SugarCRM is a customer relationship management (CRM) system, providing sales force automation, marketing campaigns, customer support, collaboration, and other tools to manage customer data.

SugarCRM

A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the rest_data parameter before passing it to the unserialize() function. This allows an unauthenticated attacker to submit crafted serialized data containing malicious object declarations, resulting in arbitrary code execution within the application context. Although SugarCRM released a prior fix in advisory sugarcrm-sa-2016-001, the patch was incomplete and failed to address some vectors.

CVE-2025-25034

Linux

Linux Kernel

Windows

Windows Cumulative Update

Teleport is an open-source security tool that provides developers and system administrators with secure access to infrastructure resources such as servers (SSH) and Kubernetes clusters (K8s). It enforces role-based access control, supports various authentication methods, and captures audit logs for user sessions and actions. Teleport's focus on secure access, access control, and auditing makes it an essential solution for managing and securing modern infrastructure.

Teleport

Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patch.

CVE-2025-49825

GoLang

GitHub Advisory Database

Sitecore Experience Platform (XP) is an enterprise content management system (CMS), providing tools for content management, digital marketing, and analytics and reporting.

Sitecore Experience Platform (XP)

Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing path traversal sequences, allowing arbitrary file writes and leading to code execution.

CVE-2025-34510

Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP.

CVE-2025-34509

Trend Micro Apex Central is a centralized security management console for enterprises. It provides visibility and control across multiple layers of security, including endpoint, mobile, server, and network protection.

Apex Central

An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method.

CVE-2025-49220

Debian GNU/Linux is a Linux distribution composed of free and open-source software.

Linux Debian

Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

CVE-2025-6926

Debian

Debian Security Tracker

JavaScript is a high-level, interpreted programming language essential for creating interactive web applications, running directly in web browsers to enable dynamic content and user interface enhancements. It is integral to the web development stack, working seamlessly with HTML and CSS to build responsive and feature-rich websites.

JavaScript

tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual <script> element. If an attacker injected an HTML element, it could clobber the document.currentScript property. This causes the script to resolve incorrectly to an element instead of the <script> tag, leading to unexpected behavior or failure to load the script path correctly. This issue arises because in some browser environments, named DOM elements become properties on the global document object. An attacker with control over the HTML could exploit this to change the CDN domain of tarteaucitron. This issue has been patched in version 1.22.0.

CVE-2025-48939

### Summary
eKuiper /config/uploads API supports accessing remote web URLs and saving files in the local upload directory, but there are no security restrictions, resulting in arbitrary file writing through ../. If run with root privileges, RCE can be achieved by writing crontab files or ssh keys.
### Details
```go 
func fileUploadHandler(w http.ResponseWriter, r *http.Request) {
	switch r.Method {
	// Upload or overwrite a file
	case http.MethodPost:
		switch r.Header.Get("Content-Type") {
		case "application/json":
			fc := &fileContent{}
			defer r.Body.Close()
			err := json.NewDecoder(r.Body).Decode(fc)
			if err != nil {
				handleError(w, err, "Invalid body: Error decoding file json", logger)
				return
			}
			err = fc.Validate()
			if err != nil {
				handleError(w, err, "Invalid body: missing necessary field", logger)
				return
			}
			filePath := filepath.Join(uploadDir, fc.Name)
			err = upload(fc)
```
- The fc.Name parameter do not safely filtered.
### PoC
```
POST /config/uploads HTTP/1.1
Host: localhost:9081
Content-Type: application/json
Content-Length: 89
{
  "name": "../../../../tmp/success",
 "file": "http://192.168.65.254:8888/success"
}
```
![image](https://github.com/user-attachments/assets/9ac23194-f5fd-49d3-ba54-334a7831739a)
### Impact
Tested and verified only on 1.14.3 and 1.14.1, theoretically all versions using this code could be affected.
1. SSRF
2. Path-Travel
3. May leads to RCE
The reporters is m0d9 from Tencent YunDing Lab.

GHSA-gj54-gwj9-x2c6

### Summary
Path traversal is also known as directory traversal. These vulnerabilities enable an attacker to read arbitrary files on the server that is running an application. In this case, an attacker might be able to write to arbitrary files on the server, allowing them to modify application data or behavior, and ultimately take full control of the server.
### Details
The file handler function trusts the filename provided by the user. This includes the cases when the user uses a path instead of the filename. This makes possible to write arbitrary files to the system and **replace** the files owned by _kuiper_ user on the filesystem. The vulnerable function is `fileUploadHandler` which is shown below:
https://github.com/lf-edge/ekuiper/blob/1e6b6b6601445eb05316532f5fbef7f0a863ecfe/internal/server/rest.go#L329-L359
Exploitation of this vulnerability allows an attacker to rewrite the files owned by ekuiper including the main kuiper binaries as they are owned by _kuiper_ user:
![kuiper binaries](https://github.com/user-attachments/assets/58cf0dc9-20aa-4976-b199-d052a8f5a676)
### PoC
0.  The files should be uploaded to `/kuiper/data/uploads` directory. So let's move to the `/kuiper/data`, examine the existing files and create an empty `traversal-poc` file owned by  _kuiper_:
![Preparation](https://github.com/user-attachments/assets/c1010cfe-ca3e-481d-b895-820a96f2af60)
1. Now, we can go to _Services > Configuration > File Management_ and try to upload file with name `../test`:
![GUI](https://github.com/user-attachments/assets/31402874-d8a1-450b-91d6-025533c7be33)
![Request in Burp](https://github.com/user-attachments/assets/a4b01f57-5ce0-4791-8a6e-69eb47bca40b)
In the response we can see the path of the uploaded file and can assume that the traversal worked.
2. Now we can try to change the `traversal-poc` file that we know exists on the server. It can be made with the following request:
![traversal-poc change](https://github.com/user-attachments/assets/164a7088-9152-4a6d-bef4-de8b4637ed51)
3. Now, if we look at the server, we can see the file created in the traversed directory and the replaced poc-file:
![Changed files](https://github.com/user-attachments/assets/1be0bb36-66b7-4552-9b5d-6298c15d59bb)
### Impact
- Possibility to upload files to external directories;
- Possibility to rewrite any file owned by _kuiper_ user on the filesystem.
Reported by Alexey Kosmachev, Lead Pentester from Bi.Zone

GHSA-fv2p-qj5p-wqq4

n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to cause service unavailability through malformed filesystem URI requests, effecting the /rest/binary-data endpoint and n8n.cloud instances (confirmed HTTP/2 524 timeout responses). Attackers can exploit this by sending GET requests with empty filesystem URIs (filesystem:// or filesystem-v2://) to the /rest/binary-data endpoint, causing resource exhaustion and service disruption. This issue has been patched in version 1.99.0.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-25034	CRITICAL	9.3	SugarCRM	cpe:2.3:a:sugarcrm:sugarcrm	No	Yes	Jun 20, 2025
CVE-2025-49825	CRITICAL	9.8	Teleport	cpe:2.3:a:goteleport:teleport	No	Yes	Jun 17, 2025
CVE-2025-34510	HIGH	8.8	Sitecore Experience Platform (XP)	cpe:2.3:a:sitecore:experience_platform	No	No	Jun 17, 2025
CVE-2025-34509	HIGH	8.2	Sitecore Experience Platform (XP)	cpe:2.3:a:sitecore:experience_platform	No	Yes	Jun 17, 2025
CVE-2025-49220	CRITICAL	9.8	Apex Central	cpe:2.3:a:trendmicro:apex_central	No	Yes	Jun 17, 2025

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-6926	HIGH	8.8	Linux Debian	mediawiki	No	Yes	Jul 03, 2025
CVE-2025-48939	MEDIUM	4.2	JavaScript	tarteaucitronjs	No	Yes	Jul 03, 2025
GHSA-gj54-gwj9-x2c6	HIGH	7.3	N/A	github.com/lf-edge/ekuiper/v2	No	Yes	Jul 03, 2025
GHSA-fv2p-qj5p-wqq4	HIGH	8.5	N/A	github.com/lf-edge/ekuiper	No	Yes	Jul 03, 2025
CVE-2025-49595	MEDIUM	4.9	JavaScript	n8n	No	Yes	Jul 03, 2025

Wiz Vulnerability Database

Explore by technology

Popular filters

High Profile

Most Recent

Vulnerabilities by the numbers

The good, the bad, and the vulnerable

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?