Daily CVE report with the latest security vulnerabilities and exploits. Stay informed with real-time updates and expert insights on emerging cyber threats.
CVE-2025-54987
Description:
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture.
Source: Trend Micro, Inc.
Analysis
CVE-2025-54987 and CVE-2025-54948 are command injection flaws in the management console of on-premises Trend Micro Apex One installations. An unauthenticated attacker with network or physical access can upload arbitrary files, execute commands, and gain code execution. While both issues are similar, CVE-2025-54987 applies to a different CPU architecture than CVE-2025-54948.
Cloud-hosted versions—Trend Micro Apex One™ as a Service and Trend Vision One Endpoint Security – Standard Endpoint Protection—were mitigated by July 31 and remain unaffected. Only on-prem deployments are vulnerable.
Exploitation History
Apex One has been a repeat target, with prior zero-day exploits against on-prem versions. Past examples include CVE-2020-8467 and CVE-2020-8468 (patched in March 2020 after in-the-wild use) and CVE-2022-40139 (patched in September 2022). As of August 6, the U.S. CISA lists nine Apex One vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog.
Vendor Response
No official patch is available yet; Trend Micro expects release mid-August 2025. A temporary mitigation tool is available, blocking known exploits and disabling the Remote Install Agent function for deploying agents.
While attacks require network or physical access to the management interface, organizations exposing the console to the internet should immediately apply the mitigation tool and restrict external access.
Max CVSS 9.4
EPSS Score 0.28%
Published 2025-08-05
Updated 2025-08-05
CVE-2025-55013
Description
The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client (task_handler.py) accepts a SHA-256 value returned by the service server and uses it directly as a local file name.A malicious or compromised server (or any MITM that can speak to client) can return a path-traversal payload such as ../../../etc/cron.d/evil and force the client to write the downloaded bytes to an arbitrary location on disk. This is fixed in version 4.6.1.dev138.
References
https://github.com/CybercentreCanada/assemblyline/security/advisories/GHSA-75jv-vfxf-3865
https://github.com/CybercentreCanada/assemblyline-service-client/commit/351414e7e96cc1f5640ae71ae51b939e8ba30900
Max CVSS 10.0
EPSS Score 0.04%
Published 2025-08-09
Updated 2025-08-11
CVE-2025-54997
Description:
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections. However, these operators can bypass both restrictions through the audit subsystem by manipulating log prefixes. This allows unauthorized code execution and network access that violates the intended security model. This issue is fixed in version 2.3.2. To workaround, users can block access to sys/audit/* endpoints using explicit deny policies, but root operators cannot be restricted this way.
Source: GitHub, Inc.
Analysis
- Vulnerability: OpenBao ≤ 2.3.1 contains a code injection flaw in the
sys/audit/*API endpoints. - Cause: The
prefixparameter in audit device configuration is not properly sanitized, allowing injection of arbitrary code or commands. - Impact: When audit events occur, malicious prefixes can trigger code execution or external network connections.
- Fix: Version 2.3.2 restricts
sys/audit/*access, adds options to disable API-based audit creation, and disables audit log prefixing. - Action: Upgrade immediately to 2.3.2 or later.
Exploitation History
OpenBao has a recent history of critical security issues, including:
- CVE-2025-52894 – Unauthenticated users could cancel root and recovery rekey operations (fixed in 2.3.1).
- CVE-2025-52893 – Privilege escalation vulnerabilities.
The vendor responds quickly to reports but the recurrence of serious flaws underscores the need for continuous security auditing.
Detection
Indicators of compromise include:
- Audit Log Prefix Changes – Unauthorized modifications to the audit log prefix.
- Unexpected File Activity – Creation or modification of binaries/scripts initiated by OpenBao.
- Anomalous Network Connections – Unplanned outbound TCP connections from the OpenBao server.
Enable detailed logging and real-time alerts for these events.
Affected Versions
- Vulnerable: 2.3.1 and earlier.
- Fixed: 2.3.2.
- Risk applies to any deployment where privileged API operators can modify
sys/audit/*endpoints.
CVE-2025-54952
Description:
An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b.
CWE ids for CVE-2025-54952
CWE-680 Integer Overflow to Buffer Overflow
The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
References for CVE-2025-54952
https://github.com/pytorch/executorch/commit/8f062d3f661e20bb19b24b767b9a9a46e8359f2b
https://www.facebook.com/security/advisories/cve-2025-54952
Max CVSS 9.4
EPSS Score 0.28%
Published 2025-08-05
Updated 2025-08-05
CVE-2025-54253
Description:
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
References
https://slcyber.io/assetnote-security-research-center/struts-devmode-in-2025-critical-pre-auth-vulnerabilities-in-adobe-experience-manager-forms/
https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html
Max CVSS 10.0
EPSS Score 1.36%
Published 2025-08-05
Updated 2025-08-06
