CVE-2025-54059 – Melange SBOM Generation Permissions Vulnerability

July 18, 2025

CVE ID : CVE-2025-54059

Published : July 18, 2025, 4:15 p.m. | 1 hour, 3 minutes ago

Description : melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM files generated by melange in apks had file system permissions mode 666. This potentially allows an unprivileged user to tamper with apk SBOMs on a running image, potentially confusing security scanners. An attacker could also perform a DoS under special circumstances. Version 0.29.5 fixes the issue.

Severity: 4.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-54075 – Nuxtjs MDC Stored Cross-Site Scripting (Remote Script-Inclusion)

Next Article CVE-2025-53888 – RIOT-OS L2FILTER Add Buffer Overflow

Highlights

CVE-2025-6129 – TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow

June 16, 2025

CVE ID : CVE-2025-6129

Published : June 16, 2025, 4:15 p.m. | 1 hour, 44 minutes ago

Description : A vulnerability classified as critical was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

DslogdRAT Malware Targets Ivanti Connect Secure via CVE-2025-0282 Zero-Day Exploit

April 26, 2025

NVIDIA GeForce NOW launches a native Steam Deck app, unlocking 4K cloud gaming & extended battery life for Valve’s handheld

May 30, 2025

CVE-2023-49641 – Oracle Billing Software SQL Injection Vulnerability

May 12, 2025

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

Report: 71% of tech leaders won’t hire devs without AI skills

Could OpenAI’s rumored browser be a Chrome-killer? Here’s what I’m expecting

My favorite lens and screen-cleaning kit keeps my tech spotless, and it only costs $8

AI’s biggest impact on your workforce is still to come – 3 ways to avoid getting left behind

Remedy offers update on ‘FBC: Firebreak,’ details coming improvements — “We’ve seen many players come into the game and leave within the first hour.”

The details of TC39’s last meeting

The details of TC39’s last meeting

Online Examination System using PHP and MySQL

A tricky, educational quiz: it’s about time..

CAD Sketcher – constraint-based geometry sketcher

CAD Sketcher – constraint-based geometry sketcher

7 Best Free and Open Source Linux FTP Servers

Best Free and Open Source Alternatives to Autodesk FBX Review

CVE-2025-54059 – Melange SBOM Generation Permissions Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

The 5 most customizable Linux desktop environments – when you want it your way

Resticker runs automatic restic backups

CVE-2025-7110 – Portabilis i-Educar Cross-Site Scripting Vulnerability

Kubernetes perde il supporto Enterprise di Slack: cosa cambia per la community Open Source?

CVE-2025-6129 – TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow

DslogdRAT Malware Targets Ivanti Connect Secure via CVE-2025-0282 Zero-Day Exploit

NVIDIA GeForce NOW launches a native Steam Deck app, unlocking 4K cloud gaming & extended battery life for Valve’s handheld

CVE-2023-49641 – Oracle Billing Software SQL Injection Vulnerability

CVE-2025-54059 – Melange SBOM Generation Permissions Vulnerability

Related Posts