CyberAlerts

CVE-2025-48961

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build...

Description: Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39938.

CVSS: HIGH (7.3)

SSVC Exploitation: none

Source: CVE

June 4th, 2025 (about 1 hour ago)

CVE-2025-1701

Local Privilege Escalation in MIM Admin Service

Description: CVE-2025-1701 is a high-severity vulnerability in the MIM Admin service. An attacker could exploit this vulnerability by sending a specially crafted request over the RMI interface to execute arbitrary code with the privileges of the MIM Admin service. The RMI interface is only accessible locally (listening on 127.0.0.1), limiting the attack vector to the local machine. This means that in a properly configured hospital environment, an attacker must have already compromised the network and additionally compromised the system where the MIM Admin service is running. From there, attackers with sufficient knowledge of MIM's implementation, library usage, and functionality with access to extend the MIM RMI library could force the MIM Admin service to run commands on the local machine with its privileges. Users of MIM Software products exposed via RDP or multi-user application virtualization system should take note that the system being exposed is the environment hosting the virtualized MIM client. This issue affects MIM Admin Service: before 7.2.13, 7.3.8, 7.4.3

CVSS: HIGH (8.9)

SSVC Exploitation: none

Source: CVE

June 4th, 2025 (about 1 hour ago)

CVE-2025-30415

Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux,...

Description: Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077.

CVSS: HIGH (7.5)

Source: CVE

June 4th, 2025 (about 2 hours ago)

CVE-2025-5601

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark

Description: Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file

CVSS: HIGH (7.8)

Source: CVE

June 4th, 2025 (about 4 hours ago)

CVE-2025-47728

File Parsing Memory Corruption in CNCSoft-G2

Description: Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

CVSS: HIGH (7.3)

Source: CVE

June 4th, 2025 (about 6 hours ago)

CVE-2025-5482

Sunshine Photo Cart <= 3.4.11 - Authenticated (Subscriber) Privilege Escalation

Description: The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords through the password reset functionality, including administrators, and leverage that to reset the user's password and gain access to their account.

CVSS: HIGH (8.8)

Source: CVE