N3mes1s

SQL Injection in LangGraph SQLite Checkpointer - CVE-2025-67644

Report Date: December 10, 2025 Advisory ID: GHSA-9rwj-6rc7-p77c Reproduction Status: ✅ CONFIRMED

---

Executive Summary

N3mes1s

Security Report: SiYuan Zip Slip + Pandoc Binary Execution RCE (GHSA-4r66-7rcv-x46x)

Executive Summary

SiYuan Note versions through v3.4.2 contain a chained vulnerability allowing authenticated remote code execution. The /api/archive/unzip endpoint is vulnerable to Zip Slip (path traversal), enabling attackers to write arbitrary files outside the intended workspace. Combined with the /api/setting/setExport endpoint which executes user-supplied pandocBin paths for validation, an attacker can overwrite system executables and trigger their execution. This report is self-contained and documents the full reproduction procedure, evidence, and remediation guidance.

Vulnerability Overview

• Identifier: GHSA-4r66-7rcv-x46x
• CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

N3mes1s

Security Report: vLLM Nemotron_Nano_VL_Config Remote Code Execution (CVE-2025-66448)

Executive Summary

vLLM releases prior to 0.11.1 contain a remote code execution vulnerability in the Nemotron_Nano_VL_Config class. When loading model configurations, the class resolves and executes Python code from auto_map entries without respecting trust_remote_code=False. An attacker can publish a benign-looking model that references a malicious backend repository, causing arbitrary code execution when loading the model. This report is self-contained and documents the full reproduction procedure, evidence, and remediation guidance.

Vulnerability Overview

• Identifier: CVE-2025-66448 / GHSA-8fr4-5q9j-m8gm
• CWE: CWE-94 – Improper Control of Generation of Code ('Code Injection')

N3mes1s

Cal.com Authentication Bypass via TOTP Code Presence

Summary

• Product / Component: Cal.com - NextAuth Credentials Provider (packages/features/auth/lib/next-auth-options.ts)
• Impact: Unauthenticated attacker can log in as any user without knowing their password. Simply providing the victim's email and ANY value in the totpCode field bypasses all password verification, enabling full account takeover including admin accounts.
• Severity: Critical (CVSS: 9.9)
• Affected Versions: Cal.com <= 5.9.7
• Fixed: Cal.com 5.9.8
• Reproduction Status: CONFIRMED (Cal.com 5.9.7, Node.js 20.17.0, Ubuntu 22.04)

N3mes1s

Apache Tika XXE Out-of-Band Data Exfiltration

Summary

• Product / Component: Apache Tika (tika-core + tika-parser-pdf-module) - XFA PDF Parser
• Impact: Unauthenticated attacker can exfiltrate arbitrary local files from systems parsing malicious PDFs. Data is sent to attacker-controlled servers via HTTP requests, enabling "blind" XXE exploitation where parser output is not visible. Additionally enables SSRF to internal services (cloud metadata endpoints, internal APIs).
• Severity: High (CVSS: 9.8 Critical per GHSA)
• Affected Versions: tika-core 1.13 - 3.2.1, tika-parser-pdf-module 2.0.0 - 3.2.1
• Fixed: Apache Tika 3.2.2 (commit bfee6d5)
• Reproduction Status: CONFIRMED (Tika 3.2.1, OpenJDK 21.0.9, Ubuntu 22.04)

N3mes1s

FortiWeb CVE-2025-58034 – SAML name command injection (root RCE)

Summary

• Product / Component: FortiWeb 7.6.1 (Docker image fortiweb/fortiweb-swarm:latest) – SAML CLI handler (oper_user_saml_part_0 → saml_utils.sh)
• Impact: Authenticated admin can inject shell commands via SAML “name” and achieve root command execution on the appliance
• Introduced: Present in FortiWeb 7.6.1 (prior to vendor fix; exact commit not available)
• Fixed: Patched in FortiWeb 7.6.6 / 8.0.2 per FG-IR-25-513 (adds saml_name_check validation)
• Reproduction Status: Confirmed on FortiWeb-Docker 7.6.1, build1010(GA.F), running in the provided Lima/Docker context
• Customer Action: Upgrade to 7.6.6+ (or vendor-recommended fixed trains), restrict admin access paths, and monitor SAML configuration changes

N3mes1s

Security Report - FortiWeb Unauthenticated RCE via Path Traversal and CGI Auth Bypass CVE-2025-64446

Summary

Fortinet assigned FG-IR-25-910 / CVE-2025-64446 to this issue on 14 Nov 2025, rating it Critical (CVSS 9.1) and confirming exploitation in the wild. The official advisory describes it as a “path confusion” (relative path traversal) in the FortiWeb GUI that lets an unauthenticated attacker execute administrative commands via crafted HTTP(S) requests. The mechanics match our findings: a traversal under /api/v2.0/… reaches /migadmin/cgi-bin/fwbcgi, and cgi_auth() blindly trusts the attacker-supplied HTTP_CGIINFO header to impersonate any administrator.

Root Cause

1. Path traversal in Apache routing – httpd.conf registers <Location /api/v2.0/> SetHandler fwbcgi-handler. Apache matches the prefix before decoding %3f or collapsing /../, so /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi is forwarded straight to fwbcgi.
2. **cgi_auth() trusts client-supplie

N3mes1s

pgAdmin 4 Restore API Meta-Command RCE (CVE-2025-12762)

Summary

• Product / Component: pgadmin4 – pgadmin/tools/restore/__init__.py
• Impact: Authenticated pgAdmin users can upload a crafted PLAIN backup whose embedded \! meta-command executes arbitrary shell commands on the pgAdmin host (pre-auth to the target Postgres instance).
• Introduced: ≤ pgadmin4 9.9 (Oct 2025) – the create_restore_job() path streams PLAIN files directly into psql without sanitizing \!/\i meta-commands, so psql executes attacker-controlled shell statements.
• Fixed: pgadmin4 9.10 (Nov 2025) – restore jobs now scan PLAIN uploads for meta-commands and reject the request with “Restore blocked: the selected PLAIN SQL file contains psql meta-commands…”.
• Reproduction Status: Confirmed on Lima VM pruva-repro-20251114-130855-* by downgrading to 9.9 (vulnerable) and re-running the workflow after upgrading to 9.10 (patched).
• Customer Action: Upgrade to pgAdmin 4 ≥ 9.10 or backp

N3mes1s

OAuth2 Proxy underscore header smuggling (CVE-2025-64484 / GHSA-vjrc-mh2v-45x6)

Summary

• Product / Component: oauth2-proxy/oauth2-proxy – request header injector (pkg/middleware/headers.go, pkg/apis/options/header.go)
• Impact: Authenticated users can smuggle attacker-controlled X_Forwarded-* values (e.g., impersonate another upstream user) by switching to underscore variants (X_Forwarded-User) that bypass header stripping in releases < v7.13.0
• Introduced: 6743e3991d4a0da3b40ad124877fabfa3234b7a5 (2020‑07‑26) – request header injector shipped without header-name normalization, so req.Header.Del(header) only removed exact canonical names
• Fixed: 5993067505cac4c8e80192787ccd1f4cba05d994 → tag v7.13.0 – adds underscore-to-dash/title-case normalization plus InsecureSkipHeaderNormalization escape hatch
• Reproduction Status: Independent reproduction succeeded on a clean Lima VM (pruva-repro-20251113-214740-28f91c9a) using the steps documented below; curl trans

N3mes1s

Security Report: CVE-2025-64513 / GHSA-mhjq-8c7m-3f7p — Milvus Proxy Authentication Bypass

CVE: CVE-2025-64513
Advisory: https://github.com/milvus-io/milvus/security/advisories/GHSA-mhjq-8c7m-3f7p
Component: Milvus Proxy (standalone mode)
Affected: < 2.4.24, < 2.5.21, < 2.6.5 (validated on v2.4.23)
Patched: 2.4.24, 2.5.21, 2.6.5 (validated on v2.4.24)
Analyst: Internal Product Security
Date: 2025‑11‑11
CWE: CWE‑287 (Improper Authentication)