CVE-2025-3711 - "LCD KVM over IP Switch CL5708IM Stack-based Buffer Overflow Vulnerability"

CVE ID : CVE-2025-3711

Published : May 9, 2025, 4:16 a.m. | 2 hours, 25 minutes ago

Description : The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

CVE-2025-30165 – vLLM ZeroMQ Remote Code Execution Vulnerability

May 6, 2025

CVE ID : CVE-2025-30165

Published : May 6, 2025, 5:16 p.m. | 58 minutes ago

Description : vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a `SUB` ZeroMQ socket and connect to an `XPUB` socket on the primary vLLM host. When data is received on this `SUB` socket, it is deserialized with `pickle`. This is unsafe, as it can be abused to execute code on a remote machine. Since the vulnerability exists in a client that connects to the primary vLLM host, this vulnerability serves as an escalation point. If the primary vLLM host is compromised, this vulnerability could be used to compromise the rest of the hosts in the vLLM deployment. Attackers could also use other means to exploit the vulnerability without requiring access to the primary vLLM host. One example would be the use of ARP cache poisoning to redirect traffic to a malicious endpoint used to deliver a payload with arbitrary code to execute on the target machine. Note that this issue only affects the V0 engine, which has been off by default since v0.8.0. Further, the issue only applies to a deployment using tensor parallelism across multiple hosts, which we do not expect to be a common deployment pattern. Since V0 is has been off by default since v0.8.0 and the fix is fairly invasive, the maintainers of vLLM have decided not to fix this issue. Instead, the maintainers recommend that users ensure their environment is on a secure network in case this pattern is in use. The V1 engine is not affected by this issue.

Severity: 8.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

This week in AI dev tools: A2A donated to Linux Foundation, OpenAI adds Deep Research to API, and more (June 27, 2025)

The next big HDMI leap has arrived – here’s how these 16K cables will shake things up

Here’s how you can still trade in any phone at Verizon to get an iPhone, iPad, and Apple Watch free

Anthropic has a plan to combat AI-triggered job losses predicted by its CEO

Forget Google and Microsoft: OpenAI may be building the ultimate work suite of apps and services

Say hello to ECMAScript 2025

Say hello to ECMAScript 2025

Ecma International approves ECMAScript 2025: What’s new?

Building Together: PRFT Colleagues Volunteer with Atlanta Habitat for Humanity

Fix Elden Ring Nightreign Connection Errors And Server Login Failure PC

Fix Elden Ring Nightreign Connection Errors And Server Login Failure PC

Fix Now EAC Error 20006 in Elden Ring: Nightreign [6 Easy Tricks]

Fix Now Elden Ring Nightreign EAC Error 30005 (CreateFile Failed)

CVE-2025-3711 – “LCD KVM over IP Switch CL5708IM Stack-based Buffer Overflow Vulnerability”

CVE-2025-53380 – Apache Struts Deserialization Vulnerability

CVE-2025-53383 – Apache HTTP Server Cross-Site Request Forgery

The Anatomy of an RCE Attack : The Hacker’s Big Score

British compute sector surged ahead in 2024, report shows

13 Best Free and Open Source Terminal-Based Podcast Tools

Microsoft takes big step towards agentic Windows AI experiences with native Model Context Protocol support

CVE-2025-30165 – vLLM ZeroMQ Remote Code Execution Vulnerability

Mitigating Hallucinations in Large Vision-Language Models: A Latent Space Steering Approach

Best AI Tools for Freelancers in 2025 Boost Productivity & Profits

CVE-2025-4072 – PHPGurukul Online Nurse Hiring System SQL Injection Vulnerability

CVE-2025-3711 – “LCD KVM over IP Switch CL5708IM Stack-based Buffer Overflow Vulnerability”

Related Posts