CVE-2025-6031 – Amazon Cloud Cam SSL Pinning Bypass

June 12, 2025

CVE ID : CVE-2025-6031

Published : June 12, 2025, 8:15 p.m. | 1 hour, 46 minutes ago

Description : Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported.

When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification.

We recommend customers discontinue usage of any remaining Amazon Cloud Cams.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-27689 – Dell iDRAC Tools Privilege Escalation

Next Article CVE-2025-5484 – SinoTrack Default Password Vulnerability (Weak Authentication)

Highlights

CVE-2025-6641 – PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure

June 25, 2025

CVE ID : CVE-2025-6641

Published : June 25, 2025, 10:15 p.m. | 4 hours, 6 minutes ago

Description : PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26528.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

From Data To Decisions: UX Strategies For Real-Time Dashboards

Honeycomb launches AI observability suite for developers

Low-Code vs No-Code Platforms for Node.js: What CTOs Must Know Before Investing

ServiceNow unveils Zurich AI platform

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Distribution Release: Q4OS 6.1

Learning from PHP Log to File Example

Learning from PHP Log to File Example

Online EMI Calculator using PHP – Calculate Loan EMI, Interest, and Amortization Schedule

Package efficiency and dependency hygiene

Dmitry — The Deep Magic

Dmitry — The Deep Magic

Right way to record and share our Terminal sessions

Windows 11 Powers Up WSL: How GPU Acceleration & Kernel Upgrades Change the Game

CVE-2025-6031 – Amazon Cloud Cam SSL Pinning Bypass

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Student Insider Threats Driving Surge in UK School Data Breaches, ICO Warns

CVE-2025-40599 – SonicWall SMA Arbitrary File Upload Vulnerability

How to Use Celery in Django

CVE-2025-53315 – Alanft Relocate Upload CSRF Stored XSS

CVE-2025-3644 – Moodle Course Section Deletion Privilege Escalation Vulnerability

CVE-2025-6641 – PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure

Microsoft AI system diagnoses complex cases better than human doctors – and for less money

The DIVA logistics agent, powered by Amazon Bedrock

One of my favorite action games of all time is free this week, so grab it while you can and revel in the carnage

CVE-2025-6031 – Amazon Cloud Cam SSL Pinning Bypass

Related Posts