https://cve.circl.lu/comment/feedMost recent activity.2025-12-19T10:52:49.262565+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains the recent activity for Belspo.https://cve.circl.lu/comment/a79b754d-9252-4580-8912-42f39c854661Additional information2025-12-19T10:52:49.274754+00:00Microsoft discovered critical vulnerability CVE-2025-27920 affecting the messaging application Output Messenger. Microsoft additionally observed exploitation of the vulnerability since April 2024. According to Microsoft, the attacker needs to be authenticated, although the Output Messenger advisory indicates that privileges are not required to exploit the vulnerability. An attacker could upload malicious files into the server’s startup directory by exploiting this directory traversal vulnerability. This allows an attacker to gain indiscriminate access to the communications of every user, steal sensitive data and impersonate users, possibly leading to operational disruptions, unauthorized access to internal systems, and widespread credential compromise.2025-05-14T08:54:41.802843+00:00https://cve.circl.lu/comment/eff35358-2a58-408d-8c52-0b1143adc25cAdditional information2025-12-19T10:52:49.274710+00:00Description In its security release of 13 May 2025, Zoom addressed two vulnerabilities that could be exploited for privilege escalation:
• CVE-2025-30663, a time-of-check time-of-use race condition affecting some Zoom Workplace Apps. If successfully exploited, an authenticated user could conduct an escalation of privilege via local access.
• CVE-2025-30664 is an improper neutralization of special elements flaw affecting some Zoom Workplace Apps. Successful exploitation could allow an authenticated user to conduct an escalation of privilege via local access.2025-05-16T07:10:54.871730+00:00https://cve.circl.lu/comment/da6e2e7d-cb96-4560-bf1a-27df4962776eMore information2025-12-19T10:52:49.274638+00:00The vulnerabilities could be used by attackers to gain access to services and data. They can also be used to execute arbitrary commands and cause a denial of service. Confidentiality, integrity and availability are all impacted. The only solution is to upgrade immediately.2025-05-22T07:24:41.759993+00:00https://cve.circl.lu/comment/85c55b2b-8a7a-4d34-89ec-52e38ed8903cAdditional information2025-12-19T10:52:49.274377+00:00RISK : Multiple vulnerabilities affect the standard TarFile library for CPython. Currently, there is no indication that the vulnerability is actively exploited, but because it is a zero-day with a substantial install base, attackers can exploit it at any moment.
An attacker could exploit flaws to bypass safety checks when extracting compressed files, allowing them to write files outside intended directories, create malicious links, or tamper with system files even when protections are supposedly enabled. Successful exploitation could lead to unauthorised access, data corruption, or malware installation, especially if your systems or third-party tools handle untrusted file uploads or archives
RECOMMENDED ACTION: Patch
Source: ccb.be2025-06-25T13:07:32.040392+00:00