Ivanti has disclosed two critical code injection vulnerabilities in its Endpoint Manager Mobile (EPMM) product that enable unauthenticated remote code execution and have been exploited in zero-day attacks.
Continue Reading
Summary : The recent Google Chrome update fixed several serious security issues that could let hackers take control of the browser or steal personal data. These vulnerabilities were mostly related to memory handling and scripting errors in important parts of Chrome like the JavaScript engine (V8) and browser interfaces.
| OEM | |
| Severity | High |
| CVSS Score | 8.8 |
| CVEs | CVE-2025-12725, CVE-2025-12726, CVE-2025-12727, CVE-2025-12728, CVE-2025-12729 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
Problems like type confusion and memory misuse could allow attackers to run harmful code just by making users visit malicious websites. Some flaws also affected Chrome’s UI, media processing and extension systems exposing users to possible unauthorized access or data leaks.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Out-of-Bounds Write in WebGPU | CVE-2025-12725 | Chrome | High | 142.0.7444.134/135 |
| Inappropriate Implementation in Views (UI Rendering) | CVE-2025-12726 | Chrome | High | 142.0.7444.134/135 |
| Inappropriate Memory Handling in V8 JavaScript Engine | CVE-2025-12727 | Chrome | High | 142.0.7444.134/135 |
| Inappropriate Implementation in Omnibox (Unified Search Bar) | CVE-2025-12728 | Chrome | Medium | 142.0.7444.134/135 |
| Inappropriate Implementation in Omnibox (Unified Search Bar) | CVE-2025-12729 | Chrome | Medium | 142.0.7444.134/135 |
Technical Summary
The bugs included memory corruption issues such as out-of-bound writings and use-after-free errors, which can lead to unpredictable behavior and remote code execution (RCE).
The JavaScript engine vulnerabilities involved mishandling data types or incorrect implementation, enabling attackers to break security boundaries.
Other issues involved UI security logic problems that could mislead users or weaken protections. Google patched all these weaknesses by tightening input validations, fixing memory lifecycle bugs, correcting UI behavior and strengthening internal security checks.
| CVE ID | Component Affected | Vulnerability Details | Impact |
| CVE-2025-12725 | Google Chrome (WebGPU) | Out-of-bounds write in WebGPU due to improper bounds checking, allowing attackers to overwrite memory beyond allocated limits. | Remote Code Execution / Browser Crash |
| CVE-2025-12726 | Google Chrome (Views UI) | Inappropriate implementation in the Views component causing memory corruption. | UI rendering |
| CVE-2025-12727 | Google Chrome (V8 Engine) | Improper handling in the V8 JavaScript engine enabling potential arbitrary code execution through crafted scripts. | Remote Code Execution |
| CVE-2025-12728 | Google Chrome (Omnibox) | Flaws in Omnibox’s implementation could allow UI spoofing or navigation bar manipulation. | UI Spoofing |
| CVE-2025-12729 | Google Chrome (Omnibox) | Similar flaws in Omnibox affecting input validation, leading to potential security bypasses or deceptive UI. | UI Spoofing / Security Bypass |
Recommendations
Update Chrome immediately to the following versions:
You can update by Open Chrome Settings → Help → About Google Chrome, then allow Chrome to check for and install updates immediately.
Along with update you can follow the recommendations below as well
Conclusion:
The Chrome security flaws can compromise devices just through browsing. Because millions use Chrome daily, these gaps were a high risk and google already patched those issues. Keeping any application to the latest version which is the best defense against cyber threats aiming at browsers.
References:
Security Advisory: CVE-2025-41243, A critical vulnerability has been disclosed in Spring Cloud Gateway Server WebFlux. This vulnerability allows attackers to modify sensitive Spring Environment properties under specific configurations.
| Severity | Critical |
| CVSS Score | 10.0 |
| CVEs | CVE-2025-41243 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
The vulnerability has been assigned the maximum CVSS score of 10.0. It arises when actuator endpoints are exposed without proper security controls, potentially allowing attackers to compromise application behavior. Organizations and users of affected versions are strongly urged to upgrade to the fixed releases.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Spring Expression Language Property Modification | CVE-2025-41243 | Spring Cloud Gateway WebFlux | Critical | v4.3.1, v4.2.5, v4.1.11, v3.1.11 |
Technical Summary
CVE-2025-41243 is a critical vulnerability occurs when the Spring Boot actuator is included as a dependency and the gateway actuator endpoint is explicitly exposed via the “management.endpoints.web.exposure.include=gateway” configuration.
In such cases, if actuator endpoints are unsecured or exposed to public networks, an attacker could exploit them to modify Spring Environment properties at runtime. This could cause unauthorized access, configuration tampering, and potential application compromise.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-41243 | 4.3.0 – 4.3.x 4.2.0 – 4.2.x 4.1.0 – 4.1.x 4.0.0 – 4.0.x 3.1.0 – 3.1.x Older, unsupported versions | Improperly secured actuator endpoints in Spring Cloud Gateway WebFlux allow unauthorized modification of Spring Environment properties. | Unauthorized access potential privilege escalation |
Remediation –
Upgrade Immediately patch to fixed versions:
| Affected Version Range | Upgrade To |
| 4.3.x | 4.3.1 |
| 4.2.x | 4.2.5 |
| 4.1.x and 4.0.x | 4.1.11 |
| 3.1.x | 3.1.11 |
| Unsupported versions | Migrate to a supported release |
If you are unable to upgrade right now, here are the recommendations below
Conclusion
CVE-2025-41243 is a critical vulnerability affecting Spring Cloud Gateway WebFlux, allowing remote attackers to modify environment properties when actuator endpoints are misconfigured and exposed.
While no active exploitation has been observed in the wild, vulnerability poses a high risk to application integrity and security due to its CVSS score of 10.0 and ease of exploitation in exposed systems.
Organizations are strongly advised to upgrade to the fixed versions, secure actuator endpoints, and follow best practices to reduce attack surface and prevent future exploitation.
References
Security Advisory: MediaTek disclosed critical vulnerabilities along with remediation for its modem and system components. Since the vulnerabilities affected thousands of devices, amounting to both multiple high- and medium vulnerabilities that affected, 60 chipsets used in smartphones, routers and IoT devices.
| OEM | MediaTek |
| Severity | High |
| CVSS Score | 8.3 (NOA) |
| CVEs | CVE-2025-20708, CVE-2025-20703, CVE-2025-20704, CVE-2025-20705, CVE-2025-20706, CVE-2025-20707 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
MediaTek issued a critical security update in September 2025 and key issues include modem-related flaws such as remote code execution, denial of service via rogue base stations and local privilege escalation.
Other vulnerabilities include WLAN buffer overflows, bootloader logic flaws and keymaster information leaks impacting Android devices and OpenWRT/Yocto platforms. There has been no active exploitation noticed and MediaTek began distributing patches to OEMs from July 2025 and urges immediate firmware updates to mitigate the issues.
| Vulnerability Name | CVE ID | Product Affected | Severity |
| Out-of-bounds write in Modem | CVE-2025-20708 | Affected chipsets – 60 chipsets Modem NR15,16,17,17R software versions. | High |
| Out-of-bounds read in Modem | CVE-2025-20703 | Affected chipsets – 57 chipsets Modem NR15,16,17,17R software versions. | High |
| Out-of-bounds write in Modem | CVE-2025-20704 | Affected chipsets – 14 chipsets Modem NR17,17R software versions. | High |
| Use after free in monitor_hang | CVE-2025-20705 | Affected chipsets – 39 chipsets Android 13 – 16, openWRT 19.07, 21.02 / Yocto 2.6 software versions. | Medium |
| Use after free in mbrain | CVE-2025-20706 | Affected chipsets – 5 chipsets Android 14 – 15 software versions. | Medium |
| Use after free in geniezone | CVE-2025-20707 | Affected chipsets – 60 chipsets Android 13 – 15 software versions. | Medium |
Technical Summary
These vulnerabilities primarily include out-of-bounds read and write errors (CWE-125, CWE-787) and use-after-free issues (CWE-416), resulting from improper bounds checking and memory management flaws.
An attacker controlling a rogue base station can exploit these flaws remotely without requiring user interaction, potentially causing remote denial of service, unauthorized privilege escalation, or local privilege escalation if system privileges are already obtained. The exploitation of these vulnerabilities could compromise device stability, security and confidentiality by corrupting memory or executing arbitrary code. Affected devices use modem firmware versions NR15 through NR17R, and a wide spectrum of chipsets, highlighting the broad attack surface.
| CVE ID | Vulnerability Details | Impact |
| CVE-2025-20708 | An out-of-bounds write flaw exists in the Modem due to incorrect bounds checking. This vulnerability allows remote escalation of privilege when a UE connects to a rogue base station, without requiring additional execution privileges or user interaction. | Unauthorized access, data interception, disruption of cellular services |
| CVE-2025-20703 | The Modem is affected by an out-of-bounds read issue caused by improper bounds validation. This can result in remote denial of service if connected to a malicious base station, and exploitation requires no user interaction or extra privileges. | Denial of Service (DoS), modem or device crash, freeze, unresponsiveness |
| CVE-2025-20704 | Due to a missing bounds check, the Modem is vulnerable to an out-of-bounds write. Exploiting this flaw can lead to remote escalation of privilege when connected to a rogue base station, though user interaction is necessary. | Remote privilege escalation, unauthorized elevated access |
| CVE-2025-20705 | A use-after-free condition in the monitor_hang module can cause memory corruption, potentially leading to local escalation of privilege if the attacker already has System-level access. Exploitation does not require user interaction. | Local privilege escalation, memory corruption |
| CVE-2025-20706 | The mbrain component suffers from a use-after-free vulnerability that can result in memory corruption. This may allow local privilege escalation for an attacker with System privileges, without needing user interaction. | Local privilege escalation, memory corruption |
| CVE-2025-20707 | In the geniezone module, a use-after-free vulnerability can cause memory corruption and permit local privilege escalation if the attacker has System privileges, with no user interaction needed. | Local privilege escalation, memory corruption |
Recommendations:
Here are some recommendations below
Conclusion:
MediaTek’s recent security update addresses critical vulnerabilities, especially in modem firmware, that could allow remote attacks without user interaction. Although no active exploits have been found, the severity and scope of these flaws make it vital for manufacturers and users to promptly apply patches to protect devices and data.
The company reassures end users that proactive notification and remediation precede public disclosure, underscoring MediaTek’s commitment to chipset and product security.
References:
Summary of Vulnerability in Microsoft Web Deploy 4.0 (CVE-2025-53772) revels critical security flaw that could be exploited by authenticated attackers to execute code on affected systems. This is the bug disclosed on August 12, 2025, with a CVSS score of 8.8, indicating high severity.
| Severity | High |
| CVSS Score | 8.8 |
| CVEs | CVE-2025-53772 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
A vulnerability in Microsoft Web Deploy 4.0 (CVE-2025-53772) allows authenticated attackers to remotely execute arbitrary code on affected systems.
The issue arises from the insecure deserialization of untrusted data. Due to its low privilege requirements and lack of user interaction, this flaw poses a significant threat, especially in enterprise deployment environments.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Web Deploy Remote Code Execution via Deserialization | CVE-2025-53772 | Microsoft Web Deploy 4.0 | High | 10.0.2001 or later |
Technical Summary
The vulnerability stems from insecure deserialization of untrusted data (CWE-502), allowing remote attackers to craft malicious HTTP requests that trigger code execution on the web server. This flaw enables remote code execution (RCE) under specific conditions, where the attacker must have authenticated access and network connectivity.
The attack is network-based, requires only low-privilege access and does not rely on user interaction. Successful exploitation can result in a high impact on confidentiality, integrity and availability of the affected system. As of the time of publication, no public exploit has been reported and the exploit maturity is considered unproven.
| CVE ID | CVSS Score | System Affected | Vulnerability Details | Impact |
| CVE-2025-53772 | 8.8 | Microsoft Web Deploy 4.0 | Web Deploy deserializes untrusted input, allowing remote attackers to execute arbitrary code. | Remote Code Execution |
Recommendations:
Here are some recommendations below
Conclusion:
While CVE-2025-53772 has not yet been publicly exploited, the nature of the flaw and the ease of attack (low privileges, no user interaction) significantly increases the risk of widespread exploitation, particularly in enterprise deployment environments.
Organizations using Microsoft Web Deploy 4.0 should update and apply the latest patch without delay.
This vulnerability affects Web Deploy 4.0 and requires low privileges to exploit, making it particularly concerning for organizations that use this deployment tool in their infrastructure. The vulnerability allows an authenticated attacker to exploit the system via low-complexity network-based attacks.
References:
A set of vulnerabilities affecting millions of Dell laptops used by government agencies, cybersecurity professionals, and enterprises worldwide. The vulnerability known as “ReVault,” mainly target the Broadcom BCM5820X security chip embedded in Dell’s ControlVault3 firmware.
This subsequently create opportunities for attackers to steal passwords, biometric data, and maintain persistent access to compromised systems.
How does the vulnerability work
Most of the flaws reside in the firmware for ControlVault3 and ControlVault3+, which are hardware security components that store passwords, biometric templates, and security codes.
The lists includes:
According to the researchers, the vulnerabilities can be exploited in so-called ReVault attacks by:
“Another interesting consequence of this scenario is that if a system is configured to be unlocked with the user’s fingerprint, it is also possible to tamper with the CV firmware to accept any fingerprint,” as per researchers.
Technical details have not been publicly shared, but they have, of course, been privately reported to Dell and Broadcom.
These are 5 critical vulnerabilities of ReVault found by Cisco Talos researcher
ControlVault3 and ControlVault3+ systems:
Importance of device security posture/Endpoint security
The incident highlight how device posture check is designed to evaluate threat that a device poses to an organization and its systems.
The persistent nature of these attacks represents a significant escalation in firmware-based threats, as the malicious code resides below the operating system level.
Here traditional antivirus solutions cannot detect or remove it. Now sophistication of cyber threats means that organizations need to become more proactive in terms of defense.
The identification and mitigation of a threat early on, via an effective and clearly defined security posture, reduces costs, lessens downtime, and minimizes reputational damage.
Periodic security audits are essential to have a complete check on all the security features of the organization. Such audits identify vulnerabilities in the current security controls and allow for ensuring things align properly with industry standards.
Importance of Endpoint security
End point security detect and prevent security threats like file-based malware attacks among other malicious activities. It also provides investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.
Conclusion:
Protecting against endpoint attacks is challenging for organisation because endpoints exist where humans and machines intersect. With the increasing number of adversaries trying to breach organizations using sophisticated cyberattacks, quickly detecting potential threats will help speed the remediation process and keep data protected.
(Source: https://www.helpnetsecurity.com/2025/08/05/dell-laptops-firmware-vulnerabilities-revault-attacks/)
Data Stolen from various government based organizations across South east-Asia via State-Backed HazyBeacon Malware that Uses AWS Lambda was discovered and tracked by researchers Palo Alto Networks Unit 42 under the moniker CL-STA-1020.
Here “CL” stands for “cluster” and “STA” refers to “state-backed motivation, data collected include information about recent tariffs and trade disputes. The initial access vector used to deliver the malware is currently not known, although evidence shows the use of DLL side-loading techniques to deploy it on compromised hosts. Specifically, it involves planting a malicious version of a DLL called “mscorsvc.dll” along with the legitimate Windows executable, “mscorsvw.exe.”
Campaign execution flow
As per researchers backdoor leverages AWS Lambda URLs as command and control (C2) infrastructure. AWS Lambda URLs are a feature of AWS Lambda that allows users to invoke serverless functions directly over HTTPS.
This technique uses legitimate cloud functionality to hide in plain sight, creating a reliable, scalable and difficult-to-detect communication channel.
Figure 1 shows the high-level execution flow of this attack.
Key points:
The malware is using a newly discovered Windows backdoor dubbed HazyBeacon.
Secondly, it exploits a legitimate feature of the AWS Lambda serverless compute service called Lambda URLs, to hide its malicious activities
AWS Lambda URLs are a part of AWS Lambda that allow users to invoke serverless functions directly over HTTPS.
In this attack, the HazyBeacon backdoor uses the service to establish C2 communications, allowing the actor to engage in covert intelligence gathering.
Researchers at Trellix, revealed the attacker tactic of using Lambda to obscure C2 activity in late June, noting that such obscurity “makes network-based detection nearly impossible without decryption or deep behavioral analysis,” according to their report.
During backdoor deployment, attackers also establish persistence on the compromised Windows endpoint by creating a Windows service named msdnetsvc, which ensures that the HazyBeacon DLL would be loaded even after rebooting the system.
Unit 42 included a list of indicators of compromise (IoCs) in the post to help identify a potential attack. Defenders can set their machine-learning models and analysis techniques to be triggered by those IoCs, as well as use behavioral threat protection to detect and block the execution of processes with malicious behavior in their cloud environments.
How the malware reaches out to serverless AWS Lambda endpoints
This use of cloud-native tools for C2 is a growing trend in advanced persistent threats (APTs).
South east Asia a focal point of target
The reason why Southeast Asia has increasingly becoming a focal point for cyber espionage mainly due various sensitive trade negotiations being done by countries, defense enhancement taken up by countries as a part of modernization and power alignment between U.S.–China.
Why threat actors chose this area via targeting government agencies as the data stolen carried various intelligence inputs that were based on foreign policy direction, infrastructure planning and various regulatory shifts that further influence the behavior of global markets.
HazyBeacon reflects a broader aspect and trend in cyber security related to advanced persistent threats using trusted platforms as covert channels.
This cloud-based malware cluster, similar techniques have been observed in threats using Google Workspace, Microsoft Teams, or Dropbox APIs to evade detection and facilitate persistent access.
Once the malware is on the system, it doesn’t want to leave. HazyBeacon registers itself as a Windows service, making sure it gets relaunched after every reboot.
Organizations who detect and mitigate this emerging threats also understand how attackers exploit cloud services for malicious purposes.
The misuse of AWS Lambda occurs when the malicious DLL, mscorsvc.dll, establishes a C2 channel through an AWS Lambda URL. AWS Lambda runs code in response to events without requiring server provisioning or management; the URLs feature, introduced in 2022, extends this functionality by providing customers with a way to configure dedicated HTTPS endpoints for Lambda functions.
Summary :Security Advisory: A critical privilege escalation vulnerability (CVE-2025-5071) was discovered in the AI Engine WordPress plugin, allowing subscriber-level users to gain administrator privileges when the MCP (Model Context Protocol) module is enabled.
| OEM | WordPress |
| Severity | High |
| CVSS Score | 8.8 |
| CVEs | CVE-2025-5071 |
| POC Available | Yes |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the ‘Meow_MWAI_Labs_MCP::can_access_mcp’ function in versions 2.8.0 to 2.8.3.
This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like ‘wp_create_user’, ‘wp_update_user’ and ‘wp_update_option’, which can be used for privilege escalation, and ‘wp_update_post’, ‘wp_delete_post’, ‘wp_update_comment’ and ‘wp_delete_comment’, which can be used to edit and delete posts and comments.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Privilege Escalation Vulnerability | CVE-2025-5071 | AI Engine WordPress Plugin | High | 2.8.4 |
Technical Summary
AI Engine is a WordPress plugin that recently introduced support for MCP (Model Context Protocol), which allows AI agents – such as Claude or ChatGPT – to control and manage the WordPress website by executing various commands, managing media files, editing users, and performing complex tasks more reliably than through standard APIs.
The vulnerability stems from insufficient authorization checks in the can_access_mcp () function within the plugin, enabling any authenticated (logged-in) user to bypass Bearer Token validation and access MCP endpoints.
This access can be exploited to escalate user privileges by executing commands such as wp_update_user, ultimately leading to full site compromise.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-5071 | WordPress with AI Engine Plugin 2.8.0–2.8.3 | The can_access_mcp() function incorrectly grants MCP endpoint access to all logged-in users. Even when Bearer Token authentication is enabled, lack of empty value checks in the token validation logic allows privilege escalation. | Complete site compromise |
Remediation:
Conclusion:
The CVE-2025-5071 vulnerability in the AI Engine WordPress plugin highlights the potential risks when advanced modules like MCP are misconfigured.
Even though the feature is disabled by default, sites that have enabled it become susceptible to complete takeover by authenticated users.
Website administrators are urged to update to version 2.8.4 immediately and verify that security best practices are enforced to prevent such escalations. With over 100,000 active installations, this flaw presents a significant risk to the WordPress ecosystem if left unpatched.
References:
t
Summary Security Advisory
Apache Roller, a widely used Java-based blogging platform, enabling users to create, manage, and publish blog content. It supports features like user authentication, content management, and customizable themes.
| OEM | Apache |
| Severity | Critical |
| CVSS Score | 10.0 |
| CVEs | CVE-2025-24859 |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
A critical security vulnerability (CVE-2025-24859) has been discovered in Apache Roller (versions 1.0.0 to 6.1.4), where old sessions are not invalidated after a password change, allowing attackers to maintain unauthorized access if they have stolen a session token. This flaw poses a significant risk of session hijacking and unauthorized access, and users are advised to upgrade to version 6.1.5 to mitigate the issue.
| Vulnerability Name | CVE ID | Product Affected | Severity |
| Insufficient Session Expiration on Password Change | CVE-2025-24859 | Apache Roller | Critical |
Technical Summary
The vulnerability centers on insufficient session expiration.
When a user or administrator changes a password, Apache Roller versions before 6.1.5 do not properly invalidate existing sessions.
As a result, any session tokens before the password change remain valid.
This means that if an attacker has already compromised a user’s credentials and established a session, they can continue to access the application even after the password is updated, effectively bypassing a key security control.
This can be a big security threat, particularly in systems used by many users or administrators, where it’s important to keep sessions secure.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-24859 | Apache Roller 1.0.0 – 6.1.4 | Sessions are not invalidated after password change, allowing persistent access through old sessions if compromised. | Unauthorized Access / Session Hijacking |
Remediation:
Conclusion:
CVE-2025-24859 represents a critical access control threat to Apache Roller implementations.
Although no active exploitation has been observed still now, it’s easy for attackers to misuse sessions if they gain access. Its important for organizations using Apache Roller to quickly update to version 6.1.5 to fix this problem.
This is a critical step in maintaining the security of blog sites and protecting user data.
CVE-2025-24859 highlights the importance of robust session management in web applications.
References:
An unverified password change vulnerability [CWE-620] in FortiSwitch GUI discovered.
This may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request as per Fortinet advisory released.
Summary
| OEM | Fortinet |
| Severity | CRITICAL |
| CVSS Score | 9.8 |
| CVEs | CVE-2024-48887 |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
Fortinet’s FortiSwitch product line has revealed a significant vulnerability noted as CVE-2024-48887. This flaw allows unauthenticated remote attackers to change administrative passwords by sending specially crafted requests to the device’s password management endpoint. With a CVSS score of 9.8, the vulnerability is classified as Critical and is actively being exploited in the wild.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| A unverified password change vulnerability | CVE-2024-48887 | Fortinet | CRITICAL | 9.8 |
Technical Summary
A critical vulnerability (CVE-2024-48887) has been identified in Fortinet FortiSwitch devices, affecting versions 6.4.0 through 7.6.0. This flaw resides in the web-based management interface and allows remote, unauthenticated attackers to change administrator passwords by sending a specially crafted HTTP request to the set_password endpoint.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2024-48887 | FortiSwitch v7.6, 7.4, 7.2, 7.0, 6.4 | CVE-2024-48887 is an unauthenticated password change vulnerability in FortiSwitch web GUI. It enables remote unauthenticated attackers to modify admin passwords through crafted requests to the set_password endpoint. | Unverified Password Change |
Remediation:
General Recommendations
Conclusion:
The CVE-2024-48887 vulnerability poses a serious security risk to organizations using affected FortiSwitch devices. Its ease of exploitation and the lack of authentication required make it particularly dangerous.
Organizations must act immediately by applying the relevant security patches, limiting administrative access, and monitoring for unusual activity.
References:
Recent Comments