CVE-2025-4377 – Sparx Systems Pro Cloud Server Path Traversal

May 9, 2025

CVE ID : CVE-2025-4377

Published : May 9, 2025, 6:15 a.m. | 25 minutes ago

Description : Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server.

This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem.

Logview is accessible on Pro Cloud Server Configuration interface.

This issue affects Pro Cloud Server: earlier than 6.0.165.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4465 – iSourcecode Gym Management System SQL Injection Vulnerability

Next Article CVE-2025-4376 – Sparx Systems Pro Cloud Server Cross-Site Scripting (XSS)

Highlights

CVE-2025-37787 – Linux Kernel – DSA MV88E6XXX Null Pointer Dereference Vulnerability

May 1, 2025

CVE ID : CVE-2025-37787

Published : May 1, 2025, 2:15 p.m. | 1 hour, 10 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered

Russell King reports that a system with mv88e6xxx dereferences a NULL
pointer when unbinding this driver:
https://lore.kernel.org/netdev/Z_lRkMlTJ1KQ0kVX@shell.armlinux.org.uk/

The crash seems to be in devlink_region_destroy(), which is not NULL
tolerant but is given a NULL devlink global region pointer.

At least on some chips, some devlink regions are conditionally registered
since the blamed commit, see mv88e6xxx_setup_devlink_regions_global():

if (cond && !cond(chip))
continue;

These are MV88E6XXX_REGION_STU and MV88E6XXX_REGION_PVT. If the chip
does not have an STU or PVT, it should crash like this.

To fix the issue, avoid unregistering those regions which are NULL, i.e.
were skipped at mv88e6xxx_setup_devlink_regions_global() time.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-4377 – Sparx Systems Pro Cloud Server Path Traversal

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-29686 – OA System Cross-Site Scripting (XSS)

Swift Apprentice: Fundamentals [SUBSCRIBER]

Microsoft Edge Tests a Copilot-Inspired Theme

Lenovo Legion Go 2 — Rumors, price leaks, and everything you need to know

CVE-2025-37787 – Linux Kernel – DSA MV88E6XXX Null Pointer Dereference Vulnerability

watchTowr Warns of Active Exploitation of SonicWall SMA 100 Devices

Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775

Figma Make: Great Ideas, Nowhere to Go

CVE-2025-4377 – Sparx Systems Pro Cloud Server Path Traversal

Related Posts