Karl.Fail

Tag: score:9.1

  • Critical Vulnerability in Samsung Mobile Processor and Modem – CVE-2025-27891

    Overview of CVE-2025-27891

    A critical vulnerability has been discovered in several Samsung Mobile Processors, Wearable Processors, and Modems, including the Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. This issue, tracked as CVE-2025-27891, is caused by the lack of a length check, leading to out-of-bounds reads when malformed NAS packets are received.

    Details of the Vulnerability

    The vulnerability occurs because these processors fail to check the length of incoming NAS (Non-Access Stratum) packets, which are used in mobile communication. If the packets are malformed, it can result in out-of-bounds memory reads, potentially leading to information disclosure or other unintended behavior in the affected devices. This could allow attackers to exploit the vulnerability remotely without requiring user interaction.

    This issue is particularly critical for devices relying on these Samsung processors, including smartphones, wearables, and modem units, as it poses a risk to the confidentiality of the system and can potentially impact system availability.

    CVSS Score and Impact

    The CVSS v3.1 score for CVE-2025-27891 is 9.1, indicating a critical vulnerability. The CVSS vector string for this vulnerability is: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H, which indicates the following:

    • Attack Vector (AV): Network – The vulnerability can be exploited remotely.
    • Attack Complexity (AC): Low – The vulnerability does not require complex conditions to exploit.
    • Privileges Required (PR): None – No special privileges are required to exploit the vulnerability.
    • User Interaction (UI): None – The vulnerability can be exploited without user interaction.
    • Confidentiality Impact (C): High – An attacker could gain access to sensitive data.
    • Integrity Impact (I): None – The integrity of the system data is not affected.
    • Availability Impact (A): High – The vulnerability could cause system instability or downtime.

    Mitigation

    Samsung has acknowledged the issue and is working on providing updates to address the vulnerability. Users of affected devices should monitor the official Samsung Semiconductor security updates page for patches and further guidance. To mitigate the risk, it is recommended that users update their devices as soon as patches are made available.

    For further information, visit Samsung’s official security update pages: Samsung Security Updates and CVE-2025-27891 Details.

    Conclusion

    The CVE-2025-27891 vulnerability highlights the importance of proper validation checks within mobile processors and modems. Samsung users are urged to apply updates promptly to prevent potential exploitation of this critical flaw.

  • CVE-2025-24977: Critical Code Injection Vulnerability in OpenCTI

    Overview

    A critical vulnerability has been disclosed in OpenCTI, tracked as CVE-2025-24977. This flaw allows authenticated users with specific permissions to execute arbitrary code on the underlying infrastructure and access sensitive server-side secrets. The issue affects all versions prior to 6.4.11 and has been assigned a CVSS v3.1 score of 9.1, marking it as critical in severity.

    What is OpenCTI?

    OpenCTI (Open Cyber Threat Intelligence) is a widely adopted open-source platform for managing and sharing cyber threat intelligence. It allows organizations to structure, store, and visualize complex threat information. Because of its deep integration into security ecosystems, vulnerabilities in OpenCTI can have far-reaching consequences.

    Technical Details

    The vulnerability stems from the improper control of code generation within the application (classified as CWE-94: Code Injection). Specifically, a user with the manage customizations capability can:

    • Execute commands on the host infrastructure using the web hook functionality.
    • Gain a root shell inside a container hosting OpenCTI.
    • Access internal secrets and sensitive environment details.

    This behavior is particularly dangerous because it breaks container isolation and could lead to lateral movement across other infrastructure components.

    CVSS Breakdown

    • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Changed
    • Confidentiality, Integrity, Availability: High

    Affected Versions

    All OpenCTI versions prior to 6.4.11 are affected by this vulnerability.

    Mitigation

    The vulnerability has been patched in OpenCTI version 6.4.11. All users are strongly advised to:

    • Upgrade to version 6.4.11 or later immediately.
    • Audit user roles and permissions, especially the manage customizations capability.
    • Monitor systems for unauthorized command execution or suspicious container activity.

    Conclusion

    CVE-2025-24977 exemplifies the risk of insufficient controls around customization and hook-based functionality in security platforms. Organizations using OpenCTI should treat this vulnerability with urgency due to the high potential impact on infrastructure integrity and data confidentiality.

    For more technical details and updates, refer to the official GitHub advisory.

  • CVE-2025-21547: Critical Remote Exploit in Oracle Hospitality OPERA 5

    Overview

    On January 21, 2025, Oracle disclosed a critical vulnerability identified as CVE-2025-21547 in the Oracle Hospitality OPERA 5 system, a widely used platform in the hospitality industry for property management. The vulnerability affects versions 5.6.19.20, 5.6.25.8, 5.6.26.6, and 5.6.27.1. It is remotely exploitable by unauthenticated attackers over HTTP and carries a CVSS v3.1 base score of 9.1, rated as Critical.

    Technical Details

    This vulnerability resides in the Opera Servlet component and is classified under CWE-400: Uncontrolled Resource Consumption. An unauthenticated attacker can send specially crafted HTTP requests that either grant unauthorized access to sensitive data or trigger a complete Denial-of-Service (DoS) by overloading system resources.

    The CVSS v3.1 vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H, which translates to:

    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: High

    Impact

    Successful exploitation can lead to:

    • Unauthorized access to critical and sensitive hospitality data
    • Total denial of service (DoS), crashing the OPERA 5 application
    • Operational disruption of hotel management systems and guest services

    Given the central role OPERA 5 plays in reservation, billing, and room management, the impact on affected organizations could be severe.

    Affected Versions

    • Oracle Hospitality OPERA 5 version 5.6.19.20
    • Oracle Hospitality OPERA 5 version 5.6.25.8
    • Oracle Hospitality OPERA 5 version 5.6.26.6
    • Oracle Hospitality OPERA 5 version 5.6.27.1

    Mitigation

    Oracle addressed this vulnerability in its January 2025 Critical Patch Update. Organizations should:

    • Apply the latest patches immediately
    • Restrict external HTTP access to OPERA instances
    • Monitor for signs of resource exhaustion or unusual HTTP activity

    Conclusion

    CVE-2025-21547 highlights the ongoing risks of web-facing enterprise software, especially in sectors like hospitality where uptime and data integrity are mission-critical. Prompt patching and hardening of network access controls are essential to prevent potential data breaches and service outages.

  • Critical Improper Input Validation Vulnerability in Adobe ColdFusion (CVE-2025-24446)

    Overview

    Adobe ColdFusion has been found vulnerable to an Improper Input Validation issue, tracked as CVE-2025-24446. This vulnerability affects ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier. Exploitation allows an attacker with administrative privileges to execute arbitrary code remotely without any user interaction.

    Technical Details

    This flaw is categorized under CWE-20: Improper Input Validation. The core issue lies in the failure to properly sanitize input data, which can be exploited to execute arbitrary code within the context of the application. Although user interaction is not required, admin panel privileges are necessary to leverage this vulnerability.

    CVSS Score and Severity

    According to the CVSS v3.1 scoring system, this vulnerability has a base score of 9.1, labeled as Critical. The CVSS vector is:

    • CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Changed
    • Impact on Confidentiality, Integrity, Availability: High

    Affected Versions

    • Adobe ColdFusion 2025.0 and earlier
    • Adobe ColdFusion 2023.12
    • Adobe ColdFusion 2021.18

    Mitigation and Recommendations

    Adobe has released updates to address this vulnerability. Organizations using affected versions should:

    • Apply the latest ColdFusion security updates immediately.
    • Restrict administrative access to trusted users and internal networks only.
    • Monitor ColdFusion servers for unusual behavior or unauthorized access.

    Conclusion

    CVE-2025-24446 highlights the ongoing importance of input validation in web applications. Despite the need for admin privileges, the lack of user interaction combined with the critical severity makes this a high-priority issue for all ColdFusion users.

    For more details, refer to the Adobe Security Bulletin.

  • Critical Vulnerability in Oracle Hospitality OPERA 5 (CVE-2025-21547)

    Overview

    CVE-2025-21547 is a critical vulnerability affecting multiple versions of Oracle Hospitality OPERA 5, specifically within the Opera Servlet component. This flaw allows unauthenticated remote attackers to compromise the system through HTTP, potentially leading to full access to sensitive data or denial-of-service (DoS) conditions.

    Technical Details

    The vulnerability exists in the way OPERA 5 handles HTTP requests within its servlet architecture. An attacker can exploit the flaw without authentication and with minimal complexity, simply by sending specially crafted HTTP requests over the network. The issue allows:

    • Unauthorized access to critical or complete OPERA 5 data
    • Remote execution of requests that can cause service hangs or repeatable crashes (DoS)

    This vulnerability is classified under CWE-400: Uncontrolled Resource Consumption, indicating that it may allow attackers to overwhelm the application’s resources, affecting availability and performance.

    Severity and CVSS

    The vulnerability is rated 9.1 (Critical) on the CVSS v3.1 scale. The CVSS vector is:

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Confidentiality Impact: High
    • Availability Impact: High

    Affected Versions

    The following versions of Oracle Hospitality OPERA 5 are affected:

    • 5.6.19.20
    • 5.6.25.8
    • 5.6.26.6
    • 5.6.27.1

    All these versions are susceptible to the vulnerability and require immediate patching.

    Mitigation and Recommendations

    Oracle has released patches as part of its January 2025 Critical Patch Update (CPU). Organizations using affected versions should:

    • Apply the latest Oracle CPU updates without delay.
    • Restrict HTTP access to the OPERA 5 application from untrusted networks.
    • Monitor network traffic and logs for abnormal behavior or exploitation attempts.

    Conclusion

    CVE-2025-21547 underscores the importance of timely patch management and secure application deployment, particularly in the hospitality sector where sensitive data and high availability are critical. Organizations running Oracle Hospitality OPERA 5 should take immediate action to mitigate the risk.

    More information is available in the official Oracle advisory: Oracle CPU January 2025

  • CVE-2025-0159: Authentication Bypass in IBM FlashSystem (Storage Virtualize)

    Overview

    IBM has disclosed a critical vulnerability, CVE-2025-0159, affecting multiple versions of its FlashSystem product line through the IBM Storage Virtualize platform. This flaw is categorized under CWE-288: Authentication Bypass Using an Alternate Path or Channel and enables unauthenticated attackers to bypass authentication controls at the RPCAdapter endpoint.

    Vulnerability Details

    The issue lies in the handling of HTTP requests at the RPCAdapter endpoint. By sending a specially crafted HTTP request, a remote attacker can bypass authentication mechanisms entirely. This allows unauthorized access to sensitive administrative functions or data without requiring user credentials or prior access.

    The vulnerability impacts multiple versions from the 8.5.0.0 release through 8.7.2.1, including several patch levels across versions 8.5, 8.6, and 8.7. This wide range of affected versions underscores the urgency for enterprise customers using IBM FlashSystem to apply mitigations immediately.

    Technical Breakdown

    According to IBM and CVSS v3.1, the vulnerability is rated as Critical with a base score of 9.1. The CVSS vector is:

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

    Key characteristics:

    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

    Impacted Products

    The vulnerability affects the following IBM Storage Virtualize versions:

    • 8.5.0.0 – 8.5.0.13
    • 8.5.1.0
    • 8.5.2.0 – 8.5.2.3
    • 8.5.3.0 – 8.5.3.1
    • 8.5.4.0
    • 8.6.0.0 – 8.6.0.5
    • 8.6.1.0
    • 8.6.2.0 – 8.6.2.1
    • 8.6.3.0
    • 8.7.0.0 – 8.7.0.2
    • 8.7.1.0
    • 8.7.2.0 – 8.7.2.1

    Mitigation and Recommendations

    • IBM strongly recommends upgrading to the latest version of IBM Storage Virtualize that addresses this vulnerability.
    • Restrict network access to affected systems and RPCAdapter endpoints wherever possible.
    • Monitor for unauthorized access attempts or suspicious RPC traffic.

    Conclusion

    CVE-2025-0159 represents a serious security risk for enterprises using IBM FlashSystem solutions. Its network-based, unauthenticated nature means attackers can remotely compromise systems without prior access. Prompt action is essential to protect sensitive storage infrastructure from exploitation.

    For more information, consult IBM’s official security advisory.

  • CVE-2025-42999: Insecure Deserialization in SAP NetWeaver Visual Composer

    Overview

    On May 13, 2025, SAP published a critical vulnerability identified as CVE-2025-42999 affecting the Visual Composer development server within SAP NetWeaver. The issue is classified under CWE-502: Deserialization of Untrusted Data, a well-known class of vulnerabilities that can allow attackers to compromise the confidentiality, integrity, and availability of a system.

    Vulnerability Details

    The vulnerability impacts the following product:

    • Product: SAP NetWeaver Visual Composer Metadata Uploader
    • Version Affected: VCFRAMEWORK 7.50

    The flaw occurs when a privileged user uploads malicious or untrusted metadata content to the server. When this content is deserialized, it can lead to the execution of arbitrary code or other serious consequences depending on the payload and environment. Although the attacker must already have high privileges, exploitation does not require any user interaction and can be performed over a network.

    Technical Analysis

    The vulnerability has a CVSS v3.1 base score of 9.1, indicating critical severity. The vector string is:

    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

    Key metrics include:

    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Changed
    • Confidentiality, Integrity, Availability Impact: High

    This means a high-privileged user can exploit the vulnerability remotely without triggering any user interaction, and the resulting impact may extend beyond the original component being attacked.

    Understanding CWE-502

    Deserialization of Untrusted Data occurs when an application processes serialized data from an untrusted source without adequate validation. In SAP NetWeaver’s case, improperly validated metadata may be deserialized and trigger arbitrary behavior. Such flaws can be difficult to detect and are often exploited in advanced attacks that aim to execute code or escalate privileges.

    Exploitation and Threat Landscape

    According to the CISA KEV catalog, this vulnerability is actively being exploited in the wild. It has also been highlighted in SAP’s official security notes. The Onapsis research team confirmed exploitation evidence and emphasized its criticality for SAP environments.

    Recommendations

    To mitigate this vulnerability, SAP recommends:

    • Applying patches or mitigations provided in the latest SAP Security Patch Day updates.
    • Restricting access to systems where deserialization may occur.
    • Implementing secure coding practices to avoid unsafe deserialization patterns.
    • Monitoring for unusual privileged user activity and uploads.

    Conclusion

    CVE-2025-42999 highlights the risks associated with deserialization vulnerabilities, especially in complex enterprise environments like SAP. Due to its high severity and active exploitation, organizations should prioritize patching and review their use of metadata handling and upload functions.

  • CVE-2025-43561: Critical Authorization Vulnerability in Adobe ColdFusion

    Overview

    On May 13, 2025, Adobe disclosed CVE-2025-43561, a critical security flaw in its ColdFusion product line. Classified as CWE-863: Incorrect Authorization, this vulnerability allows a high-privileged attacker to execute arbitrary code in the context of the current user without user interaction. The flaw affects ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier.

    Vulnerability Details

    The vulnerability stems from incorrect authorization checks within ColdFusion components. Attackers who already possess high-level privileges can exploit this weakness over the network to bypass authentication mechanisms and run arbitrary code. The attack requires no user interaction, and due to a changed scope, exploitation may impact other components beyond the ColdFusion instance.

    Affected Versions

    • Adobe ColdFusion 2025.1
    • Adobe ColdFusion 2023.13
    • Adobe ColdFusion 2021.19 and earlier

    Technical Analysis

    This vulnerability has been assigned a CVSS v3.1 base score of 9.1, indicating critical severity. The CVSS vector string is:

    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

    Key attributes include:

    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Changed
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

    The combination of low complexity and no user interaction makes this flaw highly dangerous in enterprise environments, especially when ColdFusion is deployed with elevated privileges or exposed services.

    Understanding CWE-863

    Incorrect Authorization occurs when an application incorrectly assumes that a user has the right to perform a particular action. In this case, Adobe ColdFusion fails to properly enforce access restrictions, enabling unauthorized code execution and potentially leading to data exfiltration or further system compromise.

    Impact and Exploitation

    An attacker exploiting this vulnerability could:

    • Execute arbitrary code within the application’s context
    • Bypass internal security mechanisms
    • Gain access to sensitive files or services
    • Disrupt application availability

    Adobe’s official security advisory highlights the need for prompt action.

    Mitigation and Recommendations

    • Upgrade to the latest version of Adobe ColdFusion.
    • Restrict network access to ColdFusion admin interfaces.
    • Enforce strict role-based access controls (RBAC).
    • Audit logs and monitor for unusual activity.

    Conclusion

    CVE-2025-43561 reinforces the critical importance of rigorous authorization checks in secure software design. As ColdFusion remains widely used in enterprise web applications, organizations should act quickly to remediate the risk and strengthen their security posture.

  • CVE-2025-43564: Critical Authorization Flaw in Adobe ColdFusion

    Overview

    Adobe has disclosed CVE-2025-43564, a critical vulnerability in its ColdFusion product line. This issue, identified as Incorrect Authorization and categorized under CWE-863, allows attackers to read or manipulate sensitive files on the server without proper authorization. The flaw affects ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier.

    Vulnerability Details

    The vulnerability results from improper enforcement of access controls within ColdFusion. A high-privileged attacker can exploit this weakness remotely, over the network, to access or modify sensitive file system data, potentially compromising application integrity and confidentiality.

    • Product: Adobe ColdFusion
    • Versions Affected: Up to and including 2025.1, 2023.13, 2021.19

    The issue does not require user interaction and can be exploited by attackers with elevated privileges. Since the vulnerability changes the scope of impact, it may affect system components beyond the initially targeted ColdFusion instance.

    Technical Analysis

    According to Adobe and the CVSS v3.1 framework, this vulnerability carries a base score of 9.1, placing it in the Critical severity range. The vector string is:

    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

    Key characteristics include:

    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Changed
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

    This means that a remote attacker with high-level access can exploit the vulnerability easily and potentially gain access to sensitive system files or configurations, which may result in significant data breaches or service disruption.

    Understanding CWE-863

    CWE-863: Incorrect Authorization occurs when a system fails to correctly enforce permissions on a resource. In this case, ColdFusion’s authorization logic permits access to restricted areas of the file system. This type of flaw is particularly dangerous in cloud and enterprise deployments where sensitive configuration files may be exposed.

    Impact and Recommendations

    Successful exploitation may allow attackers to:

    • Read or modify restricted files
    • Access credentials or configuration data
    • Cause system instability or privilege escalation

    To mitigate this issue, Adobe advises:

    • Upgrading to the latest version of ColdFusion
    • Limiting access to ColdFusion admin interfaces
    • Monitoring file access logs for unusual activity
    • Enforcing strict file system permissions

    Conclusion

    CVE-2025-43564 highlights the importance of strict authorization mechanisms in enterprise software. Even in the absence of user interaction, improperly controlled access paths can lead to devastating breaches. Organizations should act swiftly to apply security updates and review system configurations for potential exposure.

  • CVE-2025-43562: Critical OS Command Injection in Adobe ColdFusion

    Overview

    On May 13, 2025, Adobe disclosed CVE-2025-43562, a critical vulnerability in its ColdFusion platform. This flaw is an OS Command Injection vulnerability categorized under CWE-78, which could allow a high-privileged attacker to execute arbitrary commands on the host operating system without user interaction. The scope of this issue is changed, meaning that the impact can extend beyond the original component.

    Vulnerability Details

    The vulnerability affects the following ColdFusion versions:

    • ColdFusion 2025.1
    • ColdFusion 2023.13
    • ColdFusion 2021.19 and earlier

    The core issue lies in the improper neutralization of special elements in user input that are used in operating system commands. An attacker with sufficient privileges can exploit this weakness to inject and execute arbitrary OS-level commands in the context of the current user, potentially leading to full system compromise.

    Technical Analysis

    This vulnerability is rated Critical with a CVSS v3.1 base score of 9.1. The vector string is:

    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

    Key characteristics include:

    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Changed
    • Confidentiality, Integrity, Availability Impact: High

    This means that a remote attacker with high privileges can exploit the flaw over the network without user interaction, leading to complete control over affected systems and services.

    Understanding CWE-78

    CWE-78: OS Command Injection refers to scenarios where software constructs all or part of an OS command using untrusted input. Without proper sanitization, malicious input can be used to alter the command’s structure and logic, allowing arbitrary command execution. In the ColdFusion context, this could be triggered by poorly validated parameters reaching system-level functions.

    Impact and Exploitation

    Adobe’s security advisory notes that successful exploitation may result in full system takeover, data exfiltration, or service disruption. Since the vulnerability requires no user interaction and has a low attack complexity, it represents a serious threat in environments with exposed or internet-facing ColdFusion deployments.

    Recommendations

    To mitigate CVE-2025-43562, organizations should:

    • Upgrade to the latest secure versions of ColdFusion as released by Adobe.
    • Sanitize and validate all user inputs rigorously.
    • Restrict OS command functionality within ColdFusion environments where possible.
    • Limit access to administrative interfaces and monitor system activity closely.

    Conclusion

    CVE-2025-43562 underscores the risks posed by inadequate input neutralization and command handling. Given the critical nature and ease of exploitation, immediate patching and hardening of systems is strongly recommended to prevent exploitation and maintain security integrity.