CWE-704
Incorrect Type Conversion or Cast
The product does not correctly convert an object, resource, or structure from one type to a different type.
CVE-2025-20072 (GCVE-0-2025-20072)
Vulnerability from cvelistv5 – Published: 2025-01-16 17:51 – Updated: 2025-01-16 19:01
VLAI
Title
Mobile crash via improper validation of proto style in attachments
Summary
Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-704 - Incorrect Type Conversion or Cast
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
0 , ≤ 2.22.0
(semver)
Unaffected: 2.23.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T19:01:16.322892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T19:01:25.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "2.22.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2.23.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "c0rydoras"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost Mobile versions \u0026lt;= 2.22.0 fail to properly validate the style of proto supplied to an action\u0027s style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Mattermost Mobile versions \u003c= 2.22.0 fail to properly validate the style of proto supplied to an action\u0027s style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704: Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T17:51:38.173Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost to versions 10.3.0, 2.23.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost to versions 10.3.0, 2.23.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher."
}
],
"source": {
"advisory": "MMSA-2024-00402",
"defect": [
"https://mattermost.atlassian.net/browse/MM-61709"
],
"discovery": "EXTERNAL"
},
"title": "Mobile crash via improper validation of proto style in attachments",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-20072",
"datePublished": "2025-01-16T17:51:38.173Z",
"dateReserved": "2025-01-15T15:30:33.457Z",
"dateUpdated": "2025-01-16T19:01:25.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21088 (GCVE-0-2025-21088)
Vulnerability from cvelistv5 – Published: 2025-01-15 15:51 – Updated: 2025-01-15 16:20
VLAI
Title
WebApp crash via improper validation of proto style in attachments
Summary
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-704 - Incorrect Type Conversion or Cast
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.2.0
Affected: 9.11.0 , ≤ 9.11.5 (semver) Affected: 10.0.0 , ≤ 10.0.3 (semver) Affected: 10.1.0 , ≤ 10.1.3 (semver) Unaffected: 10.3.0 Unaffected: 10.2.1 Unaffected: 9.11.6 Unaffected: 10.0.4 Unaffected: 10.1.4 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T16:19:00.477273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T16:20:11.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"status": "affected",
"version": "10.2.0"
},
{
"lessThanOrEqual": "9.11.5",
"status": "affected",
"version": "9.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.3",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.3",
"status": "affected",
"version": "10.1.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.3.0"
},
{
"status": "unaffected",
"version": "10.2.1"
},
{
"status": "unaffected",
"version": "9.11.6"
},
{
"status": "unaffected",
"version": "10.0.4"
},
{
"status": "unaffected",
"version": "10.1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "c0rydoras"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost versions 10.2.x \u0026lt;= 10.2.0, 9.11.x \u0026lt;= 9.11.5, 10.0.x \u0026lt;= 10.0.3, 10.1.x \u0026lt;= 10.1.3 fail to properly validate the style of proto supplied to an action\u0027s style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Mattermost versions 10.2.x \u003c= 10.2.0, 9.11.x \u003c= 9.11.5, 10.0.x \u003c= 10.0.3, 10.1.x \u003c= 10.1.3 fail to properly validate the style of proto supplied to an action\u0027s style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704: Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T15:51:49.474Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost to versions 10.3.0, 2.23.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost to versions 10.3.0, 2.23.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher."
}
],
"source": {
"advisory": "MMSA-2024-00402",
"defect": [
"https://mattermost.atlassian.net/browse/MM-61709"
],
"discovery": "EXTERNAL"
},
"title": "WebApp crash via improper validation of proto style in attachments",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-21088",
"datePublished": "2025-01-15T15:51:49.474Z",
"dateReserved": "2025-01-15T15:30:33.435Z",
"dateUpdated": "2025-01-15T16:20:11.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40539 (GCVE-0-2025-40539)
Vulnerability from cvelistv5 – Published: 2026-02-24 07:40 – Updated: 2026-02-26 14:44
VLAI
Title
SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability
Summary
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-704 - Incorrect Type Conversion or Cast
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SolarWinds | Serv-U |
Affected:
SolarWinds Serv-U 15.5.3 and prior versions
|
Date Public
2026-02-24 07:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40539",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T04:55:28.924499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:09.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux"
],
"product": "Serv-U",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "SolarWinds Serv-U 15.5.3 and prior versions"
}
]
}
],
"datePublic": "2026-02-24T07:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account.\u003cbr\u003e\u003cbr\u003eThis issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account.\n\nThis issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704 Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T07:40:46.244Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40539"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends that customers upgrade to SolarWinds Serv-U 15.5.4 as soon as it becomes available.\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Serv-U 15.5.4 as soon as it becomes available."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-40539",
"datePublished": "2026-02-24T07:40:46.244Z",
"dateReserved": "2025-04-16T08:00:57.647Z",
"dateUpdated": "2026-02-26T14:44:09.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40540 (GCVE-0-2025-40540)
Vulnerability from cvelistv5 – Published: 2026-02-24 07:41 – Updated: 2026-02-26 14:44
VLAI
Title
SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability
Summary
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-704 - Incorrect Type Conversion or Cast
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SolarWinds | Serv-U |
Affected:
SolarWinds Serv-U 15.5.3 and prior versions
|
Date Public
2026-02-24 07:50
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T04:55:27.447736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:09.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux"
],
"product": "Serv-U",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "SolarWinds Serv-U 15.5.3 and prior versions"
}
]
}
],
"datePublic": "2026-02-24T07:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account.\u003cbr\u003e\u003cbr\u003eThis issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account.\n\nThis issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704 Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T07:41:17.517Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40540"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends that customers upgrade to SolarWinds Serv-U 15.5.4 as soon as it becomes available.\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Serv-U 15.5.4 as soon as it becomes available."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-40540",
"datePublished": "2026-02-24T07:41:17.517Z",
"dateReserved": "2025-04-16T08:00:57.647Z",
"dateUpdated": "2026-02-26T14:44:09.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40541 (GCVE-0-2025-40541)
Vulnerability from cvelistv5 – Published: 2026-02-24 07:41 – Updated: 2026-02-26 14:44
VLAI
Title
SolarWinds Serv-U Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerability
Summary
An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-704 - Incorrect Type Conversion or Cast
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SolarWinds | Serv-U |
Affected:
SolarWinds Serv-U 15.5.3 and prior versions
|
Date Public
2026-02-23 07:54
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T04:55:25.783559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:09.404Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux"
],
"product": "Serv-U",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "SolarWinds Serv-U 15.5.3 and prior versions"
}
]
}
],
"datePublic": "2026-02-23T07:54:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account.\u003cbr\u003e\u003cbr\u003eThis issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account.\n\nThis issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704 Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T07:41:49.921Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40541"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-4_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends that customers upgrade to SolarWinds Serv-U 15.5.4 as soon as it becomes available.\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Serv-U 15.5.4 as soon as it becomes available."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Serv-U Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-40541",
"datePublished": "2026-02-24T07:41:49.921Z",
"dateReserved": "2025-04-16T08:00:57.647Z",
"dateUpdated": "2026-02-26T14:44:09.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41646 (GCVE-0-2025-41646)
Vulnerability from cvelistv5 – Published: 2025-06-06 14:42 – Updated: 2025-06-06 15:06
VLAI
Title
RevPi Webstatus application is vulnerable to an authentication bypass
Summary
An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-704 - Incorrect Type Conversion or Cast
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.kunbus.com/en/productsecurity/Kunbus-… | vendor-advisory |
| https://psirt.kunbus.com/.well-known/csaf/white/2… | vendor-advisoryx_csaf |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kunbus | Revolution Pi webstatus |
Affected:
0.0.0 , ≤ 2.4.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-06T15:05:56.484231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T15:06:11.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Revolution Pi webstatus",
"vendor": "Kunbus",
"versions": [
{
"lessThanOrEqual": "2.4.5",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ajay Anto"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device"
}
],
"value": "An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704 Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T14:42:31.249Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.kunbus.com/en/productsecurity/Kunbus-2025-0000003"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://psirt.kunbus.com/.well-known/csaf/white/2025/kunbus-2025-0000003.json"
}
],
"source": {
"defect": [
"CERT@VDE#641782"
],
"discovery": "EXTERNAL"
},
"title": "RevPi Webstatus application is vulnerable to an authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41646",
"datePublished": "2025-06-06T14:42:31.249Z",
"dateReserved": "2025-04-16T11:17:48.305Z",
"dateUpdated": "2025-06-06T15:06:11.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41648 (GCVE-0-2025-41648)
Vulnerability from cvelistv5 – Published: 2025-07-01 08:10 – Updated: 2025-07-02 13:24
VLAI
Title
Pilz: Authentication Bypass in IndustrialPI Webstatus
Summary
An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-704 - Incorrect Type Conversion or Cast
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pilz | IndustrialPI 4 with IndustrialPI webstatus |
Affected:
0 , < 2.4.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T13:44:04.614032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T13:24:37.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IndustrialPI 4 with IndustrialPI webstatus",
"vendor": "Pilz",
"versions": [
{
"lessThan": "2.4.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704 Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T08:10:24.679Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-039"
}
],
"source": {
"advisory": "VDE-2025-039",
"defect": [
"CERT@VDE#641779"
],
"discovery": "UNKNOWN"
},
"title": "Pilz: Authentication Bypass in IndustrialPI Webstatus",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41648",
"datePublished": "2025-07-01T08:10:24.679Z",
"dateReserved": "2025-04-16T11:17:48.305Z",
"dateUpdated": "2025-07-02T13:24:37.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54429 (GCVE-0-2025-54429)
Vulnerability from cvelistv5 – Published: 2025-07-28 20:34 – Updated: 2025-07-28 20:46
VLAI
Title
Polkadot Frontier's constructing smart contract can bypass precompile address bounding
Summary
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for safety. For precompiles to be callable by smart contracts they must be explicitly configured as CallableByContract. If this configuration is absent, then the precompile should be unreachable via smart contract accounts. In commits prior to 0822030, the underlying implementation of CallableByContract which returned the AddressType was incorrect. It considered the contract address running under CREATE or CREATE2 to be AddressType::EOA rather than correctly as AddressType::Contract. The issue only affects users who use custom precompile implementations that utilize AddressType::EOA and AddressType::Contract. It's not directly exploitable in any of the predefined precompiles in Frontier. This is fixed in version 0822030.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-704 - Incorrect Type Conversion or Cast
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/polkadot-evm/frontier/security… | x_refsource_CONFIRM |
| https://github.com/polkadot-evm/frontier/pull/1655 | x_refsource_MISC |
| https://dotpal.io/assets/files/frontier-srlabs-25… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| polkadot-evm | frontier |
Affected:
< 0822030
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T20:46:45.907352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:46:59.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "frontier",
"vendor": "polkadot-evm",
"versions": [
{
"status": "affected",
"version": "\u003c 0822030"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for safety. For precompiles to be callable by smart contracts they must be explicitly configured as CallableByContract. If this configuration is absent, then the precompile should be unreachable via smart contract accounts. In commits prior to 0822030, the underlying implementation of CallableByContract which returned the AddressType was incorrect. It considered the contract address running under CREATE or CREATE2 to be AddressType::EOA rather than correctly as AddressType::Contract. The issue only affects users who use custom precompile implementations that utilize AddressType::EOA and AddressType::Contract. It\u0027s not directly exploitable in any of the predefined precompiles in Frontier. This is fixed in version 0822030."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704: Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:34:56.710Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/polkadot-evm/frontier/security/advisories/GHSA-fr62-ppwc-mc2h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/polkadot-evm/frontier/security/advisories/GHSA-fr62-ppwc-mc2h"
},
{
"name": "https://github.com/polkadot-evm/frontier/pull/1655",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/polkadot-evm/frontier/pull/1655"
},
{
"name": "https://dotpal.io/assets/files/frontier-srlabs-2505-718c3bfa5df9fed1862fed05de506859.pdf",
"tags": [
"x_refsource_MISC"
],
"url": "https://dotpal.io/assets/files/frontier-srlabs-2505-718c3bfa5df9fed1862fed05de506859.pdf"
}
],
"source": {
"advisory": "GHSA-fr62-ppwc-mc2h",
"discovery": "UNKNOWN"
},
"title": "Polkadot Frontier\u0027s constructing smart contract can bypass precompile address bounding"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54429",
"datePublished": "2025-07-28T20:34:56.710Z",
"dateReserved": "2025-07-21T23:18:10.282Z",
"dateUpdated": "2025-07-28T20:46:59.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62494 (GCVE-0-2025-62494)
Vulnerability from cvelistv5 – Published: 2025-10-16 15:51 – Updated: 2025-10-16 17:46
VLAI
Title
Type confusion in string addition in QuickJS
Summary
A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine.
* The code first checks if the left-hand operand is a string.
* It then attempts to convert the right-hand operand to a primitive value using JS_ToPrimitiveFree. This conversion can trigger a callback (e.g., toString or valueOf).
* During this callback, an attacker can modify the type of the left-hand operand in memory, changing it from a string to a different type (e.g., an object or an array).
* The code then proceeds to call JS_ConcatStringInPlace, which still treats the modified left-hand value as a string.
This mismatch between the assumed type (string) and the actual type allows an attacker to control the data structure being processed by the concatenation logic, resulting in a type confusion condition. This can lead to out-of-bounds memory access, potentially resulting in memory corruption and arbitrary code execution in the context of the QuickJS runtime.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-704 - Incorrect Type Conversion or Cast
Assigner
References
2 references
Impacted products
Date Public
2025-07-24 22:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62494",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T17:46:18.542287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T17:46:39.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://bellard.org/quickjs/",
"defaultStatus": "unaffected",
"packageName": "JS_ConcatStringInPlace",
"product": "QuickJS",
"vendor": "QuickJS",
"versions": [
{
"lessThan": "2025-09-13",
"status": "affected",
"version": "2025-04-26",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Google Big Sleep"
}
],
"datePublic": "2025-07-24T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA type confusion vulnerability exists in the handling of the \u003cb\u003estring addition (\u003ccode\u003e+\u003c/code\u003e) operation\u003c/b\u003e within the QuickJS engine.\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003eThe code first checks if the \u003cb\u003eleft-hand operand\u003c/b\u003e is a \u003cb\u003estring\u003c/b\u003e.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eIt then attempts to convert the \u003cb\u003eright-hand operand\u003c/b\u003e to a primitive value using \u003ccode\u003eJS_ToPrimitiveFree\u003c/code\u003e. This conversion can trigger a \u003cb\u003ecallback\u003c/b\u003e (e.g., \u003ccode\u003etoString\u003c/code\u003e or \u003ccode\u003evalueOf\u003c/code\u003e).\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eDuring this callback, an attacker can modify the \u003cb\u003etype\u003c/b\u003e of the \u003cb\u003eleft-hand operand\u003c/b\u003e in memory, changing it from a string to a different type (e.g., an object or an array).\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eThe code then proceeds to call \u003ccode\u003eJS_ConcatStringInPlace\u003c/code\u003e, which still treats the modified left-hand value as a string.\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThis mismatch between the assumed type (string) and the actual type allows an attacker to control the data structure being processed by the concatenation logic, resulting in a \u003cb\u003etype confusion condition\u003c/b\u003e. This can lead to out-of-bounds memory access, potentially resulting in \u003cb\u003ememory corruption\u003c/b\u003e and \u003cb\u003earbitrary code execution\u003c/b\u003e in the context of the QuickJS runtime.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine.\n\n * The code first checks if the left-hand operand is a string.\n\n\n * It then attempts to convert the right-hand operand to a primitive value using JS_ToPrimitiveFree. This conversion can trigger a callback (e.g., toString or valueOf).\n\n\n * During this callback, an attacker can modify the type of the left-hand operand in memory, changing it from a string to a different type (e.g., an object or an array).\n\n\n * The code then proceeds to call JS_ConcatStringInPlace, which still treats the modified left-hand value as a string.\n\n\nThis mismatch between the assumed type (string) and the actual type allows an attacker to control the data structure being processed by the concatenation logic, resulting in a type confusion condition. This can lead to out-of-bounds memory access, potentially resulting in memory corruption and arbitrary code execution in the context of the QuickJS runtime."
}
],
"impacts": [
{
"capecId": "CAPEC-175",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-175 Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704 Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T15:51:50.977Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://bellard.org/quickjs/Changelog"
},
{
"url": "https://issuetracker.google.com/434193023"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Type confusion in string addition in QuickJS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-62494",
"datePublished": "2025-10-16T15:51:50.977Z",
"dateReserved": "2025-10-15T08:47:41.878Z",
"dateUpdated": "2025-10-16T17:46:39.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-21673 (GCVE-0-2026-21673)
Vulnerability from cvelistv5 – Published: 2026-01-06 01:32 – Updated: 2026-01-06 19:00
VLAI
Title
iccDEV has Integer Overflow/Underflow in CIccXmlArrayType::ParseTextCountNum()
Summary
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum(). This vulnerability affects users of the iccDEV library who process ICC color profiles. This issue is fixed in version 2.3.1.1.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/InternationalColorConsortium/i… | x_refsource_CONFIRM |
| https://github.com/InternationalColorConsortium/i… | x_refsource_MISC |
| https://github.com/InternationalColorConsortium/i… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| InternationalColorConsortium | iccDEV |
Affected:
< 2.3.1.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T14:23:27.724347Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T19:00:53.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iccDEV",
"vendor": "InternationalColorConsortium",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum(). This vulnerability affects users of the iccDEV library who process ICC color profiles. This issue is fixed in version 2.3.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-681",
"description": "CWE-681: Incorrect Conversion between Numeric Types",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704: Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T01:32:21.632Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-g66g-f82c-vgm6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-g66g-f82c-vgm6"
},
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/issues/243",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/issues/243"
},
{
"name": "https://github.com/InternationalColorConsortium/iccDEV/commit/32740802ee14418bd14c429d7e2f142d92cd5c4f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternationalColorConsortium/iccDEV/commit/32740802ee14418bd14c429d7e2f142d92cd5c4f"
}
],
"source": {
"advisory": "GHSA-g66g-f82c-vgm6",
"discovery": "UNKNOWN"
},
"title": "iccDEV has Integer Overflow/Underflow in CIccXmlArrayType::ParseTextCountNum()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21673",
"datePublished": "2026-01-06T01:32:21.632Z",
"dateReserved": "2026-01-02T18:45:27.394Z",
"dateUpdated": "2026-01-06T19:00:53.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.