Active exploitation of CVE-2025-11001 has been observed in the wild. A security researcher has also publicly released a proof-of-concept (PoC) exploit for CVE-2025-11001.
The PoC allows attackers to abuse symbolic-link handling to write files outside of the intended extraction folder, which in some scenarios, can enable arbitrary code execution.
Read more…
Source: NHS Digital
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- QNAP Fixes Several Vulnerabilities Affecting High-End NAS Devices
December 10, 2024
QNAP has released fixes for several vulnerabilities affecting the QTS and QuTS hero operating systems. In addition to the three high severity vulnerabilities below, the security advisory also addresses two medium severity vulnerabilities and three low severity vulnerabilities. QuTS is QNAP’s operating system for high-end enterprise NAS devices. Vulnerability Details CVE-2024-48865: An improper certificate validation vulnerability ...
- Zyxel Releases Advisory for Exploited Vulnerability CVE-2024-11667
December 2, 2024
Zyxel has released a security advisory addressing recent targeting of its firewall products. Attackers have been observed exploiting vulnerabilities patched in September (see Cyber Alert CC-4541) and a previously undisclosed high severity vulnerability. CVE-2024-11667 is a path traversal vulnerability and has a CVSSv3 score of 7.5. If exploited, an attacker could download or upload files via ...
- SonicWall Releases Security Updates for SMA100 NetExtender for Windows (CVE-2024-29014)
November 27, 2024
SonicWall has released a security update addressing a vulnerability in the Windows (32 and 64-bit) versions of SonicWall SMA100 NetExtender. SMA100 NetExtender is a virtual private network (VPN) client. This vulnerability tracked as CVE-2024-29014, may allow an attacker to execute arbitrary code when processing an EPC Client update. CVE-2024-29014 was originally assigned a CVSSv3 score of ...
- Update now – Apple confirms vulnerabilities are already being exploited
November 20, 2024
Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make sure you update as soon as you can. To check if you’re using ...
- Sitting Duck Cyber Attacks – Warning Issued As Websites Targeted
November 20, 2024
A cybersecurity threat known as a sitting duck exploit is thought to be putting more than one million websites at risk of attack, according to threat intelligence analysts. The fact that the attack methodology remains underreported could be the reason why Infoblox security researchers called the discovery of multiple hackers using the vulnerability across widespread cyber ...
- Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated)
November 20, 2024
Palo Alto Networks and Unit 42 are engaged in tracking a limited set of exploitation activity related to CVE-2024-0012 and and CVE-2024-9474 and are working with external researchers, partners, and customers to share information transparently and rapidly. Fixes for both vulnerabilities are available. Please refer to the Palo Alto Networks Security Advisories (CVE-2024-0012, CVE-2024-9474) for additional details. ...