Security Vulnerabilities - CVEs Published In October 2025
HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-10-16
ASDA-Soft Stack-based Buffer Overflow Vulnerability
CVSS Score
7.8
EPSS Score
0.0
Published
2025-10-16
ASDA-Soft Stack-based Buffer Overflow Vulnerability
CVSS Score
7.8
EPSS Score
0.0
Published
2025-10-16
YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure
Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read
The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-16
The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia 15.6. A local attacker may be able to elevate their privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-10-15
A double free issue was addressed with improved memory management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to cause unexpected system termination.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-10-15
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-10-15
Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-10-15
The issue was resolved by not loading remote images. This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-10-15
Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVSS Score
10.0
EPSS Score
0.001
Published
2025-10-15