CyberAlerts

CVE-2025-47418

Recording

Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. There is no visible indication when the system is recording and recording can be enabled remotely via a network API. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE

May 6th, 2025 (about 2 months ago)

CVE-2025-47256

Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod...

Description: Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file.

CVSS: MEDIUM (5.6)

EPSS Score: 0.02%

SSVC Exploitation: poc

Source: CVE

May 6th, 2025 (about 2 months ago)

CVE-2025-46573

passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling

Description: passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Users are affected specifically when the service provider is using `passport-wsfed-saml2` and a valid SAML Response signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.

CVSS: MEDIUM (4.6)

EPSS Score: 0.08%

Source: CVE

May 6th, 2025 (about 2 months ago)

CVE-2025-46572

passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping

Description: passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user in the Auth0 tenant during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Users are affected specifically when the service provider is using passport-wsfed-saml2 and a valid SAML document signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.

CVSS: MEDIUM (4.6)

EPSS Score: 0.1%

Source: CVE

May 6th, 2025 (about 2 months ago)

CVE-2025-47417

Enable Debug Images

Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible indication that this is being done. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.

CVSS: MEDIUM (5.1)

EPSS Score: 0.05%

Source: CVE

May 6th, 2025 (about 2 months ago)

CVE-2025-4388

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5,...

Description: A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the modules/apps/marketplace/marketplace-app-manager-web.

CVSS: MEDIUM (6.9)

EPSS Score: 1.67%

Source: CVE

May 6th, 2025 (about 2 months ago)

CVE-2025-46736

Umbraco Makes User Enumeration Feasible Based on Timing of Login Response

Description: Umbraco is a free and open source .NET content management system. Prior to versions 10.8.10 and 13.8.1, based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists. The issue is patched in versions 10.8.10 and 13.8.1. No known workarounds are available.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE

May 6th, 2025 (about 2 months ago)

CVE-2025-37730

Logstash Improper Certificate Validation in TCP output

Description: Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.

CVSS: MEDIUM (6.5)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE

May 6th, 2025 (about 2 months ago)

CVE-2025-32022

Finit has heap based buffer overwrite in urandom.so plugin

Description: Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so this bug affects everyone using Finit 4.2 or later that do not explicitly disable the plugin at build time. This bug is fixed in Finit 4.12. Those who cannot upgrade or backport the fix to urandom.c are strongly recommended to disable the plugin in the call to the `configure` script.

CVSS: MEDIUM (4.6)

EPSS Score: 0.01%

SSVC Exploitation: none

Source: CVE

May 6th, 2025 (about 2 months ago)

CVE-2025-4384

Certificate validity not properly verified

Description: The MQTT add-on of PcVue fails to verify that a remote device’s certificate has not already expired or has not yet become valid. This allows malicious devices to present certificates that are not rejected properly. The use of a client certificate reduces the risk for random devices to take advantage of this flaw.

CVSS: MEDIUM (6.0)

EPSS Score: 0.01%

Source: CVE

May 6th, 2025 (about 2 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-47418	Recording Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. There is no visible indication when the system is recording and recording can be enabled remotely via a network API. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE May 6th, 2025 (about 2 months ago)
CVE-2025-47256	Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod... Description: Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file. CVSS: MEDIUM (5.6) EPSS Score: 0.02% SSVC Exploitation: poc Source: CVE May 6th, 2025 (about 2 months ago)
CVE-2025-46573	passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling Description: passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Users are affected specifically when the service provider is using `passport-wsfed-saml2` and a valid SAML Response signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability. CVSS: MEDIUM (4.6) EPSS Score: 0.08% Source: CVE May 6th, 2025 (about 2 months ago)
CVE-2025-46572	passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping Description: passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user in the Auth0 tenant during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Users are affected specifically when the service provider is using passport-wsfed-saml2 and a valid SAML document signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability. CVSS: MEDIUM (4.6) EPSS Score: 0.1% Source: CVE May 6th, 2025 (about 2 months ago)
CVE-2025-47417	Enable Debug Images Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible indication that this is being done. This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49. CVSS: MEDIUM (5.1) EPSS Score: 0.05% Source: CVE May 6th, 2025 (about 2 months ago)
CVE-2025-4388	A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5,... Description: A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the modules/apps/marketplace/marketplace-app-manager-web. CVSS: MEDIUM (6.9) EPSS Score: 1.67% Source: CVE May 6th, 2025 (about 2 months ago)
CVE-2025-46736	Umbraco Makes User Enumeration Feasible Based on Timing of Login Response Description: Umbraco is a free and open source .NET content management system. Prior to versions 10.8.10 and 13.8.1, based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists. The issue is patched in versions 10.8.10 and 13.8.1. No known workarounds are available. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE May 6th, 2025 (about 2 months ago)
CVE-2025-37730	Logstash Improper Certificate Validation in TCP output Description: Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set. CVSS: MEDIUM (6.5) EPSS Score: 0.02% SSVC Exploitation: none Source: CVE May 6th, 2025 (about 2 months ago)
CVE-2025-32022	Finit has heap based buffer overwrite in urandom.so plugin Description: Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so this bug affects everyone using Finit 4.2 or later that do not explicitly disable the plugin at build time. This bug is fixed in Finit 4.12. Those who cannot upgrade or backport the fix to urandom.c are strongly recommended to disable the plugin in the call to the `configure` script. CVSS: MEDIUM (4.6) EPSS Score: 0.01% SSVC Exploitation: none Source: CVE May 6th, 2025 (about 2 months ago)
CVE-2025-4384	Certificate validity not properly verified Description: The MQTT add-on of PcVue fails to verify that a remote device’s certificate has not already expired or has not yet become valid. This allows malicious devices to present certificates that are not rejected properly. The use of a client certificate reduces the risk for random devices to take advantage of this flaw. CVSS: MEDIUM (6.0) EPSS Score: 0.01% Source: CVE May 6th, 2025 (about 2 months ago)