April 2025 - Cyber Security Research Blogs

Month: April 2025

Langflow API Pre Auth RCE – CVE-2025-3248

All Blog 30th April 202513th May 2025 ritik_t

Vulnerable Version versions prior to 1.3.0 Fixed Version upgrade to the latest version Base Score 9.8 Critical Vendor Description:- Langflow is a visual, low-codeContinue readingLangflow API Pre Auth RCE – CVE-2025-3248

NPCI Compliance Audit – Secure Your Payment Ecosystem

All Blog, CERT-IN 28th April 202524th December 2025 ritik_t

As digital payments take over the financial landscape, security and regulatory compliance have become non-negotiable.Organizations that use India’s payment infrastructure must closely conform to theContinue readingNPCI Compliance Audit – Secure Your Payment Ecosystem

Tomcat Session Deserialization RCE – CVE-2025-24813

All Blog 23rd April 202529th April 2025 ritik_t

Vulnerable Version versions 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. Fixed Version fix version 11.0.3, 10.1.35 or 9.0.99. Base Score 9.8Continue readingTomcat Session Deserialization RCE – CVE-2025-24813

HertzBeat SnakeYaml Deserialization – CVE-2024-42323

All Blog 18th April 202523rd April 2025 ritik_t

Vulnerable Version versions before 1.6.0. Fixed Version fix version 1.6.0. Base Score 8.8 High CVE-2024-42323 Vendor Description:- Apache HertzBeat is an open-source, real-time monitoringContinue readingHertzBeat SnakeYaml Deserialization – CVE-2024-42323

Vite Development Server File Read Bypass – CVE-2025-30208

All Blog 14th April 202523rd April 2025 ritik_t

Vulnerable Version before 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 Fixed Version fix Versions 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 Base Score 5.3 Medium VendorContinue readingVite Development Server File Read Bypass – CVE-2025-30208

Openfire Admin Console Auth Bypass – CVE-2023-32315

All Blog 9th April 202523rd April 2025 ritik_t

Vulnerable Version version 4.7.4 and 4.6.7 Fixed Version version 4.7.5, 4.6.8 Base Score 7.5 High Vendor Description:- Openfire is an open-source XMPP (Jabber) serverContinue readingOpenfire Admin Console Auth Bypass – CVE-2023-32315

Next.js Middleware Authorization Bypass – CVE-2025-29927

All Blog 8th April 202523rd April 2025 ritik_t

Vulnerable Version Prior to versions 14.2.25 and 15.2.3 Fixed Version Upgrade in 14.2.25 and 15.2.3 Base Score 9.1 Critical Vendor Description:- Next.js is aContinue readingNext.js Middleware Authorization Bypass – CVE-2025-29927

RocketMQ Arbitrary File Write Vulnerability – CVE-2023-37582

All Blog 7th April 202523rd April 2025 ritik_t

Vulnerable Version versions 5.1.1 and below Fixed Version Upgrade in latest version Base Score 9.8 Critical Vendor Description:- Apache RocketMQ is a distributed messagingContinue readingRocketMQ Arbitrary File Write Vulnerability – CVE-2023-37582

RCE in Rejetto HFS Server 2.x – CVE-2024-23692

All Blog 5th April 202523rd April 2025 ritik_t

Vulnerable Version Rejetto HFS version 2.3m & earlier Fixed Version Upgrade to the latest version of HFS Base Score 9.8 critical Vendor Description:- TheContinue readingRCE in Rejetto HFS Server 2.x – CVE-2024-23692

Upload Path Traversal in Apache Struts2 – CVE-2024-53677

All Blog 4th April 202523rd April 2025 ritik_t

Vulnerable Version 2.0.0 to 2.3.37 (End-of-life)2.5.0 to 2.5.336.0.0 to 6.3.0.2 Fixed Version Struts 6.5.0 or greater Base Score 9.5 Critical Vendor Description:- Apache StrutsContinue readingUpload Path Traversal in Apache Struts2 – CVE-2024-53677