CVE-2025-22238 – Minion File Cache Directory Traversal Vulnerability

June 13, 2025

CVE ID : CVE-2025-22238

Published : June 13, 2025, 7:15 a.m. | 2 hours, 49 minutes ago

Description : Directory traversal attack in minion file cache creation. The master’s default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite ‘cache’ files outside of the cache directory.

Severity: 4.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-22239 – Salt Master Arbitary Event Injection Vulnerability

Next Article CVE-2024-38823 – Salt Replays

Highlights

CVE-2025-27819 – Apache Kafka SASL JAAS JndiLoginModule RCE/DOS

June 10, 2025

CVE ID : CVE-2025-27819

Published : June 10, 2025, 8:15 a.m. | 1 hour, 29 minutes ago

Description : In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs to be able to connect to the Kafka cluster and have the AlterConfigs permission on the cluster resource.

Since Apache Kafka 3.4.0, we have added a system property (“-Dorg.apache.kafka.disallowed.login.modules”) to disable the problematic login modules usage in SASL JAAS configuration. Also by default “com.sun.security.auth.module.JndiLoginModule” is disabled in Apache Kafka 3.4.0, and “com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule” is disabled by default in in Apache Kafka 3.9.1/4.0.0

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Building a Zapier AI-Powered Cursor Agent to Read, Search, and Send Gmail Messages using Model Context Protocol (MCP) Server

May 2, 2025

CVE-2025-39386 – Mojoomla Hospital Management System SQL Injection

May 19, 2025

Rebellion’s Atomfall has already reached 1.5 million players

April 1, 2025

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

6 registry tweaks every tech-savvy user must apply on Windows 11

Here’s why network infrastructure is vital to maximizing your company’s AI adoption

The AI video tool behind the most viral social trends right now

Got a new password manager? How to clean up the password mess you left in the cloud

Right Invoicing App for iPhone: InvoiceTemple

Right Invoicing App for iPhone: InvoiceTemple

Tunnel Run game in 170 lines of pure JS

Integrating Drupal with Salesforce SSO via SAML and Dynamic User Sync

6 registry tweaks every tech-savvy user must apply on Windows 11

6 registry tweaks every tech-savvy user must apply on Windows 11

Is Chrome Copying Edge? ‘Omnibox Tools’ Bring Edge-Style Address Bar Shortcuts

Windows 11 24H2’s new Start Menu auto-changes size based on screen resolution

CVE-2025-22238 – Minion File Cache Directory Traversal Vulnerability

Tenable Agent for Windows Vulnerability Let Attackers Login as Admin to Delete The System Files

Meta Invests $14.3 Billion in Scale AI, Recruits Founder Alexandr Wang for Superintelligence Lab

CVE-2025-3761 – My Tickets – WordPress Privilege Escalation Vulnerability

Build a Text-to-SQL solution for data consistency in generative AI using Amazon Nova

Smart Recommendation Engines: Driving Personalization & Sales in E-Commerce🛒

CVE-2024-51392 – OpenKnowledgeMaps Headstart Remote Privilege Escalation

CVE-2025-27819 – Apache Kafka SASL JAAS JndiLoginModule RCE/DOS

Building a Zapier AI-Powered Cursor Agent to Read, Search, and Send Gmail Messages using Model Context Protocol (MCP) Server

CVE-2025-39386 – Mojoomla Hospital Management System SQL Injection

Rebellion’s Atomfall has already reached 1.5 million players

CVE-2025-22238 – Minion File Cache Directory Traversal Vulnerability

Related Posts