CVE-2025-48417 - Fortinet SSL Hard-Coded Private Key Vulnerability

CVE ID : CVE-2025-48417

Published : May 21, 2025, 1:16 p.m. | 1 hour, 34 minutes ago

Description : The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin interface. The files are located in /etc/ssl (e.g. salia.local.crt, salia.local.key and salia.local.pem). There is no option to upload/configure custom TLS certificates.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

CVE-2025-38163 – “F2FS Sanity Check Denial of Service”

July 3, 2025

CVE ID : CVE-2025-38163

Published : July 3, 2025, 9:15 a.m. | 2 hours, 14 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to do sanity check on sbi->total_valid_block_count

syzbot reported a f2fs bug as below:

————[ cut here ]————
kernel BUG at fs/f2fs/f2fs.h:2521!
RIP: 0010:dec_valid_block_count+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521
Call Trace:
f2fs_truncate_data_blocks_range+0xc8c/0x11a0 fs/f2fs/file.c:695
truncate_dnode+0x417/0x740 fs/f2fs/node.c:973
truncate_nodes+0x3ec/0xf50 fs/f2fs/node.c:1014
f2fs_truncate_inode_blocks+0x8e3/0x1370 fs/f2fs/node.c:1197
f2fs_do_truncate_blocks+0x840/0x12b0 fs/f2fs/file.c:810
f2fs_truncate_blocks+0x10d/0x300 fs/f2fs/file.c:838
f2fs_truncate+0x417/0x720 fs/f2fs/file.c:888
f2fs_setattr+0xc4f/0x12f0 fs/f2fs/file.c:1112
notify_change+0xbca/0xe90 fs/attr.c:552
do_truncate+0x222/0x310 fs/open.c:65
handle_truncate fs/namei.c:3466 [inline]
do_open fs/namei.c:3849 [inline]
path_openat+0x2e4f/0x35d0 fs/namei.c:4004
do_filp_open+0x284/0x4e0 fs/namei.c:4031
do_sys_openat2+0x12b/0x1d0 fs/open.c:1429
do_sys_open fs/open.c:1444 [inline]
__do_sys_creat fs/open.c:1522 [inline]
__se_sys_creat fs/open.c:1516 [inline]
__x64_sys_creat+0x124/0x170 fs/open.c:1516
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94

The reason is: in fuzzed image, sbi->total_valid_block_count is
inconsistent w/ mapped blocks indexed by inode, so, we should
not trigger panic for such case, instead, let’s print log and
set fsck flag.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Droip: The Modern Website Builder WordPress Needed

Last week in AI dev tools: Cloudflare blocking AI crawlers by default, Perplexity Max subscription, and more (July 7, 2025)

Infragistics Launches Ultimate 25.1 With Major Updates to App Builder, Ignite UI

Design Guidelines For Better Notifications UX

There’s a massive 42% Amazon Prime Day discount on the Razer DeathAdder V3 Pro — One of the best gaming mice we gave a near-perfect score to

This 360Hz QD-OLED monitor is more than magnificent — and it’s $280 off right now

Diablo 4, one of Blizzard’s best Xbox games, is now 64% off — a devilish Anti-Amazon Prime Day discount that’s worth taking over Amazon’s deals

“One of the best and most premium charging accessories” — Razer Universal Quick Charging Stand for Xbox is 40% off

AI and Digital Trends Marketing and IT Leaders Need to Know

AI and Digital Trends Marketing and IT Leaders Need to Know

Blade Authorization Directives for View Security

Laravel AI Chat Starter Kit

There’s a massive 42% Amazon Prime Day discount on the Razer DeathAdder V3 Pro — One of the best gaming mice we gave a near-perfect score to

There’s a massive 42% Amazon Prime Day discount on the Razer DeathAdder V3 Pro — One of the best gaming mice we gave a near-perfect score to

This 360Hz QD-OLED monitor is more than magnificent — and it’s $280 off right now

Diablo 4, one of Blizzard’s best Xbox games, is now 64% off — a devilish Anti-Amazon Prime Day discount that’s worth taking over Amazon’s deals

CVE-2025-48417 – Fortinet SSL Hard-Coded Private Key Vulnerability

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

CVE-2025-24916 – Tenable Network Monitor Local Privilege Escalation

Erie Moon Mammoths Merch

CVE-2025-4000 – Seeyon Zhiyuan OA Web Application System Cross Site Scripting Vulnerability

CVE-2025-26847 – Znuny Support Bundle Password Exposure Vulnerability

CVE-2025-38163 – “F2FS Sanity Check Denial of Service”

CVE-2025-49846 – Wire iOS Unauthenticated System Log Disclosure

CVE-2025-5278 – “GNU Coreutils Sort Utility Heap Buffer Under-Read Vulnerability”

laravel-lang/http-statuses

CVE-2025-48417 – Fortinet SSL Hard-Coded Private Key Vulnerability

Related Posts