Development

CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation

Cyber Attacks / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence …
Read more

Published Date:
Jul 08, 2025 (1 hour, 47 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-6543

CVE-2025-5777

CVE-2019-9621

CVE-2019-5418

CVE-2014-3931

CVE-2016-10033

When you’re working with any website, application, or API, you’ll inevitably need to log in and authenticate your user base.…

For all their impressive capabilities, large language models (LLMs) often fall short when given challenging new tasks that require complex…

Our 215th episode with a summary and discussion of last week’s big AI news!Recorded on 07/04/2025 Hosted by Andrey Kurenkov…

Accessibility testing guarantees that software applications can be used effectively by all individuals, including those with disabilities. Many users rely…

In many B2B commerce implementations, the default features provided by Optimizely Configured Commerce may fall short, particularly when it comes…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859…

CVE ID : CVE-2025-42959

Published : July 8, 2025, 1:15 a.m. | 1 hour, 36 minutes ago

Description : An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation could result in complete system compromise, affecting confidentiality, integrity, and availability.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-42953

Published : July 8, 2025, 1:15 a.m. | 1 hour, 36 minutes ago

Description : SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-42960

Published : July 8, 2025, 1:15 a.m. | 35 minutes ago

Description : SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.�It has no impact on the confidentiality and availability of the application.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-42961

Published : July 8, 2025, 1:15 a.m. | 35 minutes ago

Description : Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables. By leveraging overly permissive access configurations, unauthorized reading of critical data is possible, resulting in a significant impact on the confidentiality of the information stored. However, the integrity and availability of the system remain unaffected.

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-42962

Published : July 8, 2025, 1:15 a.m. | 35 minutes ago

Description : SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victim�s browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-42963

Published : July 8, 2025, 1:15 a.m. | 35 minutes ago

Description : A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-42964

Published : July 8, 2025, 1:15 a.m. | 35 minutes ago

Description : SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-42965

Published : July 8, 2025, 1:15 a.m. | 35 minutes ago

Description : SAP CMC Promotion Management allows an authenticated attacker to enumerate internal network systems by submitting crafted requests during job source configuration. By analysing response times for various IP addresses and ports, the attacker can infer valid network endpoints. Successful exploitation may lead to information disclosure. This vulnerability does not impact the integrity or availability of the application.

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-42966

Published : July 8, 2025, 1:15 a.m. | 35 minutes ago

Description : SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability of the application.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-42967

Published : July 8, 2025, 1:15 a.m. | 35 minutes ago

Description : SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-42968

Published : July 8, 2025, 1:15 a.m. | 35 minutes ago

Description : SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application.

Severity: 5.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-42970

Published : July 8, 2025, 1:15 a.m. | 35 minutes ago

Description : SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on their system, causing files to be extracted outside the intended directory and overwriting files in arbitrary locations. This vulnerability has a high impact on the integrity and availability of the application with no impact on confidentiality.

Severity: 5.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-42973

Published : July 8, 2025, 1:15 a.m. | 35 minutes ago

Description : Due to a Cross-Site Scripting vulnerability in SAP Data Services Management Console, an authenticated attacker could exploit the search functionality associated with DQ job status reports. By intercepting requests, malicious script can be injected and subsequently executed when a user loads the affected page. This results in a limited impact on the confidentiality and integrity of user session information, while availability remains unaffected.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…