Jul 08, 2025Ravie LakshmananCyber Assaults / Vulnerability
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added 4 safety flaws to its Recognized Exploited Vulnerabilities (KEV) catalog, citing proof of lively exploitation within the wild.
The checklist of flaws is as follows –
CVE-2014-3931 (CVSS rating: 9.8) – A buffer overflow vulnerability in Multi-Router Trying Glass (MRLG) that might permit distant attackers to trigger an arbitrary reminiscence write and reminiscence corruption
CVE-2016-10033 (CVSS rating: 9.8) – A command injection vulnerability in PHPMailer that might permit an attacker to execute arbitrary code inside the context of the appliance or end in a denial-of-service (DoS) situation
CVE-2019-5418 (CVSS rating: 7.5) – A path traversal vulnerability in Ruby on Rails’ Motion View that might trigger contents of arbitrary recordsdata on the goal system’s file system to be uncovered
CVE-2019-9621 (CVSS rating: 7.5) – A Server-Facet Request Forgery (SSRF) vulnerability within the Zimbra Collaboration Suite that might end in unauthorized entry to inner sources and distant code execution
There are at the moment no public reviews on how the primary three vulnerabilities are being exploited in real-world assaults. The abuse of CVE-2019-9621, however, was attributed by Development Micro to a China-linked menace actor generally known as Earth Lusca in September 2023 to drop internet shells and Cobalt Strike.
In gentle of lively exploitation, Federal Civilian Govt Department (FCEB) businesses are really useful to use the mandatory updates by July 28, 2025, to safe their networks.
Technical Particulars of Citrix Bleed 2 Out
The event comes as watchTowr Labs and Horizon3.ai have launched technical analyses for a important safety flaw in Citrix NetScaler ADC (CVE-2025-5777 aka Citrix Bleed 2), which is assessed to have come underneath lively exploitation.
“We’re seeing lively exploitation of each CVE-2025-5777 and CVE-2025-6543 within the wild,” watchTowr CEO Benjamin Harris advised The Hacker Information. “This vulnerability permits studying of reminiscence, which we imagine attackers are utilizing to learn delicate info (for instance, info despatched inside HTTP requests which can be then processed in-memory), credentials, legitimate Citrix session tokens, and extra.”
The findings present that it is doable to ship a login request to the “/p/u/doAuthentication.do” endpoint and trigger it (and different endpoints inclined to the flaw) to replicate the user-supplied login worth within the response, no matter success or failure.
Horizon3.ai famous that the vulnerability might be used to leak roughly 127 bytes of knowledge through a specifically crafted HTTP request with a modified “login=” with out an equal signal or worth, thereby making it doable to extract session tokens or different delicate info.
The shortcoming, watchTowr defined, stems from using the snprintf operate together with a format string containing the “%.*s” format.
“The %.*s format tells snprintf: ‘Print as much as N characters, or cease on the first null byte (�) – whichever comes first.’ That null byte ultimately seems someplace in reminiscence, so whereas the leak would not run indefinitely, you continue to get a handful of bytes with every invocation,” the corporate mentioned.
“So, each time you hit that endpoint with out the =, you pull extra uninitialized stack knowledge into the response. Repeat it sufficient instances, and ultimately, you would possibly land on one thing helpful.”
Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we put up.
