CVE-2025-44643 – Draytek AP Series Insecure Permissions Weak Password Vulnerability

August 4, 2025

CVE ID : CVE-2025-44643

Published : Aug. 4, 2025, 3:15 p.m. | 10 hours, 5 minutes ago

Description : Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could exploit this to gain unauthorized control over the routing daemon, potentially altering network routes or intercepting traffic.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-51536 – AI OpenAtlas Hardcoded Administrator Password Vulnerability

Next Article CVE-2025-6205 – “DELmia Apriso Authorization Bypass Vulnerability”

Highlights

CVE-2025-53534 – RatPanel Remote Code Execution and Unauthorized Access Vulnerability

August 5, 2025

CVE ID : CVE-2025-53534

Published : Aug. 5, 2025, 9:15 p.m. | 2 hours, 9 minutes ago

Description : RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution (RCE) vulnerability, the flawed code also leads to unauthorized access. RatPanel uses the CleanPath middleware provided by github.com/go-chi/chi package to clean URLs, but but the middleware does not process r.URL.Path, which can cause the paths to be misinterpreted. This is fixed in version 2.5.6.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: An Echo In Here in here

How To Minimize The Environmental Impact Of Your Website

Progress adds AI coding assistance to Telerik and Kendo UI libraries

Wasm 3.0 standard is now officially complete

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

Distribution Release: Tails 7.0

Distribution Release: Security Onion 2.4.180

GenStudio for Performance Marketing: What’s New and What We’ve Learned

GenStudio for Performance Marketing: What’s New and What We’ve Learned

Agentic and Generative Commerce Can Elevate CX in B2B

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

Denmark’s Strategic Leap Replacing Microsoft Office 365 with LibreOffice for Digital Independence

Denmark’s Strategic Leap Replacing Microsoft Office 365 with LibreOffice for Digital Independence

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

CVE-2025-44643 – Draytek AP Series Insecure Permissions Weak Password Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-6301 – PHPGurukul Notice Board System Cross-Site Scripting Vulnerability

Linux Boot Process? Best Geeks Know It!

From Accommodation to Expectation – How Inclusive Design Becomes Universal

CVE-2025-32888 – GoTenna Mesh Hardcoded Verification Token Vulnerability

CVE-2025-53534 – RatPanel Remote Code Execution and Unauthorized Access Vulnerability

Assessing why Ruby on Rails is better than JavaScript : A Strategic Decision for B2B

Why I replaced my Whoop band with this fitness strap (hint: there’s no subscription)

Madden NFL 26 Leads This Week’s Xbox Drops—But Don’t Miss These Hidden Gems

CVE-2025-44643 – Draytek AP Series Insecure Permissions Weak Password Vulnerability

Related Posts