CVE-2025-5874 – Redash getattr Handler Sandbox Bypass Vulnerability

June 9, 2025

CVE ID : CVE-2025-5874

Published : June 9, 2025, 11:15 a.m. | 52 minutes ago

Description : A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as critical. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5873 – eCharge Hardy Barth Salia Web UI Unrestricted File Upload Vulnerability

Next Article CVE-2025-41437 – Zohocorp ManageEngine OpManager Reflected Cross-Site Scripting Vulnerability

Highlights

CVE-2024-52290 – LF Edge eKuiper Cross-Site Scripting (XSS)

May 14, 2025

CVE ID : CVE-2024-52290

Published : May 14, 2025, 8:15 a.m. | 35 minutes ago

Description : LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`confKey`) parameter. After this setup, when any user with access to this service (e.g. admin) tries to delete this key, a payload acts in the victim’s browser. Version 2.1.0 fixes the issue.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing Better UX For Left-Handed People

This week in AI dev tools: Gemini 2.5 Flash-Lite, GitLab Duo Agent Platform beta, and more (July 25, 2025)

Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

How to build secure and scalable remote MCP servers

How to Discover a CSS Trick

Designer Spotlight: Ivor Jian

Error’d: It’s Getting Hot in Here

The details of TC39’s last meeting

The details of TC39’s last meeting

Will WebAssembly ever get DOM support?

Blade Service Injection: Direct Service Access in Laravel Templates

Euphonica is a Rust-Powered MPD Client Heavy on Bling

Euphonica is a Rust-Powered MPD Client Heavy on Bling

Rilasciata KaOS 2025.7: nuova ISO stabile, solo Qt6 e Plasma 6.4.3

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

CVE-2025-5874 – Redash getattr Handler Sandbox Bypass Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

CVE-2025-6105 – “jFlyFox jFinal_cms Cross-Site Request Forgery Vulnerability”

Terraform State Management: Understanding and Best Practices

Google’s NotebookLM can gather your research sources for you now – and it’s free

Microsoft’s Copilot Vision is now free for all Edge users – here’s how it works

CVE-2024-52290 – LF Edge eKuiper Cross-Site Scripting (XSS)

NVIDIA just passed Microsoft to become the world’s most valuable company

Former PlayStation exclusive ‘Zenless Zone Zero’ gets its Xbox release date, and it’s very very soon

CVE-2025-5055 – WordPress Smart Forms Stored Cross-Site Scripting

CVE-2025-5874 – Redash getattr Handler Sandbox Bypass Vulnerability

Related Posts