Security Vulnerabilities - CVEs Published In May 2025
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-20
In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page
CVSS Score
4.3
EPSS Score
0.0
Published
2025-05-20
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API
CVSS Score
7.7
EPSS Score
0.0
Published
2025-05-20
Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes input to `TableChatAgent` by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-05-20
Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `LanceDocChatAgent` uses pandas eval() through `compute_from_docs()`. As a result, an attacker may be able to make the agent run malicious commands through `QueryPlan.dataframe_calc]`) compromising the host system. Langroid 0.53.15 sanitizes input to the affected function by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation.
CVSS Score
8.1
EPSS Score
0.004
Published
2025-05-20
vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of the `PyNcclPipe` class to establish a peer-to-peer communication domain for data transmission between distributed nodes. The GPU-side KV-Cache transmission is implemented through the `PyNcclCommunicator` class, while CPU-side control message passing is handled via the `send_obj` and `recv_obj` methods on the CPU side. The intention was that this interface should only be exposed to a private network using the IP address specified by the `--kv-ip` CLI parameter. The vLLM documentation covers how this must be limited to a secured network. The default and intentional behavior from PyTorch is that the `TCPStore` interface listens on ALL interfaces, regardless of what IP address is provided. The IP address given was only used as a client-side address to use. vLLM was fixed to use a workaround to force the `TCPStore` instance to bind its socket to a specified private interface. As of version 0.8.5, vLLM limits the `TCPStore` socket to the private interface as configured.
CVSS Score
9.8
EPSS Score
0.009
Published
2025-05-20
In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning
CVSS Score
4.3
EPSS Score
0.0
Published
2025-05-20
In the Linux kernel, the following vulnerability has been resolved:
qibfs: fix _another_ leak
failure to allocate inode => leaked dentry...
this one had been there since the initial merge; to be fair,
if we are that far OOM, the odds of failing at that particular
allocation are low...
CVSS Score
5.5
EPSS Score
0.001
Published
2025-05-20
In the Linux kernel, the following vulnerability has been resolved:
crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()
Herbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa
implementation's ->key_size() callback returns an unusually large value.
Herbert instead suggests (for a division by 8):
X / 8 + !!(X & 7)
Based on this formula, introduce a generic DIV_ROUND_UP_POW2() macro and
use it in lieu of DIV_ROUND_UP() for ->key_size() return values.
Additionally, use the macro in ecc_digits_from_bytes(), whose "nbytes"
parameter is a ->key_size() return value in some instances, or a
user-specified ASN.1 length in the case of ecdsa_get_signature_rs().
CVSS Score
5.5
EPSS Score
0.001
Published
2025-05-20
In the Linux kernel, the following vulnerability has been resolved:
USB: wdm: close race between wdm_open and wdm_wwan_port_stop
Clearing WDM_WWAN_IN_USE must be the last action or
we can open a chardev whose URBs are still poisoned
CVSS Score
4.7
EPSS Score
0.001
Published
2025-05-20