Overview

The BeeS Examination Tool (BET) portal from BeeS Software Solutions contains an SQL injection vulnerability in its website login functionality. More than 100 universities use the BET portal for test administration and other academic tasks. The vulnerability enables arbitrary SQL commands to be executed on the back-end database, making an attacker able to manipulate the database, extract sensitive student data, and further compromise the host infrastructure. BeeS Software Solutions has since remediated the vulnerability, and no actions are necessary for customers at this time.

Description

Numerous universities implement the BET portal to unify the various tasks associated with administering examinations to students. Each university maintains their own instance of the BET portal, receiving updates from BeeS Software Solutions.

A vulnerability, tracked as CVE-2025-14598, was discovered within the login functionality of the portal. This vulnerability, facilitated by insufficient user input validation, enables arbitrary SQL injection. When exploited, an attacker can manipulate the backend database, steal student data (including credentials), and perform lateral movement, further compromising the host infrastructure.

BeeS Software Solutions issued a patch to all instances using the BET portal, changing code, enabling input validation, and changing various security settings to prevent exploitation and unauthorized access. All BET clients automatically received these changes.

Impact

The vulnerability permits an unauthenticated, remote attacker to achieve various results, including unauthorized database access, credential theft, potential lateral movement into infrastructure, acquisition of sensitive student and institutional data, and system-level access to the affected server.

Solution

No actions are needed by clients, as configurations and updated dynamic link libraries (DLLs) have been automatically installed and updated through ePortal : Secure Build (October 2025). Testing indicates that the changes successfully mitigated the vulnerability.

Acknowledgements

Thanks to the reporter, Mohammed Afnaan Ahmed, for reporting these vulnerabilities. This document was written by Christopher Cullen.

Vendor Information

References

• https://afnaan.me/cve/cve-2025-14598
• https://cloudilyaerp.com/
• https://github.com/Afnaan-Ahmed/CVE-2025-14598

Overview

A flaw in the firmware-upload error-handling logic of the TOTOLINK EX200 extender can cause the device to unintentionally start an unauthenticated root-level telnet service. This condition may allow a remote authenticated attacker to gain full system access.

Description

In the End-of-Life (EoL) TOTOLINK EX200 firmware, the firmware-upload handler enters an abnormal error state when processing certain malformed firmware files. When this occurs, the device launches a telnet service running with root privileges and does not require authentication. Because the telnet interface is normally disabled and not intended to be exposed, this behavior creates an unintended remote administration interface.

To exploit this vulnerability, an attacker must already be authenticated to the web management interface to access the firmware-upload functionality. Once the error condition is triggered, the resulting unauthenticated telnet service provides full control of the device.

CVE-2025-65606 An authenticated attacker can trigger an error condition in the firmware-upload handler that causes the device to start an unauthenticated root telnet service, granting full system access.

Impact

A remote authenticated attacker may be able to activate a root telnet service and subsequently take complete control of the device. This may lead to configuration manipulation, arbitrary command execution, or establishing a persistent foothold on the network.

Solution

TOTOLINK has not released an update addressing this issue, and the product is no longer maintained. Users should restrict administrative access to trusted networks, prevent untrusted users from accessing the management interface, monitor for unexpected telnet activity, and plan to replace the vulnerable device.

Acknowledgements

Thanks to the reporter Leandro Kogan for bringing this to our attention. This document was written by Timur Snoke.

Vendor Information

Overview

A vulnerability in the Forcepoint One DLP Client allows bypass of the vendor-implemented Python restrictions designed to prevent arbitrary code execution. By reconstructing the ctypes FFI environment and applying a version-header patch to the ctypes.pyd module, an attacker can restore ctypes functionality within the bundled Python 2.5.4 runtime, enabling direct invocation of DLLs, memory manipulation, and execution of arbitrary code.

Description

The Forcepoint One DLP Client (version 23.04.5642 and potentially subsequent versions) shipped with a constrained Python 2.5.4 runtime that omitted the ctypes foreign function interface (FFI) library. Although this limitation appeared intended to mitigate malicious use, it was demonstrated that the restriction could be bypassed by transferring compiled ctypes dependencies from another system and applying a version-header patch to the ctypes.pyd module. Once patched and correctly positioned on the search path, the previously restrained Python environment would successfully load ctypes, permitting execution of arbitrary shellcode or DLL-based payloads.

Forcepoint acknowledged the issue and indicated that a fix would be included in an upcoming release. According to the Forcepoint’s published knowledge base article (KB 000042256), the vulnerable Python runtime has been removed from Forcepoint One Endpoint (F1E) builds after version 23.11 associated with Forcepoint DLP v10.2.

Impact

Arbitrary code execution within the DLP client may allow an attacker to interfere with or bypass data loss prevention enforcement, alter client behavior, or disable security monitoring functions. Because the client operates as a security control on enterprise endpoints, exploitation may reduce the effectiveness of DLP protections and weaken overall system security.

The complete scope of impact in enterprise environments has not been fully determined.

Solution

Forcepoint reports that the vulnerable Python runtime has been removed in Endpoint builds after version 23.11 (Forcepoint DLP v10.2). Users should upgrade to Endpoint versions which have been validated to no longer contain python.exe.

Acknowledgements

Thanks to the reporter, Keith Lee. This document was written by Timur Snoke.

Vendor Information

References

• https://support.forcepoint.com/s/article/000042256

Overview

A newly identified vulnerability in some UEFI-supported motherboard models leaves systems vulnerable to early-boot DMA attacks across architectures that implement UEFI and IOMMU. Although the firmware indicates that DMA protection is active, it fails to correctly initialize the IOMMU. Therefore, a malicious PCIe device with physical access can read or modify system memory before the operating system’s defenses load. This exposes sensitive data and enables pre-boot code injection on affected systems running unpatched firmware.

Description

Modern systems rely on UEFI firmware and the Input–Output Memory Management Unit (IOMMU) to establish a secure foundation before the operating system loads. UEFI initializes hardware and enforces early security policies while the IOMMU restricts peripheral devices from performing unauthorized memory accesses. Together, these components help ensure that direct memory access (DMA)-capable devices cannot tamper with or inspect system memory during the critical pre-boot phase.

A vulnerability discovered in certain UEFI implementations arises from a discrepancy between reported and actual DMA protection. Even though firmware asserts that DMA protections are active, it fails to properly configure and enable the IOMMU during the early hand-off phase in the boot sequence. This gap allows a malicious DMA-capable Peripheral Component Interconnect Express (PCIe) device with physical access to read or modify system memory before operating system-level safeguards are established. As a result, attackers could potentially access sensitive data in memory or influence the initial state of the system, thus undermining the integrity of the boot process.

Vendors whose products are affected have begun releasing firmware updates to correct the IOMMU initialization sequence and properly enforce DMA protections throughout boot. Users and administrators should apply these updates as soon as they become available to ensure their systems are not exposed to this class of pre-boot DMA attacks. In environments where physical access cannot be fully controlled or relied on, prompt patching and adherence to hardware security best practices are especially important. Because the IOMMU also plays a foundational role in isolation and trust delegation in virtualized and cloud environments, this flaw highlights the importance of ensuring correct firmware configuration even on systems not typically used in data centers.

Impact

Improper IOMMU initialization in UEFI firmware on some UEFI-based motherboards from multiple vendors allows a physically present attacker using a DMA-capable PCIe device to bypass early-boot memory protection. The attacker could access or alter system memory via DMA transactions processed before the operating system enables its security controls.

Solution

Users and administrators should apply the latest firmware updates as soon as they become available as these patches correct the IOMMU initialization issue and restore proper DMA protections during early boot. Because multiple vendors are affected and updates are being released on varying timelines, customers should regularly monitor the Vendor Information section for newly published advisories and updated firmware packages. Environments where physical access is difficult to control should prioritize patching promptly to reduce exposure to pre-boot DMA attacks.

Acknowledgements

Thanks to reporter Nick Peterson and Mohamed Al-Sharifi of Riot Games for identifying this issue and working with vendor teams and the Taiwanese CERT to coordinate the response and reach affected product vendors. This document was written by Vijay Sarvepalli.

Vendor Information

References

• https://en.wikipedia.org/wiki/DMA_attack
• https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-PCIe-Device-Attacks-Beyond-DMA-Exploiting-PCIe-Switches-Messages-And-Errors.pdf
• https://www.synacktiv.com/ressources/IOMMU_and_DMA_attacks_presentation_16_9.pdf
• https://learn.microsoft.com/en-us/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt
• https://tinyurl.com/twcert
• https://eclypsium.com/blog/direct-memory-access-attacks-a-walk-down-memory-lane/
• https://www.sei.cmu.edu/blog/uefi-terra-firma-for-attackers/

Overview

Vulnerabilities have been identified in Siemens Gridscale X Prepay that allows unauthenticated username enumeration and enables an attacker to bypass account lock functionality. These issues may permit unauthorized access or prolonged access to protected resources, even after an account has been administratively locked.

Description

Siemens Gridscale X Prepay is a scalable energy management solution for utilities, integrating smart meters and customer payment options. The related vulnerabilities increase the risk of unauthorized actions, data exposure, or misuse of sensitive organizational resources.

CVE-2025-40806 Unauthenticated username enumeration. An attacker may determine the validity of usernames by a response code, allowing the attacker to determine whether a username is valid before authentication occurs. This exposure can facilitate targeted attacks by allowing an adversary to identify valid accounts before attempting further compromise.

CVE-2025-40807 Account lock bypass. An attacker can bypass the intended account lock protection by replaying or modifying previously captured valid responses. The issue appears related to session tokens that remain valid after logout or after an administrative account lock. Because these tokens do not expire immediately, an attacker with access to previously captured network responses can continue access the system despite the account being locked. This scenario is particularly concerning when the attacker is a former employee, insider, or anyone with prior authenticated access who may have retained network captured data or sessions artifacts.

Impact

The complete impact of this vulnerability is not yet known.

Solution

Siemens has released a new version of the Gridscale X Prepay and for version 4.2.1 and below, it is recommended to install the provided security update using the appropriates tools and procedures supplied with the product. Before deployment, all updates should be validated, and installed under the supervision of personnel with approved access within the target environment. As a general security practice, Siemens also advises protecting network access with suitable controls such as firewalls, network segmentation, and VPNs. Systems should be configured in accordance with Siemens' operational guidelines to ensure that the devices operate within a secure IT environment.

Acknowledgements

Thank you to the reporter, Kira The Raven Security. This document was written by Michael Bragg.

Vendor Information

Overview

An unauthenticated HTTP request can enable telnet which may lead to remote code execution with root-level privileges.

Description

TOTOLINK manufactures routers and other networking equipment designed for small businesses and home implementations. The AX1800 routers are popular with users connecting multiple internet-capable devices.

The TOTOLINK AX1800 routers are missing authentication in /cgi-bin/cstecgi.cgi?action=telnet endpoint may result in arbitrary command execution at the administrative level. This vulnerability is being tracked by CVE-2025-13184.

Impact

The impact options include full access to configuration and filesystems. This level of access would provide an attacker the capability to modify routing DNS routing, intercept traffic, and achieve lateral movement across the local area network. There is a potential for wide area (WAN) network access if router management or telnet becomes externally reachable.

Solution

The CERT/CC is currently unaware of a practical solution to this problem. For complete remediation, a firmware update is necessary.

Mitigation Suggestions

1. Ensure the web management interface is not exposed to the WAN or any untrusted network. Restrict access to the administrative interface to trusted management hosts only.

2. Treat the X5000R router as untrusted from a security boundary point of view. Where possible, place it behind a separate firewall or router and avoid using it as the primary edge device.

3. Block or monitor unexpected traffic to telnet (TCP port 23) on the device. The sudden appearance of an open telnet service on the router is a strong indicator of exploitation.

Acknowledgements

Thanks to the reporter, HackingByDoing. This document was written by Laurie Tyzenhaus.

Vendor Information

Overview

PCI Express Integrity and Data Encryption (PCIe IDE), introduced in the PCIe 6.0 standard, provides link-level encryption and integrity protection for data transferred across PCIe connections. Several issues were identified in the IDE specification that could allow an attacker with local access to influence data consumed on the link. The PCIe 6.0 IDE Erratum provides corrective guidance, and firmware and hardware updates are expected to address these concerns.

Description

IDE uses AES-GCM encryption to protect confidentiality, integrity, and replay resistance for traffic between PCIe components. It operates between the transaction layer and the data link layer, providing protection close to the hardware against unauthorized modification of link traffic.

Three specification-level vulnerabilities can, under certain conditions, result in consumption of stale or incorrect data if an attacker is able to craft specific traffic patterns at the PCIe interface:

1. CVE-2025-9612 – A missing integrity check on a receiving port may allow re-ordering of PCIe traffic, leading the receiver to process stale data.
2. CVE-2025-9613 – Incomplete flushing of a completion timeout may allow a receiver to accept incorrect data when an attacker injects a packet with a matching tag.
3. CVE-2025-9614 – Incomplete flushing or re-keying of an IDE stream may result in the receiver consuming stale incorrect data packets.

The PCI-SIG has issued a Draft Engineering Change Notice (D-ECN) titled “IDE TLP Reordering Enhancement” to the Base Specification Rev 7.0. The D-ECN feature will be included in upcoming PCI specifications (Base 6.5 and 7.1) and can also be used in current Base 5.x systems through standard compliance procedures. Hardware and firmware vendors that support PCIe 5.0 IDE should apply these corrections and incorporate the updated test procedures to ensure their implementations are compliant. Because IDE operates at the link layer, operating systems and applications may not detect these conditions directly. Timely firmware distribution through normal supply-chain channels is recommended.

Impact

An attacker with physical or low-level access to the PCIe IDE interface may be able to craft packets that cause the receiver to accept stale or corrupted data, affecting the integrity of the protected link.

Solution

Manufacturers should follow the updated PCIe 6.0 standard and apply the Erratum #1 guidance to their IDE implementations. End users should apply firmware updates provided by their system or component suppliers, especially in environments that rely on IDE to protect sensitive data.

Acknowledgements

These issues were reported by Arie Aharon, Makaram Raghunandan, Scott Constable, and Shalini Sharma to follow proper disclosure procedure. Coordination support was actively provided by Intel and PCI-SIG members. This document was prepared by Vijay Sarvepalli.

Vendor Information

References

• https://pcisig.com/PCIeIDEStandardVulnerabilities
• https://pcisig.com/PCI%20Express/ECN/Base/IntegrityandDataEncryption_A
• https://pcisig.com/specifications
• https://pcisig.com/sites/default/files/files/PCIe%20Security%20Webinar_Aug%202020_PDF.pdf
• https://pcisig.com/blog/integrity-and-data-encryption-ide-and-io-security-updates
• https://semiengineering.com/new-age-solution-for-data-integrity-and-authenticity/

Overview

Duc, an open-source disk management tool, contains a stack-based buffer overflow vulnerability allowing for out-of-bounds memory read. An attacker can exploit this vulnerability through malformed input data, and can cause the tool to either crash or cause it to disclose portions of memory that should remain inaccessible. The vulnerability, tracked as CVE-2025-13654, has been patched in version 1.4.6 of Duc. In an enterprise situation, disk indexing tools that use Duc may be susceptible to crashes, data exposure, or other abnormal behavior if they process attacker-controlled input.

Description

Duc is an open-source disk management tool. It can be used to index, inspect and visualize disk usage. Duc is intended for Linux operating systems. The tool maintains a database of files it indexes, and can be used to query said files, or create graphs to detail where the files are.

A stack-based buffer overflow vulnerability has been discovered, tracked as CVE-2025-13654, within Duc. An attacker who can supply crafted input to the tool may trigger an out-of-bounds read, leading to a crash or unintended disclosure of adjacent stack data.

In the Duc software library, the code in buffer.c contains a function called buffer_get. Its length check uses unsigned subtraction, which can wrap on crafted input and result in memcpy() performing an out-of-bounds read.

Impact

An attacker able to send input data to a database or other input stream that uses Duc could cause a crash or information leak.

Solution

Version 1.4.6 of Duc, released on GitHub. Users should update to the latest version ASAP. All versions prior to 1.4.6 are considered to be affected.

Acknowledgements

Thanks to the reporter, HackingByDoing (hackingbydoing@proton.me). This document was written by Christopher Cullen.

Vendor Information

References

• https://github.com/zevv/duc/releases/tag/1.4.6
• https://hackingbydoing.wixsite.com/hackingbydoing/post/stack-buffer-overflow-in-duc

Overview

nopCommerce, an ecommerce platform, fails to invalidate session cookies upon user logout or session termination, enabling attackers to use the captured cookie to gain access to the application. This vulnerability is extremely similar to CVE-2019-7215. The session cookie can be obtained through XSS, network interception, or a local compromise, and can then be re-used even after the user has logged out. Session hijack attacks have been widely observed for many years, and have been used in ransomware and cryptocurrency theft attacks. Malicious attackers are also known to sell this type of session data online after device compromise.

Description

nopCommerce is an open-source ecommerce platform. The platform is based on ASP.NET core and uses MS SQL 2012 as the backend. The platform is used by a variety of companies, including Microsoft, Volvo, and BMW. nopCommerce is intended for usage within various website stores, and works across shipping APIs, Content Delivery Networks (CDNs) and also offers a login feature for users to save their cart.

A vulnerability has been discovered within the login feature, as it does not invalidate session cookies following user logout or session termination. This vulnerability is tracked as CVE-2025-11699. The vulnerability description is as follows:

nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints (such as /admin) even after the legitimate user has logged out, enabling session hijacking. Any version above 4.70 that is not 4.80.3 fixes the vulnerability.

Attackers have been known to exploit these types of vulnerabilities for numerous reasons. Session cookies and session ID information has been sold on underground forums post device compromise for other attackers to leverage in attacks, and have also been used in ransomware and cryptocurrency theft attacks.

Impact

The theft and re-use of a session cookie by an attacker could result in financial or ransomware attacks by an attacker.

Solution

Version 4.70 and after, with the exception of 4.80.3, fixes the vulnerability put forth by CVE-2025-11699. Users on version 4.80.3, or any version of nopCommerce prior to version 4.70, should update to the latest version, 4.90.3, as soon as possible.

Acknowledgements

Thanks to the reporter, Beatriz Fresno Naumova (beafn28).This document was written by Christopher Cullen.

Vendor Information

References

• https://seclists.org/fulldisclosure/2025/Aug/14
• https://github.com/nopSolutions/nopCommerce/issues/7044
• https://www.nopcommerce.com/en/release-notes?srsltid=AfmBOoravPKjN19pm_XZbXZ7GvPhkt8cxlK6794BJRZlY5RxJU_yNoTT

Overview

The Forge JavaScript library provides TLS-related cryptographic utilities. A vulnerability that allows signature verification to be bypassed through crafted manipulation of ASN.1 structures, particularly in fields such as Message Authentication Code (MAC) data, was identified. Users of the node-forge package, and downstream consumers, are advised to update to the patched version in a timely manner.

Description

Forge (also available as the node-forge npm package) offers a range of cryptographic capabilities, including certificate generation, message signing and verification, and encryption and decryption. These functions depend on the ASN.1 parsing and validation routines of the library.

A flaw in the asn1.validate function was discovered that allows tampered ASN.1 data to pass validation even when cryptographically incorrect. By embedding custom options into certain ASN.1 fields that require recursive verification, an attacker can craft data that appears valid to the Forge verification routines. A proof-of-concept using manipulated PKCS#12 MAC data demonstrated how a forged payload could bypass signature verification.

The researcher who reported this issue has described the potential implications of the flaw as follows:

As a result, applications that rely on node-forge to enforce the structure and integrity of ASN.1-derived cryptographic protocols, including X.509 certificates, PKCS#7 messages, and PKCS#12 archives may be tricked into successfully validating malformed data.

While different environments will experience different levels of practical exposure, the underlying verification bypass is technically significant. The package is widely used, and a fix has been published. A patched release, version 1.3.2, is now available and includes updated test cases in tests/security/cve-2025-12816.js that illustrate the corrected behavior.

Impact

An attacker who can supply crafted ASN.1 data may cause applications relying on Forge for verification to accept forged or modified data as legitimate. This can enable authentication bypass, tampering with signed data, or misuse of certificate-related functions (e.g., cryptographically-signed software). In environments where cryptographic verification plays a central role in trust decisions, the potential impact can be significant.

Solution

Update to Forge version 1.3.2 or later. The fix is available in Pull Request #1124. Developers should integrate the updated version into their projects and distribute updates through their normal release channels.

Acknowledgements

Thanks to Hunter Wodzenski of Palo Alto Networks for responsibly reporting this issue. This document was written by Vijay Sarvepalli.

Vendor Information

References

• https://github.com/digitalbazaar/forge/
• https://www.npmjs.com/package/node-forge
• https://github.com/digitalbazaar/forge/pull/1116
• https://www.cve.org/CVERecord?id=CVE-2025-32988

Overview

Fluent Bit is a logging and metrics processor and forwarder that is used in a variety of cloud and container networking environments. Several vulnerabilities in Fluent Bit have been discovered that could allow for authentication bypass, remote code execution (RCE) and denial of service (DoS) largely enabled by various Fluent Bit plugins and by how Fluent Bit processes tags. Many of these vulnerabilities require an attacker to have network access to a Fluent Bit instance. Fluent Bit has released version 4.2.0 to remediate the vulnerabilities.

Description

Fluent Bit is a logging and metrics processor and forwarder, intended for usage in various cloud and container environments. It is commonly used to forward traffic to a Security Information and Event Management (SIEM) service, such as Splunk, for further analysis. Fluent Bit uses a tagging system to process and manage traffic that it moves. Multiple vulnerabilities have been discovered within Fluent Bit, largely facilitated by various plugins that manipulate or support tags.

Each individual vulnerability is listed below:

CVE-2025-12972 The Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory.

CVE-2025-12970 The extract_name() function in the Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution.

CVE-2025-12969 The Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.

CVE-2025-12977 The Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, thus impacting data integrity and log routing.

CVE-2025-12978 Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed access to these input endpoints can exploit this behavior to manipulate tags and redirect records to unintended destinations. This compromises the authenticity of ingested logs and can allow injection of forged data, alert flooding and routing manipulation.

Impact

The vulnerabilities could be used for authentication bypass, RCE, DoS, and tag manipulation leading to improper function of Fluent Bit.

Solution

The vulnerabilities are all fixed in Fluent Bit version 4.2.0. Users should download and install the latest version of Fluent Bit as soon as possible. The latest version of Fluent Bit is available at https://fluentbit.io/announcements/

Acknowledgements

Thanks to the reporter, Uri Katz of Oligo Security. This document was written by Christopher Cullen.

Vendor Information

References

• https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/
• https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover

Overview

Retell AI's API creates AI voice agents that have excessive permissions and functionality, as a result of insufficient amounts of guardrails. As a result, attackers can exploit this and conduct large scale social engineering, phishing, and misinformation campaigns.

Description

Retell AI offers an API that can create human sounding voice agents that can then be tasked to perform various business operations, respond to questions, and be automated to complete various other voice related tasks. Retell AI uses OpenAI’s GPT 4o and 5 models for these conversations, and users can configure agents with minimal prompt engineering.

However, Retell AI’s lack of sufficient guardrails causes the LLM to respond in unexpected ways and deliver malicious outputs. Guardrails are an important mechanism in LLMs that filter inputs and outputs to ensure models are behaving in intended ethical ways. Retell AI permits voice AI agents to have over-permissive autonomy with the lack of guardrails. This is known as Excessive Agency. Malicious actors need minimal resources and technical knowledge to induce trust, extract data, and conduct large scale phishing operations using Retell AI products.

Impact

The vulnerability targets Retell AI’s ease of deployment and customizability to perform scalable phishing/social engineering attacks. Attackers can feed publicly available resources as well as some instructions to Retell AI’s API to generate high-volume and automated fake calls. These fake calls could lead to unauthorized actions, security breaches, data leaks, and other forms of manipulation.

Solution

Retell AI has not released a statement, and coordinated disclosure was attempted. Users should be aware and follow security best practices when speaking to an AI voice agent and avoid sensitive data input. Developers should limit functionality and permissions through instating sufficient guardrails and implement manual human approval for high-risk or high volume tasks.

Acknowledgements

Thanks to the reporter, Keegan Parr, for the report. The reporters disclosure is available here: https://haxor.zip/ This document was written by Ayushi Kriplani.

Vendor Information

References

• https://www.retellai.com/
• https://docs.retellai.com/api-references/create-phone-call
• https://haxor.zip/

Overview

A command injection vulnerability exists across multiple firmware versions that allows an attacker to execute arbitrary commands as root on the affected device. Currently, no solution exists to resolve these vulnerabilities in the Tenda N300 series and Tenda 4G03 Pro devices.

Description

Tenda 4G03 Pro is a portable 4G LTE router that is designed to provide for flexible internet access. It is a plug-and-play device compatible with mobile operators globally, allowing you to insert a SIM card for ad-hoc internet access. Multiple components within this model of Tenda 4G LTE router is impacted by command injection flaws that stem from improper handling of attacker-controlled input passed to internal service functions.

CVE-2025-13207 In Firmware up to and including v04.03.01.44, manipulation of arguments passed to a function within the service /usr/sbin/httpd can be exploited. A crafted, authenticated HTTP request to TCP port 80 can trigger arbitrary command execution.

CVE-2024-24481 In Firmware up to and including v04.03.01.14, improper input handling within an accessible function leads to a similar command injection condition. An authenticated attacker can invoke the function through the web interface, after which a crafted network request to TCP port 7329 can result in command execution. This issue is distinct from CVE-2023-2649.

These vulnerabilities were identified through reverse engineering of the firmware. At this time, no fixed firmware is available to address these vulnerabilities.

Impact

Successful exploitation allows an attacker to execute arbitrary commands as root on the underlying operating system, allowing attacker to take Total control of the device.

Solution

The CERT/CC is currently unaware of a vendor-supplied patch or mitigation for these vulnerabilities.

• Use an alternative device: Because no remediation is currently available, users who rely on this device in security-sensitive may consider other devices for such access.
• Reduce exposure where possible: If replacement is not immediately feasible, limit usage to reduce risk of abuse.
• Monitor for vendor updates: Users should periodically check for firmware updates or advisories from Tenda in case a patch becomes available in the future.

Acknowledgements

Thanks to the reporter Ax for reporting this issue. This document was written by Marisa Middler and Timur Snoke.

Vendor Information

References

• https://www.tendacn.com/us/product/4G03Pro

Overview

Wolfram Cloud version 14.2 allows Java Virtual Machine (JVM) unrestricted access to temporary resources in the /tmp/ directory of the cloud environment which may result in privilege escalation, information exfiltration, and remote code execution. In the same cloud instance, temporary directories of other users may be accessible.

Description

Wolfram Cloud is a multi-tenant cloud platform that supports a virtual "notebook" interface for easier programming and accessibility to tools for quickly building and publishing integrated applications. In this architecture, the instance kernel /tmp/ directory is shared, but with access permissions. Excepting the JVM initialization file, these temporary directories usually do not contain sensitive information. A newly discovered race condition allows attackers to poison the classpath via the shared /tmp/ directory during JVM initializaiton. If an attacker can approximate when users would be launching the JVM, access to an unprotected temporary directory may be successful. The cause is the implementation of the virtual environment by the hosting platform which manages access to temporary files in a multi-tenant cloud environment. A successful attack will give the attacker access to the temporary directories of other users.

Impact

An attacker that accesses the shared /tmp/ directory of the instance can potentially achieve privilege escalation, information exfiltration, and remote code execution. This constitutes a Technical Impact = Total under the SSVC framework, meaning:

The vulnerability gives the adversary total control over the behavior of the software or total disclosure of all information on the affected system.

Solution

The CERT/CC recommends updating Wolfram Cloud to version 14.2.1.

Acknowledgements

Thanks to the reporter Peter Roberge from Pointer Cybersecurity. This document was written by Laurie Tyzenhaus and Renae Metcalf.

Vendor Information

References

• https://github.com/PeterRoberge/vulnerability-wolfram-cloud-14.2/blob/main/disclosure.md

Overview

Lite XL is a lightweight text editor derived from the lite project, written primarily in Lua and C. It supports Windows, Linux, and macOS, and is designed for extensibility through plugins and project‑specific modules.

Description

Two vulnerabilities were identified Lite XL:

CVE-2025-12120
Lite XL versions 2.1.8 and prior automatically execute the .lite_project.lua file when opening a project directory, without prompting the user for confirmation. The .lite_project.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow execution of untrusted Lua code if a user opens a malicious project, potentially leading to arbitrary code execution with the privileges of the Lite XL process.

CVE-2025-12121
Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in project directory launching (core.lua), drag-and-drop file handling (rootview.lua), and the “open in system” command in the treeview plugin (treeview.lua). If an attacker could influence input to system.exec, they might execute arbitrary commands with the privileges of the Lite XL process.

Impact

CVE-2025-12120
When opening a project in Lite XL, the project’s Lua module was executed automatically, potentially allowing malicious code in a repository to run without user consent.

CVE-2025-12121
The legacy system.exec function allowed arbitrary shell command execution, which could be abused to compromise the host system.

Affected versions

Lite XL versions 2.1.8 and prior

Solution

Users should update to the latest version of Lite XL that includes these pull requests:

PR #1472 – Adds in a trust guard for project modules.
PR #1473 – Removed legacy exec function.

These updates ensure that untrusted projects cannot automatically execute Lua code and that unsafe system calls are no longer available.

Acknowledgements

Thanks to the reporter Dogus Demirkiran for reporting these vulnerabilities. Additional thanks to GitHub user Summertime for also identifying CVE-2025-12120 and opening Issue #1892 on GitHub. This document was written by Marisa Midler.

Vendor Information

References

• https://github.com/lite-xl/lite-xl
• https://github.com/lite-xl/lite-xl/pull/2163
• https://github.com/lite-xl/lite-xl/pull/2164
• https://bend0us.github.io/vulnerabilities/lite-xl-rce/