CVE-2025-30169 – Aspect File Upload and Execute PHP Script Injection Vulnerability

May 22, 2025

CVE ID : CVE-2025-30169

Published : May 22, 2025, 6:15 p.m. | 36 minutes ago

Description : File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised.
This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

Severity: 6.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-30170 – ASPECT File Path Disclosure Vulnerability

Next Article CVE-2025-30171 – ASPECT System File Deletion Vulnerability

Highlights

CVE-2025-45582 – Apache GNU Tar Directory Traversal Overwrite Vulnerability

July 11, 2025

CVE ID : CVE-2025-45582

Published : July 11, 2025, 5:15 p.m. | 3 hours, 50 minutes ago

Description : GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file’s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of “Member name contains ‘..'” that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain “x -> ../../../../../home/victim/.ssh” and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which “tar xf” is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages).

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

The best AirTag alternative for Samsung users is currently 30% off

One of the biggest new features on the Google Pixel 10 is also one of the most overlooked

I tested these viral ‘crush-proof’ Bluetooth speakers, and they’re not your average portables

I compared the best smartwatches from Google and Apple – and there’s a clear winner

MongoDB Data Types

MongoDB Data Types

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

Microsoft Teams updated with a feature you probably thought already existed — “Can you hear me?” is now a thing of the past

Microsoft Teams updated with a feature you probably thought already existed — “Can you hear me?” is now a thing of the past

Xbox Game Pass gets Gears of War: Reloaded, Dragon Age: The Veilguard, and more — here’s what is coming through the rest of August

Resident Evil ‘9’ Requiem has some of the most incredible lighting I’ve seen in a game — and Capcom uses it as a weapon

CVE-2025-30169 – Aspect File Upload and Execute PHP Script Injection Vulnerability

Blue Locker ransomware hits critical infrastructure – is your organisation ready?

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

How to Get User Model in Django – A Simple Guide With Examples

Windows 11 24H2 April 2025 Update fixes File Explorer menu opening in opposite direction

CVE-2025-54634 – KVM Huge Page Separation Abnormal Condition Processing Vulnerability

Cisco reveals its AI-ready data center strategy – boosted by its Nvidia partnership

CVE-2025-45582 – Apache GNU Tar Directory Traversal Overwrite Vulnerability

Turkey Bans Elon Musk’s AI Chatbot Grok After Insults Against Erdogan and Atatürk

Calibrate your Monitor with these Open Source Tools

CVE-2025-45001 – React Native Keys Information Disclosure

CVE-2025-30169 – Aspect File Upload and Execute PHP Script Injection Vulnerability

Related Posts