NewApp Digest
search bot

RCE

Critical pgAdmin4 Vulnerability Lets Attackers Execute Remote Code on Servers
Tech Optimizer
November 21, 2025

Critical pgAdmin4 Vulnerability Lets Attackers Execute Remote Code on Servers

A severe remote code execution (RCE) vulnerability, designated as CVE-2025-12762, has been identified in pgAdmin4, affecting versions up to 9.9. This flaw allows attackers to execute arbitrary commands on the hosting server due to improper handling of code injection during server-mode restores from PLAIN-format dump files. It can be exploited by authenticated users with low privileges and requires only network access, classified as critical with a CVSS v3.1 score of 9.3 out of 10. The vulnerability is linked to unsafe command construction during the restore process, and pgAdmin developers have addressed it in version 10.0. Organizations are advised to upgrade to pgAdmin 10.0 or later, disable PLAIN-format restores, and audit access controls.
CVE-2025-50165: Critical Flaw in Windows Graphics Component
Winsage
November 21, 2025

CVE-2025-50165: Critical Flaw in Windows Graphics Component

In May 2025, Zscaler ThreatLabz identified a critical remote code execution vulnerability, CVE-2025-50165, with a CVSS score of 9.8, affecting the Windows Graphics Component within the windowscodecs.dll library. Applications relying on this library, including Microsoft Office documents, are vulnerable to exploitation via a malicious JPEG image. When a user opens such a file, their system can be compromised, allowing remote code execution. Microsoft released a patch for this vulnerability on August 12, 2025, affecting several versions of Windows, including Windows Server 2025 and Windows 11 Version 24H2 for both x64 and ARM64-based systems. ThreatLabz recommends that all Windows users update their applications to the patched versions. The attack chain involves crafting a JPEG image to exploit the vulnerability, which can be triggered directly or indirectly through other files. The vulnerability's analysis revealed issues with uninitialized memory and the need for a Control Flow Guard bypass for exploitation. Attackers can manipulate the instruction pointer through heap spraying and Return-Oriented Programming. ThreatLabz developed a Proof-of-Concept application to demonstrate the exploitation process and has implemented protective measures against the vulnerability.
Malicious Android Photo Frame App Gives Hackers Full Device Control Without User Action
AppWizard
November 14, 2025

Malicious Android Photo Frame App Gives Hackers Full Device Control Without User Action

A security assessment has revealed that digital photo frames using Uhale technology are vulnerable to a new class of malicious Android applications that can take control of devices without user interaction. The pre-installed Uhale app can silently download and execute malware during device booting or software updates due to insecure connections and improper certificate verification. Attackers can intercept network traffic to execute remote code with a critical CVSS score of 9.4, allowing access to private photos and the potential to create botnets. Many affected devices run outdated Android versions (6.0/6.0.1) with SELinux disabled and rooted by default, facilitating privilege escalation and persistent malware installation. Additionally, the Uhale app's unsecured local network file transfer feature allows attackers on the same network to send malicious files or delete files without user consent. Researchers emphasize the need for improved software security in consumer electronics, urging manufacturers to adopt modern Android builds and enforce security protocols. Users are advised to disconnect or update their devices to mitigate risks.
Windows Graphics Vulnerabilities Allow Remote Attackers to Execute Arbitrary Code
Winsage
November 3, 2025

Windows Graphics Vulnerabilities Allow Remote Attackers to Execute Arbitrary Code

Multiple vulnerabilities have been identified in Microsoft’s Graphics Device Interface (GDI), particularly related to Enhanced Metafile (EMF) formats, allowing potential remote code execution and information exfiltration. Key vulnerabilities include: - CVE-2025-30388: Rated Important with a CVSS score of 8.8, it involves out-of-bounds memory operations during processing of records, affecting Windows 10/11 and Office for Mac/Android. It allows attackers to read or write beyond allocated heap buffers. - CVE-2025-53766: Rated Critical with a CVSS score of 9.8, it permits remote code execution through out-of-bounds writes in the ScanOperation::AlphaDivide_sRGB function, affecting Windows 10/11 without requiring privileges. - CVE-2025-47984: Rated Important with a CVSS score of 7.5, it exploits a flaw in handling EMR_STARTDOC records, leading to information disclosure by exposing adjacent heap memory. Microsoft has released patches to address these vulnerabilities, and users are advised to apply them promptly. Recommendations include disabling EMF rendering in untrusted contexts and using sandboxed viewers for document access.
Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching
Winsage
November 3, 2025

Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching

An out-of-band security update, KB5070881, has disrupted the hotpatching feature for some Windows Server 2025 devices. This update was released alongside reports of the CVE-2025-59287 remote code execution vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) has instructed U.S. government agencies to strengthen their systems against this vulnerability. Microsoft has acknowledged that the OOB update caused some Hotpatch-enrolled Windows Server 2025 systems to lose their enrollment status and has ceased distributing the update to these devices. Those who installed the update will not receive Hotpatch updates in November and December but will get standard monthly security updates. Administrators can install the KB5070893 security update to address the CVE-2025-59287 flaw without disrupting hotpatching. Microsoft has also disabled the display of synchronization error details in its WSUS error reporting system and resolved various issues affecting Windows 11.
Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild
Winsage
October 28, 2025

Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild

On October 14, 2025, a critical remote code execution (RCE) vulnerability, CVE-2025-59287, was discovered in Microsoft's Windows Server Update Services (WSUS). The vulnerability allows remote, unauthenticated attackers to execute arbitrary code with system privileges on affected servers. It was initially addressed on October 14, but the patch was insufficient, leading to an urgent out-of-band update on October 23. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities Catalog on October 24, indicating its immediate threat. The vulnerability affects Microsoft Windows Server 2012, 2012 R2, 2016, 2019, 2022, and 2025, specifically on servers with the WSUS role enabled. Attackers are exploiting the vulnerability by targeting publicly exposed WSUS instances on TCP ports 8530 (HTTP) and 8531 (HTTPS). Approximately 5,500 WSUS instances have been identified as exposed to the internet. Microsoft recommends disabling the WSUS Server Role or blocking inbound traffic to the high-risk ports as temporary workarounds for organizations unable to apply the emergency patches immediately.
CISA orders feds to patch actively exploited Windows Server WSUS flaw
Winsage
October 28, 2025

CISA orders feds to patch actively exploited Windows Server WSUS flaw

The Cybersecurity and Infrastructure Security Agency (CISA) has mandated U.S. government agencies to address a critical vulnerability in Windows Server Update Services (WSUS), identified as CVE-2025-59287, which allows for remote code execution (RCE) on affected servers. Microsoft has released out-of-band security updates for this vulnerability, and IT administrators are urged to implement these updates immediately. For those unable to do so, CISA recommends disabling the WSUS Server role on vulnerable systems. Active exploitation attempts targeting WSUS instances have been detected, and CISA has also added a second vulnerability affecting Adobe Commerce to its Known Exploited Vulnerabilities catalog. U.S. Federal Civilian Executive Branch agencies are required to patch their systems by November 14th, 2023, under the Binding Operational Directive 22-01. CISA emphasizes the need for organizations to address these vulnerabilities to mitigate risks of unauthorized remote code execution.
Windows Server emergency patches fix WSUS bug with PoC exploit
Winsage
October 24, 2025

Windows Server emergency patches fix WSUS bug with PoC exploit

Microsoft has released out-of-band security updates to address a critical-severity vulnerability in its Windows Server Update Service (WSUS), tracked as CVE-2025-59287. This remote code execution flaw affects Windows servers with the WSUS Server Role enabled, allowing low-complexity remote attacks without user interaction. If the WSUS server role is enabled and the fix is not installed, the server becomes vulnerable. Microsoft recommends that customers install the updates immediately and provided alternative measures, such as disabling the WSUS Server Role or blocking inbound traffic to Ports 8530 and 8531. The update is cumulative and supersedes all previous updates for affected versions. After installation, WSUS will no longer display synchronization error details as a temporary risk mitigation measure.
Microsoft Releases Emergency Patch For Windows Server Update Service RCE Vulnerability
Winsage
October 24, 2025

Microsoft Releases Emergency Patch For Windows Server Update Service RCE Vulnerability

Microsoft released an emergency patch on October 23, 2025, to address a critical remote code execution vulnerability (CVE-2025-59287) in Windows Server Update Services (WSUS). The vulnerability, rated critical with a CVSS score of 9.8, allows unauthorized attackers to execute arbitrary code over the network through unsafe deserialization of untrusted data. Although WSUS is not enabled by default, organizations using it are at risk if unpatched. The CVE's temporal score was updated to 8.8 after proof-of-concept exploit code was confirmed. The patch is available through various Microsoft update channels but requires a server reboot. Temporary workarounds include disabling the WSUS server role or blocking specific inbound traffic. Affected versions include Windows Server 2012, 2012 R2, 2016, 2019, 2022, 2022 (23H2 Edition), and 2025, each with corresponding patch KB numbers.
PoC Exploit Released for Windows Server Update Services Remote Code Execution Vulnerability
Winsage
October 20, 2025

PoC Exploit Released for Windows Server Update Services Remote Code Execution Vulnerability

A proof-of-concept exploit has been released for a critical vulnerability in Microsoft’s Windows Server Update Services (WSUS), identified as CVE-2025-59287, which allows unauthenticated attackers to execute remote code with SYSTEM privileges. The vulnerability has a CVSS v3.1 score of 9.8 and is caused by unsafe deserialization of untrusted data in WSUS’s handling of AuthorizationCookies. It affects all supported Windows Server versions from 2012 to 2025, particularly through the GetCookie() endpoint. The exploit involves sending a manipulated AuthorizationCookie via an unauthenticated HTTP POST request to the WSUS ClientWebService endpoint. A publicly available PoC demonstrates how to generate a payload that can execute commands like "calc.exe." Microsoft has classified the flaw as “Exploitation More Likely” and advises immediate application of security updates. Organizations are encouraged to isolate WSUS servers and monitor for unusual SOAP traffic.
Search