CVE-2025-29967 - Citrix Remote Desktop Gateway Service Heap Buffer Overflow Vulnerability

CVE ID : CVE-2025-29967

Published : May 13, 2025, 5:15 p.m. | 2 hours, 44 minutes ago

Description : Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

CVE-2025-30165 – vLLM ZeroMQ Remote Code Execution Vulnerability

May 6, 2025

CVE ID : CVE-2025-30165

Published : May 6, 2025, 5:16 p.m. | 58 minutes ago

Description : vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a `SUB` ZeroMQ socket and connect to an `XPUB` socket on the primary vLLM host. When data is received on this `SUB` socket, it is deserialized with `pickle`. This is unsafe, as it can be abused to execute code on a remote machine. Since the vulnerability exists in a client that connects to the primary vLLM host, this vulnerability serves as an escalation point. If the primary vLLM host is compromised, this vulnerability could be used to compromise the rest of the hosts in the vLLM deployment. Attackers could also use other means to exploit the vulnerability without requiring access to the primary vLLM host. One example would be the use of ARP cache poisoning to redirect traffic to a malicious endpoint used to deliver a payload with arbitrary code to execute on the target machine. Note that this issue only affects the V0 engine, which has been off by default since v0.8.0. Further, the issue only applies to a deployment using tensor parallelism across multiple hosts, which we do not expect to be a common deployment pattern. Since V0 is has been off by default since v0.8.0 and the fix is fairly invasive, the maintainers of vLLM have decided not to fix this issue. Instead, the maintainers recommend that users ensure their environment is on a secure network in case this pattern is in use. The V1 engine is not affected by this issue.

Severity: 8.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

Microsoft shares rare look at radical Windows 11 Start menu designs it explored before settling on the least interesting one of the bunch

NVIDIA’s new GPU driver adds DOOM: The Dark Ages support and improves DLSS in Microsoft Flight Simulator 2024

How to install and use Ollama to run AI LLMs on your Windows 11 PC

Community News: Latest PECL Releases (05.13.2025)

Community News: Latest PECL Releases (05.13.2025)

How We Use Epic Branches. Without Breaking Our Flow.

I think the ergonomics of generators is growing on me.

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

Microsoft shares rare look at radical Windows 11 Start menu designs it explored before settling on the least interesting one of the bunch

NVIDIA’s new GPU driver adds DOOM: The Dark Ages support and improves DLSS in Microsoft Flight Simulator 2024

CVE-2025-29967 – Citrix Remote Desktop Gateway Service Heap Buffer Overflow Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2024-13940 – Ninja Forms Webhooks SSRF Vulnerability

CVE-2025-2470 – Nextend Social Login WordPress Plugin Privilege Escalation Vulnerability

Pixel Photonics receives €1M grant for multi-mode single photon detection

GitHub â€“ On-Prem Server Connectivity Using Self-Hosted Runners

Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk

CVE-2025-30165 – vLLM ZeroMQ Remote Code Execution Vulnerability

LG’s new UltraFine 6K monitor looks like Apple’s Pro Display XDR – but better

To build a better AI helper, start by modeling the irrational behavior of humans

Error’d: Retry Fail

CVE-2025-29967 – Citrix Remote Desktop Gateway Service Heap Buffer Overflow Vulnerability

Related Posts