CVE-2025-25730

CVE-2025-25730

Título es
CVE-2025-25730

Jue, 27/02/2025 – 22:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-25730

Descripción en
An issue in Motorola Mobility Droid Razr HD (Model XT926) System Version: 9.18.94.XT926.Verizon.en.US allows physically proximate unauthorized attackers to access USB debugging, leading to control of the host device itself.

27/02/2025

27/02/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • CVE-2025-25730 Developer Options and USB Debugging Authorization Bypass in Motorola Droid Razr HD (XT926)


    • Enviar en el boletín
    Off

    CVE-2025-25570

    CVE-2025-25570

    Título es
    CVE-2025-25570

    Jue, 27/02/2025 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-25570

    Descripción en
    Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials.

    27/02/2025

    27/02/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://github.com/Hackerhan/Vben-Admin

    • Enviar en el boletín
    Off

    CVE-2024-38292

    CVE-2024-38292

    Título es
    CVE-2024-38292

    Jue, 27/02/2025 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-38292

    Descripción en
    In XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation.

    27/02/2025

    27/02/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://community.extremenetworks.com/t5/security-advisories-formerly/sa-2024-104-xiq-se-path-traversal-privilege-escalation-cve-2024/ba-p/116362

    • Enviar en el boletín
    Off

    CVE-2025-24832

    CVE-2025-24832

    Título es
    CVE-2025-24832

    Jue, 27/02/2025 – 23:15

    Tipo
    CWE-61

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-24832

    Descripción en
    Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.7.615.

    28/02/2025

    28/02/2025

    Vector CVSS:3.1
    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://security-advisory.acronis.com/advisories/SEC-7649

    • Enviar en el boletín
    Off

    CVE-2024-41340

    CVE-2024-41340

    Título es
    CVE-2024-41340

    Jue, 27/02/2025 – 21:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41340

    Descripción en
    An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to upload crafted APP Enforcement modules, leading to arbitrary code execution.

    27/02/2025

    27/02/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • http://draytek.com

  • https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946

    • Enviar en el boletín
    Off