CVE-2025-27580 – NIH BRICS Privilege Escalation and Account Compromise Vulnerability

April 23, 2025

CVE ID : CVE-2025-27580

Published : April 24, 2025, 12:15 a.m. | 2 hours, 44 minutes ago

Description : NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username, time, and the fixed 7Dl9#dj- string) and thus allows unauthenticated users with a Common Access Card (CAC) to escalate privileges and compromise any account, including administrators.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-27581 – NIH BRICS Unauthenticated Access to InET Module

Next Article CVE-2025-25046 – IBM InfoSphere Information Server DataStage Flow Designer Information Disclosure

Highlights

CVE-2025-46420 – Libsoup Memory Leak Vulnerability

April 24, 2025

CVE ID : CVE-2025-46420

Published : April 24, 2025, 1:15 p.m. | 1 hour, 44 minutes ago

Description : A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Databricks adds new tools like Lakebase, Lakeflow Designer, and Agent Bricks to better support building AI apps and agents in the enterprise

Zencoder launches end-to-end UI testing agent

OpenAI CEO Sam Altman claims “ChatGPT is already more powerful than any human who has ever lived”

Apple Intelligence delay: A clash of two architectures and trivial AI features fell short of standards and expectations

Ambrosia Sky is a gorgeous science-fiction game that’s all about death, and I can’t wait to play more

3 secrets of PowerToys on Windows 11 that you’ll wish you already knew

[EcjoJS Meta] Content discussion

[EcjoJS Meta] Content discussion

Accessibility, Inclusive Design, and Universal Design Work Together

An “Inconceivable” Conversation With Dr. Pete Cornwell on Simple vs. Agentic AI

OpenAI CEO Sam Altman claims “ChatGPT is already more powerful than any human who has ever lived”

OpenAI CEO Sam Altman claims “ChatGPT is already more powerful than any human who has ever lived”

Apple Intelligence delay: A clash of two architectures and trivial AI features fell short of standards and expectations

Ambrosia Sky is a gorgeous science-fiction game that’s all about death, and I can’t wait to play more

CVE-2025-27580 – NIH BRICS Privilege Escalation and Account Compromise Vulnerability

Urgent: CVE-2025–47273 Exposes Python SetupTools — Here’s How to Stay Secure

Google Pixel 10 to Embrace Qi2 Wireless Charging with New “Pixelsnap” Accessories

New Data Management Experience in the Atlas UI

PhpStorm 2025.1 is Here

CVE-2025-46688 – QuickJS Buffer Overflow Vulnerability

How AI coding agents could destroy open source software

CVE-2025-46420 – Libsoup Memory Leak Vulnerability

VirtualBox 7.1.8 Adds Support for Linux Kernel 6.14

Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing

CVE-2025-47854 – JetBrains TeamCity Open Redirect Vulnerability

CVE-2025-27580 – NIH BRICS Privilege Escalation and Account Compromise Vulnerability

Related Posts