Karl.Fail

Tag: score:9.8

  • Critical Vulnerability in Apple Products: CVE-2025-24167

    Introduction

    A critical vulnerability, CVE-2025-24167, has been discovered in Apple’s iOS, iPadOS, macOS, and Safari. This flaw allows a download’s origin to be incorrectly associated, potentially leading to system instability or exposure of sensitive data. The vulnerability affects versions of iOS and iPadOS prior to 18.4, macOS versions before 15.4, and Safari versions before 18.4. With a CVSS score of 9.8, it is considered a high-severity issue that requires immediate attention from users and administrators alike.

    Technical Overview

    This vulnerability occurs when the origin of a download is improperly associated due to insufficient state management in the affected Apple products. As a result, an attacker could potentially manipulate download sources, leading to unexpected behavior, such as execution of untrusted files or exposure of sensitive data. The flaw impacts macOS, iOS, iPadOS, and Safari, with versions prior to those mentioned being vulnerable to exploitation.

    Impact and CVSS Score

    The CVSS score for CVE-2025-24167 is 9.8, marking it as a critical security issue. The CVSS vector string for this vulnerability is:

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    This means:

    • The vulnerability can be exploited remotely (Network attack vector).
    • It has low complexity, making it easier to exploit.
    • It does not require user interaction, increasing the risk of exploitation.
    • The vulnerability significantly impacts confidentiality, integrity, and availability.

    Apple’s Response

    Apple has addressed this issue by releasing updates in Safari 18.4, iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4. These updates improve state management, preventing the incorrect association of download origins and strengthening overall security. It is strongly recommended that users update their systems immediately to mitigate potential risks.

    Conclusion

    Given the critical nature of CVE-2025-24167, users of the affected Apple products should update their systems as soon as possible. Regular updates are crucial in maintaining the security of your devices and ensuring the safety of your sensitive information.

    References

  • Critical Vulnerability in Apple Devices: App May Enumerate Installed Apps (CVE-2025-30426)

    Overview of CVE-2025-30426

    A critical vulnerability has been discovered in several Apple devices, including iOS, iPadOS, macOS, tvOS, and visionOS. Tracked as CVE-2025-30426, this issue allows an app to enumerate a user’s installed apps without proper authorization. This vulnerability has been addressed with additional entitlement checks in the latest updates: tvOS 18.4, iPadOS 17.7.6, iOS 18.4, macOS Sequoia 15.4, and visionOS 2.4.

    Details of the Vulnerability

    The issue arises when an app gains access to sensitive information about the apps installed on a device. By exploiting this vulnerability, an attacker can potentially gather a list of all installed apps, which could lead to unauthorized access to personal information and further exploitation of the system.

    This vulnerability has been classified as CWE-200, which refers to the exposure of sensitive information to an unauthorized actor. The flaw impacts a wide range of Apple devices, including iPhones, iPads, Macs, Apple TVs, and Vision Pro devices, running versions prior to the latest security patches.

    CVSS Score and Impact

    The CVSS v3.1 score for CVE-2025-30426 is a critical 9.8. The CVSS vector string for this vulnerability is: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This means:

    • Attack Vector (AV): Network – The vulnerability can be exploited remotely.
    • Attack Complexity (AC): Low – The exploit does not require complex conditions to execute.
    • Privileges Required (PR): None – No special privileges are needed to exploit the vulnerability.
    • User Interaction (UI): None – The vulnerability can be exploited without user interaction.
    • Confidentiality Impact (C): High – Sensitive user data can be accessed.
    • Integrity Impact (I): High – The attacker can alter system data.
    • Availability Impact (A): High – The attacker can cause disruptions to the system.

    Mitigation

    To mitigate the risks associated with CVE-2025-30426, Apple users are strongly advised to update their devices to the latest versions of iOS, iPadOS, tvOS, macOS, and visionOS. These updates address the vulnerability by adding additional entitlement checks to prevent unauthorized apps from enumerating installed apps.

    For more information, you can visit Apple’s official security advisory pages: Apple Security Updates.

    Conclusion

    The CVE-2025-30426 vulnerability underscores the importance of protecting sensitive user information on mobile and desktop devices. Users of Apple devices should ensure they apply the latest security updates to prevent potential exploitation.

  • CVE-2025-24207: Critical Security Flaw in macOS Allows Unauthorized iCloud Access

    Overview of CVE-2025-24207

    A critical vulnerability, CVE-2025-24207, has been discovered in Apple’s macOS products, affecting versions prior to macOS Ventura 13.7.5, macOS Sequoia 15.4, and macOS Sonoma 14.7.5. This flaw allows a malicious app to enable iCloud storage features without the user’s consent, posing a significant security risk.

    Technical Details

    The vulnerability arises from a permissions issue in macOS, where apps may be able to bypass restrictions and enable iCloud storage features without proper user authorization. This issue is due to incorrect default permissions, which allow apps to access iCloud storage features without explicit consent. This flaw impacts the confidentiality, integrity, and availability of user data.

    CVSS Score and Impact

    The CVSS score for CVE-2025-24207 is 9.8, indicating that it is a critical security issue. The CVSS vector string for this vulnerability is:

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    • Exploitability: This vulnerability can be exploited remotely (Network attack vector).
    • Complexity: Low complexity, making it easier to exploit.
    • User Interaction: No user interaction is required, increasing the risk of exploitation.
    • Impact: High impact on confidentiality, integrity, and availability of system data.

    Apple’s Response

    Apple has fixed this vulnerability in the latest updates for macOS Ventura 13.7.5, macOS Sequoia 15.4, and macOS Sonoma 14.7.5. These updates include additional restrictions to prevent unauthorized apps from enabling iCloud storage features, ensuring that users’ data remains secure and protected.

    Conclusion

    Given the critical nature of CVE-2025-24207, it is strongly recommended that users of the affected macOS versions update their systems immediately. Regular system updates are essential for maintaining the security and integrity of your data and protecting your devices from potential exploitation.

  • CVE-2025-24263: Privacy Vulnerability in macOS

    CVE-2025-24263: Privacy Vulnerability in macOS

    A critical privacy vulnerability, CVE-2025-24263, has been identified in Apple’s macOS, affecting versions prior to macOS Sequoia 15.4. This flaw allows an attacker to observe unprotected user data, posing a significant security and privacy risk.

    Technical Details

    The CVE-2025-24263 vulnerability arises from a failure to properly protect sensitive user data. In older versions of macOS, an attacker could exploit this issue to observe data that should have been protected. This exposure of sensitive information can lead to unauthorized access, affecting both the confidentiality and integrity of user data.

    Apple addressed this vulnerability by relocating sensitive data to a protected location in macOS Sequoia 15.4. With this fix, the risk of unauthorized data exposure has been mitigated, enhancing overall system privacy.

    Impact and CVSS Score

    The CVSS score for CVE-2025-24263 is 9.8, marking it as a critical security vulnerability. The flaw can be exploited remotely over a network with low complexity, meaning attackers can exploit it without user interaction. This vulnerability significantly impacts the confidentiality and availability of user data, leaving systems open to unauthorized data access.

    Apple’s Response

    Apple quickly responded to this issue by releasing security updates in macOS Sequoia 15.4. These updates implement stronger protections for sensitive data, ensuring that malicious applications can no longer access unprotected user data. Users are encouraged to update their systems to the latest version to mitigate the risk of exploitation.

    Conclusion

    Given the critical nature of CVE-2025-24263, it is essential for all users of the affected macOS versions to apply the latest security patches. Regular updates are necessary to maintain system integrity and protect sensitive data from exploitation.

  • CVE-2025-31194: Critical Vulnerability in Apple macOS – Admin Privileges without Authentication

    CVE-2025-31194: Critical Vulnerability in Apple macOS

    A critical vulnerability has been discovered in Apple’s macOS operating system, tracked as CVE-2025-31194. This flaw allows an app’s shortcut to run with admin privileges without proper authentication, posing a significant security risk. The issue affects versions of macOS prior to 15.4 and has been addressed in macOS Ventura 13.7.5, macOS Sequoia 15.4, and macOS Sonoma 14.7.5.

    Details of the Vulnerability

    This vulnerability arises from an authentication issue in macOS that allows shortcuts to bypass necessary permission checks. An attacker could exploit this flaw to elevate the privileges of a shortcut, enabling it to perform actions that should require admin authentication. Such unauthorized privilege escalation can lead to unauthorized access to system resources, potentially compromising the integrity and security of the system.

    Apple has resolved this issue by implementing improved state management and authentication checks. With these enhancements, only properly authenticated shortcuts will be able to access administrative privileges, significantly reducing the risk of exploitation.

    CVSS Score and Impact

    The CVSS v3.1 score for CVE-2025-31194 is 9.8, indicating a critical vulnerability. The key details of the CVSS score are as follows:

    • Attack Vector (AV): Network – The vulnerability can be exploited remotely.
    • Attack Complexity (AC): Low – The exploit does not require complex conditions to execute.
    • Privileges Required (PR): None – No special privileges are needed to exploit the vulnerability.
    • User Interaction (UI): None – The exploit can occur without user interaction.
    • Confidentiality Impact (C): High – Sensitive user data could be accessed by the attacker.
    • Integrity Impact (I): High – The attacker can alter system data.
    • Availability Impact (A): High – The attacker can cause system disruptions.

    Mitigation

    Apple has addressed the issue by adding additional restrictions and improving shortcut permission validation. Users are strongly encouraged to update to the latest versions of macOS, including macOS Ventura 13.7.5, macOS Sequoia 15.4, or macOS Sonoma 14.7.5, to protect against this critical vulnerability.

    Conclusion

    The CVE-2025-31194 vulnerability underscores the importance of robust authentication and access control mechanisms in macOS systems. Users of affected Apple devices should apply the latest security updates immediately to mitigate the risk of exploitation and safeguard sensitive information from unauthorized access.

  • CVE-2025-4632: Critical Path Traversal Vulnerability in Samsung MagicINFO 9 Server

    Overview

    On May 13, 2025, Samsung disclosed a critical vulnerability identified as CVE-2025-4632 in its MagicINFO 9 Server product. The issue affects all versions prior to 21.1052 and allows unauthenticated remote attackers to write arbitrary files to the server with system-level privileges. This flaw is a classic example of a Path Traversal vulnerability, categorized under CWE-22.

    What is Path Traversal?

    Path Traversal, also known as Directory Traversal, occurs when an application fails to properly restrict file paths, enabling attackers to manipulate variables referencing files. This can result in unauthorized file access or writing, potentially overwriting sensitive or executable files.

    Technical Details

    The vulnerability is caused by improper limitation of a pathname to a restricted directory. In the case of MagicINFO 9 Server, attackers can exploit this flaw via network access without authentication, sending specially crafted requests that include manipulated path values. If successful, they can upload malicious files, such as web shells, effectively gaining control over the system.

    Severity and CVSS Score

    This issue has been rated CRITICAL under the CVSS v3.1 scoring system, with a base score of 9.8. The vector string is:

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    This score indicates that the attack is possible over a network, requires no user interaction or privileges, and results in a full compromise of confidentiality, integrity, and availability.

    Impact

    According to CAPEC-650, this vulnerability may allow attackers to upload a web shell to the server, providing persistent remote access and the ability to execute arbitrary commands. Given that the server processes these actions as system authority, the impact can be total system compromise.

    Mitigation

    Samsung has released an update in version 21.1052 to patch this vulnerability. All users and administrators of MagicINFO 9 Server should:

    • Immediately upgrade to version 21.1052 or later
    • Audit server logs for suspicious file write operations
    • Implement strict network-level protections to limit exposure

    Conclusion

    CVE-2025-4632 underscores the dangers of insufficient file path validation in enterprise systems. Given the critical nature of this bug and its potential for full system takeover, it is imperative for affected users to update immediately and follow best practices in application hardening.

    For more details, consult the official Samsung security bulletin: SVP-MAY-2025.

  • CVE-2025-21535: Critical Unauthenticated Remote Exploit in Oracle WebLogic Server

    Overview

    Oracle has disclosed a critical vulnerability tracked as CVE-2025-21535 in its Oracle WebLogic Server product, part of Oracle Fusion Middleware. The vulnerability affects versions 12.2.1.4.0 and 14.1.1.0.0 and allows unauthenticated attackers with network access to take full control of the server via the T3 or IIOP protocol.

    Technical Details

    This vulnerability is found in the Core component of WebLogic Server. It has been classified under CWE-306: Missing Authentication for Critical Function, indicating a failure to enforce proper authentication checks on sensitive functions. The result is a flaw that is easily exploitable by a remote attacker with no prior access.

    The CVSS v3.1 base score is 9.8 (Critical) and the vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating:

    • Remote exploitability over the network
    • Low complexity
    • No privileges required
    • No user interaction needed
    • High impact on confidentiality, integrity, and availability

    Impact

    If successfully exploited, the vulnerability can result in:

    • Complete system compromise
    • Data breach and unauthorized modification
    • Denial of service or full disruption of applications relying on WebLogic

    The vulnerability enables threat actors to execute arbitrary code or commands, making it suitable for automated exploitation and malware deployment in enterprise environments.

    Affected Versions

    • Oracle WebLogic Server 12.2.1.4.0
    • Oracle WebLogic Server 14.1.1.0.0

    Organizations running these versions should consider themselves at high risk if mitigation is not applied promptly.

    Mitigation

    Oracle addressed the issue in its January 2025 Critical Patch Update (CPU). Organizations are urged to:

    • Apply the relevant security patches immediately
    • Restrict T3 and IIOP access at the network level
    • Monitor logs for signs of unauthorized access or unusual traffic

    According to CISA’s SSVC framework, the issue has total technical impact and is automatable, highlighting the urgency of applying mitigation measures.

    Conclusion

    CVE-2025-21535 presents a critical threat to organizations running Oracle WebLogic Server. Its unauthenticated, remote nature and high impact across all core security domains make it a priority vulnerability. Timely patching and strong network controls are essential to minimize risk.

  • CVE-2025-21524: Critical Unauthenticated Remote Takeover in JD Edwards EnterpriseOne Tools

    Overview

    On January 21, 2025, Oracle published details on CVE-2025-21524, a critical vulnerability in its JD Edwards EnterpriseOne Tools product. The flaw impacts all versions prior to 9.2.9.0 and allows unauthenticated attackers with network access via HTTP to fully compromise the system. With a CVSS v3.1 base score of 9.8, this vulnerability demands immediate attention from all enterprises relying on this platform.

    Technical Details

    This vulnerability lies in the Monitoring and Diagnostics SEC component and is classified as CWE-306: Missing Authentication for Critical Function. In essence, the flaw enables an attacker to invoke critical application functions without authentication. Because the vulnerable interface is exposed over HTTP and requires no prior access, it is considered easily exploitable.

    The CVSS v3.1 vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H highlights the high impact:

    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
    • Impact: High on Confidentiality, Integrity, and Availability

    Affected Versions

    All versions of JD Edwards EnterpriseOne Tools prior to 9.2.9.0 are affected. Oracle recommends upgrading to version 9.2.9.0 or later as part of its January 2025 Critical Patch Update (CPU).

    Impact

    Successful exploitation of CVE-2025-21524 could result in:

    • Complete takeover of the JD Edwards environment
    • Unauthorized data access and modification
    • Disruption of business-critical ERP workflows

    Due to the critical nature and low exploitation complexity, this vulnerability poses a serious risk to enterprise resource planning (ERP) infrastructure.

    Mitigation

    Organizations should take the following steps:

    • Immediately apply the Oracle patch to upgrade JD Edwards EnterpriseOne Tools to 9.2.9.0 or later
    • Restrict HTTP access to JD Edwards instances until patched
    • Monitor for suspicious activity or unauthorized access attempts

    Conclusion

    CVE-2025-21524 is a clear example of the dangers posed by missing authentication checks in enterprise software. With the potential for full remote system takeover, affected organizations must act promptly to patch their systems and harden their network exposure.

    For official guidance, visit the Oracle January 2025 Security Advisory.

  • CVE-2025-21311: Critical Elevation of Privilege in Windows NTLM V1

    Overview

    On January 14, 2025, Microsoft disclosed CVE-2025-21311, a critical vulnerability in the NTLM V1 authentication protocol implementation in Windows. The vulnerability allows for elevation of privilege and has been rated with a CVSS v3.1 score of 9.8, placing it in the Critical severity category.

    What is NTLM V1?

    NTLM (NT LAN Manager) is a legacy authentication protocol used in Windows environments. While NTLMv2 is recommended for modern deployments, NTLMv1 is still enabled in some systems for backward compatibility. NTLMv1 has long been known to have cryptographic weaknesses, and CVE-2025-21311 exposes a specific vulnerability in how NTLMv1 is implemented within certain Windows versions.

    Technical Details

    The issue is classified under CWE-303: Incorrect Implementation of Authentication Algorithm. This means the algorithm meant to securely verify identities is flawed, potentially allowing unauthorized users to bypass authentication mechanisms and escalate privileges on affected systems. The vulnerability is remotely exploitable and requires no user interaction or prior access.

    According to the CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, the vulnerability enables an attacker to:

    • Gain remote access over the network
    • Execute attacks without user interaction
    • Achieve high impact on confidentiality, integrity, and availability

    Affected Versions

    The vulnerability affects the following Windows versions:

    • Windows Server 2025 (Server Core)
    • Windows Server 2022, 23H2 Edition (Server Core)
    • Windows 11 Version 24H2 (ARM64 and x64)

    All affected systems fall between the following version ranges:

    • 10.0.25398.0 to 10.0.25398.1369
    • 10.0.26100.0 to 10.0.26100.2894

    Mitigation

    Microsoft has released patches that should be applied immediately. Additional mitigation strategies include:

    • Disabling NTLMv1 where possible
    • Enforcing modern authentication protocols such as Kerberos
    • Auditing authentication flows to detect legacy usage

    The CISA SSVC assessment indicates that this vulnerability has total technical impact and is automatable, underscoring the urgency for response.

    Conclusion

    CVE-2025-21311 highlights the risks of relying on outdated protocols like NTLMv1. Organizations should prioritize patching affected systems, modernize their authentication infrastructure, and audit configurations to reduce exposure to similar threats in the future.

    More details are available in the official Microsoft advisory.

  • CVE-2025-21307: Critical Remote Code Execution in Windows RMCAST Driver

    Overview

    Microsoft disclosed a critical vulnerability identified as CVE-2025-21307 in the Windows Reliable Multicast Transport (RMCAST) driver on January 14, 2025. This vulnerability allows remote code execution and affects a broad range of Windows versions, including Windows 10, 11, and multiple Windows Server editions. With a CVSS v3.1 base score of 9.8, it is classified as Critical.

    Technical Details

    The root cause of this vulnerability is a Use After Free flaw, classified under CWE-416. This type of issue arises when a program continues to use memory after it has been freed, potentially allowing attackers to execute arbitrary code with kernel-level privileges. RMCAST, as a low-level driver responsible for multicast traffic, becomes a dangerous attack surface when such flaws are present.

    CVSS and Risk Analysis

    According to the CVSS v3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, this vulnerability is:

    • Remotely exploitable over the network
    • Low complexity to exploit
    • No privileges or user interaction required
    • High impact on confidentiality, integrity, and availability

    The CISA Stakeholder-Specific Vulnerability Categorization (SSVC) assessment noted the potential for automated exploitation and described the technical impact as total.

    Affected Systems

    The vulnerability affects a wide set of Windows versions, including:

    • Windows 10 (1507, 1607, 1809, 21H2, 22H2)
    • Windows 11 (22H2, 23H2, 24H2)
    • Windows Server (2008 SP2, 2008 R2, 2012, 2016, 2019, 2022, 2025)

    Mitigation and Recommendations

    Microsoft has released patches addressing the flaw. To mitigate the risk, administrators should:

    • Apply the latest security updates immediately
    • Implement strict network segmentation and firewall policies
    • Audit multicast usage and disable RMCAST if not required

    Example minimum safe versions include:

    • Windows 10 Version 1809: 10.0.17763.6775 or later
    • Windows Server 2022: 10.0.20348.3091 or later
    • Windows 11 22H2: 10.0.22621.4751 or later

    Conclusion

    CVE-2025-21307 presents a critical risk due to its remote exploitability, lack of prerequisites, and broad impact across Windows ecosystems. Timely patching and proactive mitigation strategies are essential to secure systems against this vulnerability.

    Read the full advisory on the Microsoft Security Update Guide.