Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region.
The vulnerabilities, tracked as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), could be chained to execute arbitrary code on a
CVSS: MEDIUM (5.3) EPSS Score: 82.26%
May 22nd, 2025 (20 days ago)
|
CVE-2025-4692 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 5.9
ATTENTION: Exploitable remotely/Low attack complexity
Vendor: ABUP
Equipment: ABUP Internet of Things (IoT) Cloud Platform
Vulnerability: Incorrect Privilege Assignment
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to access device profiles for which they are not authorized.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following ABUP products are affected:
ABUP IoT Cloud Platform: All Versions
3.2 VULNERABILITY OVERVIEW
3.2.1 INCORRECT PRIVILEGE ASSIGNMENT CWE-266
Actors can use a maliciously crafted JavaScript Object Notation (JSON) Web Token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by the Cloud Update Platform.
CVE-2025-4692 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L).
A CVSS v4 score has also been calculated for CVE-2025-4692. A base score of 5.9 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Communications
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: China
3.4 RESEARCHER
Daniel Christensen of Telenor reported this vulnerability to CISA
4. MITIGATIONS
ABUP did not respond ...
CVSS: MEDIUM (6.8) EPSS Score: 0.03%
May 20th, 2025 (22 days ago)
|
|
CVE-2025-20969 |
Description: Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-20967 |
Description: Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery.
CVSS: MEDIUM (5.1) EPSS Score: 0.02%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-20966 |
Description: Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles.
CVSS: MEDIUM (4.6) EPSS Score: 0.02%
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-22771 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Studio Hyperset The Great Firewords of China allows Stored XSS. This issue affects The Great Firewords of China: from n/a through 1.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.03% SSVC Exploitation: none
April 17th, 2025 (about 2 months ago)
|
|
CVE-2025-3002 |
Description: A vulnerability, which was classified as critical, has been found in Digital China DCME-520 up to 20250320. This issue affects some unknown processing of the file /usr/local/WWW/function/audit/newstatistics/mon_merge_stat_hist.php. The manipulation of the argument type_name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. Eine Schwachstelle wurde in Digital China DCME-520 bis 20250320 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /usr/local/WWW/function/audit/newstatistics/mon_merge_stat_hist.php. Mit der Manipulation des Arguments type_name mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 2.14%
March 31st, 2025 (2 months ago)
|
|
CVE-2025-2716 |
Description: A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In China Mobile P22g-CIac 1.0.00.488 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalität der Komponente Samba Path Handler. Durch das Manipulieren mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.1) EPSS Score: 0.07%
March 25th, 2025 (3 months ago)
|
|
CVE-2025-2397 |
Description: A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been declared as problematic. This vulnerability affects unknown code of the component Telnet Service. The manipulation leads to improper authorization. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P bis 20250305 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalität der Komponente Telnet Service. Durch die Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.8) EPSS Score: 0.03%
March 17th, 2025 (3 months ago)
|
|
Description: Written by: Lukasz Lamparski, Punsaen Boonyakarn, Shawn Chew, Frank Tse, Jakub Jozwiak, Mathew Potaczek, Logeswaran Nadarajan, Nick Harbour, Mustafa Nasser
Introduction
In mid 2024, Mandiant discovered threat actors deployed custom backdoors on Juniper Networks’ Junos OS routers. Mandiant attributed these backdoors to the China-nexus espionage group, UNC3886. Mandiant uncovered several TINYSHELL-based backdoors operating on Juniper Networks’ Junos OS routers. The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script that disables logging mechanisms on the target device.
Mandiant worked with Juniper Networks to investigate this activity and observed that the affected Juniper MX routers were running end-of-life hardware and software. Mandiant recommends that organizations upgrade their Juniper devices to the latest images released by Juniper Networks, which includes mitigations and updated signatures for the Juniper Malware Removal Tool (JMRT). Organizations should run the JMRT Quick Scan and Integrity Check after the upgrade.
Mandiant has reported on similar custom malware ecosystems in 2022 and 2023 that UNC3886 deployed on virtualization technologies and network edge devices. This blog post showcases a development in UNC3886’s tactics, techniques and procedures (TTPs), and their focus on malware and capabilities that enable them to operate on network and edge devices, which typically lack security monito...
CVSS: MEDIUM (6.7)
March 12th, 2025 (3 months ago)
|