CVE-2025-33005 – IBM Planning Analytics Session Impersonation Vulnerability

June 1, 2025

CVE ID : CVE-2025-33005

Published : June 1, 2025, 12:15 p.m. | 15 hours, 5 minutes ago

Description : IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5401 – Chaitak-Gorai Blogbook SQL Injection

Next Article CVE-2025-33004 – IBM Planning Analytics Local File Deletion Vulnerability

Highlights

CVE-2025-52573 – “iOS Simulator MCP Server Command Injection Vulnerability”

June 26, 2025

CVE ID : CVE-2025-52573

Published : June 26, 2025, 2:15 p.m. | 49 minutes ago

Description : iOS Simulator MCP Server (ios-simulator-mcp) is a Model Context Protocol (MCP) server for interacting with iOS simulators. Versions prior to 1.3.3 are written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server exposes the tool `ui_tap` which relies on Node.js child process API `exec` which is an unsafe and vulnerable API if concatenated with untrusted user input. LLM exposed user input for `duration`, `udid`, and `x` and `y` args can be replaced with shell meta-characters like `;` or `&&` or others to change the behavior from running the expected command `idb` to another command. When LLMs are tricked through prompt injection (and other techniques and attack vectors) to call the tool with input that uses special shell characters such as `; rm -rf /tmp;#` and other payload variations, the full command-line text will be interepted by the shell and result in other commands except of `ps` executing on the host running the MCP Server. Version 1.3.3 contains a patch for the issue.

Severity: 6.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

I finally gave NotebookLM my full attention – and it really is a total game changer

Google Chrome for iOS now lets you switch between personal and work accounts

How the Trump administration changed AI: A timeline

Download your photos before AT&T shuts down its cloud storage service permanently

Laravel Live Denmark

Laravel Live Denmark

The July 2025 Laravel Worldwide Meetup is Today

Livewire Security Vulnerability

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Halo and Half-Life combine in wild new mod, bringing two of my favorite games together in one — here’s how to play, and how it works

Surprise! The iconic Roblox ‘oof’ sound is back — the beloved meme makes “a comeback so good it hurts” after three years of licensing issues

CVE-2025-33005 – IBM Planning Analytics Session Impersonation Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

CVE-2025-6029 & CVE-2025-6030: Replay Attacks Expose Vulnerabilities in KIA and Autoeastern Smart Keyless Entry Systems

Rilasciato Blender 4.5 LTS: Innovazioni e Miglioramenti nel Software di Grafica 3D Open Source

CodeSOD: It’s Not Wrong to Say We’re Equal

Google’s email spoofed by cunning phisherfolk who re-used DKIM creds

CVE-2025-52573 – “iOS Simulator MCP Server Command Injection Vulnerability”

My 5 favorite AI apps on Android right now – and how I use them

Spring Boot for Automation Testing: A Tester’s Guide

Obama to propose legislation that protects firms sharing cyberthreat data

CVE-2025-33005 – IBM Planning Analytics Session Impersonation Vulnerability

Related Posts