the victim's Tuya-connected devices. This affects users regardless of prior Alexa linkage and does not require the Tuya application to be active at the time. Successful exploitation may allow remote control of devices such as cameras, doorbells, door locks, or alarms.
References: http://tuya.com
https://src.tuya.com/announcement/30
CWE-ID: CWE-352 CWE-384
Common Platform Enumerations (CPE): Not Found
24. CVE-2025-0003
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 5.3
Description: Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability
References: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-8014.html
CWE-ID: CWE-413
Common Platform Enumerations (CPE): Not Found
25. CVE-2025-48510
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability.
References: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html
CWE-ID: CWE-394
Common Platform Enumerations (CPE): Not Found
26. CVE-2025-52538
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.5
Description: Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in loss of confidentiality or availability.
References: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-8014.html
CWE-ID: CWE-190
Common Platform Enumerations (CPE): Not Found
27. CVE-2025-54338
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to disclose user hashes.
References: https://desktopalert.net/cve-2025-54338/
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
28. CVE-2025-54347
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain conditions.
References: https://desktopalert.net/cve-2025-54347/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
29. CVE-2025-54563
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Incorrect Access Control, leading to Remote Information Disclosure.
References: https://desktopalert.net/cve-2025-54563/
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found