Karl.Fail

Tag: score:9.9

  • CVE-2025-21556: Critical Authorization Flaw in Oracle Agile PLM Framework

    Overview

    Oracle has disclosed a critical vulnerability identified as CVE-2025-21556 in the Oracle Agile PLM Framework, specifically affecting version 9.3.6. This flaw exists in the Agile Integration Services component and carries a CVSS v3.1 base score of 9.9, marking it as a highly severe issue with broad impact potential across integrated systems.

    Technical Details

    The vulnerability is classified under CWE-863: Incorrect Authorization. It allows a low-privileged attacker with network access via HTTP to exploit insufficient authorization checks. Due to a scope change, this issue may affect not only Agile PLM itself but also other integrated systems, amplifying the risk.

    The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, which indicates:

    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed (other systems may be affected)
    • Confidentiality, Integrity, and Availability Impact: High

    Impact

    Successful exploitation can result in full compromise of the Oracle Agile PLM Framework, including:

    • Unauthorized access to sensitive enterprise supply chain data
    • Manipulation of critical PLM records and workflows
    • Disruption or takeover of related systems due to the scope change

    These impacts are particularly severe in organizations that heavily rely on Agile PLM for product lifecycle and supply chain management.

    Affected Systems

    • Oracle Agile PLM Framework version 9.3.6

    Mitigation

    Oracle has released a patch as part of the January 2025 Critical Patch Update. Organizations should:

    • Apply the security patch immediately
    • Audit access controls and integration boundaries
    • Monitor for signs of privilege misuse or lateral movement

    Conclusion

    CVE-2025-21556 serves as a high-impact example of how incorrect authorization mechanisms can be leveraged for system takeover. Given its ease of exploitation and critical nature, immediate remediation is advised for all affected environments running Oracle Agile PLM Framework 9.3.6.

  • CVE-2025-21415: Critical Privilege Escalation in Azure AI Face Service

    Overview

    Microsoft has disclosed a critical vulnerability identified as CVE-2025-21415 in the Azure AI Face Service. This flaw allows for an elevation of privilege through an authentication bypass via spoofing. With a CVSS v3.1 base score of 9.9, the vulnerability poses a significant threat to cloud-based identity and access controls.

    What is Azure AI Face Service?

    Azure AI Face Service is part of Microsoft’s Cognitive Services platform, enabling facial recognition features such as identity verification, emotion detection, and face grouping. It is widely used in security, access control, and user engagement systems that rely on biometric authentication.

    Technical Details

    The vulnerability is categorized under CWE-290: Authentication Bypass by Spoofing. This means that an attacker can potentially forge or manipulate identity credentials to gain unauthorized access. In this case, a low-privileged authenticated user can elevate their access rights without direct interaction or additional validation steps.

    The CVSS vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H highlights key aspects of the risk:

    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
    • Impact: High on confidentiality, integrity, and availability

    Affected Systems

    The vulnerability affects the Azure AI Face Service as a whole. Microsoft has not specified particular version numbers, as the service is hosted and maintained within the Azure cloud infrastructure. The issue is exclusive to the cloud-hosted environment and cannot be mitigated by on-premises patching.

    Mitigation and Recommendations

    Microsoft has addressed the issue via backend updates. There is no manual patch required by customers. However, organizations should:

    • Review access logs for suspicious activity
    • Audit user roles and privileges
    • Ensure applications using Face API enforce additional identity verification layers

    According to CISA’s SSVC assessment, the vulnerability has total technical impact, although it is currently not known to be exploited and not automatable.

    Conclusion

    CVE-2025-21415 emphasizes the importance of secure authentication design, especially in services that manage biometric data. Cloud customers leveraging the Azure AI Face Service should ensure identity access policies are reviewed and monitored frequently. For more details, visit the Microsoft Security Advisory.

  • Critical Authorization Flaw in Oracle Agile PLM Framework (CVE-2025-21556)

    Overview

    A critical vulnerability identified as CVE-2025-21556 affects Oracle Agile PLM Framework, a core component of Oracle Supply Chain software. This flaw, located in the Agile Integration Services module, allows a low-privileged attacker with network access via HTTP to fully compromise the system. The vulnerability is categorized under CWE-863: Incorrect Authorization.

    Technical Details

    This vulnerability exists due to improper authorization logic within the Oracle Agile PLM Framework. Exploiting the flaw does not require user interaction and can be performed remotely. Once exploited, the attacker may gain control over the entire Agile PLM environment.

    Although the issue originates in the PLM Framework, successful attacks may impact other integrated Oracle applications, indicating a scope change in the attack surface.

    CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

    • Base Score: 9.9 (Critical)
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
    • Confidentiality, Integrity, Availability: High

    Affected Versions

    The vulnerability affects the following version of Oracle Agile PLM Framework:

    • Version 9.3.6

    Mitigation and Recommendations

    Oracle has addressed the issue in its January 2025 Critical Patch Update. Organizations using Agile PLM Framework should:

    • Apply the latest patches immediately.
    • Restrict HTTP access to trusted network sources only.
    • Review authorization policies and configurations across the PLM deployment.
    • Monitor logs for unusual access patterns or privilege escalation attempts.

    Conclusion

    CVE-2025-21556 is a prime example of how flawed authorization mechanisms can expose enterprise software to full system compromise. Given its low complexity and severe impact, remediation should be treated as a high priority by organizations relying on Oracle’s Agile PLM solutions.

  • Critical Privilege Escalation in Azure AI Face Service (CVE-2025-21415)

    Overview

    CVE-2025-21415 exposes a critical vulnerability in Microsoft’s Azure AI Face Service, a cloud-based biometric recognition platform. The flaw allows an authorized attacker to bypass authentication through spoofing techniques, resulting in elevation of privilege over the network.

    Technical Details

    This vulnerability is classified under CWE-290: Authentication Bypass by Spoofing. It enables a threat actor with existing access to manipulate the authentication flow, impersonating users or services without proper verification.

    Once successful, the attacker can perform actions with elevated permissions, potentially gaining control over sensitive identity services and AI-powered applications that rely on the Face API. This is particularly concerning in multi-tenant environments and systems integrated with other Azure security mechanisms.

    CVSS Score and Severity

    According to CVSS v3.1, the vulnerability has a base score of 9.9 (Critical). The vector string is:

    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
    • Impact: High on confidentiality, integrity, and availability

    These attributes indicate that the attack is easy to execute, requires minimal privileges, and could have cascading effects across service boundaries.

    Affected Systems

    The vulnerability affects all deployments of the Azure AI Face Service, with no specific versioning due to its nature as a hosted cloud service.

    Mitigation and Recommendations

    • Microsoft has issued updates and mitigations through the Azure platform. Customers should verify that their instance of the Face Service is operating with the latest security patches.
    • Audit access control and authentication logs for anomalies related to identity spoofing or privilege escalation.
    • Ensure strict role-based access controls (RBAC) and multi-factor authentication (MFA) are in place across dependent Azure resources.

    Conclusion

    CVE-2025-21415 is a stark reminder that even cloud-native AI services can be susceptible to privilege escalation via authentication bypass. Organizations using Azure’s Face API should act promptly to secure their deployments and validate trust boundaries within their identity architectures.

    For more details, refer to Microsoft’s official advisory: MSRC: CVE-2025-21415

  • CVE-2025-0070: Critical Improper Authentication in SAP NetWeaver ABAP Server

    Overview

    On January 14, 2025, SAP published a critical vulnerability identified as CVE-2025-0070 affecting the SAP NetWeaver Application Server for ABAP and ABAP Platform. The flaw is categorized under CWE-287: Improper Authentication and allows authenticated attackers to escalate privileges due to insufficient authentication enforcement.

    Vulnerability Details

    The vulnerability exists in the authentication logic of the ABAP platform. An attacker with valid user credentials can exploit improper authentication checks to gain unauthorized access to system functionality. This allows the attacker to escalate privileges and potentially control critical components of the affected SAP environment.

    Successful exploitation leads to a high impact on system confidentiality, integrity, and availability. Given the scope change and low complexity, this vulnerability presents a significant risk in enterprise SAP environments.

    Technical Breakdown

    This vulnerability is rated as Critical with a CVSS v3.1 base score of 9.9. The CVSS vector is:

    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

    Key attributes include:

    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
    • Confidentiality, Integrity, Availability Impact: High

    Impacted Versions

    The following SAP kernel versions are affected:

    • KRNL64NUC 7.22
    • 7.22EXT
    • KRNL64UC 7.22
    • 7.53, 7.54, 7.77, 7.89, 7.93, 7.97
    • 8.04, 9.12, 9.13, 9.14
    • KERNEL 7.22

    Understanding CWE-287

    CWE-287 highlights scenarios where systems fail to properly authenticate users or validate their permissions before granting access. In the context of SAP, such a flaw can be especially dangerous given the critical role these systems play in business operations.

    Recommendations

    • Apply the latest security patches provided in SAP Note 3537476.
    • Audit user roles and authentication configurations across all affected systems.
    • Limit access to exposed services and interfaces wherever possible.
    • Monitor logs for signs of unauthorized access or privilege escalation attempts.

    Conclusion

    CVE-2025-0070 represents a severe authentication failure in core SAP components. Due to the high potential impact and ease of exploitation, organizations should treat remediation as a priority and ensure all safeguards are in place to protect sensitive enterprise environments.

  • CVE-2025-27429: Critical ABAP Code Injection in SAP S/4HANA via RFC

    Overview

    On April 8, 2025, SAP disclosed CVE-2025-27429, a critical vulnerability in SAP S/4HANA (Private Cloud and On-Premise editions), affecting versions S4CORE 102 through 108. This flaw enables a low-privileged attacker to inject arbitrary ABAP code via a vulnerable function module exposed through RFC (Remote Function Call). The vulnerability is classified under CWE-94: Improper Control of Generation of Code.

    Vulnerability Details

    The flaw exists in a specific RFC-enabled function module, which lacks adequate input validation and authorization checks. An attacker with valid but limited SAP user privileges can craft malicious RFC requests that inject ABAP code into the system. The injected code is then executed in the context of the system, effectively acting as a backdoor.

    This enables:

    • Full system compromise
    • Bypass of SAP authorization mechanisms
    • Arbitrary manipulation of data and processes

    Technical Breakdown

    This vulnerability has a CVSS v3.1 base score of 9.9, marking it as Critical. The CVSS vector is:

    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

    Key attributes include:

    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
    • Confidentiality, Integrity, Availability Impact: High

    The changed scope indicates that exploitation affects resources beyond the vulnerable function, potentially escalating the impact to broader system components.

    Understanding CWE-94

    CWE-94 refers to vulnerabilities where user-controllable inputs are used directly in dynamic code execution. In SAP systems, such vulnerabilities are particularly dangerous due to the system’s role in core business processes, and ABAP being the foundational language for many SAP applications.

    Impacted Systems

    • S/4HANA S4CORE versions 102 through 108

    Both Private Cloud and On-Premise installations are affected if they expose the vulnerable RFC module.

    Mitigation and Recommendations

    SAP recommends the following:

    • Apply the latest security patches available in SAP Note 3581961
    • Restrict RFC access to trusted sources only
    • Use SAP Code Vulnerability Analyzer to detect risky custom code
    • Enable system-wide logging and monitoring for unusual ABAP activity

    Conclusion

    CVE-2025-27429 represents a severe risk for enterprises relying on SAP S/4HANA. Given the low barrier to exploitation and the critical nature of SAP environments, immediate patching and system hardening are essential to prevent unauthorized code execution and system compromise.

  • CVE-2025-29827: Critical Privilege Escalation in Azure Automation

    Overview

    On May 8, 2025, Microsoft disclosed a critical vulnerability identified as CVE-2025-29827 in Azure Automation, a cloud-based service that allows users to automate management tasks across Azure and non-Azure environments. The issue is categorized as an Elevation of Privilege (EoP) vulnerability resulting from Improper Authorization, tracked under CWE-285.

    Technical Details

    The vulnerability stems from improper authorization mechanisms within Azure Automation. An attacker who already has limited access to the service could potentially exploit this flaw to escalate privileges over the network. According to the CVSS v3.1 scoring, the vulnerability received a critical base score of 9.9, indicating a severe risk due to its:

    • Attack Vector (AV): Network
    • Attack Complexity (AC): Low
    • Privileges Required (PR): Low
    • User Interaction (UI): None
    • Scope (S): Changed
    • Confidentiality (C): High
    • Integrity (I): High
    • Availability (A): Low

    The vulnerability is exploitable under certain conditions, but its impact could be total if leveraged successfully.

    Understanding CWE-285: Improper Authorization

    CWE-285 refers to a class of vulnerabilities where the software fails to perform proper checks before granting access to protected resources. In this case, Azure Automation incorrectly validates the identity or role of the requestor, enabling privilege escalation even for lower-tier users.

    Impacted Software

    The affected product is:

    • Microsoft Azure Automation — all versions listed as “N/A” are impacted

    The issue affects unknown platforms, and Microsoft has marked the service as vulnerable without disclosing specific versions. Users and administrators of Azure Automation should consult the official advisory and ensure that patches or mitigation steps are applied immediately.

    Mitigation and Recommendations

    Microsoft has released guidance and updates addressing CVE-2025-29827. Customers are urged to:

    • Apply all relevant security updates from the Microsoft Security Response Center (MSRC).
    • Review and audit Automation account permissions and role assignments.
    • Limit the use of automation credentials and restrict access to automation runbooks.

    Organizations leveraging Azure Automation in production or sensitive environments should prioritize remediation and continue to monitor Microsoft security advisories for further developments.

    Conclusion

    CVE-2025-29827 serves as a critical reminder of the risks associated with cloud automation tools and the importance of enforcing strict access controls. While the vulnerability requires low privileges to exploit, its potential for damage is high due to inadequate authorization validation. Admins must act quickly to mitigate the risk and ensure the security of automated workflows in Azure.

  • CVE-2025-29972: Critical SSRF Vulnerability in Azure Storage Resource Provider

    Critical SSRF Flaw Discovered in Azure Storage Resource Provider

    On May 8, 2025, Microsoft disclosed a critical vulnerability identified as CVE-2025-29972, impacting the Azure Storage Resource Provider (SRP). This vulnerability allows authenticated attackers to perform Server-Side Request Forgery (SSRF) across the network, potentially enabling spoofing attacks in affected cloud environments.

    What is SSRF?

    Server-Side Request Forgery (SSRF) is a security flaw where an attacker can force a server to make HTTP requests to internal or external systems on their behalf. This can lead to unauthorized access to sensitive services, token leaks, or privilege escalation, especially in cloud environments with metadata endpoints or internal APIs.

    Technical Details

    The vulnerability resides in Azure’s SRP service and arises when an authenticated user sends specially crafted network requests that trick the service into sending spoofed responses or requests. Although the user must be authorized, no user interaction is required, and the attack can be performed remotely.

    The vulnerability is categorized under CWE-918: Server-Side Request Forgery (SSRF).

    CVSS v3.1 Score

    The issue has been assigned a CVSS v3.1 base score of 9.9 (CRITICAL) with the following vector:

    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

    This score reflects:

    • Attack Vector: Network – remotely exploitable
    • Attack Complexity: Low – requires no specialized conditions
    • Privileges Required: Low – attacker must be authenticated
    • User Interaction: None
    • Scope: Changed – impacts components beyond the vulnerable one
    • Impact on Confidentiality, Integrity, and Availability: High

    Affected Systems

    The Azure Storage Resource Provider is a component within the Azure ecosystem that manages and orchestrates storage resources such as blobs, files, and queues. While specific version identifiers were not disclosed, Microsoft has confirmed the issue affects the SRP service in its hosted environments.

    Mitigation

    Microsoft has issued guidance and mitigation steps via its security advisory. Cloud administrators should:

    • Review the official Microsoft advisory
    • Apply available patches or configuration changes
    • Restrict overly permissive user roles
    • Monitor access logs for unusual internal network requests

    References

    Conclusion

    CVE-2025-29972 presents a critical risk in Microsoft Azure environments due to the nature of SSRF vulnerabilities. Although exploitation requires authentication, the low complexity and high impact make immediate action essential. Organizations should take swift steps to validate protections and follow vendor recommendations.

  • CVE-2025-20156: Critical Privilege Escalation in Cisco Meeting Management REST API

    Overview

    CVE-2025-20156 identifies a critical vulnerability in the Cisco Meeting Management (CMM) application, affecting multiple versions from 2.9.0 through 3.9.0. The vulnerability lies in the REST API, which fails to enforce proper authorization controls, enabling low-privileged users to escalate their privileges to administrator.

    Technical Details

    This flaw is classified under CWE-274: Improper Handling of Insufficient Privileges. A remote, authenticated attacker with low-level access can send crafted API requests to a specific endpoint. Due to insufficient authorization enforcement, these requests are incorrectly processed, granting elevated access rights.

    With administrator-level control, an attacker can take over edge nodes managed by Cisco Meeting Management, potentially compromising the confidentiality, integrity, and availability of sensitive communication systems.

    CVSS Score and Severity

    The vulnerability has a CVSS v3.1 base score of 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
    • Impact: High on confidentiality, integrity, and availability

    Impact

    Successful exploitation of this vulnerability enables an attacker to:

    • Gain full administrative privileges
    • Control system configurations and user access
    • Access or manipulate sensitive meeting data
    • Potentially pivot to other internal systems managed through CMM

    Given the high impact and network accessibility, this vulnerability poses a significant risk to enterprise environments relying on Cisco Meeting Management.

    Mitigation

    • Apply Cisco’s patches for all affected versions as outlined in their advisory.
    • Review and restrict API access using network segmentation and access control lists (ACLs).
    • Monitor logs for unusual REST API calls or privilege escalation attempts.

    References

  • CVE-2025-20124: Critical Java Deserialization Vulnerability in Cisco ISE

    Overview

    CVE-2025-20124 discloses a critical vulnerability in Cisco Identity Services Engine (ISE), affecting multiple versions including 2.7.0 patch 8 through 3.3 patch 3. This flaw stems from insecure deserialization of Java objects in an exposed API, allowing authenticated remote attackers to execute commands with root privileges.

    Technical Details

    This vulnerability is classified under CWE-502: Deserialization of Untrusted Data. Cisco ISE fails to safely deserialize user-supplied Java byte streams received through a specific API endpoint. By submitting a crafted serialized Java object, an attacker with valid read-only administrative credentials can trigger arbitrary command execution and escalate privileges to root on the affected device.

    Though authentication is required, the low privileges needed and remote accessibility make this flaw particularly dangerous in multi-node or enterprise deployments.

    CVSS Score and Severity

    The vulnerability is rated as CRITICAL with a CVSS v3.1 base score of 9.9. Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H. Breakdown:

    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
    • Impact: High integrity and availability, low confidentiality

    Impact

    Successful exploitation can allow attackers to:

    • Execute arbitrary system commands as root
    • Gain full control of the affected device
    • Disrupt authentication services in single-node deployments

    No public exploitation has been reported at this time, but the severity and nature of the vulnerability call for immediate attention.

    Mitigation

    • Apply security updates provided by Cisco as outlined in their advisory.
    • Restrict access to Cisco ISE management APIs using firewall rules and access control.
    • Monitor system logs for anomalous API requests or process behavior.

    References