CVE-2025-49507 – LoftOcean CozyStay Deserialization of Untrusted Data Object Injection Vulnerability

June 10, 2025

CVE ID : CVE-2025-49507

Published : June 10, 2025, 1:15 p.m. | 31 minutes ago

Description : Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay allows Object Injection.This issue affects CozyStay: from n/a before 1.7.1.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleResearcher Found Flaw to Discover Phone Numbers Linked to Any Google Account

Next Article CVE-2025-49455 – LoftOcean TinySalt Object Injection Vulnerability

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

OneDrive for Mac will soon give you more flexible storage options

From The Editor’s Desk — new Windows Central community features, we’d like to hear from you!

New code strings attached to Xbox Game Pass suggests a price increase may be imminent

This could be the versatile laptop accessory I’ve been waiting for — Here’s why it stands out from other portable monitors

Worker Threads in Node.js: A Complete Guide for Multithreading in JavaScript

Worker Threads in Node.js: A Complete Guide for Multithreading in JavaScript

Everybody’s gone lintin’

QAQ-QQ-AI-QUEST

OneDrive for Mac will soon give you more flexible storage options

OneDrive for Mac will soon give you more flexible storage options

From The Editor’s Desk — new Windows Central community features, we’d like to hear from you!

New code strings attached to Xbox Game Pass suggests a price increase may be imminent

CVE-2025-49507 – LoftOcean CozyStay Deserialization of Untrusted Data Object Injection Vulnerability

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Grafana Alert: Medium-Severity Flaw (CVE-2025-3415) Exposes DingDing API Keys

LLMs No Longer Require Powerful Servers: Researchers from MIT, KAUST, ISTA, and Yandex Introduce a New AI Approach to Rapidly Compress Large Language Models without a Significant Loss of Quality

CVE-2025-5420 – Juzaweb CMS Cross Site Scripting Vulnerability

Learn A1 Level Spanish

CVE-2025-5164 – PerfreeBlog JWT Handler Hard-Coded Cryptographic Key Vulnerability

Interview with Hamza Tahir: Co-founder and CTO of ZenML

Trend Micro Apex One Vulnerability Allow Attackers to Inject Malicious Code

CVE-2025-20163 – Cisco Nexus Dashboard Fabric Controller SSH Host Key Validation Impersonation Vulnerability

La rivoluzione architetturale di AerynOS: Non solo una distribuzione GNU/Linux

CVE-2025-49507 – LoftOcean CozyStay Deserialization of Untrusted Data Object Injection Vulnerability

Related Posts