CVE-2025-21124

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

This Cyber News was published on www.tenable.com. Publication date: Wed, 12 Feb 2025 17:11:03 +0000

Cyber News related to CVE-2025-21124

CVE-2025-21124 - InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. ...
1 day ago Tenable.com

CVE-2022-25234 - Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. ...
2 years ago

CVE-2022-21124 - Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. ...
2 years ago

CVE-2020-21124 - UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page. ...
3 years ago

CVE-2018-21124 - NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escalation. ...
4 years ago

CVE-2021-21124 - Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. ...
3 years ago

CVE-2023-21124 - In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ...
1 year ago

CVE-2025-0977 - Update the openssl crate to version 0.10.70 and the openssl-sys crate to version 0.9.105. ...
6 days ago Tenable.com

Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
1 year ago Bleepingcomputer.com

CVE-2025-1091 - Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components (node.js, Envoy, libcurl) were found to contain vulnerabilities, and updated versions have been made available by ...
6 days ago Tenable.com

CVE-2025-0760 - Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components (node.js, Envoy, libcurl) were found to contain vulnerabilities, and updated versions have been made available by ...
6 days ago Tenable.com

CVE-2025-24897 - Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's ...
1 day ago Tenable.com

CVE-2025-24896 - Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named `token` is stored in a cookie for authentication purposes in Bull Dashboard, but this remains ...
1 day ago Tenable.com

CVE-2021-42718 - Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container ...
2 weeks ago Tenable.com

CVE-2024-13162 - SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from ...
4 weeks ago Tenable.com

CVE-2025-0246 - When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This ...
1 month ago Tenable.com

CVE-2024-13172 - Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. ...
4 weeks ago Tenable.com

CVE-2024-13171 - Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. ...
4 weeks ago Tenable.com

CVE-2024-13170 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
4 weeks ago Tenable.com

CVE-2024-13169 - An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. ...
4 weeks ago Tenable.com

CVE-2024-13168 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
4 weeks ago Tenable.com

CVE-2024-13167 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
4 weeks ago Tenable.com

CVE-2024-13166 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
4 weeks ago Tenable.com

CVE-2024-13165 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
4 weeks ago Tenable.com

CVE-2024-13164 - An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. ...
4 weeks ago Tenable.com

Latest Cyber News

CVE-2025-1207 - 3 hours ago
CVE-2025-0556 - 3 hours ago
CVE-2025-1206 - 4 hours ago
CVE-2025-1212 - 4 hours ago
CVE-2025-1244 - 4 hours ago
CVE-2025-1202 - 4 hours ago
CVE-2025-1042 - 4 hours ago
CVE-2024-54160 - 4 hours ago
CVE-2025-0376 - 4 hours ago
CVE-2024-12251 - 4 hours ago
CVE-2024-12379 - 4 hours ago
CVE-2025-26378 - 5 hours ago
CVE-2025-26371 - 5 hours ago
CVE-2025-26372 - 5 hours ago
CVE-2025-26373 - 5 hours ago
CVE-2025-26374 - 5 hours ago
CVE-2025-26375 - 5 hours ago
CVE-2025-26376 - 5 hours ago
CVE-2025-26377 - 5 hours ago
CVE-2025-26364 - 5 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2023-40721 - 1 day ago
CVE-2024-12755 - 1 day ago
CVE-2024-12756 - 1 day ago
CVE-2024-27780 - 1 day ago
CVE-2024-27781 - 1 day ago
CVE-2024-33504 - 1 day ago
CVE-2024-35279 - 1 day ago
CVE-2024-36508 - 1 day ago
CVE-2024-40584 - 1 day ago
CVE-2024-40586 - 1 day ago
CVE-2024-40591 - 1 day ago
CVE-2024-50567 - 1 day ago
CVE-2024-50569 - 1 day ago
CVE-2024-52966 - 1 day ago
CVE-2024-52968 - 1 day ago
CVE-2025-1126 - 1 day ago
CVE-2025-21121 - 1 day ago
CVE-2025-21123 - 1 day ago
CVE-2025-21124 - 1 day ago
CVE-2025-21125 - 1 day ago