CVE-2025-49852 – ControlID iDSecure Server-Side Request Forgery

June 24, 2025

CVE ID : CVE-2025-49852

Published : June 24, 2025, 8:15 p.m. | 1 hour, 11 minutes ago

Description : ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a Server-Side Request Forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-52571 – Hikka Telegram Unauthenticated Account Takeover and Server Compromise Vulnerability

Next Article CVE-2025-49851 – ControlID iDSecure Authentication Bypass

Highlights

CVE-2025-37987 – Linux PDS Core AdminQ Overflow/Stuck Condition Vulnerability

May 20, 2025

CVE ID : CVE-2025-37987

Published : May 20, 2025, 6:15 p.m. | 34 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

pds_core: Prevent possible adminq overflow/stuck condition

The pds_core’s adminq is protected by the adminq_lock, which prevents
more than 1 command to be posted onto it at any one time. This makes it
so the client drivers cannot simultaneously post adminq commands.
However, the completions happen in a different context, which means
multiple adminq commands can be posted sequentially and all waiting
on completion.

On the FW side, the backing adminq request queue is only 16 entries
long and the retry mechanism and/or overflow/stuck prevention is
lacking. This can cause the adminq to get stuck, so commands are no
longer processed and completions are no longer sent by the FW.

As an initial fix, prevent more than 16 outstanding adminq commands so
there’s no way to cause the adminq from getting stuck. This works
because the backing adminq request queue will never have more than 16
pending adminq commands, so it will never overflow. This is done by
reducing the adminq depth to 16.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

Summer Game Fest had a bit of a “weird” vibe this year — an extremely mixed bag of weak presentations and interesting titles

The Lenovo Legion Go 2 gets its first release date tease, which could be accurate — but treat with the biggest pinch of salt

Denmark will stick with Windows — government still plans to ditch Microsoft Office

OneDrive user locked out of “30 years worth of photos and work” without any support — calls Microsoft a “Kafkaesque black hole”

Best PHP Project for Final Year Students: Learn, Build, and get Successful with PHPGurukul

Best PHP Project for Final Year Students: Learn, Build, and get Successful with PHPGurukul

Community News: Latest PECL Releases (06.24.2025)

JSON module scripts are now Baseline Newly Available

Summer Game Fest had a bit of a “weird” vibe this year — an extremely mixed bag of weak presentations and interesting titles

Summer Game Fest had a bit of a “weird” vibe this year — an extremely mixed bag of weak presentations and interesting titles

The Lenovo Legion Go 2 gets its first release date tease, which could be accurate — but treat with the biggest pinch of salt

Denmark will stick with Windows — government still plans to ditch Microsoft Office

CVE-2025-49852 – ControlID iDSecure Server-Side Request Forgery

Multiple vulnerabilities in Sitecore CMS | Kaspersky official blog

Don’t panic, but it’s only a matter of time before critical ‘CitrixBleed 2’ is under attack

CodeSOD: The Big Pictures

CVE-2025-47292 – Cap Collectif Remote Code Execution Vulnerability

CVE-2025-47663 – Mojoomla Hospital Management System Unrestricted File Upload Vulnerability

La cybergang Outlaw scatena attacchi globali contro server GNU/Linux

CVE-2025-37987 – Linux PDS Core AdminQ Overflow/Stuck Condition Vulnerability

🔍 Core Web Vitals Optimization: A Complete Guide (2025 Edition)

CVE-2025-49853 – ControlID iDSecure SQL Injection Vulnerability

From fast food worker to cybersecurity engineer with Tae’lur Alexis [Podcast #169]

CVE-2025-49852 – ControlID iDSecure Server-Side Request Forgery

Related Posts