Currently browsing: Security

Overview
The Forge JavaScript library provides TLS-related cryptographic utilities. A vulnerability that allows signature verification to be bypassed through crafted manipulation of ASN.1 structures, particularly in fields such as Message Authentication Code (MAC) data, was identified. Users of the node-forge package, and downstream consumers, are advised to update to the patched version in a timely manner.
Description
Forge (also available as the node-forge npm package) offers a range of cryptographic capabilities, including certificate generation, message signing and verification, and encryption and decryption. These functions depend on the ASN.1 parsing and validation routines of the library.
A flaw in the asn1.validate function was discovered that allows tampered ASN.1 data to pass validation even when cryptographically incorrect. By embedding custom options into certain ASN.1 fields that require recursive verification, an attacker can craft data that appears valid to the Forge verification routines. A proof-of-concept using manipulated PKCS#12 MAC data demonstrated how a forged payload could bypass signature verification.
The researcher who reported this issue has described the potential implications of the flaw as follows:

As a result, applications that rely on node-forge to enforce the structure and integrity of ASN.1-derived cryptographic protocols, including X.509 certificates, PKCS#7 messages, and PKCS#12 archives may be tricked into successfully validating malformed data.

While different environments will experience different levels of practical exposure, the underlying verification bypass is technically significant. The package is widely used, and a fix has been published. A patched release, version 1.3.2, is now available and includes updated test cases in tests/security/cve-2025-12816.js that illustrate the corrected behavior.
Impact
An attacker who can supply crafted ASN.1 data may cause applications relying on Forge for verification to accept forged or modified data as legitimate. This can enable authentication bypass, tampering with signed data, or misuse of certificate-related functions (e.g., cryptographically-signed software). In environments where cryptographic verification plays a central role in trust decisions, the potential impact can be significant.
Solution
Update to Forge version 1.3.2 or later. The fix is available in Pull Request #1124. Developers should integrate the updated version into their projects and distribute updates through their normal release channels.
Acknowledgements
Thanks to Hunter Wodzenski of Palo Alto Networks for responsibly reporting this issue. This document was written by Vijay Sarvepalli.

Overview
Fluent Bit is a logging and metrics processor and forwarder that is used in a variety of cloud and container networking environments. Several vulnerabilities in Fluent Bit have been discovered that could allow for authentication bypass, remote code execution (RCE) and denial of service (DoS) largely enabled by various Fluent Bit plugins and by how Fluent Bit processes tags. Many of these vulnerabilities require an attacker to have network access to a Fluent Bit instance. The vulnerabilities have been patched in version 4.1.0 and onward of Fluent Bit.
Description
Fluent Bit is a logging and metrics processor and forwarder, intended for usage in various cloud and container environments. It is commonly used to forward traffic to a Security Information and Event Management (SIEM) service, such as Splunk, for further analysis. Fluent Bit uses a tagging system to process and manage traffic that it moves. Multiple vulnerabilities have been discovered within Fluent Bit, largely facilitated by various plugins that manipulate or support tags.
Each individual vulnerability is listed below:
CVE-2025-12972
The Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory.
CVE-2025-12970
The extract_name() function in the Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution.
CVE-2025-12969
The Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.
CVE-2025-12977
The Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, thus impacting data integrity and log routing.
CVE-2025-12978
Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed access to these input endpoints can exploit this behavior to manipulate tags and redirect records to unintended destinations. This compromises the authenticity of ingested logs and can allow injection of forged data, alert flooding and routing manipulation.
Impact
The vulnerabilities could be used for authentication bypass, RCE, DoS, and tag manipulation leading to improper function of Fluent Bit.
Solution
The vulnerabilities are all fixed in Fluent Bit version 4.1.0 and onward. Users should download and install the latest version of Fluent Bit as soon as possible. The latest version of Fluent Bit is available at https://fluentbit.io/announcements/
Acknowledgements
Thanks to the reporter, Uri Katz of Oligo Security. This document was written by Christopher Cullen.

Overview
Retell AI’s API creates AI voice agents that have excessive permissions and functionality, as a result of insufficient amounts of guardrails. As a result, attackers can exploit this and conduct large scale social engineering, phishing, and misinformation campaigns.
Description
Retell AI offers an API that can create human sounding voice agents that can then be tasked to perform various business operations, respond to questions, and be automated to complete various other voice related tasks. Retell AI uses OpenAI’s GPT 4o and 5 models for these conversations, and users can configure agents with minimal prompt engineering.
However, Retell AI’s lack of sufficient guardrails causes the LLM to respond in unexpected ways and deliver malicious outputs. Guardrails are an important mechanism in LLMs that filter inputs and outputs to ensure models are behaving in intended ethical ways. Retell AI permits voice AI agents to have over-permissive autonomy with the lack of guardrails. This is known as Excessive Agency. Malicious actors need minimal resources and technical knowledge to induce trust, extract data, and conduct large scale phishing operations using Retell AI products.
Impact
The vulnerability targets Retell AI’s ease of deployment and customizability to perform scalable phishing/social engineering attacks. Attackers can feed publicly available resources as well as some instructions to Retell AI’s API to generate high-volume and automated fake calls. These fake calls could lead to unauthorized actions, security breaches, data leaks, and other forms of manipulation.
Solution
Retell AI has not released a statement, and coordinated disclosure was attempted. Users should be aware and follow security best practices when speaking to an AI voice agent and avoid sensitive data input. Developers should limit functionality and permissions through instating sufficient guardrails and implement manual human approval for high-risk or high volume tasks.
Acknowledgements
Thanks to the reporter, Keegan Parr, for the report. The reporters disclosure is available here: https://haxor.zip/ This document was written by Ayushi Kriplani.

Overview
A command injection vulnerability exists across multiple firmware versions that allows an attacker to execute arbitrary commands as root on the affected device. Currently, no solution exists to resolve these vulnerabilities in the Tenda N300 series and Tenda 4G03 Pro devices.
Description
Tenda 4G03 Pro is a portable 4G LTE router that is designed to provide for flexible internet access. It is a plug-and-play device compatible with mobile operators globally, allowing you to insert a SIM card for ad-hoc internet access. Multiple components within this model of Tenda 4G LTE router is impacted by command injection flaws that stem from improper handling of attacker-controlled input passed to internal service functions.
CVE-2025-13207
In Firmware up to and including v04.03.01.44, manipulation of arguments passed to a function within the service /usr/sbin/httpd can be exploited. A crafted, authenticated HTTP request to TCP port 80 can trigger arbitrary command execution.
CVE-2024-24481
In Firmware up to and including v04.03.01.14, improper input handling within an accessible function leads to a similar command injection condition. An authenticated attacker can invoke the function through the web interface, after which a crafted network request to TCP port 7329 can result in command execution. This issue is distinct from CVE-2023-2649.
These vulnerabilities were identified through reverse engineering of the firmware. At this time, no fixed firmware is available to address these vulnerabilities.
Impact
Successful exploitation allows an attacker to execute arbitrary commands as root on the underlying operating system, allowing attacker to take Total control of the device.
Solution
The CERT/CC is currently unaware of a vendor-supplied patch or mitigation for these vulnerabilities.

Use an alternative device: Because no remediation is currently available, users who rely on this device in security-sensitive may consider other devices for such access.
Reduce exposure where possible: If replacement is not immediately feasible, limit usage to reduce risk of abuse.
Monitor for vendor updates: Users should periodically check for firmware updates or advisories from Tenda in case a patch becomes available in the future.

Acknowledgements
Thanks to the reporter Ax for reporting this issue. This document was written by Marisa Middler and Timur Snoke.

Overview
Wolfram Cloud version 14.2 allows Java Virtual Machine (JVM) unrestricted access to temporary resources in the /tmp/ directory of the cloud environment which may result in privilege escalation, information exfiltration, and remote code execution. In the same cloud instance, temporary directories of other users may be accessible.
Description
Wolfram Cloud is a multi-tenant cloud platform that supports a virtual “notebook” interface for easier programming and accessibility to tools for quickly building and publishing integrated applications. In this architecture, the instance kernel /tmp/ directory is shared, but with access permissions. Excepting the JVM initialization file, these temporary directories usually do not contain sensitive information. A newly discovered race condition allows attackers to poison the classpath via the shared /tmp/ directory during JVM initializaiton. If an attacker can approximate when users would be launching the JVM, access to an unprotected temporary directory may be successful.
The cause is the implementation of the virtual environment by the hosting platform which manages access to temporary files in a multi-tenant cloud environment. A successful attack will give the attacker access to the temporary directories of other users.
Impact
An attacker that accesses the shared /tmp/ directory of the instance can potentially achieve privilege escalation, information exfiltration, and remote code execution.
This constitutes a Technical Impact = Total under the SSVC framework, meaning:

The vulnerability gives the adversary total control over the behavior of the software or total disclosure of all information on the affected system.

Solution
The CERT/CC recommends updating Wolfram Cloud to version 14.2.1.
Acknowledgements
Thanks to the reporter Peter Roberge from Pointer Cybersecurity. This document was written by Laurie Tyzenhaus and Renae Metcalf.

Overview
Lite XL is a lightweight text editor derived from the lite project, written primarily in Lua and C. It supports Windows, Linux, and macOS, and is designed for extensibility through plugins and project‑specific modules.
Description
Two vulnerabilities were identified Lite XL:
CVE-2025-12120
Lite XL versions 2.1.8 and prior automatically execute the .lite_project.lua file when opening a project directory, without prompting the user for confirmation. The .lite_project.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow execution of untrusted Lua code if a user opens a malicious project, potentially leading to arbitrary code execution with the privileges of the Lite XL process.
CVE-2025-12121
Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in project directory launching (core.lua), drag-and-drop file handling (rootview.lua), and the “open in system” command in the treeview plugin (treeview.lua). If an attacker could influence input to system.exec, they might execute arbitrary commands with the privileges of the Lite XL process.
Impact
CVE-2025-12120
When opening a project in Lite XL, the project’s Lua module was executed automatically, potentially allowing malicious code in a repository to run without user consent.
CVE-2025-12121
The legacy system.exec function allowed arbitrary shell command execution, which could be abused to compromise the host system.
Affected versions
Lite XL versions 2.1.8 and prior
Solution
Users should update to the latest version of Lite XL that includes these pull requests:
PR #1472 – Adds in a trust guard for project modules.
PR #1473 – Removed legacy exec function.
These updates ensure that untrusted projects cannot automatically execute Lua code and that unsafe system calls are no longer available.
Acknowledgements
Thanks to the reporter Dogus Demirkiran for reporting these vulnerabilities. Additional thanks to GitHub user Summertime for also identifying CVE-2025-12120 and opening Issue #1892 on GitHub. This document was written by Marisa Midler.

Overview
The npm package expr-eval is a JavaScript library that evaluates mathematical expressions and is used in various applications, including NLP and AI. A vulnerability in this library has been disclosed that could allow arbitrary code execution by an attacker using maliciously crafted input.
Description
The npm projects expr-eval and expr-eval-fork are JavaScript libraries used to parse and evaluate mathematical expressions, extending NLP applications that process mathematical expressions and their numerical data. This capability is particularly useful in generative AI systems that need to interpret mathematical expressions within user prompts. The Parser class and its evaluate() method is designed to provide user-defined expressions in a safer way than JavaScript’s native eval() function. This design choice is critical for npm-based projects, especially those running in server environments where access to a system’s local resources could pose security risks. According to npmjs.com, expr-eval has over 250 dependent packages, including integrations such as oplangchain, a JavaScript implementation of the popular LangChain framework. The related project expr-eval-fork was created to address a prior Prototype Pollution vulnerability (Issue #266) that remained unresolved in the original expr-eval repository, which appears to be unmaintained by the original author, with last release date of 2019-09-28.
A newly discovered vulnerability allows an attacker to define arbitrary functions within the context object used by the parser. This capability can be exploited to inject malicious code that executes system-level commands, potentially accessing sensitive local resources or exfiltrating data. This issue has been patched via Pull Request #288. The vulnerability is tracked with CVE-2025-12735, as well as the GitHub Advisory GHSA-jc85-fpwf-qm7x. These identifiers enable automated tools such as npm audit to detect the vulnerability in affected projects. The CVE-2025-13204 has also been published for the earlier Prototype Pollution vulnerability identified in 2021 that is not fixed in expr-eval, however the expr-eval-fork released in 2024-01-10.
Impact
An attacker with the ability to influence input fields processed by expr-eval can craft malicious payloads that trigger arbitrary command execution on the host system.
This constitutes a Technical Impact = Total under the SSVC framework, meaning:

The vulnerability gives the adversary total control over the behavior of the software or total disclosure of all information on the affected system.

Solution
Developers and Users are advised either to:

Apply the security patch from Pull Request #288, or
Upgrade to the latest patched version of the expr-eval or expr-eval-fork package as they become available.

Note: The patch introduces:

A defined AllowList of safe functions accessible via evaluate()
A mandatory registration mechanism for custom functions.
Updated test cases ensuring enforcement of these constraints can be understood and applied

Acknowledgements
Thanks to the reporter Jangwoo Choe (UKO) for responsibly disclosing this issue. Thanks to huydoppaze for improving the suggested patch. We also acknowledge GitHub Security and npm for their proactive security advisories and automated vulnerability audits. This document was written by Vijay Sarvepalli and Renae Metcalf.

Overview
Email message header syntax can be exploited to bypass authentication protocols such as SPF, DKIM, and DMARC. These exploits enable attackers to deliver spoofed emails that appear to originate from trusted sources. Recent research has explored using the originator fields, such as From: and Sender:, to deliver spoofed emails that appear to come from trusted sources. Attackers can abuse these fields to impersonate an originator email address for nefarious purposes.
Description
Email is a primary medium for both personal and business communication. In recent years, mechanisms such as DKIM, SPF, and DMARC have been developed to verify the identity of email senders; however, end-to-end secure email remains an unsolved challenge.
A previous disclosure, dubbed SMTP Smuggling, highlighted ways in which a sender’s identity could be spoofed while abusing the SMTP protocol as defined in RFC 5321. Further research shows that email message headers, as defined in the Internet Message Format (RFC 5322, updated by RFC 6854), can also be used to spoof the identity of an email sender.
In a typical scenario, an email passes SPF, DKIM, and DMARC checks, and there is one sender with an envelope header MAIL FROM field that matches the mail header From: and optional Sender: fields. RFC 6854 defines how an email may be sent on behalf of a group, putting multiple email addresses in the mail header From: field.
Using specialized syntax, an attacker can insert multiple addresses in the mail header From: field. Many email clients will parse the From: field to only display the last email address, so a recipient will not know that the email is supposedly from multiple addresses. In this way, an attacker can pretend to be someone familiar to the user.
More specifically, user attacker@example.com could send an email with the From: field formatted as <attacker@example.com>:<spoofed@example.com>. The receiving server may display spoofed@example.com as the sender. Additionally, the sending server may add DKIM signatures and forward the email in a way that aligns with SPF policies, causing the receiving system to treat the message as trusted.
These crafted email headers can take several forms, using combinations of quotation marks and angle-address notation (e.g., <attacker@example.com>), as discussed in Solnser’s 2024 blog post: https://blog.slonser.info/posts/email-attacks/. Attackers can also use the null sender <>, or “null reverse path,” as specified in RFC 5321 Section 4.5, further complicating genuine sender authentication.
Impact
An attacker can craft email headers to impersonate other users, bypassing DMARC policies and sender verification enforced by a domain owner. Research has demonstrated that multiple email service providers are susceptible to this type of attack.
Solution
Email Service Providers and Administrators
Email service providers should implement measures to ensure that authenticated outgoing email headers are properly verified before signing or relaying messages. Additionally, software built using the Mail Filter (milter) protocol, such as Milterfrom version 1.0.4, has recent updates to better verify authenticated senders for milter-compliant email servers.
Email End Users
Because email sender verification remains challenging, users should exercise caution when responding to emails requesting sensitive information or clicking links that may download or install malicious software. Users that want to verify the originator of an email before clicking links or sharing sensitive information can check the original headers for the From: and Sender: fields by viewing the “Original Message” or “Message Source,” depending on the email client.
Acknowledgements
Thanks to Hao Wang and Caleb Sargent from PayPal for reporting these issues. This document was written by Vijay Sarvepalli and Renae Metcalf.