Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. These newly listed vulnerabilities pose significant threats to organizations across various sectors, highlighting the importance of prioritizing cybersecurity measures to mitigate potential attacks.
CISA has added four critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The first vulnerability, CVE-2014-3931, is a buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to cause an arbitrary memory write and memory corruption. The second vulnerability, CVE-2016-10033, is a command injection vulnerability in PHPMailer that could allow an attacker to execute arbitrary code within the context of the application or result in a denial-of-service (DoS) condition. The third vulnerability, CVE-2019-5418, is a path traversal vulnerability in Ruby on Rails' Action View that could cause contents of arbitrary files on the target system's file system to be exposed. The fourth vulnerability, CVE-2019-9621, is a Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite that could result in unauthorized access to internal resources and remote code execution.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added four critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. These newly listed vulnerabilities pose significant threats to organizations across various sectors, highlighting the importance of prioritizing cybersecurity measures to mitigate potential attacks.
The first vulnerability, CVE-2014-3931, is a buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to cause an arbitrary memory write and memory corruption. This type of vulnerability can have severe consequences, including unauthorized access to sensitive data or disruption of critical infrastructure. The severity of this vulnerability is rated at 9.8 on the Common Vulnerability Scoring System (CVSS), indicating its high potential impact.
The second vulnerability, CVE-2016-10033, is a command injection vulnerability in PHPMailer that could allow an attacker to execute arbitrary code within the context of the application or result in a denial-of-service (DoS) condition. This type of vulnerability can be exploited by attackers to gain unauthorized access to sensitive data or disrupt system operations.
The third vulnerability, CVE-2019-5418, is a path traversal vulnerability in Ruby on Rails' Action View that could cause contents of arbitrary files on the target system's file system to be exposed. This vulnerability can allow attackers to access sensitive information, including configuration files or personal data, compromising system security.
The fourth vulnerability, CVE-2019-9621, is a Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite that could result in unauthorized access to internal resources and remote code execution. This type of vulnerability can be exploited by attackers to gain unauthorized access to sensitive data or disrupt system operations.
In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are recommended to apply the necessary updates by July 28, 2025, to secure their networks. The CISA's addition of these vulnerabilities to its KEV catalog underscores the agency's commitment to providing timely and accurate information about critical vulnerabilities that pose a significant threat to national security.
In parallel with this announcement, watchTowr Labs and Horizon3.ai have released technical analyses for a critical security flaw in Citrix NetScaler ADC (CVE-2025-5777 aka Citrix Bleed 2), which is assessed to have come under active exploitation. The development of these vulnerabilities highlights the ongoing threat landscape that organizations must navigate to ensure their systems remain secure.
"We're seeing active exploitation of both CVE-2025-5777 and CVE-2025-6543 in the wild," watchTowr CEO Benjamin Harris told The Hacker News. "This vulnerability allows reading of memory, which we believe attackers are using to read sensitive information (for example, information sent within HTTP requests that are then processed in-memory), credentials, valid Citrix session tokens, and more."
Horizon3.ai noted that the vulnerability could be used to leak approximately 127 bytes of data via a specially crafted HTTP request with a modified "login=" without an equal sign or value, thereby making it possible to extract session tokens or other sensitive information.
The shortcoming, watchTowr explained, stems from the use of the snprintf function along with a format string containing the "%.*s" format. The %.*s format tells snprintf: 'Print up to N characters, or stop at the first null byte (\\0) - whichever comes first.' That null byte eventually appears somewhere in memory, so while the leak doesn't run indefinitely, you still get a handful of bytes with each invocation.
"So, every time you hit that endpoint without the =, you pull more uninitialized stack data into the response. Repeat it enough times, and eventually, you might land on something valuable."
The findings show that it's possible to send a login request to the "/p/u/doAuthentication.do" endpoint and cause it (and other endpoints susceptible to the flaw) to reflect the user-supplied login value in the response, regardless of success or failure.
The shortcoming can be exploited to leak sensitive information. This vulnerability highlights the importance of keeping systems up-to-date with the latest security patches to mitigate potential attacks.
In conclusion, the addition of these vulnerabilities to the CISA's KEV catalog underscores the agency's commitment to providing timely and accurate information about critical vulnerabilities that pose a significant threat to national security. The ongoing threat landscape demands that organizations prioritize cybersecurity measures to ensure their systems remain secure.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Unveils-Four-Critical-Vulnerabilities-in-KEV-Catalog-Due-to-Active-Exploitation-ehn.shtml
Published: Tue Jul 8 00:59:50 2025 by llama3.2 3B Q4_K_M
