CVE-2025-28389 – OpenC3 COSMOS Password Bypass Vulnerability

June 13, 2025

CVE ID : CVE-2025-28389

Published : June 13, 2025, 2:15 p.m. | 3 hours, 51 minutes ago

Description : Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-36631 – Tenable Agent Local Privilege Escalation

Next Article CVE-2025-28388 – OpenC3 COSMOS Hardcoded Credentials Vulnerability

Highlights

CVE-2025-6641 – PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure

June 25, 2025

CVE ID : CVE-2025-6641

Published : June 25, 2025, 10:15 p.m. | 4 hours, 6 minutes ago

Description : PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26528.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Urgent Veeam Update: Critical RCE CVE-2025-23121 (CVSS 9.9) & Two Other Flaws Threaten Backup Servers

June 17, 2025

Designer Spotlight: Luca Franceschetti

April 11, 2025

Steering into New Embedding Spaces: Analyzing Cross-Lingual Alignment Induced by Model Interventions in Multilingual Language Models

July 21, 2025

From Data To Decisions: UX Strategies For Real-Time Dashboards

Honeycomb launches AI observability suite for developers

Low-Code vs No-Code Platforms for Node.js: What CTOs Must Know Before Investing

ServiceNow unveils Zurich AI platform

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Distribution Release: Q4OS 6.1

Learning from PHP Log to File Example

Learning from PHP Log to File Example

Online EMI Calculator using PHP – Calculate Loan EMI, Interest, and Amortization Schedule

Package efficiency and dependency hygiene

Dmitry — The Deep Magic

Dmitry — The Deep Magic

Right way to record and share our Terminal sessions

Windows 11 Powers Up WSL: How GPU Acceleration & Kernel Upgrades Change the Game

CVE-2025-28389 – OpenC3 COSMOS Password Bypass Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Student Insider Threats Driving Surge in UK School Data Breaches, ICO Warns

Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams

Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN

Less UFO, more Wall-E: You’ve never seen the best robot vacuum on the market

Wobbly Life’s 1.0 Update Launches September 18 — Discover New Space Adventures

CVE-2025-6641 – PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure

Urgent Veeam Update: Critical RCE CVE-2025-23121 (CVSS 9.9) & Two Other Flaws Threaten Backup Servers

Designer Spotlight: Luca Franceschetti

Steering into New Embedding Spaces: Analyzing Cross-Lingual Alignment Induced by Model Interventions in Multilingual Language Models

CVE-2025-28389 – OpenC3 COSMOS Password Bypass Vulnerability

Related Posts