CVE-2025-26531 |
Description: Insufficient capability checks made it possible to disable badges a user does not have permission to access.
CVSS: LOW (3.1) EPSS Score: 0.03%
February 24th, 2025 (4 months ago)
|
![]() |
Description: Summary
A bypass was found for the security feature trustedOrigins. This works for wild card or absolute URLs trustedOrigins configs and opens the victims website to a Open Redirect vulnerability, where it can be used to steal the reset password token of a victims account by changing the "callbackURL" parameter value to a website owned by the attacker.
Details
Absolute URLs
The issue here appears in the middleware, specifically. This protection is not sufficiente and it allows attackers to get a open redirect, by using the payload /\/example.com. We can check this is a valid URL ( or it will be a valid URL because the URL parser fix it for us ), by checking the image bellow:
// trustedOrigins = [ "https://example.com" ]
validateURL("https://attacker.com", "callbackURL") // ❌ APIError, No Redirect
validateURL("/\/attacker.com", "callbackURL") // ✅ Redirect to http://attacker.com
Regex
The issue here is because the regex is not strong enough [^/\\]*?\.example\.com[/\\]*? ( this is the regex it will be created if we have a wildcard as config ), but we can bypass by using a payload like:
// trustedOrigins = [ "*.example.com" ]
┌──────────────────┐ ┌────────────────┐ ┌─────────────────┐
│ None of [ "/\" ] │ ────▶ │ ".example.com" │ ────▶ │ One of [ "/\" ] │
└──────────────────┘ └────────────────┘ └─────────────────┘
demo .example.com / ✅ Redirect to https://example.com
d...
February 24th, 2025 (4 months ago)
|
CVE-2025-26803 |
Description: The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-26803
https://github.com/phusion/passenger/commit/bb15591646687064ab2d578d5f9660b2a4168017
https://blog.phusion.nl/2025/02/19/passenger-6-0-26
https://github.com/phusion/passenger/compare/release-6.0.25...release-6.0.26
https://github.com/phusion/passenger/releases/tag/release-6.0.26
https://www.phusionpassenger.com/support
https://github.com/advisories/GHSA-2cj2-qqxj-5m3r
EPSS Score: 0.18%
February 24th, 2025 (4 months ago)
|
![]() |
Description: Treasury workers don't know who the person is or why he is sending emails from a "Secretary of the Treasury" email address.
February 24th, 2025 (4 months ago)
|
![]() |
Description: Russia's National Coordination Center for Computer Incidents (NKTsKI) is warning organizations in the country's credit and financial sector about a breach at LANIT, a major Russian IT service and software provider. [...]
February 24th, 2025 (4 months ago)
|
CVE-2025-27364 |
Description: In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera's Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.
CVSS: CRITICAL (10.0) EPSS Score: 0.56% SSVC Exploitation: poc
February 24th, 2025 (4 months ago)
|
CVE-2025-26530 |
Description: The question bank filter required additional sanitizing to prevent a reflected XSS risk.
CVSS: HIGH (8.3) EPSS Score: 0.05%
February 24th, 2025 (4 months ago)
|
CVE-2025-26529 |
Description: Description information displayed in the site administration live log
required additional sanitizing to prevent a stored XSS risk.
CVSS: HIGH (8.3) EPSS Score: 0.05%
February 24th, 2025 (4 months ago)
|
CVE-2025-26528 |
Description: The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.
CVSS: LOW (3.4) EPSS Score: 0.03%
February 24th, 2025 (4 months ago)
|
CVE-2025-26527 |
Description: Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
February 24th, 2025 (4 months ago)
|