Security Vulnerabilities - CVEs Published In November 2025
An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619_B20230130 within the cstecgi.cgi binary (sub_41EC68 function). The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long. The parameter is then directly inserted into a system command using sprintf() and executed with system(). Maliciously crafted IMEI input can execute arbitrary commands on the router without authentication.
CVSS Score
6.5
EPSS Score
0.096
Published
2025-11-13
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse function). The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack buffer using strcpy() without any length validation. Maliciously crafted input can overflow the buffer, leading to potential arbitrary code execution or memory corruption, without requiring authentication.
CVSS Score
6.5
EPSS Score
0.004
Published
2025-11-13
An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs because user-supplied CGI parameters (wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip, ttcp_size) are concatenated into system command strings without proper sanitization and executed via wl_exec_cmd. Successful exploitation allows remote attackers to execute arbitrary commands on the device without authentication.
CVSS Score
5.4
EPSS Score
0.003
Published
2025-11-13
A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to implement a patch to correct this issue.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-11-13
Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c (2025-06-02) contains a Server-Side Request Forgery (SSRF) vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to send HTTP requests to arbitrary URLs
CVSS Score
6.5
EPSS Score
0.002
Published
2025-11-13
Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-11-13
External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access.
CVSS Score
5.0
EPSS Score
0.0
Published
2025-11-13
External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-11-13
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-13
Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.
CVSS Score
6.6
EPSS Score
0.0
Published
2025-11-13