CVE-2025-23260 – NVIDIA AIStore Kubernetes ClusterRole Escalation of Privilege

June 24, 2025

CVE ID : CVE-2025-23260

Published : June 24, 2025, 6:15 p.m. | 38 minutes ago

Description : NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure.

Severity: 5.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49147 – Umbraco Information Disclosure Vulnerability

Next Article CVE-2024-56916 – Netbox Community XSS: Cross-Site Scripting in Configuration History

Highlights

CVE-2025-35006 – Microhard BulletLTE-NA2 and IPn4Gii-NA2 Command Injection Vulnerability

June 8, 2025

CVE ID : CVE-2025-35006

Published : June 8, 2025, 9:15 p.m. | 38 minutes ago

Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFPORTFWD command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-23260 – NVIDIA AIStore Kubernetes ClusterRole Escalation of Privilege

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-25012 – Kibana Open Redirect and SSRF Vulnerability

CVE-2025-32432 (CVSS 10): Craft CMS Hit by Critical RCE Flaw Exploited in the Wild

QuickPoint

LWiAI Podcast #220 – Gemini 2.5 Flash Image, Claude for Chrome

CVE-2025-35006 – Microhard BulletLTE-NA2 and IPn4Gii-NA2 Command Injection Vulnerability

Debugging UI with AI: GitHub Copilot agent mode meets MCP servers

Best Prime Day Apple deals: My 15 favorite sales live now

CVE-2025-8292 – Google Chrome Media Stream Use After Free Vulnerability

CVE-2025-23260 – NVIDIA AIStore Kubernetes ClusterRole Escalation of Privilege

Related Posts