Common Vulnerability Analyzer Last Full Sync: Thu Aug 21 2025 06:36:47 GMT+0000 (Coordinated Universal Time)
1. ID: CVE-2025-20265
Assigner: psirt@cisco.com
Description: A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. A successful exploit could allow the attacker to execute commands at a high privilege level. Note: For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both.
Published Date: Thu Aug 14 2025 17:15:39 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Sat Aug 16 2025 01:15:27 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Aug 15 2025 18:28:05 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 10
Base Severity: CRITICAL
LAST MODIFIED: 6 days ago
References:
2. ID: CVE-2025-8901
Assigner: chrome-cve-admin@google.com
Description: Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Published Date: Wed Aug 13 2025 03:15:40 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 01:07:54 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 01:09:59 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 22 hours
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 8 days ago
3. ID: CVE-2025-8882
Assigner: chrome-cve-admin@google.com
Description: Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Published Date: Wed Aug 13 2025 03:15:39 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 01:07:41 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 01:09:59 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 22 hours
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 8 days ago
4. ID: CVE-2025-8880
Assigner: chrome-cve-admin@google.com
Description: Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Published Date: Wed Aug 13 2025 03:15:37 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 01:07:29 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 01:09:59 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 22 hours
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 8 days ago
5. ID: CVE-2025-8879
Assigner: chrome-cve-admin@google.com
Description: Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High)
Published Date: Wed Aug 13 2025 03:15:33 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 01:07:06 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 01:09:59 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 22 hours
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 8 days ago
6. ID: CVE-2025-52970
Assigner: psirt@fortinet.com
Description: A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.
Published Date: Tue Aug 12 2025 19:15:32 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Aug 15 2025 12:26:38 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Aug 15 2025 12:28:07 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.1
Base Severity: HIGH
LAST MODIFIED: 6 days ago
7. ID: CVE-2025-25256
Assigner: psirt@fortinet.com
Description: An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.
Published Date: Tue Aug 12 2025 19:15:28 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Aug 15 2025 18:15:27 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Aug 13 2025 20:24:00 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 6 days ago
References:
8. ID: CVE-2024-26009
Assigner: psirt@fortinet.com
Description: An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15 and before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8 and before 7.0.15 & FortiPAM before version 1.2.0 allows an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager's serial number.
Published Date: Tue Aug 12 2025 19:15:27 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 01:13:14 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 01:13:43 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.1
Base Severity: HIGH
LAST MODIFIED: 8 days ago
9. ID: CVE-2025-53778
Assigner: secure@microsoft.com
Description: Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
Published Date: Tue Aug 12 2025 18:15:46 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Aug 15 2025 17:01:15 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Aug 15 2025 17:03:59 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 6 days ago
10. ID: CVE-2025-53784
Assigner: secure@microsoft.com
Description: Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Published Date: Tue Aug 12 2025 18:15:46 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Aug 18 2025 15:23:25 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Aug 18 2025 15:49:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 6 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 3 days ago
11. ID: CVE-2025-53766
Assigner: secure@microsoft.com
Description: Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
Published Date: Tue Aug 12 2025 18:15:45 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 17:11:06 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 17:12:01 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 7 days ago
12. ID: CVE-2025-53772
Assigner: secure@microsoft.com
Description: Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network.
Published Date: Tue Aug 12 2025 18:15:45 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Aug 15 2025 16:58:51 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Aug 15 2025 17:00:24 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 6 days ago
13. ID: CVE-2025-53740
Assigner: secure@microsoft.com
Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Published Date: Tue Aug 12 2025 18:15:44 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Aug 15 2025 17:15:46 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Aug 15 2025 17:18:42 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 6 days ago
14. ID: CVE-2025-53733
Assigner: secure@microsoft.com
Description: Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Published Date: Tue Aug 12 2025 18:15:43 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Aug 18 2025 17:00:01 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Aug 18 2025 17:01:47 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 6 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 3 days ago
15. ID: CVE-2025-53727
Assigner: secure@microsoft.com
Description: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
Published Date: Tue Aug 12 2025 18:15:42 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 01:20:00 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 01:20:53 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 8 days ago
16. ID: CVE-2025-53731
Assigner: secure@microsoft.com
Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Published Date: Tue Aug 12 2025 18:15:42 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Aug 15 2025 17:14:09 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Aug 15 2025 17:14:59 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 6 days ago
17. ID: CVE-2025-53720
Assigner: secure@microsoft.com
Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Published Date: Tue Aug 12 2025 18:15:41 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Aug 18 2025 16:51:08 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Aug 18 2025 16:54:24 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 6 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8
Base Severity: HIGH
LAST MODIFIED: 3 days ago
18. ID: CVE-2025-53143
Assigner: secure@microsoft.com
Description: Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
Published Date: Tue Aug 12 2025 18:15:38 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Aug 18 2025 16:26:34 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Aug 18 2025 16:30:45 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 6 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 3 days ago
19. ID: CVE-2025-53144
Assigner: secure@microsoft.com
Description: Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
Published Date: Tue Aug 12 2025 18:15:38 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Aug 18 2025 16:26:36 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Aug 18 2025 16:30:45 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 6 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 3 days ago
20. ID: CVE-2025-53145
Assigner: secure@microsoft.com
Description: Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
Published Date: Tue Aug 12 2025 18:15:38 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Aug 18 2025 16:26:38 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Aug 18 2025 16:30:45 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 6 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 3 days ago
21. ID: CVE-2025-50177
Assigner: secure@microsoft.com
Description: Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network.
Published Date: Tue Aug 12 2025 18:15:36 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Aug 19 2025 14:36:33 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Aug 19 2025 15:16:58 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 7 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.1
Base Severity: HIGH
LAST MODIFIED: 2 days ago
22. ID: CVE-2025-53131
Assigner: secure@microsoft.com
Description: Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
Published Date: Tue Aug 12 2025 18:15:36 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Aug 19 2025 14:36:56 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Aug 19 2025 15:16:58 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 7 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 2 days ago
23. ID: CVE-2025-53132
Assigner: secure@microsoft.com
Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges over a network.
Published Date: Tue Aug 12 2025 18:15:36 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Aug 19 2025 14:37:12 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Aug 19 2025 15:16:58 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 7 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8
Base Severity: HIGH
LAST MODIFIED: 2 days ago
24. ID: CVE-2025-50171
Assigner: secure@microsoft.com
Description: Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.
Published Date: Tue Aug 12 2025 18:15:35 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 17:06:56 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 17:08:24 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 9.1
Base Severity: CRITICAL
LAST MODIFIED: 7 days ago
25. ID: CVE-2025-50165
Assigner: secure@microsoft.com
Description: Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
Published Date: Tue Aug 12 2025 18:15:34 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 17:05:02 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 17:08:24 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 7 days ago
26. ID: CVE-2025-50160
Assigner: secure@microsoft.com
Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Published Date: Tue Aug 12 2025 18:15:33 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 17:13:20 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 17:15:48 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8
Base Severity: HIGH
LAST MODIFIED: 7 days ago
27. ID: CVE-2025-50162
Assigner: secure@microsoft.com
Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Published Date: Tue Aug 12 2025 18:15:33 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 17:41:15 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 17:44:59 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8
Base Severity: HIGH
LAST MODIFIED: 7 days ago
28. ID: CVE-2025-50163
Assigner: secure@microsoft.com
Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Published Date: Tue Aug 12 2025 18:15:33 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 17:41:02 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 17:44:59 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 7 days ago
29. ID: CVE-2025-50164
Assigner: secure@microsoft.com
Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Published Date: Tue Aug 12 2025 18:15:33 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 17:36:42 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 17:37:48 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8
Base Severity: HIGH
LAST MODIFIED: 7 days ago
30. ID: CVE-2025-49757
Assigner: secure@microsoft.com
Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Published Date: Tue Aug 12 2025 18:15:31 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Aug 19 2025 14:41:34 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Aug 19 2025 15:16:58 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 7 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 2 days ago
31. ID: CVE-2025-49758
Assigner: secure@microsoft.com
Description: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
Published Date: Tue Aug 12 2025 18:15:31 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 01:20:25 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 01:20:53 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 8 days ago
32. ID: CVE-2025-49759
Assigner: secure@microsoft.com
Description: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
Published Date: Tue Aug 12 2025 18:15:31 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 01:20:16 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 01:20:53 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 8 days ago
33. ID: CVE-2025-49712
Assigner: secure@microsoft.com
Description: Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Published Date: Tue Aug 12 2025 18:15:30 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Aug 15 2025 17:48:21 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Aug 15 2025 17:51:19 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 6 days ago
34. ID: CVE-2025-49555
Assigner: psirt@adobe.com
Description: Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed.
Published Date: Tue Aug 12 2025 18:15:29 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Aug 15 2025 15:39:48 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Aug 15 2025 15:43:18 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 8.1
Base Severity: HIGH
LAST MODIFIED: 6 days ago
35. ID: CVE-2025-49557
Assigner: psirt@adobe.com
Description: Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be used to escalate privileges within the application or compromise sensitive user data. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.
Published Date: Tue Aug 12 2025 18:15:29 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Aug 15 2025 15:40:43 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Aug 15 2025 15:43:18 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 8.7
Base Severity: HIGH
LAST MODIFIED: 6 days ago
36. ID: CVE-2025-47954
Assigner: secure@microsoft.com
Description: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
Published Date: Tue Aug 12 2025 18:15:28 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 01:19:28 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 01:20:53 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 8 days ago
37. ID: CVE-2025-24999
Assigner: secure@microsoft.com
Description: Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
Published Date: Tue Aug 12 2025 18:15:27 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 17:14:01 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 17:15:48 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 7 days ago
38. ID: CVE-2025-8088
Assigner: security@eset.com
Description: A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
Published Date: Fri Aug 08 2025 12:15:29 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 21 2025 04:16:03 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Aug 13 2025 19:11:27 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 6 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: Less than 3 hours
References:
39. ID: CVE-2025-53767
Assigner: secure@microsoft.com
Description: Azure OpenAI Elevation of Privilege Vulnerability
Published Date: Thu Aug 07 2025 21:15:28 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 17:32:03 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 17:34:00 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 7 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 10
Base Severity: CRITICAL
LAST MODIFIED: 7 days ago
40. ID: CVE-2025-53787
Assigner: secure@microsoft.com
Description: Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
Published Date: Thu Aug 07 2025 21:15:28 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 17:33:52 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 17:37:48 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 7 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: LOW
Availability Impact: NONE
Base Score: 8.2
Base Severity: HIGH
LAST MODIFIED: 7 days ago
41. ID: CVE-2025-53792
Assigner: secure@microsoft.com
Description: Azure Portal Elevation of Privilege Vulnerability
Published Date: Thu Aug 07 2025 21:15:28 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Aug 14 2025 17:34:08 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Aug 14 2025 17:37:48 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 7 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 9.1
Base Severity: CRITICAL
LAST MODIFIED: 7 days ago
42. ID: CVE-2025-8576
Assigner: chrome-cve-admin@google.com
Description: Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
Published Date: Thu Aug 07 2025 02:15:27 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Aug 11 2025 14:15:26 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Aug 08 2025 18:25:54 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 10 days ago
43. ID: CVE-2025-8578
Assigner: chrome-cve-admin@google.com
Description: Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Published Date: Thu Aug 07 2025 02:15:27 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Aug 11 2025 14:15:27 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Aug 08 2025 18:25:55 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 10 days ago
44. ID: CVE-2025-23311
Assigner: psirt@nvidia.com
Description: NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering.
Published Date: Wed Aug 06 2025 13:15:39 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Aug 12 2025 16:34:15 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Aug 12 2025 16:36:09 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 7 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 9 days ago
45. ID: CVE-2025-23317
Assigner: psirt@nvidia.com
Description: NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.
Published Date: Wed Aug 06 2025 13:15:39 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Aug 12 2025 16:34:24 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Aug 12 2025 16:36:09 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 7 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.1
Base Severity: CRITICAL
LAST MODIFIED: 9 days ago
46. ID: CVE-2025-23318
Assigner: psirt@nvidia.com
Description: NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.
Published Date: Wed Aug 06 2025 13:15:39 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Aug 12 2025 16:34:34 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Aug 12 2025 16:36:09 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 7 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.1
Base Severity: HIGH
LAST MODIFIED: 9 days ago
47. ID: CVE-2025-23319
Assigner: psirt@nvidia.com
Description: NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.
Published Date: Wed Aug 06 2025 13:15:39 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Aug 12 2025 16:34:43 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Aug 12 2025 16:36:09 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 7 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.1
Base Severity: HIGH
LAST MODIFIED: 9 days ago
48. ID: CVE-2025-23310
Assigner: psirt@nvidia.com
Description: NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.
Published Date: Wed Aug 06 2025 13:15:38 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Aug 12 2025 16:34:02 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Aug 12 2025 16:36:08 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 7 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 9 days ago
49. ID: CVE-2025-54253
Assigner: psirt@adobe.com
Description: Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
Published Date: Tue Aug 05 2025 17:15:29 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Aug 13 2025 18:56:02 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Aug 13 2025 18:58:22 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 9 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 10
Base Severity: CRITICAL
LAST MODIFIED: 8 days ago
50. ID: CVE-2025-54254
Assigner: psirt@adobe.com
Description: Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system. Exploitation of this issue does not require user interaction.
Published Date: Tue Aug 05 2025 17:15:29 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Aug 13 2025 18:54:27 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Aug 13 2025 18:54:46 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 9 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: NONE
Availability Impact: NONE
Base Score: 8.6
Base Severity: HIGH
LAST MODIFIED: 8 days ago