Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2025
CVE-2025-49559
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction.
CVSS Score
5.3
EPSS Score
0.004
Published
2025-08-12
CVE-2025-49707
Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.
CVSS Score
7.9
EPSS Score
0.001
Published
2025-08-12
CVE-2025-33051
Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.
CVSS Score
7.5
EPSS Score
0.004
Published
2025-08-12
CVE-2025-47954
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-08-12
CVE-2025-48807
Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.
CVSS Score
6.7
EPSS Score
0.001
Published
2025-08-12
CVE-2025-49554
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-08-12
CVE-2025-24999
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-08-12
CVE-2025-25005
Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.
CVSS Score
6.5
EPSS Score
0.005
Published
2025-08-12
CVE-2025-25006
Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-08-12
CVE-2025-25007
Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
5.3
EPSS Score
0.003
Published
2025-08-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved