Security advisory

WordPress Ultimate CSV Importer Flaws Put 20,000+ Sites at Risk

Threat researchers discovered an arbitrary File Upload vulnerability and an Arbitrary File Deletion vulnerability within the WP Ultimate CSV Importer plugin. This is affecting versions 7.19 and earlier.

The vulnerabilities have been addressed in version 7.19.1 of the plugin.

Summary 

OEM WordPress 
Severity High 
CVSS Score 8.8 
CVEs CVE-2025-2008, CVE- 2025-2007 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

The security flaw WordPress plugin, Ultimate CSV Importer, affecting over 20,000 websites. The vulnerabilities, identified as CVE-2025-2008 and CVE-2025-2007, can lead to catastrophic consequences, including complete site compromise. 

Vulnerability Name CVE ID Product Affected Severity CVSS Score 
Arbitrary File Upload  CVE-2025-2008 WordPress  High  8.8 
Arbitrary File Deletion  CVE-2025-2007 WordPress  High  8.1 

Technical Summary 

A critical security vulnerability has been discovered in the WP Ultimate CSV Importer plugin (versions ≤ v7.19). This flaw allows attackers with only Subscriber level access to exploit the system in two dangerous ways: 

  1. Malicious File Upload: Attackers can upload malicious files, potentially enabling remote code execution and granting full control over the affected site. This allows for complete site compromise, including the ability to install backdoors or steal sensitive information. 
  1. Critical File Deletion: Attackers can delete crucial files, such as wp-config.php, which can reset the WordPress site and give attackers the ability to take full control over the site. 
CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-2008  WP Ultimate CSV Importer plugin (versions ≤ 7.19) A critical flaw in the WP Ultimate CSV Importer plugin (≤ v7.19) allows attackers with Subscriber access to upload malicious files due to improper file type validation.
This can lead to remote code execution (RCE) and full site takeover. 
  Remote code execution (RCE) 
 CVE-2025-2007 WP Ultimate CSV Importer plugin (versions ≤ 7.19) A serious flaw in the WP Ultimate CSV Importer plugin (≤ v7.19) allows attackers with Subscriber access to delete critical files, like wp-config.php, due to weak file path validation.
This can reset the site, letting attackers take control. 
 Arbitrary file deletion leading to site reset 

Remediation

Install version 7.19.1 or later to fix the security flaws. Keeping all plugins and WordPress updated helps prevent attacks. 

General Recommendations 

  • Update the Plugin – Install the latest version (7.19.1+) to fix security issues and keep your site safe. 
  • Limit User Access – Allow only trusted users to upload or delete files to prevent hackers from exploiting vulnerabilities. 
  • Use Security Plugins – Install tools to block threats, monitor activity, and protect your site. 
  • Backup Your Website – Regularly save backups so you can restore your site if it gets hacked or files are deleted. 

Conclusion: 

A major security issue in a popular WordPress plugin put over 20,000 websites at risk of being taken over by hackers.

Attackers could upload harmful files or delete important ones, making websites vulnerable. This incident shows why keeping plugins updated, limiting user access, and using security tools is crucial. Updating to version 7.19.1 is necessary to stay protected. 

References

Critical NGINX Ingress Vulnerabilities Expose Kubernetes Clusters to Compromise 

Security Advisory

Summary:

The Kubernetes Ingress NGINX Admission Controller has detected 5 significant security vulnerabilities affecting all versions of the ingress-nginx controller prior to v1.12.1 and v1.11.5. Here are the cve ids CVE-2025-1974, CVE-2025-1098, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.

Maintainer Kubernetes ingress community 
Severity Critical 
CVSS Score 9.8 
No. of Vulnerabilities Patched 05 
Actively Exploited No 
Exploited in Wild No 
Patch Available Yes 
Advisory Version 1.0 

Overview 

Admission Controllers frequently don’t require authentication and essentially function as web servers, introducing an additional internal network-accessible endpoint in the cluster. This architecture allows attackers to access them directly from any pod in the network, significantly increasing the attack surface.

The most critical of these, CVE-2025-1974, allows attackers on the pod network to remotely execute code and gain full control of the cluster without authentication. 

Although there has not been any active exploitation in the wild, this vulnerability poses a serious risk as it could enable attackers to take complete control of a cluster.

The issue was publicly disclosed on March 24, 2025, and security patches have been released. 

Vulnerability Name CVE ID Product Affected Severity CVSS Score 
Admission Controller Remote Code Execution (RCE) Vulnerability  CVE-2025-1974      Ingress NGINX Admission Controller   Critical 9.8 
Configuration Injection via Unsanitized auth-tls-match-cn annotation  CVE-2025-1097 High 8.8 
Configuration Injection via Unsanitized Mirror Annotations  CVE-2025-1098 High 8.8 
Unsanitized auth-URL Injection Vulnerability  CVE-2025-24514 High 8.8 
Auth Secret File Path Traversal Vulnerability  CVE-2025-24513 Medium 4.8 

Technical Summary 

CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-1974         Ingress NGINX Controller v1.12.0 & v1.11.4 and below versions The Validating Admission Controller does not properly check incoming annotations, allowing attackers on the Pod network to inject configurations and potentially execute arbitrary code across the entire cluster.   Full Kubernetes cluster compromise 
  CVE-2025-1097 Improper validation of the auth-tls-match-cn annotation allows malicious annotation values to override controller configurations.  Remote code execution 
  CVE-2025-1098 Unsafe input handling in mirror annotations could result in unauthorized configuration manipulation.  Config injection, security bypass 
  CVE-2025-24514 Unsanitized input from auth-URL annotations can allow malicious URLs to modify ingress-controller behavior.  Remote code execution 
  CVE-2025-24513 A path traversal issue in handling auth secret files could let attackers access sensitive information.   Information disclosure 

Remediation

  • Apply Patches Promptly: Immediately upgrade to ingress-nginx v1.12.1, v1.11.5 or latest versions to mitigate the vulnerabilities. 
  • Temporarily Disable the Validating Admission Controller: It is mandatory to upgrade. If upgrading is not immediately possible, you can temporarily disable the Validating Admission Controller. 

General Recommendations: 

  • Set strict RBAC rules to control who can change ingress and webhook settings. 
  • Disable dynamic admission controllers if they aren’t needed. 
  • Monitor cluster audit logs for unusual ingress creation activities and suspicious annotations. 
  • Conduct security reviews and scans for clusters that have not recently been updated. 
  • Regularly check ingredients for weak or unsafe configurations. 

Conclusion: 

The Kubernetes ingress-nginx vulnerabilities disclosed in March 2025 are among the most severe to date, with CVE-2025-1974 posing a real threat of full cluster compromise. All organizations running affected versions must apply patches or mitigation steps immediately.

The vulnerabilities found are affecting the admission controller component of Ingress NGINX Controller for Kubernetes and highlight the importance of strict configuration validation and access control in Kubernetes environments. 

Security researchers from Wiz found that 43% of cloud environments are vulnerable to these vulnerabilities. They uncovered over 6,500 clusters, including Fortune 500 companies, that publicly expose vulnerable Kubernetes ingress controllers’ admission controllers to the public internet—putting them at immediate critical risk. 

References

Update Google Chrome to Fix Critical Remote Code Execution Vulnerability in Lens 

OEM Google Chrome 
Severity High 
CVSS 8.8 
CVEs CVE-2025-2476 
Exploited in Wild No 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

Google Chrome’s Lens component has been found to have a critical use-after-free vulnerability (CVE-2025-2476) that impacts Linux, Mac, and Windows. 

This vulnerability might compromise user systems by enabling remote attackers to run arbitrary code.  To lessen the danger, Google has issued security patches. 

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
 Use after free Vulnerability  CVE-2025-2476  Google Chrome  High  134.0.6998.117/.118 

Technical Summary 

The vulnerability exists due to a use-after-free (UAF) condition in Chrome’s Lens component. This occurs when a program continues to use memory after it has been freed, potentially leading to arbitrary code execution or system compromise. Attackers can exploit this flaw using specially crafted HTML pages that trigger heap corruption. 

CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-2476   Windows, Mac, Linux   Use-after-free vulnerability in Chrome’s Lens component, leading to heap corruption and potential arbitrary code execution.  Remote code execution 

Remediation

  1. Open Google Chrome. 
  1. Click the three-dot menu in the upper-right corner. 
  1. Navigate to Help > About Google Chrome. 
  1. Allow Chrome to automatically check for and install the latest update. 
  1. Restart the browser to complete the update process. 
  • The update will roll out over the coming days and weeks, However, due to the critical nature of this security issue, users should not rely on automatic updates and should manually confirm they are running the latest version. 

Google has restricted detailed vulnerability information until a majority of users have applied the fix to prevent potential exploitation. 

A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user.

Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts.

Threat Intelligence :

There are currently no reports of the vulnerability being exploited in the wild.

Conclusion: 

The possibility of remote code execution makes CVE-2025-2476 a serious security risk. It is highly recommended that users upgrade their Chrome browsers ASAP.

This vulnerability emphasizes how crucial it is to keep up with security patches on time and to be vigilant about new online threats. 

References: 

Image 

WordPress Age Gate Plugin Critical Vulnerability (CVE-2025-2505) Affects Over 40,000 Websites 

The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the ‘lang’ parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those files.

OEM WordPress 
Severity Critical 
CVSS score 9.8 
CVEs CVE-2025-2505 
Exploited in Wild No 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

A critical vulnerability (CVE-2025-2505) in the Age Gate plugin for WordPress allows unauthenticated Local PHP File Inclusion (LFI), potentially enabling remote code execution. This flaw affects all versions up to 3.5.3 and has been patched in version 3.5.4. Over 40,000 websites are affected by this vulnerability. 

This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
 Improper Limitation of a Pathname to a Restricted Directory  CVE-2025-2505  Age Gate WordPress Plugin  Critical  v3.5.4  

Technical Summary 

The vulnerability exists due to improper limitation of pathname input, leading to an unauthenticated Local PHP File Inclusion (LFI) attack through the lang parameter. This flaw can be exploited by attackers to execute arbitrary PHP files, bypass access controls, and compromise server security. 

CVE ID System Affected Vulnerability Details Impact 
 CVE-2025-2505  WordPress websites using Age Gate Plugin (<=3.5.3)  Local PHP File Inclusion via ‘lang’ parameter allows execution of arbitrary PHP files.  Unauthorized code execution, data exfiltration, privilege escalation, potential full server compromise. 

Remediation

  • Update Age Gate plugin to version 3.5.4 or later as soon as possible. 

Conclusion: 

Attackers can potentially: – Include and execute arbitrary PHP files on the server – Bypass access controls – Obtain sensitive site data – Achieve remote code execution – Compromise the entire WordPress site’s integrity and availability

This vulnerability poses a severe risk to WordPress websites utilizing the Age Gate plugin. Prompt patching and proactive security measures are crucial to mitigating potential attacks.

Users are strongly advised to update to the latest version without delay to protect their websites from unauthorized code execution. 

CVE-2025-2505 affects all versions of the Age Gate plugin for WordPress up to and including version 3.5.3.

References: 

Multiple High-Severity Vulnerabilities Patched in Zoom  

Summary 

Multiple high-severity vulnerabilities have been identified in Zoom applications, including Zoom Workplace, Rooms Controller, Rooms Client, and Meeting SDK, causing exposure of Sensitive Data.

The most critical flaws, patched in Zoom’s March 11, 2025, security bulletin, include CVE-2025-27440 (heap-based buffer overflow), CVE-2025-27439 (buffer underflow), CVE-2025-0151 (use-after-free) CVE-2025-0150 (incorrect behavior order in iOS Workplace Apps).

All rated high severity with CVSS scores ranging from 7.1 to 8.5. 

OEM Zoom 
Severity High 
CVSS 8.5  
CVEs CVE-2025-27440, CVE-2025-27439, CVE-2025-0151,  CVE-2025-0150, CVE-2025-0149 
Publicly POC Available No 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

These vulnerabilities could allow attackers to escalate privileges, execute arbitrary code, or cause denial-of-service (DoS) attacks. Zoom has released patches addressing these issues in version 6.3.0. 

Vulnerability Name CVE ID Product Affected Severity CVSS Score 
Heap-Based Buffer Overflow Vulnerability  CVE-2025-27440  ZOOM High 8.5 
Buffer Underflow Vulnerability  CVE-2025-27439  ZOOM High 8.5 
Use-After-Free Vulnerability CVE-2025-0151 ZOOM High  8.5 
Incorrect Behavior Order Vulnerability CVE-2025-0150 ZOOM High 7.1 
Insufficient Data Verification Vulnerability  CVE-2025-0149 ZOOM Medium 6.5 

Technical Summary 

These vulnerabilities could be exploited to gain unauthorized access, execute arbitrary code, or disrupt services through privilege escalation and memory corruption techniques. Exploitation requires authentication and network access, posing a risk to enterprise users. 

CVE ID System Affected Vulnerability Details Impact 
 CVE-2025-27440  Zoom Workplace Apps ( Windows, macOS, and Linux, as well as mobile apps for iOS and Android.)  Heap-based buffer overflow, allowing attackers to inject malicious code   Privilege Escalation 
 CVE-2025-27439  Zoom Workplace Apps Buffer underflow, leading to unexpected crashes or data leakage   Denial of Service, Data Exposure 
CVE-2025-0151    Zoom Workplace Apps  Use-after-free issue leading to memory corruption and arbitrary code execution   Privilege Escalation 
CVE-2025-0150  Zoom Workplace Apps (iOS) Incorrect behavior order allowing unauthorized access to authentication tokens   Information Disclosure 
CVE-2025-0149 Zoom Workplace Apps  Insufficient verification of data authenticity, allowing malformed network packets to bypass security checks Denial of Service 

Remediation

  • Apply Patches Promptly: Ensure all Zoom applications are updated to version 6.3.0 or later, which includes fixes for 12 vulnerabilities disclosed in March 2025 alone.

Conclusion: 

The recent vulnerabilities in Zoom highlight the ongoing challenges in securing widely used communication platforms. While Zoom has acted swiftly in providing patches, the recurrence of memory corruption and input validation flaws suggests architectural challenges.

Organizations should maintain a proactive security stance, ensuring timely updates and implementing stringent controls to safeguard sensitive data. 

Organizations must treat Zoom not as a neutral utility but as a high-risk vector requiring stringent controls.

References

PoC Released for High-Severity Linux Kernel UVC Driver Vulnerability

OEMLinux
SeverityHIGH
CVSS7.8
CVEsCVE-2024-53104
Actively ExploitedYes
Publicly POC AvailableYes
Patch/Remediation AvailableYes
Advisory Version1.0

Overview

CVE-2024-53104 is a high-severity out-of-bounds write vulnerability in the Linux kernel’s USB Video Class (UVC) driver, leading to privilege escalation. The issue affects Linux kernel versions 2.6.26 and later. The vulnerability has gained renewed attention as a proof-of-concept (PoC) exploit has now been publicly released, increasing the risk of exploitation. A patch has been released to address this vulnerability, but unpatched systems remain at high risk.

Vulnerability NameCVE IDProduct AffectedSeverity
  out-of-bounds write vulnerability  CVE-2024-53104  Linux Kernel    High

Technical Summary

The vulnerability exists in the uvc_parse_format function of the UVC driver (uvc_driver.c). It arises due to improper parsing of UVC_VS_UNDEFINED frames, leading to incorrect buffer allocation and out-of-bounds writes.

An attacker could exploit this flaw by inserting a malicious USB device or manipulating video streams, potentially leading to memory corruption, privilege escalation, or arbitrary code execution.

CVE IDSystem AffectedVulnerability DetailsImpact
  CVE-2024-53104    Linux Kernel (2.6.26 and later)  Incorrect parsing of UVC_VS_UNDEFINED frames in uvc_parse_format, leading to miscalculated buffer sizes and memory corruption.    Privilege escalation, system instability, arbitrary code execution  

Remediation:

  • Apply Security Patches: Ensure that the latest security patches provided by the Linux distribution maintainers are promptly applied to mitigate vulnerability.

Recommendations

  • Implement USB Device Control Policies: Organizations should establish and enforce USB device control policies to prevent unauthorized usage and ensure only approved devices can be connected.
  • Deploy Log Monitoring and Analysis Tools: Implement security monitoring tools to continuously monitor logs for potential security incidents, such as exploitation attempts or suspicious activity.

Conclusion:

CVE-2024-53104 is a major vulnerability that poses a substantial risk to Linux systems since it allows for privilege escalation and arbitrary code execution. Users and administrators are strongly urged to apply the latest security patches to mitigate the risk of exploitation. Additionally, implementing a multi-layered security approach can further enhance system protection.

The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) list, emphasizing the need for immediate remediation.

CISA has ordered federal agencies to secure their systems within three weeks against a high-severity Linux kernel flaw actively exploited in attacks.

References:

Critical Security Flaw in Kibana Requires Immediate Attention 

Kibana is a robust tool for data visualization and exploration that can be used to search, examine, and track data that is stored in Elasticsearch. A vital part of many organizations’ data analysis procedures, it offers real-time insights through interactive dashboards. 

Elastic released security updates to address a critical vulnerability, tracked as CVE-2025-25012 (CVSS score of 9.9), impacting the Kibana data visualization dashboard software for Elasticsearch.

OEM Elastic 
Severity Critical 
CVSS 9.9 
CVEs CVE-2025-25012 
Exploited in Wild No 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

A critical security vulnerability (CVE-2025-25012) has been identified in Kibana, affecting versions 8.15.0 to 8.17.2. The flaw allows attackers to execute arbitrary code, potentially compromising affected systems. Elastic has released a patch in Kibana version 8.17.3to address this issue, and users are strongly advised to update immediately. 

Vulnerability Name CVE ID Product Affected Severity 
 Arbitrary code execution Vulnerability  CVE-2025-25012  Elastic  Critical 

Technical Summary 

This vulnerability arises from improper handling of JavaScript object prototypes in Kibana’s file upload and HTTP request processing functionalities.

Attackers can exploit this flaw to inject malicious payloads, modify application behavior, and execute arbitrary code. The vulnerability is classified under CWE-1321 (Improper Control of Prototype-Based Attribute Modifications) and aligns with the MITRE ATT&CK framework under tactic T1059 (Command and Scripting Interpreter). 

Affected Versions and Exploitation Conditions: 

  • Kibana 8.15.0 – 8.17.0: Exploitable by users with the Viewer role. 
  • Kibana 8.17.1 – 8.17.2: Requires privileges fleet-all, integrations-all, and actions:execute-advanced-connectors. 
CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-25012   Kibana 8.15.0 – 8.17.2   Prototype pollution via crafted file uploads and HTTP requests, allowing manipulation of JavaScript object properties and security controls.  Remote Code Execution, Unauthorized Data Access, Lateral Movement  

Remediation

  • Upgrade: Elastic has released a security patch to address the issue. It is highly recommended to upgrade to Kibana 8.17.3 or a later version 
  • Temporary Mitigation: If upgrading is not feasible in the short term, apply the following measure to reduce risk: 
  • Disable the Integration Assistant feature by setting xpack.integration_assistant.enabled: false in kibana.yml. 

Conclusion: 

Organizations utilizing Kibana should take urgent action to patch CVE-2025-25012 by upgrading to version 8.17.3.

The vulnerability is highly severe, particularly for environments using Kibana for security monitoring, as attackers could exploit this flaw to disable alerts and manipulate detection pipelines. If patching is not immediately possible, temporary mitigations should be applied to reduce the risk of exploitation. Ensuring real-time vulnerability monitoring and implementing strict access controls are also recommended to safeguard against similar threats in the future. 

References: 

Image 

Decade-Old Threat: CVE-2018-8639 Still Poses Risks to Unpatched Windows Systems 

CVE-2018-8639 is a privilege escalation flaw in the Win32k component of Microsoft Windows that lets attackers run any code in kernel mode. This vulnerability, which was first fixed by Microsoft in December 2018, still poses a risk to unpatched computers.

OEM Microsoft 
Severity High 
CVSS 7.8 
CVEs CVE-2018-8639 
Exploited in Wild Yes 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview on Vulnerability

The vulnerability gives hackers the ability to install persistent malware, get around security measures, and alter system operations covertly. The Cybersecurity and Infrastructure Security Agency (CISA) has included this vulnerability in its Known Exploited Vulnerabilities (KEV) catalog, further highlighting its ongoing threat. 

Vulnerability Name CVE ID Product Affected Severity 
 Privilege Escalation Vulnerability  CVE-2018-8639  Windows  High 

Technical Summary 

The vulnerability exists within the Win32k.sys driver, which handles graphical user interface (GUI) interactions.

Designated as CWE-404: Improper Resource Shutdown or Release, the flaw enables authenticated local attackers to improperly release system resources, leading to privilege escalation. Exploiting this vulnerability grants kernel-mode execution rights, allowing attackers to bypass security mechanisms, install persistent malware, and manipulate system functions without detection. 

CVE ID System Affected Vulnerability Details Impact 
CVE-2018-8639 Windows 7, 8.1, 10, RT 8.1, Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019  Improper Resource Shutdown or Release in Win32k.sys driver, enabling privilege escalation. System compromise, unauthorized access, potential malware persistence 

Remediation

  • Organizations and individuals must apply Microsoft’s security updates released in December 2018 (KB4483235) to mitigate the risk. 
  • Additionally, it is essential to apply all available updates from Windows to ensure comprehensive protection against known vulnerabilities.  

General Recommendations: 

  • Implement network segmentation to isolate critical assets and minimize the impact of potential security breaches. 
  • Adopting the principle of least privilege (PoLP) to limit user access. 
  • Continuous monitoring of anomalous kernel-mode activities. 

Conclusion: 

Unpatched Windows systems are particularly vulnerable, especially in industrial control systems (ICS) and healthcare facilities where obsolete software is ubiquitous. While Microsoft has fixed the issue, firms that rely on legacy systems must implement additional security measures. Cyber adversaries are always refining their exploitation techniques, making proactive security strategies critical to reducing risk. 

References: 

  • https://nvd.nist.gov/vuln/detail/cve-2018-8639  
  • https://github.com/ze0r/CVE-2018-8639-exp 

Scroll to top