CyberAlerts

CVE-2025-20152

ISE restart

Description: A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by sending a specific authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). A successful exploit could allow the attacker to cause Cisco ISE to reload.

CVSS: HIGH (8.6)

EPSS Score: 0.11%

Source: CVE

May 21st, 2025 (25 days ago)

CVE-2025-20113

Cisco Unified Intelligence Center Privilege Escalation Vulnerability

Description: A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.

CVSS: HIGH (7.1)

EPSS Score: 0.07%

Source: CVE

May 21st, 2025 (25 days ago)

[github.com/containerd/containerd/v2] containerd allows host filesystem access on pull

Description: Impact A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. Patches This bug has been fixed in the following containerd versions: 2.1.1 The only affected version of containerd is 2.1.0. Other versions of containerd are not affected. Users should update to this version to resolve the issue. Workarounds Ensure that only trusted images are used and that only trusted users have permissions to import images. Credits The containerd project would like to thank Tõnis Tiigi for responsibly disclosing this issue in accordance with the containerd security policy. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47290 For more information If you have any questions or comments about this advisory: Open an issue in containerd Email us at [email protected] To report a security issue in containerd: Report a new vulnerability Email us at [email protected] References https://github.com/containerd/containerd/security/advisories/GHSA-cm76-qm8v-3j95 https://nvd.nist.gov/vuln/detail/CVE-2025-47290 https://github.com/containerd/containerd/commit/cada13298fba85493badb6fecb6ccf80e49673cc https://github.com/containerd/containerd/releases/tag/v2.1.1 https://github.com/advisories/GHSA-cm76-qm8v-3j95

CVSS: HIGH (7.6)

EPSS Score: 0.02%

Source: Github Advisory Database (Go)

May 21st, 2025 (25 days ago)

CVE-2025-48207

The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.

Description: The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.

CVSS: HIGH (8.6)

EPSS Score: 0.04%

Source: CVE

May 21st, 2025 (25 days ago)

CVE-2025-48205

The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.

Description: The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.

CVSS: HIGH (8.6)

EPSS Score: 0.04%

Source: CVE

May 21st, 2025 (25 days ago)

CVE-2025-48201

The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.

Description: The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.

CVSS: HIGH (8.6)

EPSS Score: 0.04%

Source: CVE

May 21st, 2025 (25 days ago)

CVE-2025-27998

An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL.

Description: An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL.

CVSS: HIGH (8.4)

EPSS Score: 0.03%

Source: CVE

May 21st, 2025 (25 days ago)

CVE-2025-20113

Cisco Unified Intelligence Center Privilege Escalation Vulnerabilities

Description: Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform privilege escalation attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4 Security Impact Rating: High CVE: CVE-2025-20113,CVE-2025-20114

CVSS: HIGH (7.1)

EPSS Score: 0.07%

Source: Cisco Security Advisory

May 21st, 2025 (26 days ago)

CVE-2024-56429

itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to the...

Description: itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to the database.

CVSS: HIGH (7.7)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE

May 21st, 2025 (26 days ago)

CVE-2025-40775

DNS message with invalid TSIG causes an assertion failure

Description: When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7.

CVSS: HIGH (7.5)

EPSS Score: 0.01%

Source: CVE

May 21st, 2025 (26 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-20152	ISE restart Description: A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by sending a specific authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). A successful exploit could allow the attacker to cause Cisco ISE to reload. CVSS: HIGH (8.6) EPSS Score: 0.11% Source: CVE May 21st, 2025 (25 days ago)
CVE-2025-20113	Cisco Unified Intelligence Center Privilege Escalation Vulnerability Description: A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system. CVSS: HIGH (7.1) EPSS Score: 0.07% Source: CVE May 21st, 2025 (25 days ago)
	[github.com/containerd/containerd/v2] containerd allows host filesystem access on pull Description: Impact A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. Patches This bug has been fixed in the following containerd versions: 2.1.1 The only affected version of containerd is 2.1.0. Other versions of containerd are not affected. Users should update to this version to resolve the issue. Workarounds Ensure that only trusted images are used and that only trusted users have permissions to import images. Credits The containerd project would like to thank Tõnis Tiigi for responsibly disclosing this issue in accordance with the containerd security policy. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47290 For more information If you have any questions or comments about this advisory: Open an issue in containerd Email us at [email protected] To report a security issue in containerd: Report a new vulnerability Email us at [email protected] References https://github.com/containerd/containerd/security/advisories/GHSA-cm76-qm8v-3j95 https://nvd.nist.gov/vuln/detail/CVE-2025-47290 https://github.com/containerd/containerd/commit/cada13298fba85493badb6fecb6ccf80e49673cc https://github.com/containerd/containerd/releases/tag/v2.1.1 https://github.com/advisories/GHSA-cm76-qm8v-3j95 CVSS: HIGH (7.6) EPSS Score: 0.02% Source: Github Advisory Database (Go) May 21st, 2025 (25 days ago)
CVE-2025-48207	The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference. Description: The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference. CVSS: HIGH (8.6) EPSS Score: 0.04% Source: CVE May 21st, 2025 (25 days ago)
CVE-2025-48205	The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. Description: The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. CVSS: HIGH (8.6) EPSS Score: 0.04% Source: CVE May 21st, 2025 (25 days ago)
CVE-2025-48201	The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location. Description: The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location. CVSS: HIGH (8.6) EPSS Score: 0.04% Source: CVE May 21st, 2025 (25 days ago)
CVE-2025-27998	An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL. Description: An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL. CVSS: HIGH (8.4) EPSS Score: 0.03% Source: CVE May 21st, 2025 (25 days ago)
CVE-2025-20113	Cisco Unified Intelligence Center Privilege Escalation Vulnerabilities Description: Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform privilege escalation attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4 Security Impact Rating: High CVE: CVE-2025-20113,CVE-2025-20114 CVSS: HIGH (7.1) EPSS Score: 0.07% Source: Cisco Security Advisory May 21st, 2025 (26 days ago)
CVE-2024-56429	itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to the... Description: itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to the database. CVSS: HIGH (7.7) EPSS Score: 0.02% SSVC Exploitation: none Source: CVE May 21st, 2025 (26 days ago)
CVE-2025-40775	DNS message with invalid TSIG causes an assertion failure Description: When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7. CVSS: HIGH (7.5) EPSS Score: 0.01% Source: CVE May 21st, 2025 (26 days ago)