CVE-2025-2875 – Apache Controller Resource Disclosure Vulnerability

May 14, 2025

CVE ID : CVE-2025-2875

Published : May 14, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could
cause a loss of confidentiality when an unauthenticated attacker manipulates controller’s webserver URL to
access resources.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-24780 – Apache IoTDB Untrusted URI Remote Code Execution Vulnerability

Next Article CVE-2024-8988 – PeepSo Core: File Uploads Plugin WordPress Insecure Direct Object Reference

Highlights

CVE-2025-43853 – “WAMR Symlink Following Vulnerability”

May 15, 2025

CVE ID : CVE-2025-43853

Published : May 15, 2025, 6:15 p.m. | 1 hour, 45 minutes ago

Description : The WebAssembly Micro Runtime’s (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink following vulnerability. On WAMR running in Windows, creating a symlink pointing outside of the preopened directory and subsequently opening it with create flag will create a file on host outside of the sandbox. If the symlink points to an existing host file, it’s also possible to open it and read its content. Version 2.3.0 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

From Line To Layout: How Past Experiences Shape Your Design Career

Hire React.js Developers in the US: How to Choose the Right Team for Your Needs

Google’s coding agent Jules gets critique functionality

The best smartphones without AI features in 2025: Expert tested and recommended

GPT-5 was supposed to simplify ChatGPT but now it has 4 new modes – here’s why

Gemini just got two of ChatGPT’s best features – and they’re free

I found the easiest way to send files between my Android phone and desktop – and it’s free

Laravel Boost is released

Laravel Boost is released

Frontend Standards for Optimizely Configured Commerce: Clean & Scalable Web Best Practices

Live Agent Escalation in Copilot Studio Using D365 Omnichannel – Architecture and Use Case

OpenAI’s Sam Altman: GPT-5 fails to meet AGI standards amid Microsoft’s fading partnership — “it’s still missing something”

OpenAI’s Sam Altman: GPT-5 fails to meet AGI standards amid Microsoft’s fading partnership — “it’s still missing something”

You Think You Need a Monster PC to Run Local AI, Don’t You? — My Seven-Year-Old Mid-range Laptop Says Otherwise

8 Registry Tweaks that will Make File Explorer Faster and Easier to Use on Windows 11

CVE-2025-2875 – Apache Controller Resource Disclosure Vulnerability

How the always-on generation can level up its cybersecurity game

Supply-chain dependencies: Check your resilience blind spot

Developer Spotlight: Max Barvian

CVE-2024-48905 – Sematell ReplyOne Authentication Bypass

CVE-2025-45513 – Tenda FH451 Stack Overflow Vulnerability

Warner Bros. latest earnings are dire for gaming, but A Minecraft Movie is a shining light

CVE-2025-43853 – “WAMR Symlink Following Vulnerability”

IT Pros also guilty of risqué selfies on mobiles

CVE-2025-7209 – Plan9port Null Pointer Dereference Vulnerability

The top-selling smartphone in 2025 so far might surprise you – here’s why

CVE-2025-2875 – Apache Controller Resource Disclosure Vulnerability

Related Posts