CVE-2025-25034 – SugarCRM Object Injection Vulnerability

June 20, 2025

CVE ID : CVE-2025-25034

Published : June 20, 2025, 7:15 p.m. | 3 hours, 14 minutes ago

Description : A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the rest_data parameter before passing it to the unserialize() function. This allows an unauthenticated attacker to submit crafted serialized data containing malicious object declarations, resulting in arbitrary code execution within the application context. Although SugarCRM released a prior fix in advisory sugarcrm-sa-2016-001, the patch was incomplete and failed to address some vectors.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-25037 – Aquatronica Controller System Information Disclosure Vulnerability

Next Article CVE-2024-4025 – “GitLab Markdown DoS Vulnerability”

Highlights

CVE-2025-8062 – WordPress WS Theme Addons Stored Cross-Site Scripting Vulnerability

August 23, 2025

CVE ID : CVE-2025-8062

Published : Aug. 23, 2025, 5:15 a.m. | 21 hours, 22 minutes ago

Description : The WS Theme Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ws_weather shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

@ts-ignore is almost always the worst option

@ts-ignore is almost always the worst option

MutativeJS v1.3.0 is out with massive performance gains

Student Performance Prediction System using Python Machine Learning (ML)

DistroWatch Weekly, Issue 1140

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Hyprland Made Easy: Preconfigured Beautiful Distros

CVE-2025-25034 – SugarCRM Object Injection Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

La rivista Linux Format conclude le pubblicazioni con il numero 329

Rilasciato GNU Nano 8.5: L’editor di testo a riga di comando con ancore salvate e colorazione della sintassi migliorata

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Is that image real or AI? Now Adobe’s got an app for that – here’s how to use it

CVE-2025-8062 – WordPress WS Theme Addons Stored Cross-Site Scripting Vulnerability

From freeCodeCamp to NASA with Data Engineer Joe Hill [Podcast #178]

CVE-2025-46000 – Apache Filemanager SVG File Upload RCE

VeBrain: A Unified Multimodal AI Framework for Visual Reasoning and Real-World Robotic Control

CVE-2025-25034 – SugarCRM Object Injection Vulnerability

Related Posts