Intrucept

Security Advisory

Tesla Model 3 VCSEC Vulnerability Allows Remote Code Execution via TPMS Exploit 

Summary of Security Advisory

A high-severity vulnerability (CVE-2025-2082) in Tesla Model 3’s Vehicle Controller Security (VCSEC) module allows attackers within wireless range to remotely execute arbitrary code by exploiting a flaw in the Tire Pressure Monitoring System (TPMS)

OEM Tesla 
Severity High 
CVSS Score 7.5 
CVEs CVE-2025-2082 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

This provides potentiality in giving access to critical vehicle controls; Tesla has addressed the issue in firmware version 2024.14. 

Vulnerability Name CVE ID Product Affected Severity CVSS Score 
​Remote Code Execution vulnerability  CVE-2025-2082 Tesla Model 3   High  7.5 

Technical Summary 

The vulnerability lies in the VCSEC module, responsible for security functions like immobilization, door locking, and TPMS monitoring.

An integer overflow occurs when the VCSEC processes malformed certificate responses transmitted via the TPMS subsystem. Exploiting this flaw enables memory corruption, leading to remote code execution.

The attack does not require user interaction or authentication and can be carried out over adjacent wireless interfaces such as Bluetooth Low Energy (BLE) or Ultra-Wideband (UWB).

Once compromised, attackers may issue unauthorized commands to the Controller Area Network (CAN) bus, which governs safety-critical systems including braking, steering, and acceleration. 

CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-2082   Tesla Model 3 (pre-2024.14) Integer overflow in VCSEC module’s certificate handling logic triggered by malformed TPMS messages.  Remote code execution, unauthorized CAN bus access, potential control over critical systems 

Remediation

  • Update Tesla Firmware: Owners should update firmware version 2024.14 via the vehicle’s touchscreen or over-the-air (OTA) updates. 
  • Avoid Wireless Threats: Refrain from connecting to unknown BLE/UWB networks and using unauthorized TPMS accessories. 

Conclusion: 
This vulnerability demonstrates how auxiliary vehicle systems like TPMS can serve as entry points for serious security breaches. While Tesla’s prompt patch release, reflects good incident response, this case underscores the urgency for ongoing scrutiny of wireless automotive components. Owners must apply the firmware update and maintain secure update practices to reduce the risk of exploitation. 

References

Blogs

Frequency & Sophistication of DDoS Attack rise to198% in 1stQ 2025

Ways to protect enterprise assets and infrastructure is not only a CISO’s responsibility but a cause of worry for CXO, CTO ‘s as a powerful DDoS attack can cause havoc on revenues, productivity and reputation.

Threat mitigation from any DDoS attack, requires services from secured and trusted partners who can offer expertise and scale whenever required to mitigate the threats that emerge from DDoS attack.

This is also important from cost point of view as large enterprise bear the burnout and it requires expertise to constantly monitor and clean the traffic that get routed to customer network.

It is important organization find service oriented partners who have skilled networking capacity and processing power so that in face of attack, they can automatically respond to DDoS attacks, detect and mitigate.

According to MazeBolt research, even the best DDoS protections leave enterprises highly exposed. Typically, large-scale, global organizations are only 60% protected – leaving the door wide open for cybercriminals to exploit the gaps.

Statistics show from past DDoS attacks have taken down large services like Spotify, GitHub, Microsoft services like Outlook and OneDrive.

According to new data released by Netscout, distributed denial of service (DDoS) attacks are on the rise. There were 17 million such attacks in 2024 – up from 13 million the year before. It’s an astonishing rise that has big implications for your business.

Defining DDoS attack

When a cyber criminal or malicious actor push for a service with additional requests than it can handle, making the resources unavailable and non-functional subsequently bringing it down.

In cases DDoS attack forcefully shuts a website, network, or computer offline by overloading it with requests. We often hear Black Friday sales out in big giant displays, these often drive a lot of internet traffic towards the brand or one destination at once.

A DDoS attack works when several different IP addresses target the same platform at same time that can overwhelm the server in question and bring it down.

Often, this attack is carried botnets which are a collection of devices when infected with malware, they can controlled remotely by cyber criminals. DDoS attack is executed by several different actors at the same time.

Increase in DDoS Attack in 2025

DDoS attacks increased by 198% compared to the last quarter of 2024 and by 358% compared to the same quarter last year.

On April 3 attack targeted an unnamed online betting organization, lasting around 90 minutes, starting at 11:15 with a surge of 67Gbps, before escalating sharply to 217Gbps by 11:23, and peaked just short of 1Tbps at 965Gbps by 11:36.

Research shows A total of 20.5 million DDoS attacks were stopped during the period, of which 6.6 million attacks were directly targeted at Cloudflare’s infrastructure. Gaming servers were the most popular target for DDoS attacks. Attack patterns remains spotted during the 2024 UEFA European Football Championship, held in Germany, where spikes in DDoS activity also targeted online betting sites.

In Geopolitics DDoS has emerged as a tool that is often and can be abused to target attacks.

According to research by NETSCOUT, the second half of 2024 saw almost 9 million DDoS attacks, a 12.75% increase from the first six months. Israel in particular saw a 2,844% increase in attacks, seeing a high of 519 in one day.

The above mentioned Russian hacking group, NoName057(16), focused primarily on government services in the UK, Belgium, and Spain. Georgia also saw a 1,489% increase in attacks in the lead up to the “Russia Bill”, highlighting its use as a political weapon.

Network-layer DDoS attacks were the primary driver of the overall surge. In Q1 2025, 16.8 million of these attacks were blocked, representing a 509% year-over-year rise and a 397% increase from the prior quarter.

Hyper-volumetric attacks, defined as those exceeding 1 terabit per second (Tbps) or one billion packets per second (Bpps), have become increasingly common. Cloudflare reported approximately 700 such attacks during the quarter, averaging about eight per day.

Major targets of DDoS attack

Globally, there have been notable changes in the most-targeted locations. Germany moved up four spots to become the most attacked country in Q1 2025.

Turkey made an 11-place jump to secure second position, while China dropped to third. Hong Kong, India, and Brazil also appeared among the top most-attacked countries, with movements seen across several regions in the rankings. Australia, for its part, remained outside the global top ten.

Industries facing the most pressure have shifted this quarter as well. The Gambling & Casinos sector moved to the top position as the most targeted industry, after climbing four places.

Telecommunications dropped to second, and Information Technology & Services followed in third.

Other industries experiencing notable increases in attacks included Cyber Security, which jumped 37 places, and Airlines, Aviation & Aerospace. In Australia, the industries facing the most attacks were Telecommunications, Information Technology and Services, Human Resources, and Consumer Services.

The report detailed attack vectors and trends, showing that the most common technique at the network layer remains SYN flood attacks, followed by DNS flood and Mirai-launched attacks.

Among HTTP DDoS attacks, more than 60% were identified and blocked as known botnets, with others attributed to suspicious attributes, browser impersonation, and cache busting techniques.

Cloudflare observed significant surges in two emerging attack methods. CLDAP reflection/amplification attacks grew by 3,488% quarter-over-quarter, exploiting the connectionless nature of the protocol to overwhelm victims with reflected traffic.

Similarly, ESP reflection/amplification attacks rose 2,301%, underscoring vulnerabilities in systems using the Encapsulating Security Payload protocol.

Despite the increase in the volume and size of attacks, the report noted that 99% of network-layer DDoS attacks in Q1 2025 were below 1 Gbps and one million packets per second.

Likewise, 94% of HTTP attacks fell below one million requests per second. Most attacks were short-lived, with 89% of network-layer and 75% of HTTP attacks ending within 10 minutes, but the impact can persist much longer due to the resulting service disruptions.

Addressing the rise of DDoS attack & Mitigation solution

DDoS attack intends to disrupt some or all of its target’s services there are variety of DDoS attacks. They are all uniquely different. There are three common types of DDoS attacks:

  • Volumetric (Gbps)
  • Protocol (pps)
  • Application layer (rps) attacks.

An effective DDoS attack is launched when near by network detects easily the cheap IoT devices like toys, small appliances, thermostats, security camera and Wi-Fi routers. These devices makes it easy to launch an effective attack that can have massive impact.

Threat Mitigation of DDoS attack

Application Layer attacks can be detected early with solutions by monitoring visitor behavior, blocking known bad bots and constant testing.

To do this more effectively Intrucept recently launched Cyber Analytics platform

Cyber Analytics platform 𝘀𝗲𝗮𝗺𝗹𝗲𝘀𝘀𝗹𝘆 𝗯𝗿𝗶𝗻𝗴𝘀 𝘁𝗼𝗴𝗲𝘁𝗵𝗲𝗿 𝘁𝗵𝗲 𝗽𝗶𝗹𝗹𝗮𝗿𝘀 𝗼𝗳 𝗺𝗼𝗱𝗲𝗿𝗻 𝗰𝘆𝗯𝗲𝗿 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗶𝗻𝘁𝗼 𝗼𝗻𝗲 𝘂𝗻𝗶𝗳𝗶𝗲𝗱 𝗲𝗰𝗼𝘀𝘆𝘀𝘁𝗲𝗺 𝗶.𝗲. 𝗯𝗲𝘀𝘁-𝗶𝗻-𝗰𝗹𝗮𝘀𝘀 𝗮𝘀 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗽𝗿𝗼𝗱𝘂𝗰𝘁𝘀.

✅ XDR (Extended Detection & Response)
✅ Next-Gen SIEM (Security Information & Event Management)
✅ SOAR (Security Orchestration, Automation & Response)
✅ Threat Intelligence
✅ AI-Powered Security Analytics
𝗖𝘆𝗯𝗲𝗿 𝗔𝗻𝗮𝗹𝘆𝘁𝗶𝗰𝘀 𝗱𝗲𝗹𝗶𝘃𝗲𝗿𝘀:
Real-time threat detection across endpoints, cloud, networks, and apps
Automated incident response to reduce MTTR & human fatigue
AI-driven insights to power proactive, risk-based decision-making
Built for agility, scalability & actionable intelligence; our platform gives security teams the edge required to move from playing catch-up to staying ahead.
𝗖𝘆𝗯𝗲𝗿 𝗔𝗻𝗮𝗹𝘆𝘁𝗶𝗰𝘀 𝗿𝗲𝗽𝗿𝗲𝘀𝗲𝗻𝘁𝘀 𝗮 𝘀𝘁𝗲𝗽 𝗳𝗼𝗿𝘄𝗮𝗿𝗱 𝗶𝗻 𝗮𝗰𝗵𝗶𝗲𝘃𝗶𝗻𝗴 𝗯𝗲𝘁𝘁𝗲𝗿 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗼𝘂𝘁𝗰𝗼𝗺𝗲𝘀.

Sources; Targeted by 20.5 million DDoS attacks, up 358% year-over-year: Cloudflare’s 2025 Q1 DDoS Threat Report

DDoS attacks have skyrocketed 358% year-over-year, report says

Blogs

Deepfake’s pose a Challenge as Cyber-risk Increase

The Digital world is witnessing constant increase in threats from Deepfakes, a challenge for cyber leaders as cybersecurity related risk increase and digital trust.

Deepfakes being AI generated is much used by cybercriminals with intentions to bypass authenticated security protocols and appears realistic but fakes, often posing challenges to detect being generated via AI. We have three types of Deepfakes i.e. voice fakes or Audio, Deep Video maker fakes and shallow fakes or editing software like photoshop.

Growing Cyber Risk due to Deep Fakes

Due to these Deep fakes , which are quiet easier and more realistic to create, there has been deterioration of trust, propagation of misinformation that can be used widely and has potential to damage or conduct malicious exploitation across various domains across the industry verticals.

The cybersecurity industry has always came forward and explained what can be potential risk posed by Deep fakes and possible route to mitigate the risks posed by deepfakes, emphasizing the importance of interdisciplinary collaborations between industries. This will bring in proactive measures to ensure digital authenticity and trust in the face of evolving cyber frauds.

Failing to recognize a deep fake pose negative consequence both for individuals and organizational risk and this can be unable to recognize audio fakes or video fakes. The consequences can be from loss of trust to disinformation. From negative media coverage to falling prey to potential lawsuits and other legal ramifications and we cannot undermine cybersecurity related threats and phishing attacks.

There are case when Deep fakes have been ethically used but the numbers are less compare to malicious usage by cyber criminals. Synthetic media also termed as Deep fakes are created using deep learning algorithms, particularly generative adversarial networks (GANs).

These technologies can seamlessly swap faces in videos or alter audio, creating hyper-realistic but fabricated content. In creative industries, deepfakes offer capabilities such as virtual acting and voice synthesis.

 Generative Adversarial Networks (GANs) consists of two neural networks: a generator and a discriminator.

  • Generator: In this case the network creates synthetic data, such as images or videos from any random sound alert and mimic real data.

  • Discriminator generally evaluates the generated content against real data. 

Deepfakes uses deep learning algorithms to analyze and synthesize visual and audio content which are painful task to determine the real ones, posing significant challenge to ethical security concerns.

While posing threats Deep fakes also provide another gateway for cyber attack specifically Phishing attacks. Tricking victims or impersonating an individual or an entity may open doors for revealing sensitive information and threat to data security.
The audios created via Deepfake could be used to bypass voice recognition systems giving attackers access to secure systems and invading personal privacy.

Uses cases in Deepfakes to understand the reach and impact:

Scammers and Fraudsters can benefit as Deepfakes can develop audio replication and use them for malicious intent like asking financial help from individuals they encounter or voice clone as some important person and demand or extort money.

Identity Theft is often overlooked and this impacts mostly financial institutions and scammers can easily bypass such authentication by cloning voices. Scammers also may easily develop convincing replicas of government ID proofs to gain access to business information or a misuse it as a customer. 

Fusing images of high profile public figures with offensive images by employing deepfake technology without their knowledge by criminals and hackers are growing each day . This kind of act can eventually lead to demanding money by cyber criminals or face consequences leading to defaming.

Conspiracy against governments or national leaders by faking their image or creating false hoax where the image or voice is used by cyber criminals often hired by opposing systems in place to disturb peace and harmony and also sound business operations.

Email are the key entry point for cyberattacks and presently we see deepfake technology being used by cyber criminals to create realistic phishing emails. These emails  bypass conventional security filters an area we cannot afford to neglect.

How will you detect Deep fakes?

Few technicalities are definitely there that may not be recognizable but there are few minute and hairsplitting details.

In Video fakes its often seen no movement in the eye or unnatural facial expression. The skin colour may be sightly different and in-consistent body positioning including the mismatch lip-syncing and body structure and face structure not similar as what we used to witness or accustomed viewing.

Being a grave concern from cyber security perspective its important to remain alert on new evolving technologies on Deep fakes and know their usage to defend on all frontiers both at individual and organizational level.

As Deep fakes are AI driven and rising phishing attacks that imbibe deep fakes pose a challenge where in mostly social media profile are used. The available AI-enabled computers allow cybercriminals to use chatbots no body can detect as fake.

Mitigating the Digital Threat

  • Organizations or individuals require robust security measures to implement AI-based security solutions and develop improved knowledge of phishing methods in order to tackle the digital threat.
  • Remaining proactive in all level of cyber security to navigate the complex challenge of Deep fakes is important, while Deep fakes defiantly poses strong technical challenge but proactive cybersecurity practices can stop cybercriminals from luring victims in their trap.
  • Government bodies and tech institutions or organizations that are tech savy to have more collaborative efforts to recognize deep fakes and effectively deal with challenges.
  • The various regulations and more recently the DORA (Digital Operational Resilience Act ), will help navigate these challenges as more investments in open sources security will rise by countries and organizations.
  • Major investments in AI-driven detection tools are being soughed after at enterprise level, those having stronger authentication mechanisms and improved digital literacy are critical to mitigating these emerging threats.
  • Investing in Email security service that offers automated protection will assist in blocking major phishing attempts

    As per KPMG report, Deepfakes may be growing in sophistication and appear to be a daunting threat. However, by integrating deepfakes into the company’s cybersecurity and risk management, CISOs  in assosiations with CEO, and Chief Risk Officers (CRO) – can help their companies stay one step ahead of malicious actors.

    This calls for a broad understanding across the organization of the risks of deepfakes, and the need for an appropriate budget to combat this threat.

    If Deepfakes can be utilized to infiltrate an organization, the same technology can also protect it. Collaborating with deepfake cybersecurity specialists helps spread knowledge and continually test and improve controls and defenses, to avoid fraud, data loss and reputational damage.

    BISO Analytics:

    We at Intruceptlabs have a mission and that is to protect your organization from any cyber threat keeping confidentiality and integrity intact.

    We have BISO Analytics as a service to ensure business continues while you remain secured in the world of cybersecurity. BISO’s translates concepts and connects the dots between cybersecurity and business operations and functions are in synch with cyber teams.

    Sources: https://kpmg.com/xx/en/our-insights/risk-and-regulation/deepfake-threats.html

    AI-Driven Phishing And Deep Fakes: The Future Of Digital Fraud

Security Advisory

Windows Update Stack Privilege Escalation Vulnerability (CVE-2025-21204) – PoC Released  

The flaw, disclosed by researchers at Cyberdom Blog, poses a significant risk to millions of Windows users and organizations relying on windows.

OEM Windows 
Severity HIGH 
CVSS Score 7.8 
CVEs CVE-2025-21204 
POC Available Yes 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

A high-severity vulnerability in the Windows Update Stack, CVE-2025-21204, enables local attackers to escalate privileges to SYSTEM level by exploiting trusted path abuse through symbolic links. The flaw affects various versions of Windows 10, Windows 11, and Windows Server.

A working proof-of-concept (PoC) exploit has been publicly released by security researcher Elli Shlomo, increasing the urgency to patch. The issue is addressed in the April 2025 cumulative update KB5055523. 

Vulnerability Name CVE ID Product Affected Severity CVSS Score 
​Windows Update Stack Privilege Escalation  CVE-2025-21204 Windows  HIGH  7.8 

Technical Summary 

The vulnerability lies in how Windows Update processes such as MoUsoCoreWorker.exe and UsoClient.exe, which run with SYSTEM privileges, handle directory junctions. Attackers can delete the legitimate Tasks directory under C:\ProgramData\Microsoft\UpdateStack and replace it with a symbolic link pointing to an attacker-controlled path. This allows the execution of arbitrary code as SYSTEM without triggering traditional security mechanisms.

A public PoC developed by Elli Shlomo demonstrates this exploit using only native Windows features—no external binaries or code injection required. 

This opens the door for a range of attacks, including installing persistent malware, disabling security tools, or accessing sensitive data.

CVE ID System Affected Vulnerability Details Exploit Prerequisites Impact 
  CVE-2025-21204  Windows 10 (10.0.10240.0 < 10.0.10240.20978, etc.), Windows 11, Server Misuse of NTFS junctions allows local attackers to redirect C:\ProgramData\Microsoft\UpdateStack\Tasks to attacker-controlled locations. SYSTEM-level update processes follow these junctions and execute unauthorized code. Attackers must have local access and limited user privileges; no user interaction required   Local privilege escalation, Code execution 

Source: Cyberdom 

Recommendations

  • Apply the April 2025 cumulative update (KB5055523) immediately. 
  • Restrict ACLs on C:\ProgramData\Microsoft\UpdateStack. 
  • Use AppLocker or WDAC to block symbolic link creation in sensitive directories. 
  • Monitor file operations involving UpdateStack and inetpub, regardless of IIS presence. 
  • Detect attempts to create NTFS junctions targeting update directories. 

Conclusion: 
CVE-2025-21204 is an example of a rather low-level and impactful threat doing trusted path abuse rather than complex memory corruption. This vulnerability demonstrates how attackers will exploit trust assumptions built into the operating system via native components.

The only defenses available are to immediately patch and harden directory access controls to stop this low-level and minimally visible localized privilege escalation. 

References


 

Security Advisory

Windows 11 DLL Flaws Open Doors to Privilege Escalation! 

Summary 

Security researcher John Ostrowski of Compass Security has uncovered two privilege escalation vulnerabilities in Microsoft Windows CVE-2025-24076 and CVE-2025-24994.

DLL hijacking is a technique that exploits how Windows applications load DLLs.

OEM Windows 
Severity HIGH 
CVSS Score 7.3 
CVEs CVE-2025-24994, CVE-2025-24076 
No. of Vulnerabilities Patched 02 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

These flaws, found in the Mobile Devices management component, stem from insecure DLL loading behavior that could allow unprivileged users to escalate privileges to SYSTEM via a DLL hijacking attack. Microsoft has released fixes for both vulnerabilities as part of its March 2025 Patch Tuesday rollout. 

Vulnerability Name CVE ID Product Affected Severity CVSS Score 
​Windows Cross Device Service Elevation of Privilege Vulnerability  CVE-2025-24076 Windows  HIGH  7.3 
​Windows Cross Device Service Elevation of Privilege Vulnerability CVE-2025-24994 Windows HIGH 7.3 

Technical Summary 

The vulnerability arises due to Windows 11’s “Mobile devices” functionality loading a DLL from a user-writable location without verifying its signature. This enables unprivileged users to replace the DLL with a malicious proxy that executes with elevated privileges. 

CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-24076  Windows 11 Version 22H2, 22H3, 23H2, 24H2.  Exploits a race condition in the “Mobile devices” feature via DLL hijacking. The system process loads CrossDevice.Streaming.Source.dll from a user-writable directory (%PROGRAMDATA%\CrossDevice\), allowing privilege escalation when replaced with a malicious DLL. Attackers used Opportunistic Locks and API hooking (via Detours) to reliably exploit the narrow timing window.   Allows SYSTEM-level privilege escalation 
CVE-2025-24994 Windows 11 Version 22H2, 22H3, 23H2, 24H2 Involves a similar DLL hijacking flaw in a user-to-user context. A user-level process loads a DLL without signature validation, allowing a malicious DLL to be executed under another user’s context. This vector is less severe but still exploitable.  Allows user-to-user privilege escalation 

Remediation

  • Implement Security Updates to make sure to install the current security patches made available by Microsoft, specifically March 2025 updates, into affected systems. 
  • Turn off Cross Device Service if not needed, disable the “Mobile Devices” feature in Windows 11 to avoid exploitation of the vulnerabilities. 
  • Look for Suspicious Activity constantly scan system logs for suspect activity, particularly attempts to alter or load DLL files in protected processes. 
  • Restrict User Permissions prevent non-administrative users from changing system files or running processes with elevated privileges. 
  • Support DLL Signature Verification makes all programs support DLL signature verification so that no applications can load unsigned or altered DLL files. 

Conclusion: 
The discovered DLL hijacking vulnerabilities in Windows 11’s “Mobile devices” feature demonstrate how legacy attack techniques remain potent when integrated into new OS functionalities.

The presence of a working Proof-of-Concept (PoC) reinforces the practical risk posed by these flaws. Organizations should immediately apply the March 2025 security updates and consider employing EDR solutions to monitor for related behavior. Continued vigilance and file access control hardening remain essential in defending against such privilege escalation attacks.  

While CVE-2025-24076 enables SYSTEM-level access but CVE-2025-24994 arises from a related user-level process failing to validate DLLs.

This opens the door to user-to-user attacks, though its impact is far less severe compared to its SYSTEM-targeting sibling.

References


 

Security Advisory

Critical Session Management Vulnerability in Apache Roller 

Summary Security Advisory

Apache Roller, a widely used Java-based blogging platform, enabling users to create, manage, and publish blog content. It supports features like user authentication, content management, and customizable themes.

OEM Apache 
Severity Critical 
CVSS Score 10.0 
CVEs CVE-2025-24859 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

A critical security vulnerability (CVE-2025-24859) has been discovered in Apache Roller (versions 1.0.0 to 6.1.4), where old sessions are not invalidated after a password change, allowing attackers to maintain unauthorized access if they have stolen a session token. This flaw poses a significant risk of session hijacking and unauthorized access, and users are advised to upgrade to version 6.1.5 to mitigate the issue. 

Vulnerability Name CVE ID Product Affected Severity 
Insufficient Session Expiration on Password Change CVE-2025-24859 Apache Roller Critical 

Technical Summary 

The vulnerability centers on insufficient session expiration.

When a user or administrator changes a password, Apache Roller versions before 6.1.5 do not properly invalidate existing sessions.

As a result, any session tokens  before the password change remain valid.

This means that if an attacker has already compromised a user’s credentials and established a session, they can continue to access the application even after the password is updated, effectively bypassing a key security control.

This can be a big security threat, particularly in systems used by many users or administrators, where it’s important to keep sessions secure. 

CVE ID System Affected Vulnerability Details Impact 
 CVE-2025-24859  Apache Roller 1.0.0 – 6.1.4 Sessions are not invalidated after password change, allowing persistent access through old sessions if compromised.  Unauthorized Access /  Session Hijacking 

Remediation

  • Apply Patches Promptly: Upgrade immediately to Apache Roller version 6.1.5, which implements proper centralized session invalidation. 

Conclusion: 

CVE-2025-24859 represents a critical access control threat to Apache Roller implementations.

Although no active exploitation has been observed still now, it’s easy for attackers to misuse sessions if they gain access. Its important for organizations using Apache Roller to quickly update to version 6.1.5 to fix this problem. 

This is a critical step in maintaining the security of blog sites and protecting user data.

CVE-2025-24859 highlights the importance of robust session management in web applications.

References

Security Advisory

Dell Releases Patches for Multiple PowerScale OneFS Security Vulnerabilities 

Summary 

Dell Technologies Security Advisory

OEM Dell 
Severity Critical 
CVSS 9.8 
CVEs CVE-2025-27690, CVE-2025- 26330, CVE-2025-22471 
Exploited in Wild No 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

​Dell Technologies has released security updates addressing multiple vulnerabilities of varying severity in its PowerScale OneFS operating system.

These vulnerabilities could be exploited by attackers to gain control of high-privilege accounts, bypass security mechanisms, or disrupt system functionality. Dell has issued patches for several of these issues, a summary of some key vulnerabilities is provided in the table below. 

Vulnerability Name CVE ID Product Affected Severity 
Default Password Vulnerability CVE-2025-27690 PowerScale OneFS   Critical 
Incorrect Authorization Vulnerability CVE-2025-26330 PowerScale OneFS   High 
Integer Overflow or Wraparound Vulnerability CVE-2025-22471 PowerScale OneFS  Medium 

Technical Summary 

CVE ID System Affected Vulnerability Details Impact Affected Version 
CVE-2025-27690 PowerScale OneFS Dell PowerScale OneFS multiple versions contain a default password vulnerability where an unauthenticated remote attacker could potentially exploit this vulnerability, leading to the privilege escalation. Gain Privileges or Assume Identity  Versions 9.5.0.0 through 9.10.1.0 
CVE-2025-26330 PowerScale OneFS Dell PowerScale OneFS multiple versions contain an incorrect authorization vulnerability where unauthenticated local attacker could potentially exploit this vulnerability to access the cluster with previous privileges of a disabled user account. Unauthorized Access Versions 9.4.0.0 through 9.10.0.1 
CVE-2025-22471 PowerScale OneFS Dell PowerScale OneFS multiple versions contain an integer overflow or wraparound vulnerability where an unauthenticated remote attacker exploits this which leads to denial of service. Service unavailable Versions 9.4.0.0 through 9.10.0.1 

Remediation

It has been recommended to upgrade to the following versions to address the security risks 

OneFS Version Updated Version 
9.10.x.x 9.10.1.1 
9.9.x.x 9.9.0.2 
9.8.x.x 9.8.0.3 
9.7.x.x 9.7.1.7 
9.5.x.x 9.5.1.3 

Workaround for CVE-2025-27690 

It’s always recommended to update to the latest version. If you’re unable to upgrade immediately, you can follow the workarounds provided by the vendor from here

References: 

Security Advisory

Critical Flaw in FortiSwitch of Fortinet Allows Attackers to Change Admin Password

An unverified password change vulnerability [CWE-620] in FortiSwitch GUI discovered.

This may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request as per Fortinet advisory released.

Summary

OEMFortinet 
SeverityCRITICAL
CVSS Score9.8
CVEsCVE-2024-48887
Actively ExploitedYes
Exploited in WildYes
Advisory Version1.0

Overview

Fortinet’s FortiSwitch product line has revealed a significant vulnerability noted as CVE-2024-48887. This flaw allows unauthenticated remote attackers to change administrative passwords by sending specially crafted requests to the device’s password management endpoint. With a CVSS score of 9.8, the vulnerability is classified as Critical and is actively being exploited in the wild.

Vulnerability NameCVE IDProduct AffectedSeverityCVSS Score
A unverified password change vulnerability  CVE-2024-48887Fortinet   CRITICAL  9.8

Technical Summary

A critical vulnerability (CVE-2024-48887) has been identified in Fortinet FortiSwitch devices, affecting versions 6.4.0 through 7.6.0. This flaw resides in the web-based management interface and allows remote, unauthenticated attackers to change administrator passwords by sending a specially crafted HTTP request to the set_password endpoint.

CVE IDSystem AffectedVulnerability DetailsImpact
    CVE-2024-48887  FortiSwitch v7.6, 7.4, 7.2, 7.0, 6.4CVE-2024-48887 is an unauthenticated password change vulnerability in FortiSwitch web GUI.
It enables remote unauthenticated attackers to modify admin passwords through crafted requests to the set_password endpoint.		    Unverified Password Change

Remediation:

  • Apply Security Patches: Install the latest security update for your FortiSwitch version. Fortinet has fixed the issue in 6.4.15 and above,7.0.11 and above,7.2.9 and above,7.4.5 and above,7.6.1 and above versions.

General Recommendations

  • Update Devices Regularly always install the latest firmware and security patches from Fortinet to fix known vulnerabilities.
  • Limit access to the FortiSwitch web GUI to trusted IP addresses and disable HTTP/HTTPS access if it is not required.
  • Set strong and unique passwords and change them regularly to prevent unauthorized access.
  • Monitor unusual Activity for suspicious logins or configuration changes.

Conclusion:


The CVE-2024-48887 vulnerability poses a serious security risk to organizations using affected FortiSwitch devices. Its ease of exploitation and the lack of authentication required make it particularly dangerous.

Organizations must act immediately by applying the relevant security patches, limiting administrative access, and monitoring for unusual activity.

References:

Blogs

DDoS Attacks on Critical Infrastructure Re-shaping Geopolitical Conflicts

DDoS Attacks on Critical Infrastructure Reshaping Geopolitical Conflicts

Continue Reading
Security Advisory

WordPress Ultimate CSV Importer Flaws Put 20,000+ Sites at Risk

Threat researchers discovered an arbitrary File Upload vulnerability and an Arbitrary File Deletion vulnerability within the WP Ultimate CSV Importer plugin. This is affecting versions 7.19 and earlier.

The vulnerabilities have been addressed in version 7.19.1 of the plugin.

Summary 

OEM WordPress 
Severity High 
CVSS Score 8.8 
CVEs CVE-2025-2008, CVE- 2025-2007 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

The security flaw WordPress plugin, Ultimate CSV Importer, affecting over 20,000 websites. The vulnerabilities, identified as CVE-2025-2008 and CVE-2025-2007, can lead to catastrophic consequences, including complete site compromise. 

Vulnerability Name CVE ID Product Affected Severity CVSS Score 
Arbitrary File Upload  CVE-2025-2008 WordPress  High  8.8 
Arbitrary File Deletion  CVE-2025-2007 WordPress  High  8.1 

Technical Summary 

A critical security vulnerability has been discovered in the WP Ultimate CSV Importer plugin (versions ≤ v7.19). This flaw allows attackers with only Subscriber level access to exploit the system in two dangerous ways: 

  1. Malicious File Upload: Attackers can upload malicious files, potentially enabling remote code execution and granting full control over the affected site. This allows for complete site compromise, including the ability to install backdoors or steal sensitive information. 
  1. Critical File Deletion: Attackers can delete crucial files, such as wp-config.php, which can reset the WordPress site and give attackers the ability to take full control over the site. 
CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-2008  WP Ultimate CSV Importer plugin (versions ≤ 7.19) A critical flaw in the WP Ultimate CSV Importer plugin (≤ v7.19) allows attackers with Subscriber access to upload malicious files due to improper file type validation.
This can lead to remote code execution (RCE) and full site takeover. 		  Remote code execution (RCE) 
 CVE-2025-2007 WP Ultimate CSV Importer plugin (versions ≤ 7.19) A serious flaw in the WP Ultimate CSV Importer plugin (≤ v7.19) allows attackers with Subscriber access to delete critical files, like wp-config.php, due to weak file path validation.
This can reset the site, letting attackers take control. 		 Arbitrary file deletion leading to site reset 

Remediation

Install version 7.19.1 or later to fix the security flaws. Keeping all plugins and WordPress updated helps prevent attacks. 

General Recommendations 

  • Update the Plugin – Install the latest version (7.19.1+) to fix security issues and keep your site safe. 
  • Limit User Access – Allow only trusted users to upload or delete files to prevent hackers from exploiting vulnerabilities. 
  • Use Security Plugins – Install tools to block threats, monitor activity, and protect your site. 
  • Backup Your Website – Regularly save backups so you can restore your site if it gets hacked or files are deleted. 

Conclusion: 

A major security issue in a popular WordPress plugin put over 20,000 websites at risk of being taken over by hackers.

Attackers could upload harmful files or delete important ones, making websites vulnerable. This incident shows why keeping plugins updated, limiting user access, and using security tools is crucial. Updating to version 7.19.1 is necessary to stay protected. 

References

Scroll to top