CVE-2025-4634 – Airpointer Local File Inclusion Vulnerability

May 30, 2025

CVE ID : CVE-2025-4634

Published : May 30, 2025, 9:15 a.m. | 21 minutes ago

Description : The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with administrative privileges in the web portal would be able to manipulate requests to view files on the filesystem

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4636 – Apache Airpointer Privilege Escalation Vulnerability

Next Article CVE-2025-4633 – Airpointer Default Credentials Vulnerability

Highlights

CVE-2025-48865 – Fabio HTTP Hop-by-Hop Header Manipulation Vulnerability

May 30, 2025

CVE ID : CVE-2025-48865

Published : May 30, 2025, 7:15 a.m. | 2 hours, 21 minutes ago

Description : Fabio is an HTTP(S) and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers (except X-Forwarded-For) due to a vulnerability in how it processes hop-by-hop headers. Fabio adds HTTP headers like X-Forwarded-Host and X-Forwarded-Port when routing requests to backend applications. Since the receiving application should trust these headers, allowing HTTP clients to remove or modify them creates potential security vulnerabilities. Some of these custom headers can be removed and, in certain cases, manipulated. The attack relies on the behavior that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been patched in version 1.6.6.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Look out, Meta Ray-Bans! These AI glasses just raised over $1M in pre-orders in 3 days

Samsung ‘Galaxy Glasses’ powered by Android XR are reportedly on track to be unveiled this month

The M4 iPad Pro is discounted $100 as a last-minute Labor Day deal

Distribution Release: Linux From Scratch 12.4

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

August report 2025

Fake News Detection using Python Machine Learning (ML)

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Download Transcribe! for Windows

Microsoft Fixes CertificateServicesClient (CertEnroll) Error in Windows 11

CVE-2025-4634 – Airpointer Local File Inclusion Vulnerability

Hacker suspected of trying to cheat his way into university is arrested in Spain

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

Battlefield 6 announces big changes after Open Beta weekends end, including one Call of Duty players will despise — but the devs aren’t budging on one thing, despite feedback

Lost in Translation: How to Overcome Miscommunication Between Clients and Business Analysts

Best Free and Open Source Alternatives to Microsoft Windows Journal

CVE-2025-50149 – Apache HTTP Server Information Disclosure

CVE-2025-48865 – Fabio HTTP Hop-by-Hop Header Manipulation Vulnerability

CVE-2025-43954 – QMarkdown Quasar-ui-QMarkdown Cross-Site Scripting (XSS)

Rust Slices: Cutting Into References the Safe Way

CVE-2025-5723 – SourceCodester Student Result Management System Cross-Site Scripting Vulnerability

CVE-2025-4634 – Airpointer Local File Inclusion Vulnerability

Related Posts