Top 100 Recent CVEs

CVE-2025-8891 4.3
Published: 2025-08-13T04:16:19.003

What it does:

The OceanWP theme for WordPress has a vulnerability that allows attackers to trick site administrators into installing unwanted plugins, such as the Ocean Extra plugin, by sending forged requests that appear to come from the administrator.

Why it's a problem:

This vulnerability is a problem because it enables unauthenticated attackers to manipulate site administrators into performing unintended actions, potentially leading to the installation of malicious plugins, unauthorized access, or other security breaches.

Steps to mitigate:

  • Update the OceanWP theme to a version later than 4.1.1
  • [Verify the authenticity of links and requests before clicking or taking action]
  • [Monitor site activity for suspicious plugin installations or updates]
  • [Consider implementing additional security measures, such as two-factor authentication, to protect against Cross-Site Request Forgery attacks]
CVE-2025-8491 4.3
Published: 2025-08-13T04:16:18.773

What it does:

The Easy restaurant menu manager plugin for WordPress has a vulnerability that allows attackers to trick site administrators into uploading unauthorized menu files through a forged request, without needing to be logged in to the site.

Why it's a problem:

This vulnerability is a problem because it enables unauthenticated attackers to modify the site's content, potentially leading to malicious activities such as uploading harmful files or altering the site's functionality, which can compromise the site's security and integrity.

Steps to mitigate:

  • Update the Easy restaurant menu manager plugin to a version higher than 2.0.2
  • [Verify that all site administrators are cautious when clicking on links from unknown sources]
  • Implement additional security measures such as web application firewalls (WAFs) to detect and prevent cross-site request forgery (CSRF) attacks
  • Monitor site activity for suspicious uploads or changes to menu files.
CVE-2025-0818 6.5
Published: 2025-08-13T04:16:08.373

What it does:

The CVE-2025-0818 vulnerability allows unauthenticated attackers to delete arbitrary files on a WordPress site using elFinder versions 2.1.64 and prior, by exploiting a Directory Traversal weakness in the file manager.

Why it's a problem:

This vulnerability is a problem because it enables malicious actors to potentially disrupt or destroy a website by deleting crucial files, which could lead to data loss, downtime, and other security issues, especially if the site owner has made the file manager accessible to users.

Steps to mitigate:

  • Update elFinder to a version later than 2.1.64
  • [Restrict access to the file manager to authorized users only]
  • [Monitor file system activity for suspicious deletions]
  • [Remove or disable any unnecessary instances of the file manager]
  • [Update affected WordPress plugins to the latest version]
CVE-2025-8901 0
Published: 2025-08-13T03:15:40.413

What it does:

This vulnerability allows a remote attacker to access and write to memory outside of its designated boundaries in Google Chrome, using a specially crafted HTML page.

Why it's a problem:

This vulnerability is a problem because it can enable attackers to execute arbitrary code, potentially leading to data theft, malware installation, or other malicious activities, compromising the security and integrity of the affected system.

Steps to mitigate:

  • Update Google Chrome to version 139.0.7258.127 or later
  • Avoid accessing untrusted or suspicious websites
  • Use a web browser other than Google Chrome until the update is applied
CVE-2025-8882 0
Published: 2025-08-13T03:15:39.507

What it does:

This vulnerability allows a remote attacker to potentially exploit heap corruption in Google Chrome by convincing a user to interact with a specially crafted HTML page in a specific way, due to a "use after free" issue in the Aura component.

Why it's a problem:

This vulnerability is a problem because it could allow an attacker to crash Google Chrome or potentially execute arbitrary code, which could lead to unauthorized access to sensitive information or system compromise.

Steps to mitigate:

  • Update Google Chrome to version 139.0.7258.127 or later
  • Avoid interacting with suspicious or untrusted HTML pages
  • Keep software and browsers up to date with the latest security patches.
CVE-2025-8881 0
Published: 2025-08-13T03:15:38.623

What it does:

This vulnerability in Google Chrome's File Picker allows a remote attacker to leak cross-origin data by tricking a user into performing specific actions on a crafted HTML page.

Why it's a problem:

This vulnerability is a problem because it enables attackers to access sensitive information from other websites, potentially leading to data breaches or other malicious activities, by exploiting the user's interactions with a specially designed web page.

Steps to mitigate:

  • Update Google Chrome to version 139.0.7258.127 or later
  • Avoid engaging with suspicious or unfamiliar websites
  • Be cautious when performing UI gestures on web pages from untrusted sources
CVE-2025-8880 0
Published: 2025-08-13T03:15:37.717

What it does:

This vulnerability allows a remote attacker to execute arbitrary code inside a sandbox in Google Chrome by using a specially crafted HTML page, due to a race condition in the V8 engine.

Why it's a problem:

This vulnerability is a problem because it could enable an attacker to run malicious code on a user's computer, potentially leading to data theft, system compromise, or other security breaches, even though the code is executed within a sandboxed environment.

Steps to mitigate:

  • Update Google Chrome to version 139.0.7258.127 or later
  • Avoid clicking on suspicious links or opening untrusted HTML pages
  • Enable Chrome's automatic update feature to ensure the latest security patches are applied
CVE-2025-8879 0
Published: 2025-08-13T03:15:33.757

What it does:

This vulnerability allows a remote attacker to cause a heap buffer overflow in the libaom library used by Google Chrome, potentially leading to heap corruption when a specific set of gestures is performed.

Why it's a problem:

This vulnerability is a problem because it can be exploited by an attacker to potentially execute malicious code, crash the browser, or gain unauthorized access to sensitive information, posing a significant threat to user security and privacy.

Steps to mitigate:

  • Update Google Chrome to version 139.0.7258.127 or later
  • Avoid performing suspicious or unfamiliar gestures while browsing
  • Enable automatic updates for Google Chrome to ensure prompt installation of security patches
CVE-2025-4410 7.5
Published: 2025-08-13T03:15:32.790

What it does:

This vulnerability allows an attacker to overflow a buffer in the SetupUtility module, potentially enabling them to execute arbitrary code on a system if they have local privileged access.

Why it's a problem:

This is a problem because it could give an attacker the ability to run malicious code on a system, potentially leading to data theft, system compromise, or other harmful activities, especially since it can be exploited by someone with local privileged access who may already have some level of trust within the system.

Steps to mitigate:

  • Update the SetupUtility module to the latest version
  • [Apply security patches as soon as they are available]
  • Limit local privileged access to only those who absolutely need it
  • Monitor system activity for signs of unauthorized code execution
  • Implement additional security measures such as intrusion detection systems to identify potential exploits.
CVE-2025-4277 7.5
Published: 2025-08-13T02:15:26.690

What it does:

This vulnerability allows an attacker to write arbitrary data to memory inside the System Management RAM (SMRAM) and execute malicious code at the System Management Mode (SMM) level, giving them elevated access to system resources.

Why it's a problem:

This is a significant issue because it enables attackers to bypass normal security controls, potentially allowing them to install malware, steal sensitive information, or disrupt system operation, all from a highly privileged position that is difficult to detect or mitigate.

Steps to mitigate:

  • Update firmware to the latest version
  • [Apply patches provided by the manufacturer]
  • Disable SMM if not required
  • [Use a security framework that monitors SMM activity]
  • Implement additional security controls to detect and prevent unauthorized access to SMRAM.
CVE-2025-4276 7.5
Published: 2025-08-13T02:15:25.723

What it does:

This vulnerability allows an attacker to write arbitrary data to memory inside the System Management RAM (SMRAM) and execute arbitrary code at the System Management Mode (SMM) level, which is a privileged mode of operation.

Why it's a problem:

This is a problem because it enables an attacker to gain high-level access to a system's hardware and software, potentially allowing them to bypass security controls, steal sensitive information, and take control of the system.

Steps to mitigate:

  • Update firmware to the latest version
  • [Apply patches to UsbCoreDxe]
  • Disable SMM if not necessary
  • Use secure boot mechanisms to prevent unauthorized code execution
  • Monitor system logs for suspicious activity.
CVE-2025-8395 0
Published: 2025-08-12T23:15:29.380

What it does:

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority, indicating that it is no longer a valid or recognized vulnerability.

Why it's a problem:

This is not a problem as the CVE ID is not associated with a legitimate vulnerability, and therefore does not pose a security risk.

Steps to mitigate:

  • No action required
  • Monitor official CVE sources for valid and active vulnerabilities
  • Keep software and systems up to date with the latest security patches.
CVE-2025-54238 5.5
Published: 2025-08-12T23:15:29.160

What it does:

This vulnerability allows an out-of-bounds read in Dimension versions 4.1.3 and earlier when a user opens a malicious file, potentially disclosing sensitive memory content.

Why it's a problem:

This issue is a problem because it could lead to the unauthorized exposure of sensitive information stored in the application's memory, which could be used for malicious purposes, all triggered by something as simple as opening a malicious file.

Steps to mitigate:

  • Update Dimension to a version later than 4.1.3
  • Avoid opening files from untrusted sources
  • Use security software to scan files before opening them
CVE-2025-54233 5.5
Published: 2025-08-12T23:15:29.000

What it does:

This vulnerability allows an attacker to access sensitive memory information when a user opens a malicious file in Adobe Framemaker versions 2020.8, 2022.6, and earlier, due to an out-of-bounds read issue.

Why it's a problem:

This vulnerability is a problem because it could lead to the disclosure of sensitive information, potentially putting users' personal or confidential data at risk, especially if the malicious file is crafted to exploit this specific weakness in Adobe Framemaker.

Steps to mitigate:

  • Update Adobe Framemaker to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use caution when opening files from unknown origins]
  • [Consider using alternative document editing software until a patch is applied]
CVE-2025-54232 7.8
Published: 2025-08-12T23:15:28.847

What it does:

The CVE-2025-54232 vulnerability is a "Use After Free" flaw in Adobe Framemaker versions 2020.8, 2022.6, and earlier, which allows arbitrary code execution when a user opens a malicious file, potentially giving an attacker control of the user's system.

Why it's a problem:

This vulnerability is a problem because it could allow an attacker to execute malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all by simply tricking the user into opening a specially crafted file.

Steps to mitigate:

  • Update Adobe Framemaker to the latest version
  • [Avoid opening files from untrusted sources]
  • Use caution when opening files from unknown senders
  • Consider using alternative software until a patch is available.
CVE-2025-54231 7.8
Published: 2025-08-12T23:15:28.693

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file using Adobe Framemaker versions 2020.8, 2022.6, and earlier.

Why it's a problem:

This is a problem because it enables attackers to gain control over a user's system, potentially leading to data theft, malware installation, or other malicious activities, all of which can happen simply by tricking a user into opening a specially crafted file.

Steps to mitigate:

  • Update Adobe Framemaker to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use antivirus software to scan files before opening them]
  • [Disable macros and other executable content in Adobe Framemaker unless necessary].
CVE-2025-54230 7.8
Published: 2025-08-12T23:15:28.543

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file using Adobe Framemaker versions 2020.8, 2022.6, and earlier, due to a "Use After Free" flaw.

Why it's a problem:

This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur simply by tricking a user into opening a specially crafted file.

Steps to mitigate:

  • Update Adobe Framemaker to the latest version
  • [Avoid opening unfamiliar or suspicious files from untrusted sources]
  • [Use antivirus software to scan files before opening them in Adobe Framemaker]
  • Regularly back up important data to prevent losses in case of an attack.
CVE-2025-54229 7.8
Published: 2025-08-12T23:15:28.387

What it does:

The CVE-2025-54229 vulnerability is a "Use After Free" issue in Adobe Framemaker versions 2020.8, 2022.6, and earlier, which could allow arbitrary code execution when a user opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it can be exploited by attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur in the context of the current user's permissions.

Steps to mitigate:

  • Update Adobe Framemaker to the latest version
  • [Avoid opening suspicious or untrusted files]
  • Use caution when opening files from unknown sources
  • Consider implementing additional security measures such as antivirus software and a firewall to detect and prevent malicious activity.
CVE-2025-49457 9.6
Published: 2025-08-12T23:15:28.243

What it does:

This vulnerability allows an unauthenticated user to potentially gain elevated privileges on a Windows system running certain Zoom Clients, by exploiting an untrusted search path that can be accessed through the network.

Why it's a problem:

This is a significant issue because it enables an attacker to escalate their privileges without needing any prior authorization, potentially leading to unauthorized access and control of the affected system, which could result in data theft, malware installation, or other malicious activities.

Steps to mitigate:

  • Update Zoom Client to the latest version
  • [Apply security patches as soon as possible]
  • Restrict network access to trusted sources
  • Implement privilege escalation controls and monitoring
  • Regularly review system logs for suspicious activity
CVE-2025-49456 6.2
Published: 2025-08-12T23:15:28.073

What it does:

This vulnerability allows an unauthorized user to exploit a race condition in the Zoom Client for Windows installer, potentially compromising the application's integrity through local access.

Why it's a problem:

This is a problem because it enables an attacker with local access to disrupt the normal functioning of the Zoom application, which could lead to unauthorized actions, data breaches, or other malicious activities, ultimately affecting the security and reliability of the system.

Steps to mitigate:

  • Update to the latest version of Zoom Client for Windows
  • [Ensure all installations are performed by authorized personnel]
  • Restrict local access to the system
  • [Monitor system logs for suspicious activity related to the Zoom Client installer]
CVE-2025-54222 7.8
Published: 2025-08-12T22:15:26.673

What it does:

The Substance3D - Stager vulnerability allows an attacker to execute arbitrary code on a user's system when a malicious file is opened, due to an out-of-bounds write issue in versions 3.1.3 and earlier.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a victim's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur simply by tricking a user into opening a malicious file.

Steps to mitigate:

  • Update Substance3D - Stager to a version later than 3.1.3
  • Avoid opening files from untrusted sources
  • Use antivirus software to scan files before opening them
  • Implement user education and awareness programs to prevent users from opening suspicious files.
CVE-2025-55171 7.5
Published: 2025-08-12T21:15:43.633

What it does:

The CVE-2025-55171 vulnerability allows an anonymous attacker to delete any image file in the WeGIA web manager application without needing to log in, by exploiting a lack of authentication check at a specific endpoint (/html/personalizacao_remover.php).

Why it's a problem:

This vulnerability is a problem because it enables unauthorized users to manipulate and delete sensitive data, potentially disrupting the application's functionality and causing data loss, which can have significant consequences for the charitable institutions that rely on WeGIA.

Steps to mitigate:

  • Update WeGIA to version 3.4.8 or later
  • [Apply authentication checks to the /html/personalizacao_remover.php endpoint
  • [Limit access to the endpoint to authorized users only
  • [Monitor the application for suspicious activity and data tampering]
CVE-2025-55170 6.5
Published: 2025-08-12T21:15:43.473

What it does:

The CVE-2025-55170 vulnerability allows attackers to inject malicious scripts into the WeGIA web application through the /html/alterar_senha.php endpoint, specifically targeting the verificacao and redir_config parameters, enabling reflected cross-site scripting (XSS) attacks.

Why it's a problem:

This vulnerability is a problem because it enables attackers to execute malicious code on users' browsers, potentially leading to unauthorized access, data theft, or other harmful activities, compromising the security and integrity of the WeGIA application and its users.

Steps to mitigate:

  • Update WeGIA to version 3.4.8 or later]
  • [Verify that all inputs are properly sanitized and validated to prevent malicious script injections]
  • [Implement web application firewall (WAF) rules to detect and prevent XSS attacks]
  • [Monitor user activity and system logs for suspicious behavior]
CVE-2025-55165 8.2
Published: 2025-08-12T21:15:43.320

What it does:

The Autocaliweb web app has a vulnerability that exposes sensitive configuration data, including API keys, through its debug pack feature, which is used for troubleshooting and support.

Why it's a problem:

This vulnerability is a problem because it can lead to the unintentional sharing of private API keys when users share the debug pack, potentially allowing unauthorized access to sensitive information and systems.

Steps to mitigate:

  • Update Autocaliweb to version 0.8.3 or later
  • [Check for any shared debug packs and remove them if necessary]
  • Review API key security and consider rotating or regenerating keys that may have been exposed.
CVE-2025-54235 5.5
Published: 2025-08-12T21:15:43.167

What it does:

This vulnerability allows an out-of-bounds read in Substance3D Modeler versions 1.22.0 and earlier when a user opens a malicious file, potentially disclosing sensitive memory contents.

Why it's a problem:

This issue is a problem because it could lead to the unauthorized exposure of sensitive information stored in the application's memory, which could be used for malicious purposes, all triggered by something as simple as opening a malicious file.

Steps to mitigate:

  • Update Substance3D Modeler to a version later than 1.22.0
  • Avoid opening files from untrusted sources
  • Use security software to scan files for malware before opening them in Substance3D Modeler
CVE-2025-54228 5.5
Published: 2025-08-12T21:15:43.010

What it does:

This vulnerability allows an attacker to read sensitive memory information when a user opens a malicious file in affected InDesign Desktop versions (20.4, 19.5.4, and earlier).

Why it's a problem:

This is a problem because it could lead to the disclosure of sensitive information, potentially putting user data at risk, and it requires minimal user interaction, making it a relatively easy target for attackers.

Steps to mitigate:

  • Update InDesign Desktop to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use caution when opening files from unknown or suspicious senders]
  • [Consider using alternative design software until a patch is available]
CVE-2025-54227 5.5
Published: 2025-08-12T21:15:42.860

What it does:

This vulnerability allows an attacker to read sensitive memory information when a user opens a malicious file in InDesign Desktop versions 20.4, 19.5.4, and earlier, due to an out-of-bounds read issue.

Why it's a problem:

This vulnerability is a problem because it could lead to the disclosure of sensitive information, potentially compromising user privacy and security, especially if the malicious file is crafted to exploit this issue.

Steps to mitigate:

  • Update InDesign Desktop to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use caution when opening files from unknown or suspicious senders]
  • [Consider implementing a security solution that scans files for malware before opening them]
CVE-2025-54226 7.8
Published: 2025-08-12T21:15:42.710

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file in InDesign Desktop versions 20.4, 19.5.4, and earlier, due to a Use After Free flaw.

Why it's a problem:

This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur simply by tricking a user into opening a specially crafted file.

Steps to mitigate:

  • Update InDesign Desktop to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use antivirus software to scan files before opening them]
  • [Disable unnecessary features in InDesign to reduce the attack surface]
CVE-2025-54225 7.8
Published: 2025-08-12T21:15:42.547

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's computer when they open a malicious file in InDesign Desktop versions 20.4, 19.5.4, and earlier, due to a "Use After Free" flaw.

Why it's a problem:

This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur simply by tricking a user into opening a tainted file.

Steps to mitigate:

  • Update InDesign Desktop to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use antivirus software to scan files before opening them
  • [Implement user account controls to limit the damage in case of exploitation]
CVE-2025-54224 7.8
Published: 2025-08-12T21:15:42.380

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's computer when they open a malicious file in InDesign Desktop versions 20.4, 19.5.4, and earlier, due to a Use After Free flaw.

Why it's a problem:

This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur simply by tricking a user into opening a specially crafted file.

Steps to mitigate:

  • Update InDesign Desktop to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use antivirus software to scan files before opening them]
  • [Disable macros and other executable content in InDesign unless necessary]
CVE-2025-54223 7.8
Published: 2025-08-12T21:15:42.227

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file in InCopy versions 20.4, 19.5.4, and earlier, due to a Use After Free flaw.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur simply by tricking a user into opening a specially crafted file.

Steps to mitigate:

  • Update InCopy to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use antivirus software to scan files before opening them]
  • [Disable unnecessary features in InCopy to reduce the attack surface]
CVE-2025-54221 7.8
Published: 2025-08-12T21:15:42.060

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file in InCopy versions 20.4, 19.5.4, and earlier, due to an out-of-bounds write issue.

Why it's a problem:

This is a problem because it enables attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur simply by tricking a user into opening a malicious file.

Steps to mitigate:

  • Update InCopy to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use antivirus software to scan files before opening them]
  • [Disable macros and other executable content in InCopy when possible]
CVE-2025-54220 7.8
Published: 2025-08-12T21:15:41.900

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting a heap-based buffer overflow in InCopy versions 20.4, 19.5.4, and earlier, when a user opens a malicious file.

Why it's a problem:

This is a problem because it enables attackers to run malicious code on a victim's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur with the same privileges as the current user.

Steps to mitigate:

  • Update InCopy to the latest version
  • [Avoid opening suspicious or unfamiliar files from untrusted sources]
  • Use anti-virus software to scan files before opening them
  • Disable unnecessary features and plugins in InCopy to reduce the attack surface.
CVE-2025-54219 7.8
Published: 2025-08-12T21:15:41.753

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting a heap-based buffer overflow in InCopy versions 20.4, 19.5.4, and earlier, when a malicious file is opened.

Why it's a problem:

This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur with the same privileges as the current user.

Steps to mitigate:

  • Update InCopy to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use antivirus software to scan files before opening them]
  • [Disable unnecessary features in InCopy to reduce the attack surface].
CVE-2025-54218 7.8
Published: 2025-08-12T21:15:41.600

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file in InCopy versions 20.4, 19.5.4, and earlier, due to an out-of-bounds write issue.

Why it's a problem:

This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all without needing administrative privileges, just the context of the current user.

Steps to mitigate:

  • Update InCopy to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use antivirus software to scan files before opening them]
  • [Disable macros and other executable content in InCopy unless necessary].
CVE-2025-54217 7.8
Published: 2025-08-12T21:15:41.430

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting a heap-based buffer overflow in InCopy versions 20.4, 19.5.4, and earlier, when a malicious file is opened.

Why it's a problem:

This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur simply by tricking a user into opening a malicious file.

Steps to mitigate:

  • Update InCopy to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use antivirus software to scan files before opening]
  • [Disable unnecessary features in InCopy to reduce the attack surface]
CVE-2025-54216 7.8
Published: 2025-08-12T21:15:41.267

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting an out-of-bounds write issue in InCopy versions 20.4, 19.5.4, and earlier, when a malicious file is opened.

Why it's a problem:

This is a problem because it enables attackers to run malicious code on a victim's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur with the same privileges as the current user.

Steps to mitigate:

  • Update InCopy to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use antivirus software to scan files before opening them]
  • [Disable unnecessary features in InCopy to reduce the attack surface]
CVE-2025-54215 7.8
Published: 2025-08-12T21:15:41.107

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting an out-of-bounds write issue in InCopy versions 20.4, 19.5.4, and earlier, when a user opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a victim's system, potentially leading to unauthorized access, data theft, or other harmful activities, all within the context of the current user's permissions.

Steps to mitigate:

  • Update InCopy to the latest version
  • [Avoid opening files from untrusted sources]
  • Use antivirus software to scan files before opening
  • [Implement user account controls to limit damage in case of exploitation]
CVE-2025-54214 5.5
Published: 2025-08-12T21:15:40.940

What it does:

This vulnerability allows an attacker to potentially read sensitive memory information when a user opens a malicious file in affected InDesign Desktop versions (20.4, 19.5.4, and earlier).

Why it's a problem:

This is a problem because it could lead to the disclosure of sensitive information, potentially compromising user privacy and security, especially if the malicious file is crafted to exploit this vulnerability.

Steps to mitigate:

  • Update InDesign Desktop to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use caution when opening files from unknown or suspicious senders]
  • Regularly monitor for software updates and apply patches as soon as they become available.
CVE-2025-54213 7.8
Published: 2025-08-12T21:15:40.773

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file in InDesign Desktop versions 20.4, 19.5.4, and earlier, due to an out-of-bounds write issue.

Why it's a problem:

This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur with the same privileges as the current user.

Steps to mitigate:

  • Update InDesign Desktop to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use antivirus software to scan files before opening them]
  • [Disable macros and other executable content in InDesign when possible]
CVE-2025-54212 7.8
Published: 2025-08-12T21:15:40.600

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's computer by exploiting a heap-based buffer overflow in InDesign Desktop versions 20.4, 19.5.4, and earlier, when a user opens a malicious file.

Why it's a problem:

This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur with the same privileges as the current user.

Steps to mitigate:

  • Update InDesign Desktop to the latest version
  • [Avoid opening suspicious or unfamiliar files from untrusted sources]
  • Use antivirus software to scan files before opening them
  • Disable macros and other executable content in InDesign unless necessary.
CVE-2025-54211 7.8
Published: 2025-08-12T21:15:40.433

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting a heap-based buffer overflow in InDesign Desktop, which occurs when a user opens a malicious file.

Why it's a problem:

This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can happen simply by tricking a user into opening a specially crafted file.

Steps to mitigate:

  • Update InDesign Desktop to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use anti-virus software to scan files before opening them]
  • [Disable unnecessary features in InDesign to reduce the attack surface]
CVE-2025-54210 7.8
Published: 2025-08-12T21:15:40.280

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file in InDesign Desktop versions 20.4, 19.5.4, and earlier, due to an out-of-bounds write issue.

Why it's a problem:

This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all by simply tricking the user into opening a tainted file.

Steps to mitigate:

  • Update InDesign Desktop to the latest version
  • [Avoid opening files from untrusted sources]
  • Use caution when opening files from unknown senders
  • Consider using antivirus software to scan files before opening them.
CVE-2025-54209 7.8
Published: 2025-08-12T21:15:40.123

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting a heap-based buffer overflow in InDesign Desktop, which occurs when a user opens a malicious file.

Why it's a problem:

This is a problem because it enables attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can happen simply by tricking a user into opening a specially crafted file.

Steps to mitigate:

  • Update InDesign Desktop to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use antivirus software to scan files before opening them]
  • [Disable unnecessary features and plugins in InDesign to reduce the attack surface]
CVE-2025-54208 7.8
Published: 2025-08-12T21:15:39.970

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system by tricking them into opening a malicious file in InDesign Desktop, potentially giving the attacker control over the user's computer.

Why it's a problem:

This is a problem because it could allow an attacker to gain access to sensitive information, install malware, or take other malicious actions on the user's system, all without the user's knowledge or consent, simply by opening a malicious file.

Steps to mitigate:

  • Update InDesign Desktop to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use antivirus software to scan files before opening them]
  • [Disable macros and other executable content in InDesign Desktop when possible]
CVE-2025-54207 7.8
Published: 2025-08-12T21:15:39.813

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file in InDesign Desktop versions 20.4, 19.5.4, and earlier, potentially giving the attacker control over the user's system.

Why it's a problem:

This is a problem because it could allow an attacker to gain unauthorized access to a user's system, potentially leading to data theft, malware installation, or other malicious activities, all of which could happen simply by opening a malicious file.

Steps to mitigate:

  • Update InDesign Desktop to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use antivirus software to scan files before opening them]
  • [Disable macros and other executable content in InDesign when possible]
CVE-2025-54206 7.8
Published: 2025-08-12T21:15:39.657

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file in InDesign Desktop versions 20.4, 19.5.4, and earlier, potentially giving the attacker control over the system.

Why it's a problem:

This is a problem because it enables attackers to gain unauthorized access to a user's system, allowing them to steal sensitive information, install malware, or cause other harm, all by tricking the user into opening a malicious file.

Steps to mitigate:

  • Update InDesign Desktop to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use antivirus software to scan files before opening them]
  • [Disable macros and other executable content in InDesign unless necessary].
CVE-2025-54205 5.5
Published: 2025-08-12T21:15:39.500

What it does:

This vulnerability allows an out-of-bounds read in Substance3D Sampler versions 5.0.3 and earlier when a user opens a malicious file, potentially disclosing sensitive memory content.

Why it's a problem:

This issue is a problem because it could lead to unauthorized access to sensitive information stored in the application's memory, which could compromise user data and system security.

Steps to mitigate:

  • Update Substance3D Sampler to a version later than 5.0.3
  • Avoid opening files from untrusted sources
  • Use security software to scan files for malware before opening them
CVE-2025-54204 5.5
Published: 2025-08-12T21:15:39.343

What it does:

This vulnerability allows an out-of-bounds read in Substance3D Modeler versions 1.22.0 and earlier when a user opens a malicious file, potentially disclosing sensitive memory contents.

Why it's a problem:

This vulnerability is a problem because it could expose sensitive information stored in the application's memory, which could be used for malicious purposes, and it requires user interaction, making it a potential phishing or social engineering attack vector.

Steps to mitigate:

  • Update Substance3D Modeler to a version later than 1.22.0
  • Avoid opening files from untrusted sources
  • Use caution when opening files from unknown or suspicious senders
  • Keep antivirus and anti-malware software up to date to detect and block malicious files.
CVE-2025-54203 5.5
Published: 2025-08-12T21:15:39.167

What it does:

The Substance3D Modeler has a vulnerability that allows an out-of-bounds read when a user opens a malicious file, potentially disclosing sensitive memory contents.

Why it's a problem:

This vulnerability is a problem because it could allow an attacker to access sensitive information stored in the application's memory, which could be used for malicious purposes, by tricking a user into opening a specially crafted file.

Steps to mitigate:

  • Update Substance3D Modeler to a version later than 1.22.0
  • Avoid opening files from untrusted sources
  • Use caution when opening files from unknown origins to prevent potential exploitation.
CVE-2025-54202 5.5
Published: 2025-08-12T21:15:38.980

What it does:

This vulnerability allows an out-of-bounds read in Substance3D Modeler versions 1.22.0 and earlier when a user opens a malicious file, potentially disclosing sensitive memory contents.

Why it's a problem:

This issue is a problem because it could lead to the unauthorized disclosure of sensitive information stored in the application's memory, which could be used for malicious purposes, all by simply tricking a user into opening a specially crafted file.

Steps to mitigate:

  • Update Substance3D Modeler to a version later than 1.22.0
  • Avoid opening files from untrusted sources
  • Use caution when opening files from unknown or suspicious senders
CVE-2025-54201 5.5
Published: 2025-08-12T21:15:38.820

What it does:

This vulnerability allows an out-of-bounds read in Substance3D Modeler versions 1.22.0 and earlier when a user opens a malicious file, potentially disclosing sensitive memory content.

Why it's a problem:

This issue is a problem because it could lead to the unauthorized disclosure of sensitive information stored in the application's memory, which could compromise user data and system security, especially if the malicious file is crafted to exploit this vulnerability.

Steps to mitigate:

  • Update Substance3D Modeler to a version later than 1.22.0
  • Avoid opening files from untrusted sources
  • Use security software to scan files for malware before opening them in Substance3D Modeler.
CVE-2025-54200 5.5
Published: 2025-08-12T21:15:38.673

What it does:

This vulnerability allows an out-of-bounds read in Substance3D Modeler versions 1.22.0 and earlier when a user opens a malicious file, potentially disclosing sensitive memory contents.

Why it's a problem:

This issue is a problem because it could lead to the unauthorized disclosure of sensitive information stored in the application's memory, which could be used for malicious purposes, all through a relatively simple act of tricking a user into opening a specially crafted file.

Steps to mitigate:

  • Update Substance3D Modeler to a version later than 1.22.0
  • Avoid opening files from untrusted sources
  • Use security software that scans files for malware before opening them.
CVE-2025-54199 5.5
Published: 2025-08-12T21:15:38.520

What it does:

The Substance3D Modeler versions 1.22.0 and earlier contain an out-of-bounds read vulnerability that can disclose sensitive memory when a user opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it can allow an attacker to access sensitive information stored in the system's memory, potentially leading to data breaches or other security issues, by tricking a user into opening a specially crafted malicious file.

Steps to mitigate:

  • Update Substance3D Modeler to a version later than 1.22.0
  • Avoid opening files from untrusted sources
  • Use caution when opening files from unknown or suspicious senders
  • Keep antivirus software up to date to detect and block malicious files.
CVE-2025-54198 5.5
Published: 2025-08-12T21:15:38.363

What it does:

This vulnerability allows an out-of-bounds read in Substance3D Modeler versions 1.22.0 and earlier when a user opens a malicious file, potentially disclosing sensitive memory contents.

Why it's a problem:

This issue is a problem because it could lead to the unauthorized exposure of sensitive information stored in the application's memory, which could be used for malicious purposes, all triggered by something as simple as opening a malicious file.

Steps to mitigate:

  • Update Substance3D Modeler to a version later than 1.22.0
  • Avoid opening files from untrusted sources
  • Use caution when interacting with files from unknown origins to prevent potential exploitation.
CVE-2025-54197 5.5
Published: 2025-08-12T21:15:38.200

What it does:

This vulnerability allows an out-of-bounds read in Substance3D - Modeler versions 1.22.0 and earlier when a user opens a malicious file, potentially disclosing sensitive memory content.

Why it's a problem:

This issue is a problem because it could lead to the unauthorized disclosure of sensitive information stored in the application's memory, which could be used for malicious purposes, all by simply tricking a user into opening a specially crafted file.

Steps to mitigate:

  • Update Substance3D - Modeler to a version later than 1.22.0
  • Avoid opening files from untrusted sources
  • Use caution when opening files from unknown or suspicious senders
CVE-2025-54195 5.5
Published: 2025-08-12T21:15:38.047

What it does:

This vulnerability allows an out-of-bounds read in Substance3D Painter versions 11.0.2 and earlier when a user opens a malicious file, potentially disclosing sensitive memory contents.

Why it's a problem:

This issue is a problem because it could lead to the unauthorized disclosure of sensitive information stored in the application's memory, which could be used for malicious purposes, and it requires user interaction, making it a social engineering threat.

Steps to mitigate:

  • Update Substance3D Painter to a version later than 11.0.2
  • Avoid opening files from untrusted sources
  • Use caution when interacting with files from unknown or suspicious origins
CVE-2025-54194 5.5
Published: 2025-08-12T21:15:37.883

What it does:

The Substance3D Painter versions 11.0.2 and earlier contain an out-of-bounds read vulnerability that can expose sensitive memory when a user opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it allows an attacker to potentially access and disclose sensitive information stored in the system's memory, which could include confidential data or other security-related information, by tricking a user into opening a specially crafted malicious file.

Steps to mitigate:

  • Update Substance3D Painter to a version later than 11.0.2
  • Avoid opening files from untrusted sources
  • Use caution when opening files from unknown or suspicious senders
  • Keep antivirus software up to date to detect and block malicious files.
CVE-2025-54193 5.5
Published: 2025-08-12T21:15:37.733

What it does:

The Substance3D Painter versions 11.0.2 and earlier contain an out-of-bounds read vulnerability that can expose sensitive memory when a user opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it could allow an attacker to access and disclose sensitive information stored in the memory, potentially leading to data breaches or other security issues, by tricking a user into opening a specially crafted malicious file.

Steps to mitigate:

  • Update Substance3D Painter to a version later than 11.0.2
  • Avoid opening files from untrusted sources
  • Use caution when opening files from unknown or suspicious senders
  • Consider implementing a security solution that scans files for malware before opening them.
CVE-2025-54192 5.5
Published: 2025-08-12T21:15:37.583

What it does:

This vulnerability allows an out-of-bounds read in Substance3D Painter versions 11.0.2 and earlier when a user opens a malicious file, potentially disclosing sensitive memory content.

Why it's a problem:

This issue is a problem because it could lead to unauthorized access to sensitive information stored in the memory, compromising user privacy and security, especially if the malicious file is crafted to exploit this vulnerability.

Steps to mitigate:

  • Update Substance3D Painter to a version later than 11.0.2
  • Avoid opening files from untrusted sources
  • Use caution when interacting with files from unknown origins to prevent potential exploitation.
CVE-2025-54191 5.5
Published: 2025-08-12T21:15:37.440

What it does:

This vulnerability allows an out-of-bounds read in Substance3D Painter versions 11.0.2 and earlier when a user opens a malicious file, potentially disclosing sensitive memory content.

Why it's a problem:

This issue is a problem because it could lead to the unauthorized exposure of sensitive information stored in the application's memory, which could be used for malicious purposes, all by simply tricking a user into opening a specially crafted file.

Steps to mitigate:

  • Update Substance3D Painter to a version later than 11.0.2
  • Avoid opening files from untrusted sources
  • Use caution when opening files from unknown or suspicious senders
CVE-2025-54190 5.5
Published: 2025-08-12T21:15:37.290

What it does:

The Substance3D Painter versions 11.0.2 and earlier contain an out-of-bounds read vulnerability that can expose sensitive memory when a user opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it could allow an attacker to access confidential information stored in the system's memory, potentially leading to data breaches or other security issues, by tricking a user into opening a specially crafted malicious file.

Steps to mitigate:

  • Update Substance3D Painter to a version later than 11.0.2
  • Avoid opening files from untrusted sources
  • Use caution when opening files from unknown or suspicious senders
  • Keep antivirus software up to date to detect and block malicious files.
CVE-2025-54189 5.5
Published: 2025-08-12T21:15:37.143

What it does:

This vulnerability allows an out-of-bounds read in Substance3D Painter versions 11.0.2 and earlier when a user opens a malicious file, potentially disclosing sensitive memory content.

Why it's a problem:

This issue is a problem because it could lead to the unauthorized exposure of sensitive information stored in the application's memory, which could be used for malicious purposes, all triggered by something as simple as opening a malicious file.

Steps to mitigate:

  • Update Substance3D Painter to a version later than 11.0.2
  • Avoid opening files from untrusted sources
  • Use caution when interacting with files from unknown origins to prevent potential exploitation.
CVE-2025-54188 5.5
Published: 2025-08-12T21:15:36.993

What it does:

This vulnerability allows an out-of-bounds read in Substance3D Painter versions 11.0.2 and earlier when a user opens a malicious file, potentially disclosing sensitive memory contents.

Why it's a problem:

This issue is a problem because it could lead to the unauthorized disclosure of sensitive information stored in the application's memory, which could be used for malicious purposes, and it requires user interaction, making it a social engineering threat.

Steps to mitigate:

  • Update Substance3D Painter to a version later than 11.0.2
  • Avoid opening files from untrusted sources
  • Use caution when interacting with files from unknown origins
CVE-2025-54187 7.8
Published: 2025-08-12T21:15:36.840

What it does:

The CVE-2025-54187 vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting an out-of-bounds write issue in Substance3D Painter versions 11.0.2 and earlier, but only if the user opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it could enable an attacker to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all within the context of the current user's permissions.

Steps to mitigate:

  • Update Substance3D Painter to a version later than 11.0.2
  • Avoid opening files from untrusted sources
  • Use caution when opening files from unknown or suspicious senders
  • Consider implementing additional security measures such as antivirus software and user account controls to limit potential damage.
CVE-2025-54186 5.5
Published: 2025-08-12T21:15:36.670

What it does:

This vulnerability allows an attacker to read sensitive memory information when a user opens a malicious file in Substance3D - Modeler versions 1.22.0 and earlier, potentially disclosing confidential data.

Why it's a problem:

This issue is a problem because it could lead to the unauthorized disclosure of sensitive information, which could be used for malicious purposes, and it requires user interaction, making it a potential phishing threat.

Steps to mitigate:

  • Update Substance3D - Modeler to a version later than 1.22.0
  • Avoid opening files from untrusted sources
  • Use caution when opening files from unknown origins
  • Implement security measures to detect and prevent phishing attacks.
CVE-2025-49573 7.8
Published: 2025-08-12T21:15:31.357

What it does:

This vulnerability allows an attacker to execute arbitrary code on a victim's computer by exploiting an out-of-bounds write issue in Substance3D Modeler versions 1.22.0 and earlier, but only if the victim opens a malicious file.

Why it's a problem:

This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all within the context of the current user's permissions.

Steps to mitigate:

  • Update Substance3D Modeler to a version later than 1.22.0
  • Avoid opening files from untrusted sources
  • Use security software to scan files for malware before opening them
  • Implement user account controls to limit the damage in case of exploitation.
CVE-2025-49572 7.8
Published: 2025-08-12T21:15:31.200

What it does:

The CVE-2025-49572 vulnerability allows an out-of-bounds write in Substance3D - Modeler versions 1.22.0 and earlier, which could lead to arbitrary code execution when a user opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it enables attackers to potentially execute malicious code on a user's system, allowing them to gain unauthorized access or control, simply by tricking the user into opening a specially crafted file.

Steps to mitigate:

  • Update Substance3D - Modeler to a version later than 1.22.0
  • Avoid opening files from untrusted sources
  • Use antivirus software to scan files before opening them
  • Disable any unnecessary features or plugins in Substance3D - Modeler that may increase the attack surface.
CVE-2025-49571 7.8
Published: 2025-08-12T21:15:31.043

What it does:

The Substance3D - Modeler versions 1.22.0 and earlier contain a vulnerability that allows an attacker to execute arbitrary code in the context of the current user by modifying the search path to point to a malicious program.

Why it's a problem:

This vulnerability is a problem because it enables attackers to run malicious code on a user's system without requiring any interaction from the user, potentially leading to unauthorized access, data theft, or other harmful activities.

Steps to mitigate:

  • Update Substance3D - Modeler to a version later than 1.22.0
  • Avoid using uncontrolled search paths in applications
  • Use secure protocols to verify the authenticity of programs and resources
  • Implement strict access controls to limit the damage in case of an attack
  • Regularly monitor system activity for suspicious behavior.
CVE-2025-49570 7.8
Published: 2025-08-12T21:15:30.857

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file in Photoshop Desktop versions 25.12.3, 26.8, and earlier, due to an out-of-bounds write issue.

Why it's a problem:

This is a problem because it enables attackers to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, all of which can occur simply by tricking a user into opening a specially crafted file.

Steps to mitigate:

  • Update Photoshop to the latest version
  • [Avoid opening files from untrusted sources]
  • [Use antivirus software to scan files before opening them]
  • [Disable unnecessary features in Photoshop to reduce the attack surface]
CVE-2025-49562 5.5
Published: 2025-08-12T21:15:30.637

What it does:

This vulnerability, known as a Use After Free issue, occurs in Animate versions 23.0.12, 24.0.9, and earlier, allowing potential disclosure of sensitive memory when a user opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it could lead to the unauthorized exposure of sensitive information stored in the computer's memory, potentially putting user data at risk, especially if the malicious file is crafted to exploit this specific weakness.

Steps to mitigate:

  • Update Animate to the latest version available
  • [Avoid opening files from untrusted sources]
  • [Be cautious when interacting with files from unknown origins]
  • [Consider using security software that scans files for malware before opening them]
CVE-2025-49561 7.8
Published: 2025-08-12T21:15:30.473

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system when they open a malicious file using Animate versions 23.0.12, 24.0.9, or earlier, potentially giving the attacker control over the system.

Why it's a problem:

This is a problem because it could lead to unauthorized access and control of a user's system, allowing an attacker to steal sensitive information, install malware, or cause other types of harm, all within the context of the current user's privileges.

Steps to mitigate:

  • Update Animate to the latest version
  • [Avoid opening files from unknown or untrusted sources]
  • [Use anti-virus software to scan files before opening them]
  • [Disable unnecessary features in Animate to reduce the attack surface]
CVE-2025-49569 7.8
Published: 2025-08-12T20:15:31.177

What it does:

The CVE-2025-49569 vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting an out-of-bounds write issue in Substance3D Viewer versions 0.25 and earlier, but only if the user opens a malicious file.

Why it's a problem:

This vulnerability is a problem because it could allow an attacker to gain control of a user's system, potentially leading to data theft, malware installation, or other malicious activities, all of which could have serious consequences for the user's security and privacy.

Steps to mitigate:

  • Update Substance3D Viewer to a version later than 0.25
  • Avoid opening files from untrusted sources
  • Use caution when opening files from unknown or suspicious senders
  • Consider using alternative software until a patch is available.
CVE-2025-49560 7.8
Published: 2025-08-12T20:15:31.020

What it does:

This vulnerability allows an attacker to execute arbitrary code on a user's system by exploiting a heap-based buffer overflow in Substance3D Viewer versions 0.25 and earlier, which occurs when a user opens a malicious file.

Why it's a problem:

This is a problem because it enables attackers to run malicious code on a victim's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can happen with the same privileges as the current user.

Steps to mitigate:

  • Update Substance3D Viewer to a version later than 0.25
  • Avoid opening files from untrusted sources
  • Use security software to scan files for malware before opening them
  • Consider implementing a policy to restrict the use of vulnerable software versions.
CVE-2025-36000 4.4
Published: 2025-08-12T20:15:30.360

What it does:

This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI of IBM WebSphere Application Server Liberty, potentially altering the intended functionality and leading to the execution of malicious code.

Why it's a problem:

This vulnerability is a problem because it could lead to credentials disclosure within a trusted session, allowing an attacker to gain unauthorized access to sensitive information and potentially take control of the affected system.

Steps to mitigate:

  • Update IBM WebSphere Application Server Liberty to a version outside of the vulnerable range (17.0.0.3 through 25.0.0.8)
  • Implement strict input validation and sanitization to prevent malicious code injection
  • Limit privileged user access to the Web UI to reduce the attack surface
  • Monitor system logs for suspicious activity and signs of potential exploitation.
CVE-2025-55169 0
Published: 2025-08-12T19:15:36.430

What it does:

The CVE-2025-55169 vulnerability allows an attacker to access local files on the server and sensitive information, including the config.php file, by exploiting a path traversal weakness in the WeGIA application's download_remessa.php endpoint.

Why it's a problem:

This vulnerability is a problem because it could grant unauthorized access to sensitive information, such as database credentials stored in config.php, potentially leading to direct access to the database and compromising the security of the application and its data.

Steps to mitigate:

  • Update WeGIA to version 3.4.8 or later
  • Restrict access to the download_remessa.php endpoint until the update can be applied
  • Review server logs for suspicious activity indicating potential exploitation of the vulnerability.
CVE-2025-55168 0
Published: 2025-08-12T19:15:36.293

What it does:

The CVE-2025-55168 vulnerability allows attackers to inject arbitrary SQL commands into the WeGIA web manager's database through the id_fichamedica parameter in the /html/saude/aplicar_medicamento.php endpoint, prior to version 3.4.8.

Why it's a problem:

This vulnerability is a problem because it compromises the confidentiality, integrity, and availability of the database, potentially leading to unauthorized access, modification, or deletion of sensitive data.

Steps to mitigate:

  • Update WeGIA to version 3.4.8 or later
  • Validate and sanitize user input to prevent SQL injection
  • Implement a Web Application Firewall (WAF) to detect and block suspicious SQL queries
  • Regularly monitor database activity for signs of unauthorized access or malicious activity.
CVE-2025-53744 7.2
Published: 2025-08-12T19:15:35.113

What it does:

This vulnerability allows a remote authenticated attacker with high privileges to gain super-admin access by registering a device to a malicious FortiManager in affected FortiOS Security Fabric versions.

Why it's a problem:

This is a problem because it enables an attacker to escalate their privileges, potentially allowing them to gain full control over the system, access sensitive information, and perform malicious actions, compromising the security and integrity of the network.

Steps to mitigate:

  • Update FortiOS Security Fabric to a version outside the affected range (7.6.0-7.6.2, 7.4.0-7.4.7, 7.2, 7.0, 6.4)
  • Implement strict access controls and monitoring for FortiManager registrations
  • Limit high-privilege access to trusted users and devices
  • Regularly review and audit system logs for suspicious activity.
CVE-2025-52970 8.1
Published: 2025-08-12T19:15:32.277

What it does:

The CVE-2025-52970 vulnerability allows an unauthenticated remote attacker to gain admin privileges on a Fortinet FortiWeb device by sending a specially crafted request, exploiting improper handling of parameters in the device's software.

Why it's a problem:

This vulnerability is a problem because it enables an attacker to take control of the device without needing authentication, potentially leading to unauthorized access, data breaches, and disruption of critical services, highlighting a significant security risk for organizations relying on Fortinet FortiWeb devices.

Steps to mitigate:

  • Update Fortinet FortiWeb to a version above 7.6.3, 7.4.7, 7.2.10, or 7.0.10
  • Apply the latest security patches from Fortinet
  • Restrict access to the device to only trusted sources and implement additional security measures such as firewalls and intrusion detection systems
  • Monitor device logs for suspicious activity and report any potential security incidents to Fortinet support.
CVE-2025-49813 7.2
Published: 2025-08-12T19:15:30.853

What it does:

This vulnerability allows an attacker to inject malicious code into the Fortinet FortiADC system by sending specially crafted HTTP parameters, which can lead to the execution of unauthorized commands.

Why it's a problem:

This is a problem because it enables a remote attacker with low privileges to gain control over the system, potentially leading to data breaches, system compromise, or other malicious activities, even if they don't have high-level access.

Steps to mitigate:

  • Update Fortinet FortiADC to version 7.1.1 or later
  • [Restrict access to the system to only trusted and authenticated users]
  • [Implement input validation and sanitization for all HTTP parameters]
  • [Monitor system logs for suspicious activity and signs of potential exploitation]
CVE-2025-47857 6.7
Published: 2025-08-12T19:15:29.997

What it does:

This vulnerability allows an attacker with privileged access to inject malicious commands into the Fortinet FortiWeb CLI, potentially executing arbitrary code or commands.

Why it's a problem:

This vulnerability is a problem because it enables attackers to gain unauthorized control over the system, potentially leading to data breaches, system compromise, or other malicious activities, especially since it can be exploited by privileged users who already have some level of access.

Steps to mitigate:

  • Update FortiWeb CLI to version 7.6.4 or later
  • Update FortiWeb CLI to version 7.4.8 or later if running an earlier version
  • Limit privileged access to the FortiWeb CLI to only trusted users
  • Monitor system logs for suspicious activity
  • Implement additional security measures such as input validation and command filtering to prevent command injection attacks.
CVE-2025-43734 0
Published: 2025-08-12T19:15:29.803

What it does:

This vulnerability allows an attacker to inject malicious JavaScript code into a Liferay Portal or Liferay DXP system by exploiting a reflected cross-site scripting (XSS) flaw in the configuration of a custom sort widget, specifically in the "first display label" field, which is then executed when the page is refreshed.

Why it's a problem:

This vulnerability is a problem because it enables a remote authenticated attacker to execute arbitrary JavaScript code on the system, potentially leading to unauthorized access, data theft, or other malicious activities, compromising the security and integrity of the affected Liferay Portal or Liferay DXP instance.

Steps to mitigate:

  • Update Liferay Portal or Liferay DXP to a version outside of the affected range (7.4.0-7.4.3.132, 2025.Q1.0-2025.Q1.10, 2024.Q4.0-2024.Q4.7, 2024.Q3.1-2024.Q3.13, 2024.Q2.1-2024.Q2.13, 2024.Q1.1-2024.Q1.16, 7.4 GA through update 92)
  • Implement input validation and sanitization for the "first display label" field in custom sort widgets
  • Restrict access to the configuration of custom sort widgets to authorized personnel only
  • Monitor system logs for suspicious activity and signs of XSS attacks.
CVE-2025-36124 5.9
Published: 2025-08-12T19:15:29.457

What it does:

This vulnerability allows a remote attacker to bypass security restrictions in IBM WebSphere Application Server Liberty by exploiting a failure to honor JMS messaging configuration, potentially giving them unauthorized access to sensitive data or systems.

Why it's a problem:

This vulnerability is a problem because it could enable malicious actors to circumvent security measures, leading to potential data breaches, unauthorized system access, or other malicious activities, which could compromise the confidentiality, integrity, and availability of sensitive information.

Steps to mitigate:

  • Update IBM WebSphere Application Server Liberty to a version outside the affected range (17.0.0.3 through 25.0.0.8)
  • Apply security patches or fixes provided by IBM
  • Implement additional security controls, such as network segmentation and access controls, to limit the potential impact of a security breach.
CVE-2025-32932 6.5
Published: 2025-08-12T19:15:29.260

What it does:

This vulnerability allows an authenticated remote attacker to inject malicious code into the FortiSOAR WEB UI through stored service requests, enabling a cross-site scripting (XSS) attack.

Why it's a problem:

This vulnerability is a problem because it enables attackers to execute malicious scripts on the FortiSOAR platform, potentially leading to unauthorized access, data theft, or disruption of services, which can compromise the security and integrity of the system.

Steps to mitigate:

  • Update FortiSOAR to a version above 7.6.1 or 7.5.1
  • [Apply the latest security patches from the vendor]
  • Implement input validation and sanitization to prevent malicious code injection
  • Restrict access to the FortiSOAR WEB UI to trusted users and networks
  • Monitor system logs for suspicious activity and signs of XSS attacks.
CVE-2025-32766 6.4
Published: 2025-08-12T19:15:29.107

What it does:

This vulnerability allows an attacker with privileged access to execute arbitrary code or commands on a Fortinet FortiWeb device by sending crafted commands through the Command Line Interface (CLI), due to a stack-based buffer overflow error.

Why it's a problem:

This vulnerability is a problem because it enables attackers to gain control over the device, potentially leading to unauthorized access, data breaches, or disruption of service, which can have significant security and operational impacts.

Steps to mitigate:

  • Update FortiWeb to version 7.6.4 or later
  • Update FortiWeb to version 7.4.8 or later if running an earlier version
  • Limit privileged access to the CLI to trusted users and networks
  • Monitor device logs for suspicious activity
  • Apply additional security controls, such as input validation and segmentation, to reduce the attack surface.
CVE-2025-27759 6.7
Published: 2025-08-12T19:15:28.957

What it does:

This vulnerability allows an attacker with privileged access to execute unauthorized code or commands on a Fortinet FortiWeb device by crafting malicious CLI commands, due to the device's failure to properly neutralize special elements used in OS commands.

Why it's a problem:

This vulnerability is a problem because it enables an authenticated attacker to gain control over the device, potentially leading to data breaches, system compromise, or disruption of critical services, which can have significant security and operational implications.

Steps to mitigate:

  • Update FortiWeb to a version outside of the vulnerable range (after 7.6.3, after 7.4.7, after 7.2.10, or 7.0.10 and later)
  • Restrict privileged access to trusted individuals only
  • Implement additional security controls, such as input validation and command filtering, to prevent malicious CLI commands.
CVE-2025-25256 9.8
Published: 2025-08-12T19:15:28.683

What it does:

This vulnerability allows an unauthenticated attacker to execute unauthorized code or commands on Fortinet FortiSIEM systems by sending crafted CLI requests, due to the system's failure to properly neutralize special elements used in OS commands.

Why it's a problem:

This is a significant problem because it enables attackers to gain control over the system, potentially leading to data breaches, disruption of services, or other malicious activities, without requiring any authentication or authorization.

Steps to mitigate:

  • Update FortiSIEM to a version outside of the vulnerable range (after 7.3.1, after 7.2.5, after 7.1.7, after 7.0.3, or 6.7.9 and later)
  • Apply security patches from Fortinet
  • Restrict access to the CLI interface to trusted sources and authenticated users only
  • Monitor system logs for suspicious activity and implement additional security measures to detect and prevent OS command injection attacks.
CVE-2025-25248 5.3
Published: 2025-08-12T19:15:28.530

What it does:

This vulnerability allows an authenticated user to send crafted requests to a FortiOS, FortiProxy, or FortiPAM device, potentially disrupting the availability of SSL-VPN services for Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC) bookmarks due to an integer overflow or wraparound issue.

Why it's a problem:

This vulnerability is a problem because it can be exploited by an authenticated user to intentionally or unintentionally impact the device's SSL-VPN availability, leading to denial-of-service conditions and potentially causing disruptions to remote access services.

Steps to mitigate:

  • Update FortiOS to version 7.6.3 or later
  • Update FortiProxy to version 7.6.3 or later
  • Update FortiPAM to version 1.5.1 or later
  • Limit authenticated user access to SSL-VPN services
  • Monitor device logs for suspicious activity
  • Apply vendor-recommended patches and workarounds for affected versions.
CVE-2024-52964 5.5
Published: 2025-08-12T19:15:27.720

What it does:

This vulnerability allows an authenticated remote attacker to access and overwrite arbitrary files on a Fortinet FortiManager system by crafting specific requests, potentially leading to unauthorized changes and data corruption.

Why it's a problem:

This vulnerability is a problem because it enables attackers to modify critical system files, which could disrupt the normal functioning of the FortiManager, lead to data loss, or even allow the attacker to gain elevated privileges and further compromise the system.

Steps to mitigate:

  • Update FortiManager to a version outside the vulnerable range (above 7.6.1, above 7.4.5, above 7.2.9, or 7.0.13 and later)
  • Apply the latest security patches from Fortinet
  • Restrict access to the FortiManager system to only trusted and authenticated users
  • Monitor system logs for suspicious activity and crafted requests.
CVE-2024-48892 6.8
Published: 2025-08-12T19:15:27.567

What it does:

This vulnerability allows an authenticated attacker to access and read arbitrary files on a FortiSOAR system by uploading a specially crafted solution pack, which can traverse the directory structure and reach files outside of the intended directory.

Why it's a problem:

This vulnerability is a problem because it can give an attacker unauthorized access to sensitive information, such as configuration files, user data, or other confidential documents, which can be used for further exploitation or malicious activities.

Steps to mitigate:

  • Update FortiSOAR to a version that is not affected by this vulnerability
  • [apply the patch or fix provided by the vendor]
  • restrict access to the solution pack upload feature to trusted users only
  • monitor system logs for suspicious activity related to solution pack uploads
  • implement additional security measures, such as file access controls and monitoring, to detect and prevent unauthorized file access.
CVE-2024-40588 4.4
Published: 2025-08-12T19:15:27.397

What it does:

The CVE-2024-40588 vulnerability allows an attacker with privileges to access and read files from the underlying filesystem of certain Fortinet products, including FortiMail, FortiVoice, FortiRecorder, FortiCamera, and FortiNDR, by sending crafted CLI requests that exploit relative path traversal weaknesses.

Why it's a problem:

This vulnerability is a problem because it enables unauthorized access to sensitive files and data, potentially leading to data breaches, intellectual property theft, or other malicious activities, which can compromise the security and confidentiality of the affected systems.

Steps to mitigate:

  • Update FortiMail to version 7.6.2 or later
  • Update FortiVoice to version 7.0.6 or later
  • Update FortiRecorder to version 7.2.2 or later
  • Update FortiCamera and FortiNDR to version 7.4.7 or later
  • Limit privileged access to the CLI interface
  • Monitor system logs for suspicious activity and implement additional security controls to detect and prevent potential exploits.
CVE-2024-26009 8.1
Published: 2025-08-12T19:15:27.230

What it does:

This vulnerability allows an unauthorized attacker to bypass authentication and take control of a Fortinet device by sending specially crafted requests, but only if the device is managed by a FortiManager and the attacker knows the FortiManager's serial number.

Why it's a problem:

This is a significant issue because it enables an attacker to gain control of a device without needing a password or any other form of authentication, potentially leading to unauthorized access, data theft, or disruption of services.

Steps to mitigate:

  • Update FortiOS to version 6.4.16 or later, or 6.2.16 or later
  • Update FortiProxy to version 7.4.3 or later, or 7.2.9 or later, or 7.0.15 or later
  • Update FortiPAM to version 1.2.0 or later
  • Ensure all managed devices are configured to only accept authenticated requests from trusted sources
  • Limit access to FortiManager serial numbers to authorized personnel only.
CVE-2023-45584 6.6
Published: 2025-08-12T19:15:27.020

What it does:

This vulnerability allows a privileged attacker to execute code or commands on affected Fortinet devices (FortiOS, FortiProxy, and FortiPAM) by sending specially crafted HTTP or HTTPS requests, due to a double free error in the system.

Why it's a problem:

This vulnerability is a problem because it enables attackers with privileged access to potentially take control of the device, execute malicious code, or issue unauthorized commands, which could lead to data breaches, system compromise, or disruption of service.

Steps to mitigate:

  • Update FortiOS to version 7.0.12 or later, 7.2.6 or later, or 7.4.2 or later
  • Update FortiProxy to version 7.0.13 or later, 7.2.8 or later, or 7.4.2 or later
  • Update FortiPAM to version 1.0.3 or later, or 1.1.3 or later
  • Limit privileged access to the device
  • Monitor device logs for suspicious activity
CVE-2025-53793 7.5
Published: 2025-08-12T18:15:47.427

What it does:

This vulnerability allows an unauthorized attacker to access and disclose sensitive information over a network due to improper authentication in Azure Stack.

Why it's a problem:

This is a problem because it enables attackers to gain unauthorized access to confidential data, potentially leading to data breaches, intellectual property theft, and other malicious activities, compromising the security and integrity of the affected system.

Steps to mitigate:

  • Update Azure Stack to the latest version
  • [Apply the recommended security patches from Microsoft]
  • [Implement additional authentication measures, such as multi-factor authentication]
  • [Monitor network activity for suspicious behavior]
  • [Restrict access to sensitive data and configure access controls]
CVE-2025-53789 7.8
Published: 2025-08-12T18:15:47.200

What it does:

This vulnerability allows an attacker with some level of access to a Windows system to exploit a weakness in the StateRepository API, which lacks proper authentication for a critical function, enabling them to gain higher privileges on the local system.

Why it's a problem:

This is a problem because it enables an authorized user to escalate their privileges beyond what they should have, potentially leading to unauthorized access to sensitive data, disruption of system operations, or installation of malicious software, thus compromising the security and integrity of the system.

Steps to mitigate:

  • Apply the latest Windows security updates
  • [patch the StateRepository API]
  • [restrict access to the StateRepository API to only those who need it]
  • [monitor system logs for suspicious activity related to privilege escalation]
CVE-2025-53788 7.0
Published: 2025-08-12T18:15:47.047

What it does:

The CVE-2025-53788 vulnerability is a time-of-check time-of-use (toctou) race condition in the Windows Subsystem for Linux, which allows an authorized attacker to exploit a timing flaw and elevate their privileges locally.

Why it's a problem:

This vulnerability is a problem because it enables an attacker with existing access to gain higher-level privileges, potentially allowing them to access sensitive data, install malware, or take control of the system, compromising the security and integrity of the affected Windows system.

Steps to mitigate:

  • Update Windows to the latest version
  • [Apply the latest security patches to the Windows Subsystem for Linux]
  • Restrict access to the Windows Subsystem for Linux to authorized personnel only
  • Monitor system logs for suspicious activity related to privilege escalation.
CVE-2025-53784 8.4
Published: 2025-08-12T18:15:46.783

What it does:

This vulnerability allows an attacker to execute code locally on a computer by exploiting a "use after free" flaw in Microsoft Office Word, which occurs when the program tries to access memory that has already been freed.

Why it's a problem:

This vulnerability is a problem because it enables an unauthorized attacker to run malicious code on a victim's computer, potentially leading to data theft, system compromise, or other harmful activities, especially since it can be exploited locally without needing remote access.

Steps to mitigate:

  • Update Microsoft Office Word to the latest version
  • [Apply security patches from Microsoft]
  • Avoid opening suspicious or untrusted Word documents
  • Use anti-virus software to scan for malware
  • Enable memory protection features in the operating system.
CVE-2025-53783 7.5
Published: 2025-08-12T18:15:46.620

What it does:

This vulnerability allows an unauthorized attacker to overflow a buffer in Microsoft Teams, potentially enabling them to execute malicious code over a network.

Why it's a problem:

This is a problem because it could give an attacker the ability to run arbitrary code on a victim's system, potentially leading to data theft, system compromise, or other malicious activities, all without the need for physical access or user interaction.

Steps to mitigate:

  • Update Microsoft Teams to the latest version
  • [Apply security patches from Microsoft]
  • Disable unnecessary features in Microsoft Teams
  • Use a firewall to limit network access
  • Monitor system logs for suspicious activity
CVE-2025-53781 7.7
Published: 2025-08-12T18:15:46.473

What it does:

This vulnerability allows an authorized attacker to access and disclose sensitive information from Azure Virtual Machines over a network, potentially exposing confidential data to unauthorized parties.

Why it's a problem:

This vulnerability is a problem because it can lead to unauthorized access to sensitive information, which can result in data breaches, intellectual property theft, and other malicious activities, ultimately compromising the security and integrity of the affected systems and data.

Steps to mitigate:

  • Update Azure Virtual Machines to the latest security patch
  • [apply network segmentation to restrict access]
  • [implement robust access controls and monitoring to detect unauthorized activity]
  • [regularly review and audit system configurations to ensure compliance with security best practices]
CVE-2025-53779 7.2
Published: 2025-08-12T18:15:46.320

What it does:

The CVE-2025-53779 vulnerability allows an attacker with authorization to exploit a relative path traversal flaw in Windows Kerberos, enabling them to gain elevated privileges over a network.

Why it's a problem:

This vulnerability is a problem because it enables authorized attackers to escalate their privileges, potentially granting them unauthorized access to sensitive data and systems, which could lead to further malicious activities such as data theft, tampering, or disruption of services.

Steps to mitigate:

  • Apply the latest Windows security updates
  • [patch vulnerable Kerberos implementations]
  • [restrict network access to authorized personnel]
  • [monitor network activity for suspicious behavior]
  • [implement additional authentication and authorization mechanisms]