Security Vulnerabilities - CVEs Published In June 2025
An issue was discovered in Samsung Mobile Processor Exynos 2200. A Use-After-Free in the mobile processor leads to privilege escalation.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-06-02
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-06-02
A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-06-02
MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion (LFI) via a specially crafted parameter value. In order to exploit the vulnerability, the installer must be unlocked (no `install/lock` file present) and the upgrade script must be accessible (by re-installing the forum via access to `install/index.php`; when the forum has not yet been installed; or the attacker is authenticated as a forum administrator). MyBB 1.8.39 resolves this issue.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-06-02
MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which allows attackers to determine the existence of hidden (draft, unapproved, or soft-deleted) threads containing specified text in the title. The visibility state (`mybb_threads.visible` integer column) of threads is not validated in internal search queries, whose result is used to output a general success or failure of the search. While MyBB validates permissions when displaying the final search results, a search operation that internally produces at least one result outputs a redirect response (as a HTTP redirect, or a success message page with delayed redirect, depending on configuration). On the other hand, a search operation that internally produces no results outputs a corresponding message in the response without a redirect. This allows a user to determine whether threads matching title search parameters exist, including draft threads (`visible` with a value of `-2`), soft-deleted threads (`visible` with a value of `-1`), and unapproved threads (`visible` with a value of `0`); in addition to displaying generally visible threads (`visible` with a value of `1`). This vulnerability does not affect other layers of permissions. In order to exploit the vulnerability, the user must have access to the search functionality, and general access to forums containing the thread(s). The vulnerability does not expose the message content of posts. MyBB 1.8.39 resolves this issue.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-06-02
A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-06-02
SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries.
CVSS Score
7.3
EPSS Score
0.002
Published
2025-06-02
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-06-02
Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-06-02
A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-06-02