CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-25200
[koa] Inefficient Regular Expression Complexity in koa
Description: Summary Koa uses an evil regex to parse the X-Forwarded-Proto and X-Forwarded-Host HTTP headers. This can be exploited to carry out a Denial-of-Service attack. PoC Coming soon. Impact This is a Regex Denial-of-Service attack and causes memory exhaustion. The regex should be improved and empty values should not be allowed. References https://github.com/koajs/koa/security/advisories/GHSA-593f-38f6-jp5m https://nvd.nist.gov/vuln/detail/CVE-2025-25200 https://github.com/koajs/koa/commit/5054af6e31ffd451a4151a1fe144cef6e5d0d83c https://github.com/koajs/koa/commit/5f294bb1c7c8d9c61904378d250439a321bffd32 https://github.com/koajs/koa/commit/93fe903fc966635a991bcf890cfc3427d33a1a08 https://github.com/koajs/koa/releases/tag/2.15.4 https://github.com/advisories/GHSA-593f-38f6-jp5m

CVSS: CRITICAL (9.2)

EPSS Score: 0.04%

Source: Github Advisory Database (NPM)
February 12th, 2025 (5 months ago)
[parse-duration] parse-duration has a Regex Denial of Service that results in event loop delay and out of memory
Description: Summary This report finds 2 availability issues due to the regex used in the parse-duration npm package: An event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to ~50ms per one operation, with a varying size from 0.01 MB and up to 4.3 MB respectively. An out of memory that would crash a running Node.js application due to a string size of roughly 10 MB that utilizes unicode characters. PoC Refer to the following proof of concept code that provides a test case and makes use of the regular expression in the library as its test case to match against strings: // Vulnerable regex to use from the library: import parse from './index.js' function generateStressTestString(length, decimalProbability) { let result = ""; for (let i = 0; i < length; i++) { if (Math.random() < decimalProbability) { result += "....".repeat(99); } result += Math.floor(Math.random() * 10); } return result; } function getStringSizeInMB_UTF8(str) { const sizeInBytes = Buffer.byteLength(str, 'utf8'); const sizeInMB = sizeInBytes / (1024 * 1024); return sizeInMB; } // Generate test strings with varying length and decimal probability: const longString1 = generateStressTestString(380, 0.05); const longString2 = generateStressTestString(10000, 0.9); const longString3 = generateStressTestString(500000, 1); const longStringVar1 = '-1e' + '-----'.repeat(915000) const longStringVar2 = "1" + "0".repeat(500) + "e1" + "α".repeat(52250...
Source: Github Advisory Database (NPM)
February 12th, 2025 (5 months ago)
[elliptic] Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)
Description: Summary Private key can be extracted from ECDSA signature upon signing a malformed input (e.g. a string or a number), which could e.g. come from JSON network input Note that elliptic by design accepts hex strings as one of the possible input types Details In this code: https://github.com/indutny/elliptic/blob/3e46a48fdd2ef2f89593e5e058d85530578c9761/lib/elliptic/ec/index.js#L100-L107 msg is a BN instance after conversion, but nonce is an array, and different BN instances could generate equivalent arrays after conversion. Meaning that a same nonce could be generated for different messages used in signing process, leading to k reuse, leading to private key extraction from a pair of signatures Such a message can be constructed for any already known message/signature pair, meaning that the attack needs only a single malicious message being signed for a full key extraction While signing unverified attacker-controlled messages would be problematic itself (and exploitation of this needs such a scenario), signing a single message still should not leak the private key Also, message validation could have the same bug (out of scope for this report, but could be possible in some situations), which makes this attack more likely when used in a chain PoC k reuse example import elliptic from 'elliptic' const { ec: EC } = elliptic const privateKey = crypto.getRandomValues(new Uint8Array(32)) const curve = 'ed25519' // or any other curve, e.g. secp256k1 const ec = new EC(curve) const pret...
Source: Github Advisory Database (NPM)
February 12th, 2025 (5 months ago)

CVE-2024-57000
[ray] Command injection in Ray
Description: An issue in Anyscale Inc Ray between v.2.9.3 and v.2.40.0 allows a remote attacker to execute arbitrary code via a crafted script. References https://nvd.nist.gov/vuln/detail/CVE-2024-57000 https://github.com/honysyang/Ray.git https://github.com/advisories/GHSA-xg2h-7cxj-3gvh

EPSS Score: 0.04%

Source: Github Advisory Database (PIP)
February 12th, 2025 (5 months ago)
Feds Sanction Russian Hosting Provider for Supporting LockBit Attacks
Description: US, UK, and Australian law enforcement have targeted a company called Zservers (and two of its administrators) for providing bulletproof hosting services to the infamous ransomware gang.
Source: Dark Reading
February 12th, 2025 (5 months ago)
Ransomware isn't always about the money: Government spies have objectives, too
Source: TheRegister
February 12th, 2025 (5 months ago)
Sarcoma ransomware claims breach at giant PCB maker Unimicron
Description: A relatively new ransomware operation named 'Sarcoma' has claimed responsibility for an attack against the Unimicron printed circuit boards (PCB) maker in Taiwan. [...]
Source: BleepingComputer
February 12th, 2025 (5 months ago)
DPRK hackers dupe targets into typing PowerShell commands as admin
Description: North Korean state actor 'Kimsuky' (aka 'Emerald Sleet' or 'Velvet Chollima') has been observed using a new tactic inspired from the now widespread ClickFix campaigns. [...]
Source: BleepingComputer
February 12th, 2025 (5 months ago)

CVE-2025-24434
[magento/community-edition] Improper Authorization vulnerability in Magento and Adobe Commerce
Description: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. References https://nvd.nist.gov/vuln/detail/CVE-2025-24434 https://helpx.adobe.com/security/products/magento/apsb25-08.html https://github.com/advisories/GHSA-fppq-f2m6-xv5c

CVSS: CRITICAL (9.1)

EPSS Score: 0.05%

Source: Github Advisory Database (Composer)
February 12th, 2025 (5 months ago)

CVE-2025-24434
[magento/project-community-edition] Improper Authorization vulnerability in Magento and Adobe Commerce
Description: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. References https://nvd.nist.gov/vuln/detail/CVE-2025-24434 https://helpx.adobe.com/security/products/magento/apsb25-08.html https://github.com/advisories/GHSA-fppq-f2m6-xv5c

CVSS: CRITICAL (9.1)

EPSS Score: 0.05%

Source: Github Advisory Database (Composer)
February 12th, 2025 (5 months ago)