- CVE: CVE-2025-24893
- Issue: XWiki exposes the
/xwiki/bin/get/Main/SolrSearchendpoint that renders user-controlled wiki macros inside the RSS response whenmedia=rssis supplied. This allows unauthenticated remote attackers to execute arbitrary Groovy code on affected installations. - Affected build confirmed:
xwiki-platform-distribution-flavor-jetty-hsqldb-16.4.0(Jetty + HSQLDB bundle). - Exploit outcome: The proof-of-concept payload executes server-side Groovy and writes a marker file to
/tmp/xwiki_rce_marker, demonstrating arbitrary code execution and file system modification. - Severity: Critical (CVSS 3.1: 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
- CWE: CWE-95 – Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection').
Giuseppe Massaro N3mes1s
N3mes1s
/ CVE-2025-24893.md
Created
November 2, 2025 13:40
CVE-2025-24893 - XWiki SolrSearch Guest Remote Code Execution (GHSA-rr6p-3pfg-562j / XWIKI-22149)
N3mes1s
/ CVE-2025-64112.md
Created
October 31, 2025 18:47
CVE-2025-64112: Statamic Control Panel Stored XSS + CSRF
- Ticket: STATAMIC-CP-STORED-XSS-CSRF
- Application: Statamic CMS Control Panel
- Tested build: Statamic CMS 5.22.0 (Composer install) on PHP 8.1.2, SQLite backend
- Date analysed: 2025-10-31
- Analyst: Internal Product Security
- CWE: CWE-79 (Stored XSS), CWE-352 (Cross-Site Request Forgery)
N3mes1s
/ CVE-2025-49825.md
Last active
October 31, 2025 21:13
Teleport Remote Authentication Bypass (CVE-2025-49825)
Teleport commits prior to the June 18, 2025 hotfix (notably commit 79b2f26125a1, released as 17.5.1 and earlier) contain an authentication bypass in the SSH certificate validation path. The vulnerable function authorityForCert accepts attacker-controlled SSH certificates as though they were signed by a trusted Teleport Certificate Authority (CA). An attacker who can supply a crafted client certificate can gain cluster access without possessing the CA’s private key, leading to a complete compromise of Teleport clusters. The issue is fixed by commit 1cb642736ac47791c7453665f113fac94e8e67b9, released in Teleport versions 12.4.35, 13.4.27, 14.4.1, 15.5.3, 16.5.12, and 17.5.2.
- Identifier: CVE-2025-49825 / GHSA-8cqv-pj7f-pwpc
- CWE: CWE-287 — Improper Authentication
N3mes1s
/ CVE-2025-62726.md
Created
October 31, 2025 13:40
Security Report: n8n Git Node Pre-Commit Hook Remote Code Execution (CVE-2025-62726)
n8n releases prior to 1.113.0 contain a remote code execution vulnerability in the Git Node. When the node clones a repository and performs a commit, any pre-commit hook present in the repository executes inside the n8n application container. An attacker who can convince an operator to interact with a malicious repository—either manually or via an automated workflow—can execute arbitrary shell commands in the context of the n8n service account (uid=1000(node)). This report is self-contained and documents the full reproduction procedure, evidence, and remediation guidance.
- Identifier: CVE-2025-62726
- CWE: CWE-94 – Improper Control of Generation of Code (‘Code Injection’)
N3mes1s
/ handle-2.md
Created
October 30, 2025 14:34
Comprehensive Analysis: Missing -2 Handle Validation Across GitHub Codebases
Based on my extensive search across GitHub, I've identified a critical security pattern where Windows codebases are NOT checking for pseudo-handle values (specifically -2 / GetCurrentThread()) before using DuplicateHandle().
The bug exists when code follows this unsafe pattern:
// VULNERABLE PATTERN - Missing pseudo-handle check
N3mes1s
/ CVE-2025-9232.md
Created
October 30, 2025 13:54
CVE-2025-9232 — OpenSSL HTTP `no_proxy` IPv6 Out-of-Bounds Read
CVE: CVE-2025-9232
Component: OpenSSL HTTP client (crypto/http/http_lib.c)
Tested releases: 3.4.0 (vulnerable) vs commit bbf38c034cdabd0a13330abcc4855c866f53d2e0 (fixed)
Date analysed: 2025-10-30
Analyst: Internal Product Security
CWE: CWE-125 (Out-of-Bounds Read)
N3mes1s
/ CVE-2025-9230.md
Created
October 30, 2025 13:41
Security Report: CVE-2025-9230 — OpenSSL CMS PWRI Heap Overflow
CVE: CVE-2025-9230
Component: OpenSSL CMS password-based encryption (PWRI) recipient handling
Affected builds: 3.0.16 / 3.1.8 / 3.2.4 / 3.3.3 / 3.4.0 / 3.5.0 (and derivative builds prior to September 2025 fixes)
Patched by: commits 5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45, 9e91358f365dee6c446dcdcdb01c04d2743fd280, a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def, b5282d677551afda7d20e9c00e09561b547b2dfd, bae259a211ada6315dc50900686daaaaaa55f482, c2b96348bfa662f25f4fabf81958ae822063dae3, dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba
Date reproduced: 2025‑10‑30
Analyst: Internal Product Security
CWE: CWE‑787 (Out-of-Bounds Write), CWE‑125 (Out-of-Bounds Read)
N3mes1s
/ CVE-2025-64132.md
Created
October 30, 2025 09:09
CVE-2025-64132 — Jenkins MCP Server Plugin Permission Bypass
CVE: CVE-2025-64132 (GHSA-mrpq-9jr3-rqq9)
Component: Jenkins MCP Server Plugin (package io.jenkins.plugins:mcp-server)
Vulnerable versions: ≤ 0.84.v50ca_24ef83f2
Patched version: 0.86.v7d3355e6a_a_18
Date analysed: 2025-10-30
Analyst: Internal Product Security
CWE: CWE-862 (Missing Authorization), CWE-284 (Improper Access Control)
Reference advisory: https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3622
N3mes1s
/ CVE-2025-11200.md
Created
October 30, 2025 07:53
CVE-2025-11200 — MLflow Weak Password Authentication Bypass
Advisory: CVE-2025-11200 / ZDI-25-932
Component: MLflow Tracking Server basic-auth module
Tested versions: 2.18.0 (vulnerable) vs commit 1f74f3f24d8273927b8db392c23e108576936c54 (~2.18.1 patched)
Prepared on: 2025-10-30
Analyst: Internal Product Security
N3mes1s
/ CVE-2025-64101.md
Created
October 30, 2025 06:33
CVE-2025-64101 – ZITADEL Password Reset Host Header Injection
Advisory: CVE-2025-64101 / GHSA-mwmh-7px9-4c23
Component: Password-reset flow in ZITADEL (forwarded header handling)
Tested versions: 2.71.17 (vulnerable) vs 2.71.18 (patched)
Prepared on: 2025-10-30
Analyst: Internal Product Security
NewerOlder