CVE-2025-52363 – Tenda CP3 Pro Root Password Hash Hardcoded Vulnerability

July 14, 2025

CVE ID : CVE-2025-52363

Published : July 14, 2025, 6:15 p.m. | 34 minutes ago

Description : Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative access

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53014 – ImageMagick Heap Buffer Overflow Vulnerability

Next Article CVE-2025-7626 – YiJiuSmile kkFileViewOfficeEdit Path Traversal Vulnerability

Highlights

CVE-2025-3984 – Apereo CAS Groovy Code Handler Code Injection Vulnerability

April 27, 2025

CVE ID : CVE-2025-3984

Published : April 27, 2025, 8:15 p.m. | 2 hours, 49 minutes ago

Description : A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6webapp-mgmtcas-management-webapp-supportsrcmainjavaorgapereocasmgmtserviceswebRegisteredServiceSimpleFormController.java of the component Groovy Code Handler. The manipulation leads to code injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Akka introduces platform for distributed agentic AI

Design Patterns For AI Interfaces

Amazon launches spec-driven AI IDE, Kiro

This week in AI dev tools: Gemini API Batch Mode, Amazon SageMaker AI updates, and more (July 11, 2025)

ChatGPT falls for another Windows license key scam — generating valid codes in a guessing game after a researcher “gives up”

Germany wants Google and Apple to ban China’s “illegal” DeepSeek AI — after it failed to comply with data protection laws

Microsoft’s extra year of free Windows 10 security updates feels like a last-minute snooze button — while groups like “The Restart Project” still want to help users

The Xbox Ally and Xbox Ally X prices may have leaked — and if true, it’s not as bad as I thought

The details of TC39’s last meeting

The details of TC39’s last meeting

Modern async iteration in JavaScript with Array.fromAsync()

Vite vs Webpack: A Guide to Choosing the Right Bundler

LocalStack is a cloud service emulator

LocalStack is a cloud service emulator

Sysdig – dig deeper

minnow – simple and fairly weak chess engine

CVE-2025-52363 – Tenda CP3 Pro Root Password Hash Hardcoded Vulnerability

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

Jill Boisvert Fosters Continuous Learning in Perficient’s Salesforce Practice

CVE-2025-4293 – MRCMS Cross-Site Scripting Vulnerability in Group Edit Page

CVE-2025-4318 – Amazon Amplify Studio Unvalidated Property Expression Vulnerability

Understanding the :root Selector and CSS Variables

CVE-2025-3984 – Apereo CAS Groovy Code Handler Code Injection Vulnerability

NVIDIA AI Introduces Fast-dLLM: A Training-Free Framework That Brings KV Caching and Parallel Decoding to Diffusion LLMs

UXers don’t need to code — but vibe coding might still be worth it

This 4K OLED monitor has stereo speakers that follow you — but it’s missing something “imPORTant”

CVE-2025-52363 – Tenda CP3 Pro Root Password Hash Hardcoded Vulnerability

Related Posts