CVE-2025-52890 – Incus ARP Spoofing Vulnerability

June 25, 2025

CVE ID : CVE-2025-52890

Published : June 25, 2025, 5:15 p.m. | 1 hour, 44 minutes ago

Description : Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rules that partially bypass security options `security.mac_filtering`, `security.ipv4_filtering` and `security.ipv6_filtering`. This can lead to ARP spoofing on the bridge and to fully spoof another VM/container on the same bridge. Commit 254dfd2483ab8de39b47c2258b7f1cf0759231c8 contains a patch for the issue.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5015 – AccuWeather Custom RSS Widget Cross-Site Scripting Vulnerability

Next Article CVE-2025-49153 – MICROSENS NMP Web+ Remote Code Execution

Highlights

CVE-2025-3832 – “FuseDesk WordPress Stored Cross-Site Scripting Vulnerability”

April 24, 2025

CVE ID : CVE-2025-3832

Published : April 24, 2025, 9:15 a.m. | 1 hour, 28 minutes ago

Description : The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘successredirect’ parameter in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

tRPC vs GraphQL vs REST: Choosing the right API design for modern web applications

Jakarta EE 11 Platform launches with modernized Test Compatibility Kit framework

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

OpenAI started as a “countervailing force” to Google — did Elon Musk and Sam Altman torpedo DeepMind’s plans to dictate AGI?

Gears of War: Reloaded preorders — where to buy and everything you need to know

OpenAI’s Sam Altman breaks silence on Microsoft feud with Satya Nadella — citing “points of tension” amid evolution plans

Are Semantic Layers Sexy Again? or The Rise and Fall and Rise of Semantic Layers

Are Semantic Layers Sexy Again? or The Rise and Fall and Rise of Semantic Layers

Salesforce Marketing Cloud Engagement vs. Oracle Eloqua

Exploring Lucidworks Fusion and Coveo Using Apache Solr

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

OpenAI started as a “countervailing force” to Google — did Elon Musk and Sam Altman torpedo DeepMind’s plans to dictate AGI?

Gears of War: Reloaded preorders — where to buy and everything you need to know

CVE-2025-52890 – Incus ARP Spoofing Vulnerability

Actively exploited vulnerability gives extraordinary control over server fleets

Urgent Citrix NetScaler Alert: Critical Memory Overflow Flaw (CVE-2025-6543, CVSS 9.2) Actively Exploited

25+ Best Lightroom Presets for Wedding Photographers

Microsoft Patch Tuesday June 2025

CVE-2025-43859: Request Smuggling Vulnerability in Python’s h11 HTTP Library

Evaluate Amazon Bedrock Agents with Ragas and LLM-as-a-judge

CVE-2025-3832 – “FuseDesk WordPress Stored Cross-Site Scripting Vulnerability”

CISA Warns of KUNBUS Auth Bypass Vulnerabilities Exposes Systems to Remote Attacks

Community News: Latest PECL Releases (04.29.2025)

HardenedBSD is a fork of FreeBSD

CVE-2025-52890 – Incus ARP Spoofing Vulnerability

Related Posts