May 2025 - Cyber Security Research Blogs

CraftCMS ConditionsController Pre-Auth RCE – CVE-2023-41892

All Blog 28th May 202518th September 2025 ritik_t

Vulnerable Version versions 4.0.0-RC1 to 4.4.14 Fixed Version version 4.4.15 Base Score 9.8 CRITICAL Vendor Description:- Craft CMS (Content Management System) is a flexibleContinue readingCraftCMS ConditionsController Pre-Auth RCE – CVE-2023-41892

Apache OFBiz Auth Bypass to RCE – CVE-2023-51467

All Blog 27th May 202518th September 2025 ritik_t

Vulnerable Version Apache:OFBiz < 18.12.11 Fixed Version OFBiz 18.12.11 Base Score 9.8 CRITICAL Vendor Description:- Apache OFBiz is an open-source ERP framework. It supportsContinue readingApache OFBiz Auth Bypass to RCE – CVE-2023-51467

Apache HugeGraph JWT Auth Bypass – CVE-2024-43441

All Blog 20th May 202518th September 2025 ritik_t

Vulnerable Version versions 1.0.0 < 1.5.0 Fixed Version versions 1.5.0 Base Score 9.8 Critical Vendor Description:- HugeGraph is a powerful, open-source graph database designedContinue readingApache HugeGraph JWT Auth Bypass – CVE-2024-43441

PgAdmin <= 7.6 Authenticated RCE CVE-2023-5002

All Blog 15th May 202519th September 2025 ritik_t

Vulnerable Version versions <= 7.6 Fixed Version versions 7.7 Base Score 8.8 high Vendor Description:- pgAdmin is a widely used open-source administration and developmentContinue readingPgAdmin <= 7.6 Authenticated RCE CVE-2023-5002

Cacti RRDTool Post-Auth Argument Injection – CVE-2025-24367

All Blog 14th May 202518th September 2025 ritik_t

Vulnerable Version versions =< 1.2.28 Fixed Version versions 1.2.29 Base Score 8.7 high Vendor Description: – Cacti is an open-source network monitoring and graphingContinue readingCacti RRDTool Post-Auth Argument Injection – CVE-2025-24367

SEBI Cyber Security Compliance Audit

All Blog, CERT-IN 13th May 202524th December 2025 ritik_t

What is SEBI Cyber Security Compliance Audit? In today’s evolving financial landscape, ensuring the integrity and confidentiality of sensitive information is of paramount importance. AcknowledgingContinue readingSEBI Cyber Security Compliance Audit

UIDAI AUA KUA Audit Services

All Blog, CERT-IN 13th May 202524th December 2025 ritik_t

In today’s digital landscape, Aadhaar-based authentication has become an essential component of identity verification. Organizations that access Aadhaar data must maintain the highest levels ofContinue readingUIDAI AUA KUA Audit Services

Gradio Arbitrary File Read – CVE-2024-1561

All Blog 9th May 202513th May 2025 ritik_t

Vulnerable Version versions prior to 4.13 Fixed Version versions 4.13 Base Score 7.5 high Vendor Description:- Gradio is an open-source Python toolkit that allowsContinue readingGradio Arbitrary File Read – CVE-2024-1561

RBI Cybersecurity Framework Audit for BFSI Sector

All Blog, CERT-IN 6th May 202524th December 2025 ritik_t

The RBI Cybersecurity Framework Audit is a specialized service aimed at helping financial institutions align with the cybersecurity mandates issued by the Reserve Bank ofContinue readingRBI Cybersecurity Framework Audit for BFSI Sector

RCE in Erlang OTP SSH – CVE-2025-32433

All Blog 2nd May 202513th May 2025 ritik_t

Vulnerable Version versions prior to 1.3.0 Fixed Version versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20 Base Score 10 Critical Vendor Description:- Erlang/OTP SSH is a built-inContinue readingRCE in Erlang OTP SSH – CVE-2025-32433

Month: May 2025