CVE-2025-2229

A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations.

Publication date: Thu, 13 Mar 2025 00:00:00 +0000


Cyber News related to CVE-2025-2229

CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server.  It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
4 hours ago Cybersecuritynews.com CVE-2024-5594
CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits - Vulnerabilities in the SIPROTEC 5 series include Cleartext storage of sensitive information (CVE-2024-53651), which has a CVSS v3 base score of 4.6. Mitigation involves firmware updates and restricting network access. This SCADA management software ...
1 month ago Cybersecuritynews.com CVE-2024-53651 CVE-2025-25067 CVE-2025-24865 CVE-2025-22896 CVE-2025-23411 CVE-2023-37482 CVE-2024-54015 CVE-2022-38465 CVE-2025-24811 CVE-2025-20615 CVE-2025-24836 CVE-2025-23421 CVE-2024-53977 CVE-2025-23363 CVE-2025-1283 CVE-2025-23403 CVE-2025-26473 CVE-2025-25281 CVE-2025-24861
CISA Warns of Windows NTFS Vulnerability Actively Exploited to Access Sensitive Data - In an era where file system vulnerabilities comprise 23% of KEV entries, the March 2025 advisories serve as a stark reminder: patch, segment, and verify—before attackers exploit the gaps. These flaws CVE-2025-24984, CVE-2025-24991, CVE-2025-24993, ...
2 days ago Cybersecuritynews.com CVE-2025-24984
Palo Alto Networks tags new firewall bug as exploited in attacks - Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. "Palo Alto Networks has observed exploit ...
3 weeks ago Bleepingcomputer.com CVE-2025-0111 CVE-2025-0108 CVE-2024-9474
Paragon Partition Manager Vulnerabilities Let Attackers Escalate Privilege & Trigger DoS Attacks - Here the security analysts at Carnegie Mellon University noted that the most concerning aspect of these vulnerabilities is that they can be exploited even if Paragon Partition Manager isn’t installed on the target system, through a technique ...
1 week ago Cybersecuritynews.com CVE-2025-0286
41,500+ VMware ESXi Instances Vulnerable to Code Execution Attacks - We are scanning & reporting out VMware ESXi CVE-2025-22224 vulnerable instances ("a malicious actor with local admin privileges on a virtual machine may exploit this to execute code as virtual machine's VMX process running on ...
1 week ago Cybersecuritynews.com CVE-2025-22224
CVE-2025-2229 - A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations. ...
1 day ago
Over 37,000 VMware ESXi servers vulnerable to ongoing attacks - The Shadowserver Foundation reports that most of the vulnerable instances are in China (4,400), followed by France (4,100), the United States (3,800), Germany (2,800), Iran (2,800), and Brazil (2,200). Bill Toulas Bill Toulas is a tech writer and ...
1 week ago Bleepingcomputer.com CVE-2025-22225
CVE-2013-2229 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2218. Reason: This candidate is a reservation duplicate of CVE-2013-2218. Notes: All CVE users should reference CVE-2013-2218 instead of this candidate. All references and ...
55 years ago Tenable.com
CVE-2009-2229 - Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 lite allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter during a download action, a different vector than CVE-2008-3087. NOTE: some of these ...
7 years ago
CVE-2021-2229 - Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: LOVs). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to ...
3 years ago
CVE-2019-2229 - In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for ...
3 years ago
CVE-2022-2229 - An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public ...
1 year ago
CVE-2023-2229 - The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ...
1 year ago
CVE-2020-2229 - Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability. ...
1 year ago
CVE-2002-2229 - Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 allows remote attackers to read arbitrary files via a .. in an HTTP request. ...
16 years ago
CVE-2000-1094 - Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument. ...
1 year ago
CVE-2005-2229 - Blog Torrent 0.92 and earlier stores sensitive files under the web document root in the (1) data or (2) torrents directories with insufficient access control, which allows remote attackers to obtain sensitive information such as account names and ...
8 years ago
CVE-2000-1093 - Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrary commands via a long "goim" command. ...
7 years ago
CVE-2022-49390 - In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for real_dev Create a new macsec device but not get reference to real_dev. That can not ensure that real_dev is freed after macsec. That will trigger the UAF bug ...
2 weeks ago Tenable.com
CVE-2004-2229 - Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges. ...
7 years ago
CVE-2017-2229 - Untrusted search path vulnerability in Douroshisetu Kihon Data Sakusei System Ver1.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. ...
7 years ago
CVE-2007-2229 - Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka ...
6 years ago
CVE-2006-2229 - OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or ...
4 years ago
CVE-2010-2229 - Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. ...
4 years ago

Cyber Trends (last 7 days)