CyberSecurityBoard
Sponsor Register Login

CVE-2023-53770

MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to retrieve a complete system configuration archive containing sensitive credentials.

Publication date: Tue, 09 Dec 2025 20:53:00 +0000


Cyber News related to CVE-2023-53770

CISA Warns of Microsoft SharePoint server 0-Day RCE Vulnerability Exploited in Wild - CISA has issued an urgent warning about a critical zero-day remote code execution vulnerability affecting Microsoft SharePoint Server on-premises installations that threat actors are actively exploiting in the wild. The vulnerability, tracked as ...
5 months ago Cybersecuritynews.com CVE-2025-53770
Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security - In an advisory about the SharePoint security hole, a.k.a. CVE-2025-53770, Microsoft said it is aware of active attacks targeting on-premises SharePoint Server customers and exploiting vulnerabilities that were only partially addressed by the July 8, ...
5 months ago Krebsonsecurity.com CVE-2025-53770
Microsoft Releases Mitigations and Threat Hunting Queries for SharePoint Zero-Day - Thousands of organizations worldwide face active cyberattacks targeting Microsoft SharePoint servers through two critical vulnerabilities, prompting urgent government warnings and emergency patches. Microsoft released emergency security updates on ...
5 months ago Cybersecuritynews.com CVE-2025-53770
Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
2 years ago Cisa.gov CVE-2023-48842 CVE-2023-43089 CVE-2023-39226 CVE-2023-46690 CVE-2023-47207 CVE-2023-46886 CVE-2023-48882 CVE-2023-49656 CVE-2023-28896 CVE-2023-48016 CVE-2023-49092 CVE-2023-2266 CVE-2023-2267 CVE-2023-31177 CVE-2023-34388 CVE-2023-34389 CVE-2023-48848 CVE-2023-4398
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available - The Microsoft SharePoint zero-day attacks were first identified by Dutch cybersecurity firm Eye Security, which told BleepingComputer that over 75 companies have already been compromised by the attacks. In May, Viettel Cyber Security researchers ...
5 months ago Bleepingcomputer.com CVE-2025-49706
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks - Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attacks. These flaws were fixed as part of the ...
5 months ago Bleepingcomputer.com CVE-2025-53770
Microsoft Sharepoint ToolShell attacks linked to Chinese hackers - On Monday, after Microsoft released security patches for all impacted SharePoint versions, a CVE-2025-53770 proof-of-concept exploit was also released on GitHub, making it easier for more threat actors and hacking groups to join ongoing attacks. ...
5 months ago Bleepingcomputer.com CVE-2025-53770
Metasploit Module Released For Actively Exploited SharePoint 0-Day Vulnerabilities - Cyber Security News - The module, designated as pull request #20409 in the Metasploit Framework repository, addresses CVE-2025-53770 and CVE-2025-53771, which enable unauthenticated remote code execution (RCE) attacks against vulnerable SharePoint installations. During ...
5 months ago Cybersecuritynews.com CVE-2025-53770
Microsoft Released an Emergency Security Update to Patch a Critical SharePoint 0-Day Vulnerability - Microsoft has issued an urgent security advisory addressing critical zero-day vulnerabilities in on-premises SharePoint Server that attackers are actively exploiting. Microsoft Defender for Endpoint generates specific alerts, including ...
5 months ago Cybersecuritynews.com CVE-2025-53770
CVE-2025-53770 - Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully ...
4 months ago CVE-2025-41236 CVE-2025-53771 CVE-2025-53770 CVE-2025-49706 CVE-2025-49704 CVE-2024-12053
Warnings issued as hackers actively exploit critical zero-day in Microsoft SharePoint | The Record from Recorded Future News - Researchers believe the issue is likely to lead to a large number of victims including governments and enterprises, and warn that attackers are compromising cryptographic keys allowing them to maintain access to victims’ systems even after the ...
5 months ago Therecord.media CVE-2025-53770
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
1 year ago Tenable.com
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server - Sig 11,887 p4api vs2017 static openssl3 p4api-2023.1.2468153-vs2017 static. Sig 11,847 p4api vs2017 static p4api-2023.1.2468153-vs2017 static. Sig 10,187 p4api vs2017 static vsdebug openssl3 p4api-2023.1.2468153-vs2017 static vsdebug. Sig 10,147 ...
2 years ago Microsoft.com
CVE-2023-53770 - MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by ...
2 weeks ago
Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
1 year ago Securelist.com
Weekly Cybersecurity Newsletter: Chrome 0-Day, VMware Flaws Patched, Fortiweb Hack, Teams Abuse, and More - Google has issued an emergency security update for its Chrome browser to address a critical zero-day vulnerability, CVE-2025-6558, that is being actively exploited in the wild. The Node.js project released security updates on July 15, 2025, to fix ...
5 months ago Cybersecuritynews.com CVE-2025-6558
Weekly Cybersecurity Recap : Sharepoint 0-day, Vmware Exploitation, Threats and Cyber Attacks - Tracked as CVE-2025-12345, this flaw allows remote code execution (RCE) without authentication, potentially enabling attackers to compromise sensitive data or deploy malware on affected servers. The U.S. Cybersecurity and Infrastructure Security ...
4 months ago Cybersecuritynews.com CVE-2025-12345 APT41
CISA Warns of Microsoft SharePoint Code Injection and Authentication Vulnerability Exploited in Wild - The vulnerabilities, designated as CVE-2025-49704 and CVE-2025-49706, pose significant risks to organizations running on-premises SharePoint servers and have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog with an immediate ...
5 months ago Cybersecuritynews.com CVE-2025-49704
Sharepoint 0-day Vulnerability to Deploy Warlock Ransomware - Microsoft has issued urgent warnings about active exploitation of critical SharePoint vulnerabilities CVE-2025-53770 and CVE-2025-53771 by multiple threat actors, including the China-based group Storm-2603, which has been deploying Warlock ransomware ...
4 months ago Cybersecuritynews.com CVE-2025-53770
CISA Warns of Chinese Hackers Exploiting SharePoint 0-Day Flaws in Active Exploitation - The attack campaign, dubbed “ToolShell,” leverages a vulnerability chain involving CVE-2025-49706 (network spoofing) and CVE-2025-49704 (remote code execution) to gain unauthorized access to on-premises SharePoint servers. Additionally, ...
5 months ago Cybersecuritynews.com CVE-2025-49706
ToolShell Exploit Chain Attacking SharePoint Servers to Gain Complete Control - This multi-stage attack combines previously patched vulnerabilities with fresh zero-day exploits to achieve complete system compromise, affecting SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. ...
4 months ago Cybersecuritynews.com CVE-2025-49704
Chinese Hackers Actively Exploiting SharePoint Servers 0-Day Vulnerability in the Wild - The tech giant’s Security Response Center reported coordinated attacks targeting internet-facing SharePoint installations using newly disclosed vulnerabilities that enable authentication bypass and remote code execution. Microsoft has released ...
5 months ago Cybersecuritynews.com CVE-2025-53770
CVE-2024-53770 - Cross-Site Request Forgery (CSRF) vulnerability in Peter MacIntyre RingCentral Communications allows Stored XSS.This issue affects RingCentral Communications: from n/a through 1.6.1. ...
1 year ago
17K+ SharePoint Servers Exposed to Internet - 840 Servers Vulnerable to 0-Day Attacks - A massive exposure of Microsoft SharePoint servers to internet-based attacks has been identified, with over 17,000 servers exposed and 840 specifically vulnerable to the critical zero-day vulnerability CVE-2025-53770, according to new findings from ...
4 months ago Cybersecuritynews.com APT3 CVE-2025-53770

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)