CWE-749
Exposed Dangerous Method or Function
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
CVE-2014-0758 (GCVE-0-2014-0758)
Vulnerability from cvelistv5
Published
2014-02-24 02:00
Modified
2025-08-22 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GENESIS32",
"vendor": "ICONICS",
"versions": [
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.02"
},
{
"status": "affected",
"version": "8.04"
},
{
"status": "affected",
"version": "8.05"
}
]
}
],
"datePublic": "2014-02-20T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.\u003c/p\u003e"
}
],
"value": "An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T23:00:45.832Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-051-01"
}
],
"source": {
"advisory": "ICSA-14-051-01",
"discovery": "UNKNOWN"
},
"title": "ICONICS GENESIS32 Exposed Dangerous Method or Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ICONICS provides information and useful links related to its security patches at its web site at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.iconics.com/certs\"\u003ehttp://www.iconics.com/certs\u003c/a\u003e\u0026nbsp;.\u003cp\u003eICONICS also recommends users of GENESIS32 V8 systems take the following mitigation steps:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse a firewall, place control system networks and devices behind firewalls and isolate them from the business network.\u003c/li\u003e\n\u003cli\u003eDo not click web links or open unsolicited attachments in e-mail messages.\u003c/li\u003e\n\u003cli\u003eInstall the patch.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe ICONICS web site also provides a downloadable whitepaper on\u0026nbsp; security vulnerabilities (registration required for download). The whitepaper on security vulnerabilities contains overview, details and \nmitigation plan for regarding buffer overflow and memory corruption \nvulnerabilities for ICONICS GENESIS32 and GENESIS64 supervisory control \nand data acquisition (SCADA) products.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "ICONICS provides information and useful links related to its security patches at its web site at http://www.iconics.com/certs \u00a0.ICONICS also recommends users of GENESIS32 V8 systems take the following mitigation steps:\n\n\n\n * Use a firewall, place control system networks and devices behind firewalls and isolate them from the business network.\n\n * Do not click web links or open unsolicited attachments in e-mail messages.\n\n * Install the patch.\n\n\n\n\nThe ICONICS web site also provides a downloadable whitepaper on\u00a0 security vulnerabilities (registration required for download). The whitepaper on security vulnerabilities contains overview, details and \nmitigation plan for regarding buffer overflow and memory corruption \nvulnerabilities for ICONICS GENESIS32 and GENESIS64 supervisory control \nand data acquisition (SCADA) products."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0758",
"datePublished": "2014-02-24T02:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-08-22T23:00:45.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5415 (GCVE-0-2014-5415)
Vulnerability from cvelistv5
Published
2016-10-05 10:00
Modified
2025-11-04 23:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Beckhoff | Embedded PC Images |
Version: 0 < October 22, 2014 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93349",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93349"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Embedded PC Images",
"vendor": "Beckhoff",
"versions": [
{
"lessThan": "October 22, 2014",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TwinCAT Components featuring Automation Device Specification (ADS) communication",
"vendor": "Beckhoff",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gregor Bonney from FH Aachen University of Applied Sciences"
}
],
"datePublic": "2016-10-04T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nBeckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.\n\n\u003c/p\u003e"
}
],
"value": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T23:12:23.266Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "93349",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93349"
},
{
"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-001.pdf"
},
{
"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-002.pdf"
},
{
"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-003.pdf"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-16-278-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2016/icsa-16-278-02.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eBeckhoff recommends in their IPC Security Manual \n(\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://download.beckhoff.com/download/Document/ipc/industrial-pc/ipc_security_en.pdf\"\u003ehttps://download.beckhoff.com/download/Document/ipc/industrial-pc/ipc_security_en.pdf\u003c/a\u003e)\n to use network and software firewalls to block all network ports except\n the ones that are needed. Beckhoff also recommends that default \npasswords be changed during commissioning before connecting systems to \nthe network.\u003c/p\u003e\n\u003cp\u003eIn their advisories (Advisory 2014-001: Potential \nmisuse of several administrative services, \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-001.pdf\"\u003ehttps://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-001.pdf\u003c/a\u003e. Advisory 2014-002: ADS communication port allows password bruteforce, \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-002.pdf\"\u003ehttps://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-002.pdf\u003c/a\u003e. Advisory2014-003: Recommendation to change default passwords, \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-003.pdf\"\u003ehttps://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-003.pdf\u003c/a\u003e\u0026nbsp;which were published November \n17, 2014) for these issues, Beckhoff also recommends the following \nmitigation solutions:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate images to build October 22, 2014, or newer, which solve these problems by disabling the services by default.\u003c/li\u003e\n\u003cli\u003eDisable the Windows CE Remote Configuration Tool by deleting the \nsubtree \u201c/remoteadmin.\u201d The configuration of the web server paths can be\n found in the Windows registry at the path \n\u201cHKEY_LOCAL_MACHINE\\COMM\\HTTPD\\VROOTS\\.\u201d\u003c/li\u003e\n\u003cli\u003eDisable startup of CE Remote Display service (cerdisp.exe) with \ndeleting the registry key containing the \u201cCeRDisp.exe\u201d \n[-HKEY_LOCAL_MACHINE\\init\\Launch90].\u003c/li\u003e\n\u003cli\u003eDisable telnet by setting the registry key [HKEY_LOCAL_MACHINE\\Services\\TELNETD\\Flags] to dword: 4\u003c/li\u003e\n\u003cli\u003eRestrict ADS communication to trusted networks only.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "Beckhoff recommends in their IPC Security Manual \n( https://download.beckhoff.com/download/Document/ipc/industrial-pc/ipc_security_en.pdf )\n to use network and software firewalls to block all network ports except\n the ones that are needed. Beckhoff also recommends that default \npasswords be changed during commissioning before connecting systems to \nthe network.\n\n\nIn their advisories (Advisory 2014-001: Potential \nmisuse of several administrative services, \n https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-001.pdf . Advisory 2014-002: ADS communication port allows password bruteforce, \n https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-002.pdf . Advisory2014-003: Recommendation to change default passwords, \n https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-003.pdf \u00a0which were published November \n17, 2014) for these issues, Beckhoff also recommends the following \nmitigation solutions:\n\n\n\n * Update images to build October 22, 2014, or newer, which solve these problems by disabling the services by default.\n\n * Disable the Windows CE Remote Configuration Tool by deleting the \nsubtree \u201c/remoteadmin.\u201d The configuration of the web server paths can be\n found in the Windows registry at the path \n\u201cHKEY_LOCAL_MACHINE\\COMM\\HTTPD\\VROOTS\\.\u201d\n\n * Disable startup of CE Remote Display service (cerdisp.exe) with \ndeleting the registry key containing the \u201cCeRDisp.exe\u201d \n[-HKEY_LOCAL_MACHINE\\init\\Launch90].\n\n * Disable telnet by setting the registry key [HKEY_LOCAL_MACHINE\\Services\\TELNETD\\Flags] to dword: 4\n\n * Restrict ADS communication to trusted networks only."
}
],
"source": {
"advisory": "ICSA-16-278-02",
"discovery": "EXTERNAL"
},
"title": "Beckhoff Embedded PC Images and TwinCAT Components Exposed Dangerous Method or Function",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93349"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5415",
"datePublished": "2016-10-05T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2025-11-04T23:12:23.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-49074 (GCVE-0-2023-49074)
Vulnerability from cvelistv5
Published
2024-04-09 14:12
Modified
2025-11-04 18:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-749 - Exposed Dangerous Method or Function
Summary
A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tp-Link | AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) |
Version: v5.1.0 Build 20220926 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49074",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-15T15:42:34.807142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:54.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:19:33.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1861",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1861"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1861"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "v5.1.0 Build 20220926"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T17:00:11.037Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1861",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1861"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-49074",
"datePublished": "2024-04-09T14:12:48.559Z",
"dateReserved": "2023-11-21T14:38:31.718Z",
"dateUpdated": "2025-11-04T18:19:33.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6863 (GCVE-0-2024-6863)
Vulnerability from cvelistv5
Published
2025-03-20 10:10
Modified
2025-10-15 12:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-749 - Exposed Dangerous Method or Function
Summary
In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacker to encrypt arbitrary files with keys of their choice, making it exceedingly difficult for the target to recover the keys needed for decryption.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| h2oai | h2oai/h2o-3 |
Version: unspecified < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6863",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T17:51:23.913806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:20:48.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "h2oai/h2o-3",
"vendor": "h2oai",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacker to encrypt arbitrary files with keys of their choice, making it exceedingly difficult for the target to recover the keys needed for decryption."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T12:50:34.689Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/10f55937-0cba-4530-897f-2abf30ed5270"
}
],
"source": {
"advisory": "10f55937-0cba-4530-897f-2abf30ed5270",
"discovery": "EXTERNAL"
},
"title": "Encryption of Arbitrary Files with Attacker-Controlled Key in h2oai/h2o-3"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-6863",
"datePublished": "2025-03-20T10:10:30.190Z",
"dateReserved": "2024-07-17T20:44:51.896Z",
"dateUpdated": "2025-10-15T12:50:34.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34114 (GCVE-0-2025-34114)
Vulnerability from cvelistv5
Published
2025-07-25 15:52
Modified
2025-07-28 19:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A client-side security misconfiguration vulnerability exists in OpenBlow whistleblowing platform across multiple versions and default deployments, due to the absence of critical HTTP response headers including Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Resource-Policy. This omission weakens browser-level defenses and exposes users to cross-site scripting (XSS), clickjacking, and referer leakage. Although some instances attempt to enforce CSP via HTML <meta> tags, this method is ineffective, as modern browsers rely on header-based enforcement to reliably block inline scripts and untrusted resources.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Laser Romae s.r.l. | OpenBlow |
Version: * |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34114",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T19:05:46.876018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T19:05:55.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://seclists.org/fulldisclosure/2025/Jul/13"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web Application Layer",
"HTTP Response Header Handler"
],
"product": "OpenBlow",
"vendor": "Laser Romae\u202fs.r.l.",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tifa Lockhart"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A client-side security misconfiguration vulnerability exists in OpenBlow whistleblowing platform across multiple versions and default deployments, due to the absence of critical HTTP response headers including Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Resource-Policy. This omission weakens browser-level defenses and exposes users to cross-site scripting (XSS), clickjacking, and referer leakage. Although some instances attempt to enforce CSP via HTML \u0026lt;meta\u0026gt; tags, this method is ineffective, as modern browsers rely on header-based enforcement to reliably block inline scripts and untrusted resources.\u003cbr\u003e"
}
],
"value": "A client-side security misconfiguration vulnerability exists in OpenBlow whistleblowing platform across multiple versions and default deployments, due to the absence of critical HTTP response headers including Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Resource-Policy. This omission weakens browser-level defenses and exposes users to cross-site scripting (XSS), clickjacking, and referer leakage. Although some instances attempt to enforce CSP via HTML \u003cmeta\u003e tags, this method is ineffective, as modern browsers rely on header-based enforcement to reliably block inline scripts and untrusted resources."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
},
{
"capecId": "CAPEC-35",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
}
]
},
{
"capecId": "CAPEC-77",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-77 Manipulating User-Controlled Variables"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T15:52:56.387Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory",
"exploit"
],
"url": "https://seclists.org/fulldisclosure/2025/Jul/13"
},
{
"tags": [
"product"
],
"url": "https://www.openblow.it"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openblow-missing-critical-security-headers"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenBlow Missing Critical Security Headers",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34114",
"datePublished": "2025-07-25T15:52:56.387Z",
"dateReserved": "2025-04-15T19:15:22.560Z",
"dateUpdated": "2025-07-28T19:05:55.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3698 (GCVE-0-2025-3698)
Vulnerability from cvelistv5
Published
2025-04-16 02:24
Modified
2025-09-09 13:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-749 - Exposed Dangerous Method or Function
Summary
Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information leakage risk.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TECNO | com.transsion.carlcare |
Version: 6.2.7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-3698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T13:29:55.515093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:55:10.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "com.transsion.carlcare",
"vendor": "TECNO",
"versions": [
{
"status": "affected",
"version": "6.2.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eInterface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information leakage risk.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information leakage risk."
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T06:26:44.706Z",
"orgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
"shortName": "TECNOMobile"
},
"references": [
{
"url": "https://security.tecno.com/SRC/blogdetail/410?lang=en_US"
},
{
"url": "https://security.tecno.com/SRC/securityUpdates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
"assignerShortName": "TECNOMobile",
"cveId": "CVE-2025-3698",
"datePublished": "2025-04-16T02:24:23.469Z",
"dateReserved": "2025-04-16T02:06:09.745Z",
"dateUpdated": "2025-09-09T13:55:10.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47353 (GCVE-0-2025-47353)
Vulnerability from cvelistv5
Published
2025-11-04 03:19
Modified
2025-11-04 14:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-749 - Exposed Dangerous Method or Function
Summary
Memory corruption while processing request sent from GVM.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: QAM8255P Version: QAM8650P Version: QAM8775P Version: QAMSRV1H Version: QAMSRV1M Version: QCA6595 Version: QCA6698AQ Version: QCA6797AQ Version: SA7255P Version: SA7775P Version: SA8255P Version: SA8620P Version: SA8650P Version: SA8770P Version: SA8775P Version: SA9000P Version: SRV1H Version: SRV1M |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T04:55:21.244202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T14:45:53.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "QAM8255P"
},
{
"status": "affected",
"version": "QAM8650P"
},
{
"status": "affected",
"version": "QAM8775P"
},
{
"status": "affected",
"version": "QAMSRV1H"
},
{
"status": "affected",
"version": "QAMSRV1M"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA6797AQ"
},
{
"status": "affected",
"version": "SA7255P"
},
{
"status": "affected",
"version": "SA7775P"
},
{
"status": "affected",
"version": "SA8255P"
},
{
"status": "affected",
"version": "SA8620P"
},
{
"status": "affected",
"version": "SA8650P"
},
{
"status": "affected",
"version": "SA8770P"
},
{
"status": "affected",
"version": "SA8775P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "SRV1H"
},
{
"status": "affected",
"version": "SRV1M"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption while processing request sent from GVM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T03:19:16.035Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html"
}
],
"title": "Exposed Dangerous Method or Function in Automotive Software platform based on QNX"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2025-47353",
"datePublished": "2025-11-04T03:19:16.035Z",
"dateReserved": "2025-05-06T08:33:16.264Z",
"dateUpdated": "2025-11-04T14:45:53.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48415 (GCVE-0-2025-48415)
Vulnerability from cvelistv5
Published
2025-05-21 12:13
Modified
2025-11-03 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-749 - Exposed Dangerous Method or Function
Summary
A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor or perform other administrative actions. Ultimately, this backdoor also allows arbitrary execution of OS commands.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| eCharge Hardy Barth | cPH2 / cPP2 charging stations |
Version: <=2.2.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-48415",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T15:34:01.708985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T15:34:08.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:04:49.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/May/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "cPH2 / cPP2 charging stations",
"vendor": "eCharge Hardy Barth",
"versions": [
{
"status": "affected",
"version": "\u003c=2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stefan Viehb\u00f6ck | SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eA USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted \"salia.ini\" files. The .ini file can contain several \"commands\" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor\u0026nbsp; or perform other administrative actions. Ultimately, this backdoor also allows arbitrary execution of OS commands.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted \"salia.ini\" files. The .ini file can contain several \"commands\" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor\u00a0 or perform other administrative actions. Ultimately, this backdoor also allows arbitrary execution of OS commands."
}
],
"impacts": [
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T12:13:14.475Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/echarge"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vendor has not yet released a patch or communicated a timeline for firmware updates.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The vendor has not yet released a patch or communicated a timeline for firmware updates."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Backdoor Functionality via USB Drive in eCharge Hardy Barth cPH2 / cPP2 charging stations",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2025-48415",
"datePublished": "2025-05-21T12:13:14.475Z",
"dateReserved": "2025-05-20T07:34:22.865Z",
"dateUpdated": "2025-11-03T20:04:49.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61907 (GCVE-0-2025-61907)
Vulnerability from cvelistv5
Published
2025-10-16 17:11
Modified
2025-10-16 19:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information that should be hidden from them, including global variables not permitted by the variables permission and objects not permitted by the corresponding objects/query permissions. The vulnerability is fixed in versions 2.15.1, 2.14.7, and 2.13.13.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T18:29:45.437033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T19:23:30.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "icinga2",
"vendor": "Icinga",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.15.0, \u003c 2.15.1"
},
{
"status": "affected",
"version": "\u003e= 2.14.0, \u003c 2.14.7"
},
{
"status": "affected",
"version": "\u003e= 2.4.0, \u003c 2.13.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information that should be hidden from them, including global variables not permitted by the variables permission and objects not permitted by the corresponding objects/query permissions. The vulnerability is fixed in versions 2.15.1, 2.14.7, and 2.13.13."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T17:11:59.338Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Icinga/icinga2/security/advisories/GHSA-gg32-w9rm-vp2v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Icinga/icinga2/security/advisories/GHSA-gg32-w9rm-vp2v"
},
{
"name": "https://github.com/Icinga/icinga2/commit/56255ac7a689b9e198742d2fca6f7459a54c85a3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Icinga/icinga2/commit/56255ac7a689b9e198742d2fca6f7459a54c85a3"
}
],
"source": {
"advisory": "GHSA-gg32-w9rm-vp2v",
"discovery": "UNKNOWN"
},
"title": "Icinga 2 API users could access restricted values in filter expressions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61907",
"datePublished": "2025-10-16T17:11:59.338Z",
"dateReserved": "2025-10-03T22:21:59.613Z",
"dateUpdated": "2025-10-16T19:23:30.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- If you must expose a method, make sure to perform input validation on all arguments, limit access to authorized parties, and protect against all possible vulnerabilities.
Mitigation
Phases: Architecture and Design, Implementation
Strategy: Attack Surface Reduction
Description:
- Identify all exposed functionality. Explicitly list all functionality that must be exposed to some user or set of users. Identify which functionality may be:
- Ensure that the implemented code follows these expectations. This includes setting the appropriate access modifiers where applicable (public, private, protected, etc.) or not marking ActiveX controls safe-for-scripting.
- accessible to all users
- restricted to a small set of privileged users
- prevented from being directly accessible at all
CAPEC-500: WebView Injection
An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.