CVE-2025-3528 – OpenShift Mirror Registry Privilege Escalation Vulnerability

May 9, 2025

CVE ID : CVE-2025-3528

Published : May 9, 2025, 12:15 p.m. | 3 hours, 28 minutes ago

Description : A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3897 – “WordPress EUCookieLaw Plugin Arbitrary File Read Vulnerability”

Next Article Design system annotations, part 1: How accessibility gets left out of components

Highlights

CVE-2025-23172 – “Versa Networks Director Webhook Command Execution”

June 18, 2025

CVE ID : CVE-2025-23172

Published : June 19, 2025, 12:15 a.m. | 1 hour, 47 minutes ago

Description : The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the “Add Webhook” and “Test Webhook” functionalities can be abused by an authenticated user to send crafted HTTP requests to localhost. This can be leveraged to execute commands on behalf of the versa user, who has sudo privileges, potentially leading to privilege escalation or remote code execution.

Exploitation Status:

Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.

Workarounds or Mitigation:

There are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Across the 4th Dimension

Cursor vs GitHub Copilot (2025): Which AI Platform Wins for Your Node.js Dev Team?

NuGet adds support for Trusted Publishing

AWS launches IDE extension for building browser automation agents

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

IDC ServiceScape for Microsoft Power Apps Low-Code/No-Code Custom Application Development Services

A Stream-Oriented UI library for interactive web applications

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2025-3528 – OpenShift Mirror Registry Privilege Escalation Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Breaking news – the Washington Post has been hacked

CVE-2025-5625 – Campcodes Online Teacher Record Management System SQL Injection Vulnerability

Vampire Survivors stealth-launches Emerald Diorama DLC, but PlayStation cross-save looks unlikely

CVE-2025-49872 – WPExperts.io myCred Missing Authorization Vulnerability

CVE-2025-23172 – “Versa Networks Director Webhook Command Execution”

CVE-2025-5932 – “WordPress Homerunner CSRF Vulnerability”

The dog days of JavaScript summer

CVE-2025-38351 – KVM Hyper-V Canonical GVA Vulnerability

CVE-2025-3528 – OpenShift Mirror Registry Privilege Escalation Vulnerability

Related Posts