Welcome back to VulnVerse! This is our 28th weekly dispatch, packed with the latest vulnerabilities, exploits, and cyber threats. Let's get to it.

Content:

• Vulnerabilities and Exploits 🔥: 20

• Malware and Ransomware 🐛: 6

• Software and System Issues ⚙️: 3

• Data Breaches 💥: 3

• Tools 🛠️: 1

• Cloud ☁️: 2

• Cybersecurity Measures and Recommendations 🔒️: 5

• Advanced Persistent Threats (APT) 🕵️: 6

Vulnerabilities and Exploits 🔥

ZDI-CAN-25373 Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns

Trend Micro analyzes a zero-day vulnerability involving Windows shortcuts that allows attackers to execute arbitrary code.

Bypassing Authentication Like It’s The ‘90s - Pre-Auth RCE Chain(s) in Kentico Xperience CMS

WatchTowr Labs uncovers a critical security flaw in Kentico Xperience CMS that allows unauthenticated attackers to execute remote code.

CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File

Describes a vulnerability where extracting specially crafted RAR/ZIP archives containing .library-ms files can lead to NTLM hash leaks. Explains the exploitation process and offers recommendations to mitigate the risk.

Age Gate <= 3.5.3 - Unauthenticated Local PHP File Inclusion via 'lang'

Identifies a vulnerability in the Age Gate plugin for WordPress, version 3.5.3, where the 'lang' parameter can be exploited for unauthenticated local PHP file inclusion.

CVE-2025-22223: Spring Security authorization bypass for method security annotations on parameterized types

A critical remote code execution vulnerability has been identified in the Spring Framework, allowing unauthenticated attackers to execute arbitrary code on affected systems. The issue arises from improper input validation in the data binding process, which can be exploited through specially crafted HTTP requests.

Critical LFI to RCE Vulnerability in WP Ghost Plugin Affecting 200k+ Sites

Highlights a critical Local File Inclusion (LFI) to Remote Code Execution (RCE) vulnerability in the WP Ghost plugin, impacting over 200,000 WordPress sites. Explains the technical aspects of the flaw, potential exploitation methods.

mySCADA myPRO Manager and Runtime RCE Vulnerability

Analyzes remote code execution vulnerabilities found in mySCADA myPRO Manager and Runtime. Discusses the potential impact on industrial control systems and the importance of timely patching and security assessments to prevent exploitation.

IT Vulnerability Report: Cyble Urges Fixes for Apple, PHP Flaws

Cyble's report highlights critical vulnerabilities discovered in Apple's software and PHP, emphasizing the potential risks these flaws pose to systems worldwide. The document details the nature of these vulnerabilities, their potential impact, and provides recommendations for mitigation to safeguard affected systems.

KB4724: CVE-2025-23120

Provides an official advisory on CVE-2025-23120, a critical vulnerability in Veeam Backup & Replication that could lead to remote code execution. Offers detailed information on the issue, affected versions, and guidance on applying necessary patches or workarounds to secure systems against potential attacks.

Cyble SQLi, XSS, and SSRF: Breaking Down Zimbra's Latest Security Threats

Cyble examines recent security threats targeting Zimbra, an open-source email collaboration suite. The analysis delves into the specifics of these vulnerabilities, their exploitation methods, and offers guidance on protective measures to secure Zimbra deployments against potential attacks.

CVE-2024-20439

Investigates CVE-2024-20439, a vulnerability in Cisco's Smart Licensing Utility involving a hardcoded static password. Details how this flaw could allow unauthorized access to licensing data and emphasizes the critical need for organizations to apply patches to prevent potential exploitation.

SSD Advisory - Linux kernel hfsplus slab-out-of-bounds Write

Details a critical out-of-bounds write vulnerability in the Linux kernel's HFS+ filesystem implementation. This flaw allows local users to escalate privileges by exploiting the kernel's memory management, potentially leading to arbitrary code execution.

CVE-2025-24813: Apache Tomcat Path Equivalence Vulnerability

Analyzes the CVE-2025-24813 vulnerability, focusing on its potential exploitation methods and impact on affected systems. Provides insights into mitigating the risks associated with this vulnerability, emphasizing the importance of timely patching and system updates to maintain security.

By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)

Analyzes the CVE-2025-23120 vulnerability in Veeam Backup & Replication, which allows for remote code execution through domain-level exploits. Discusses the technical details of the flaw, potential attack vectors, and recommends mitigation strategies to protect affected systems from exploitation.

GitHub - akamai/CVE-2025-27636-Apache-Camel-PoC

Presents a proof of concept for CVE-2025-27636 and CVE-2025-29891, vulnerabilities in Apache Camel versions 3.10.0 to 3.22.3. Demonstrates how these flaws can be exploited to execute internal Camel methods, potentially leading to remote code execution. Provides sample vulnerable applications and guidance on building and running them for testing purposes.