#remote-code-execution

#remote-code-execution

Details of the six-year-old flaw were publicly shared by Cisco Talos in April 2019, describing it as an exploitable remote code execution vulnerability in the ACEManager "upload.cgi" function of Sierra Wireless AirLink ES450 firmware version 4.9.3. Talos reported the flaw to the Canadian company in December 2018. "This vulnerability exists in the file upload capability of templates within the AirLink 450," the company said. "When uploading template files, you can specify the name of the file that you are uploading."

Its name and the official documentation both paint a simple picture: it should handle SOAP messages transported over HTTP. Straightforward. Predictable. Safe. Reality is less cooperative.

This happened via the Model Context Protocol, intended to integrate external tools into the Codex environment. The CLI loaded MCP configurations from a .codex/config.toml file and executed the commands defined therein immediately upon startup. There was no approval prompt, no validation, and no check when the commands changed. MCP itself does not contain extensive built-in security, even after a series of updates.

Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures. The security defects "allow attackers to bypass authentication, perform path traversal, achieve remote code execution, cause denial-of-service conditions, and manipulate tags," Oligo Security said in a report shared with The Hacker News. Successful exploitation of the flaws could enable attackers to disrupt cloud services, manipulate data, and burrow deeper into cloud and Kubernetes infrastructure.

Both CVE-2025-6204 and CVE-2025-6205 affect DELMIA Apriso versions from Release 2020 through Release 2025. They were addressed by Dassault Systèmes in early August. According to details shared by ProjectDiscovery researchers Rahul Maini, Harsh Jaiswal, and Parth Malhotra last month, the two security flaws can be fashioned together into an exploit chain to create accounts with elevated privileges and then drop executable files into a web-served directory, resulting in a full application compromise.

Red Lion's Sixnet RTUs provide advanced automation, control, and data acquisition capabilities in industrial automation and control systems, primarily across energy, water, and wastewater treatment, transportation, utilities, and manufacturing sectors. These industrial devices are configured using a Windows utility called Sixnet IO Tool Kit, with a proprietary Sixnet "Universal" protocol used to interface and enable communication between the kit and the RTUs.

A critical security flaw has been identified in Happy DOM, a widely used JavaScript library primarily employed for server-side rendering and testing frameworks. The vulnerability, cataloged as CVE-2025-61927, allows attackers to escape the library's virtual machine (VM) context, leading to potential remote code execution on vulnerable systems. This flaw threatens millions of applications that depend on Happy DOM. The root of this vulnerability lies in the improper isolation of the Node.js VM context within Happy DOM versions 19 and earlier.

DrayTek on Thursday announced patches for an unauthenticated remote code execution (RCE) vulnerability affecting DrayOS routers. Tracked as CVE-2025-10547, the issue can be exploited via crafted HTTP or HTTPS requests sent to a vulnerable device's web user interface. Successful exploitation of the bug, DrayTek explains in its advisory, may result in memory corruption and a system crash. In certain circumstances, it could be used to execute arbitrary code remotely, it says.

Samsung has issued a patch to resolve a critical vulnerability impacting its Android smartphone users. All impacted phone models will receive the fix, which patches a vulnerability tracked as . The security flaw, issued a critical base score of 8.8 by Samsung Mobile (a CNA), is described as an "out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code."

Activision has brought Call of Duty: World War II back to the Microsoft Store and Xbox PC App after it was removed more than a month ago, though the company has still not said a word about what happened. A statement released on August 27 confirmed that the 2017 game has returned, and is once again available for PC Game Pass players. However, there was no explanation as to anything else related to the game's removal on July 4.

CVE-2024-8068 (CVSS score: 5.1) - An improper privilege management vulnerability in Citrix Session Recording that could allow for privilege escalation to NetworkService Account access when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain CVE-2024-8069 (CVSS score: 5.1) - A deserialization of untrusted data vulnerability in Citrix Session Recording that allows limited remote code execution with the privileges of a NetworkService Account access when an attacker is an authenticated user on the same intranet as the session recording server

The existence of the exploit was first reported last week by vx-underground, which said it was released by Scattered Lapsus$ Hunters, a new fluid alliance formed by Scattered Spider and ShinyHunters.

The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6) by the chipmaker back in June 2025.