CVE-2023-42917 (GCVE-0-2023-42917)
Vulnerability from
Published
2023-11-30 22:18
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Summary
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214033"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214032"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214031"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214033"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/05/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214034"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5575"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/8"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/12"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-04"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214062"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jan/35"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42917",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-02T05:00:19.060611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-12-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:31.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-04T00:00:00+00:00",
"value": "CVE-2023-42917 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T09:05:54.874Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT214033"
},
{
"url": "https://support.apple.com/en-us/HT214032"
},
{
"url": "https://support.apple.com/en-us/HT214031"
},
{
"url": "https://support.apple.com/kb/HT214033"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/05/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/"
},
{
"url": "https://support.apple.com/kb/HT214034"
},
{
"url": "https://www.debian.org/security/2023/dsa-5575"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/3"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/4"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/5"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/8"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/13"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Dec/12"
},
{
"url": "https://security.gentoo.org/glsa/202401-04"
},
{
"url": "https://support.apple.com/kb/HT214062"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/35"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-42917",
"datePublished": "2023-11-30T22:18:50.340Z",
"dateReserved": "2023-09-14T19:05:11.463Z",
"dateUpdated": "2025-10-21T23:05:31.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48618 (GCVE-0-2022-48618)
Vulnerability from
Published
2024-01-09 17:58
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ipados:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipados",
"vendor": "apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvos",
"vendor": "apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "13.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:apple:watchos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "watchos",
"vendor": "apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48618",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T20:18:07.414311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-01-31",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-48618"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:29.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-48618"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-31T00:00:00+00:00",
"value": "CVE-2022-48618 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213535"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213532"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213530"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "9.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T17:58:59.097Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213535"
},
{
"url": "https://support.apple.com/en-us/HT213532"
},
{
"url": "https://support.apple.com/en-us/HT213530"
},
{
"url": "https://support.apple.com/en-us/HT213536"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2022-48618",
"datePublished": "2024-01-09T17:58:59.097Z",
"dateReserved": "2024-01-05T23:19:09.977Z",
"dateUpdated": "2025-10-21T23:05:29.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43281 (GCVE-0-2025-43281)
Vulnerability from
Published
2025-10-15 20:00
Modified
2025-10-17 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- A local attacker may be able to elevate their privileges
Summary
The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia 15.6. A local attacker may be able to elevate their privileges.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T03:55:32.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia 15.6. A local attacker may be able to elevate their privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A local attacker may be able to elevate their privileges",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T20:00:47.073Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/124149"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43281",
"datePublished": "2025-10-15T20:00:47.073Z",
"dateReserved": "2025-04-16T15:24:37.101Z",
"dateUpdated": "2025-10-17T03:55:32.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54658 (GCVE-0-2025-54658)
Vulnerability from
Published
2025-10-16 13:55
Modified
2025-10-16 14:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Escalation of privilege
Summary
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1 through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated attacker to escalate their privilege to Root via sending a crafted request to a local listening port.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiDLP |
Version: 11.5.1 Version: 11.4.2 ≤ 11.4.6 Version: 11.3.2 ≤ 11.3.4 Version: 11.2.3 Version: 11.2.0 Version: 11.1.1 ≤ 11.1.2 Version: 11.0.1 Version: 10.5.1 Version: 10.4.0 Version: 10.3.1 cpe:2.3:a:fortinet:fortidlp:11.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.3.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:10.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:10.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:10.3.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T14:41:21.620546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:41:32.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortidlp:11.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:10.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:10.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:10.3.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiDLP",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "11.5.1"
},
{
"lessThanOrEqual": "11.4.6",
"status": "affected",
"version": "11.4.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.3.4",
"status": "affected",
"version": "11.3.2",
"versionType": "semver"
},
{
"status": "affected",
"version": "11.2.3"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"lessThanOrEqual": "11.1.2",
"status": "affected",
"version": "11.1.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "10.5.1"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability [CWE-22] in Fortinet FortiDLP Agent\u0027s Outlookproxy plugin for MacOS 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1 through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated attacker to escalate their privilege to Root via sending a crafted request to a local listening port."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:55:28.898Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-628",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-628"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiDLP version 12.0.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-54658",
"datePublished": "2025-10-16T13:55:28.898Z",
"dateReserved": "2025-07-28T09:23:38.062Z",
"dateUpdated": "2025-10-16T14:41:32.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53950 (GCVE-0-2025-53950)
Vulnerability from
Published
2025-10-16 14:00
Modified
2025-10-16 14:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-359 - Information disclosure
Summary
An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated administrator to collect current user's email information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiDLP |
Version: 11.5.1 Version: 11.4.2 ≤ 11.4.6 Version: 11.3.2 ≤ 11.3.4 Version: 11.2.3 Version: 11.2.0 Version: 11.1.1 ≤ 11.1.2 Version: 11.0.1 Version: 10.5.1 Version: 10.4.0 Version: 10.3.1 cpe:2.3:a:fortinet:fortidlp:11.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.3.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:10.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:10.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:10.3.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T14:22:49.612036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:22:55.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortidlp:11.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:10.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:10.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:10.3.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiDLP",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "11.5.1"
},
{
"lessThanOrEqual": "11.4.6",
"status": "affected",
"version": "11.4.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.3.4",
"status": "affected",
"version": "11.3.2",
"versionType": "semver"
},
{
"status": "affected",
"version": "11.2.3"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"lessThanOrEqual": "11.1.2",
"status": "affected",
"version": "11.1.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "10.5.1"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Exposure of Private Personal Information (\u0027Privacy Violation\u0027) vulnerability [CWE-359] in Fortinet FortiDLP Agent\u0027s Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated administrator to collect current user\u0027s email information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:00:05.329Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-639",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-639"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiDLP version 12.0.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-53950",
"datePublished": "2025-10-16T14:00:05.329Z",
"dateReserved": "2025-07-15T09:52:08.702Z",
"dateUpdated": "2025-10-16T14:22:55.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54284 (GCVE-0-2025-54284)
Vulnerability from
Published
2025-10-14 19:28
Modified
2025-10-16 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Illustrator |
Version: 0 ≤ 28.7.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T03:56:13.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Illustrator",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "28.7.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-10-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:28:25.502Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/illustrator/apsb25-102.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Illustrator | Out-of-bounds Write (CWE-787)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-54284",
"datePublished": "2025-10-14T19:28:25.502Z",
"dateReserved": "2025-07-17T21:15:02.469Z",
"dateUpdated": "2025-10-16T03:56:13.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54283 (GCVE-0-2025-54283)
Vulnerability from
Published
2025-10-14 19:28
Modified
2025-10-16 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Illustrator |
Version: 0 ≤ 28.7.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T03:56:12.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Illustrator",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "28.7.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-10-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:28:26.553Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/illustrator/apsb25-102.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Illustrator | Out-of-bounds Write (CWE-787)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-54283",
"datePublished": "2025-10-14T19:28:26.553Z",
"dateReserved": "2025-07-17T21:15:02.468Z",
"dateUpdated": "2025-10-16T03:56:12.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-61801 (GCVE-0-2025-61801)
Vulnerability from
Published
2025-10-14 19:34
Modified
2025-10-16 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free ()
Summary
Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T03:56:11.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Dimension",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "4.1.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-10-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:34:14.023Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/dimension/apsb25-103.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Dimension | Use After Free (CWE-416)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-61801",
"datePublished": "2025-10-14T19:34:14.023Z",
"dateReserved": "2025-10-01T17:52:06.975Z",
"dateUpdated": "2025-10-16T03:56:11.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-61800 (GCVE-0-2025-61800)
Vulnerability from
Published
2025-10-14 19:34
Modified
2025-10-16 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound ()
Summary
Dimension versions 4.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T03:56:10.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Dimension",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "4.1.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-10-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dimension versions 4.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow or Wraparound (CWE-190)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:34:14.782Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/dimension/apsb25-103.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Dimension | Integer Overflow or Wraparound (CWE-190)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-61800",
"datePublished": "2025-10-14T19:34:14.782Z",
"dateReserved": "2025-10-01T17:52:06.975Z",
"dateUpdated": "2025-10-16T03:56:10.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-61799 (GCVE-0-2025-61799)
Vulnerability from
Published
2025-10-14 19:34
Modified
2025-10-16 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61799",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T03:56:09.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Dimension",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "4.1.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-10-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:34:16.394Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/dimension/apsb25-103.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Dimension | Out-of-bounds Read (CWE-125)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-61799",
"datePublished": "2025-10-14T19:34:16.394Z",
"dateReserved": "2025-10-01T17:52:06.975Z",
"dateUpdated": "2025-10-16T03:56:09.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
displaying 1041 - 1050 organizations in total 2594