Karl.Fail

Tag: score:9.3

  • Critical SQL Injection Vulnerability in TCMAN GIM v11 (CVE-2025-40623)

    Overview

    A critical SQL injection vulnerability, identified as CVE-2025-40623, has been discovered in version 11 of TCMAN’s GIM platform. This flaw allows unauthenticated attackers to manipulate database queries, potentially granting access to read, modify, or delete all information stored in the system.

    Technical Details

    The vulnerability stems from improper handling of input within the createNotificationAndroid endpoint. Specifically, the Sender and email parameters do not sanitize user-supplied data before incorporating it into SQL statements. This allows attackers to inject arbitrary SQL commands directly into database queries.

    This issue is categorized under CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’). It represents one of the most dangerous forms of web application vulnerabilities, often leading to full system compromise when exploited.

    Severity and CVSS

    According to CVSS version 4.0, this vulnerability carries a base score of 9.3 (Critical), with the vector string:

    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Impact on Confidentiality, Integrity, and Availability: High

    This combination of characteristics indicates that the vulnerability is easy to exploit and extremely dangerous in scope.

    Affected Software

    The vulnerability affects TCMAN GIM version 11. No other versions were explicitly listed as vulnerable.

    Mitigation and Solution

    The issue has been addressed by the vendor in version 1280 of GIM. Users and administrators are strongly advised to:

    • Update their GIM installation to version 1280 or later.
    • Restrict public access to vulnerable endpoints where possible.
    • Monitor application logs for suspicious activity targeting the createNotificationAndroid API.

    Conclusion

    CVE-2025-40623 highlights the critical risk posed by SQL injection vulnerabilities, especially in systems exposed to the internet. Organizations using TCMAN’s GIM platform should urgently review their deployment and patch any affected instances to protect sensitive data and maintain operational integrity.

    More details can be found in the official advisory by INCIBE: INCIBE CERT Advisory.

  • CVE-2025-27519: Critical Path Traversal Vulnerability in Cognita RAG Framework

    Overview

    On March 7, 2025, a critical vulnerability identified as CVE-2025-27519 was disclosed, affecting the Cognita RAG (Retrieval Augmented Generation) framework developed by TrueFoundry. This vulnerability, categorized under CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), allows attackers to write arbitrary files within the container environment, leading to remote code execution.

    Vulnerability Details

    The vulnerability resides in the /v1/internal/upload-to-local-directory endpoint, which becomes active when the Local environment variable is set to true. This setup is commonly found when Cognita is deployed using Docker. Due to Docker’s default use of uvicorn with auto-reload enabled, overwriting Python source files results in immediate execution of the new code.

    An attacker can exploit this by overwriting critical files such as /app/backend/__init__.py, triggering arbitrary code execution inside the Docker container without any required user interaction or privileges.

    Technical Breakdown

    This vulnerability has been rated Critical with a CVSS v4.0 base score of 9.3. The CVSS vector string is:

    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

    Key characteristics include:

    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Confidentiality, Integrity, Availability Impact: High

    Due to the nature of the exploit, this issue is particularly dangerous in containerized environments where insecure configurations might go unnoticed.

    Understanding CWE-22

    CWE-22 refers to failures in restricting file paths, enabling attackers to access or modify files outside the intended directory scope. In this case, the lack of path validation allows overwriting key application files, which are then executed by the backend server due to auto-reload features.

    Affected Versions and Fix

    This vulnerability affects all versions of Cognita before commit a78bd065e05a1b30a53a3386cc02e08c317d2243. The issue has been addressed in this commit, which introduces proper path validation and mitigates the risk of arbitrary file write and execution.

    Recommendations

    • Update to the patched version containing commit a78bd065e05a1b30a53a3386cc02e08c317d2243.
    • Disable the Local environment variable in production environments.
    • Avoid enabling auto-reload in production deployments.
    • Implement strict path validation in file upload handlers.

    Conclusion

    CVE-2025-27519 highlights the critical risks introduced by insecure file handling in containerized applications. Developers and DevOps teams should review their configurations and apply patches immediately to prevent potential exploitation. For further details, refer to the official GitHub advisory.

  • CVE-2025-43567: Critical Reflected XSS Vulnerability in Adobe Connect

    Overview

    On May 13, 2025, Adobe disclosed CVE-2025-43567, a critical reflected Cross-Site Scripting (XSS) vulnerability affecting its Adobe Connect platform. This issue, categorized under CWE-79, allows attackers to inject malicious JavaScript into vulnerable form fields, potentially leading to session hijacking or data theft when executed in the victim’s browser.

    Vulnerability Details

    The affected product and versions include:

    • Product: Adobe Connect
    • Versions: 12.8 and earlier

    The vulnerability resides in the improper sanitization of user-supplied input in form fields. When a victim clicks a malicious link crafted by an attacker, the injected script executes in their browser. This could result in unauthorized actions being performed in the context of the user’s session, including access to sensitive information or impersonation.

    Technical Analysis

    This vulnerability is classified as Critical and has a CVSS v3.1 base score of 9.3. The vector string is:

    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

    Key characteristics include:

    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

    Although the attack requires user interaction (e.g., clicking a link), it can be carried out remotely and does not require authentication. The scope change indicates that the attacker may be able to affect components beyond the vulnerable Adobe Connect instance.

    Understanding CWE-79

    Cross-Site Scripting (XSS) vulnerabilities occur when an application includes untrusted data in a web page without proper validation or escaping. In reflected XSS, the malicious script is embedded in a URL and reflected back to the user, triggering execution in their browser. This allows the attacker to steal cookies, impersonate the user, or perform unauthorized actions.

    Impact and Exploitation

    According to Adobe’s security advisory, successful exploitation could lead to session takeover. This significantly impacts both the confidentiality and integrity of user data, especially in collaborative environments where Adobe Connect is used for meetings, file sharing, and sensitive communication.

    Recommendations

    To mitigate this vulnerability, organizations should:

    • Update Adobe Connect to the latest patched version.
    • Avoid clicking on suspicious or unknown links.
    • Use web application firewalls (WAFs) to block XSS attempts.
    • Implement proper input validation and output encoding across applications.

    Conclusion

    CVE-2025-43567 serves as a critical reminder of the risks posed by inadequate input sanitization. While seemingly simple, reflected XSS vulnerabilities can have severe consequences, especially in enterprise environments. Prompt patching and user awareness are essential to minimize exposure.

  • CVE-2025-22224: Critical TOCTOU Vulnerability in VMware ESXi and Workstation

    Critical TOCTOU Vulnerability Discovered in VMware ESXi and Workstation

    On March 4, 2025, VMware disclosed a high-impact vulnerability tracked as CVE-2025-22224, affecting multiple versions of VMware ESXi, Workstation, VMware Cloud Foundation, and Telco Cloud Platform. The vulnerability arises from a Time-of-Check Time-of-Use (TOCTOU) race condition that results in an out-of-bounds write vulnerability. This allows local attackers with administrative privileges within a virtual machine to execute code on the host system.

    Understanding TOCTOU and the Vulnerability

    TOCTOU (Time-of-Check Time-of-Use) is a type of race condition where a system checks a resource for safety, but conditions change before the resource is used. This can be exploited to gain unauthorized access or modify memory in unsafe ways.

    In this case, the TOCTOU flaw leads to a heap overflow, allowing an attacker with local administrative privileges inside a virtual machine to cause an out-of-bounds write. The payload executes as the virtual machine’s VMX process—potentially compromising the host itself.

    CVSS Details

    The vulnerability has a CVSS v3.1 base score of 9.3 (CRITICAL), with the following vector:

    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

    This breakdown highlights the seriousness of the issue:

    • Attack Vector: Local – requires access to the VM
    • Attack Complexity: Low
    • Privileges Required: None (within guest VM)
    • User Interaction: None
    • Scope: Changed – host compromise from guest
    • Impact on Confidentiality, Integrity, and Availability: High

    Affected Products and Versions

    The following VMware products are affected:

    • ESXi 7.0 versions before 7.0U3s-24585291
    • ESXi 8.0 versions before 8.0U2d-24585300 and 8.0U3d-24585383
    • Workstation 17.x versions before 17.6.3
    • VMware Cloud Foundation 5.x and 4.5.x
    • Telco Cloud Platform 5.x, 4.x, 3.x, 2.x
    • Telco Cloud Infrastructure 3.x, 2.x

    Exploitation and Mitigation

    According to CISA’s Known Exploited Vulnerabilities (KEV) catalog, active exploitation is ongoing. Organizations must act urgently to:

    • Apply the latest VMware patches
    • Limit administrative access on guest VMs
    • Isolate high-risk workloads

    No user interaction is needed for exploitation, and the attack does not require elevated guest privileges, increasing its risk in shared environments.

    Conclusion

    CVE-2025-22224 is a severe vulnerability with real-world exploitation, underlining the importance of securing hypervisor environments. VMware users should immediately verify their systems and apply vendor-recommended updates.

    References

  • CVE-2025-29814: Critical Privilege Escalation in Microsoft Partner Center

    Overview

    On March 21, 2025, Microsoft disclosed a critical security vulnerability identified as CVE-2025-29814 in the Microsoft Partner Center. This flaw allows an authorized attacker to escalate privileges across a network due to improper authorization mechanisms.

    The issue has been categorized under CWE-20: Improper Input Validation. It carries a CVSS 3.1 base score of 9.3, classifying it as a critical vulnerability.

    What is Microsoft Partner Center?

    The Microsoft Partner Center is an administrative platform for managing partner relationships, customer subscriptions, and billing across Microsoft services. It serves as a central hub for service provisioning, making it a high-value target for attackers seeking to exploit privilege escalation weaknesses.

    Technical Details

    The vulnerability stems from improper authorization validation in the Microsoft Partner Center API. While exact implementation details are not public, Microsoft has confirmed that an attacker with basic access rights can exploit the flaw to gain elevated privileges on the system. This allows for actions typically reserved for higher-privilege accounts, such as administrative functions.

    • CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H
    • Severity: Critical (9.3)
    • Attack Vector: Network
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
    • Impact: High on integrity and availability

    Understanding CVSS 3.1 Metrics

    The CVSS (Common Vulnerability Scoring System) is a framework used to assess the severity of software vulnerabilities. This CVE’s high score of 9.3 indicates significant potential for damage if exploited, especially considering the ease of exploitation (low complexity) and the absence of required privileges.

    Security Classification: CWE-20

    CWE-20 refers to Improper Input Validation, where an application does not properly check the inputs it receives. In this case, failure to validate authorization credentials allows privilege escalation. This is a common and dangerous class of vulnerability due to its potential to affect system-wide security.

    Exploitation Status and Impact

    According to CISA’s SSVC (Stakeholder-Specific Vulnerability Categorization), exploitation of this vulnerability had not been observed at the time of disclosure. However, the technical impact is rated as total, emphasizing the urgency for mitigation.

    While the flaw is in a cloud-hosted platform, system administrators and partners relying on Microsoft Partner Center should apply any available patches or mitigations immediately and audit account activity for suspicious behavior.

    Mitigation and Recommendations

    • Follow Microsoft’s official advisory for updates: CVE-2025-29814 Advisory
    • Enable monitoring and alerting on all administrative activity
    • Review user access privileges and implement the principle of least privilege
    • Apply available patches or updates provided by Microsoft

    Conclusion

    CVE-2025-29814 highlights the critical importance of proper authorization in cloud service platforms. The potential for widespread privilege escalation demands immediate attention from affected organizations. Stay vigilant and prioritize timely updates and access control reviews.