Security Vulnerabilities - CVEs Published In May 2025
CVE-2025-27706 is a cross-site scripting vulnerability in the management
console of Absolute Secure Access prior to version 13.54. Attackers
with system administrator permissions can interfere with another system
administrator’s use of the management console when the second
administrator visits the page. Attack complexity is low, there are no
preexisting attack requirements, privileges required are high and active
user interaction is required. There is no impact on confidentiality,
the impact on integrity is low and there is no impact on availability.
CVSS Score
3.4
EPSS Score
0.0
Published
2025-05-28
Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains a hardcoded password.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-05-28
Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical Resource.
CVSS Score
5.0
EPSS Score
0.0
Published
2025-05-28
Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-05-28
Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
CVSS Score
7.2
EPSS Score
0.0
Published
2025-05-28
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.
CVSS Score
7.2
EPSS Score
0.0
Published
2025-05-28
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.
CVSS Score
7.2
EPSS Score
0.0
Published
2025-05-28
CVE-2025-48928
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.
Known exploited
CVSS Score
4.0
EPSS Score
0.099
Published
2025-05-28
Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account's privileges.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-05-28
Netwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-05-28