New UI for NSFOCUS WAF V6.0R09F00 – Experience a Smoother Site Management
April 3, 2025
NSFOCUS understands that the Security Operations team is facing increasing threats to their web applications and workloads are rising accordingly, a simple yet easy-to-use WAF has become more important than ever for effective Security Operations. The upcoming NSFOCUS Web Application Firewall (WAF) V6.0R09F00 (hereafter called as 6090) not only comprehensively reconstructs the architecture but also […]
A Deep Analysis of the Ransomware Group Babuk2’s Recent Activities
March 28, 2025
Overview Recently, NSFOCUS CERT detected that the Babuk2 group has been frequently publishing sensitive data of several well-known organizations on its dark web site. The data is from multiple sectors, including government, finance, internet, healthcare, and education, across various countries and regions. Up to this month, at least 71 victims’ data has been disclosed, and […]
Vite Arbitrary File Read vulnerability (CVE-2025-30208)
March 28, 2025
Overview Recently, NSFOCUS CERT detected that Vite issued a security announcement and fixed the arbitrary file reading vulnerability of Vite (CVE-2025-30208). Since the Vite development server does not strictly verify the path when processing URL requests, unauthenticated attackers can bypass path access restrictions by constructing special URLs to obtain sensitive files outside the project root […]
Kubernetes Ingress-nginx Remote Code Execution Vulnerability (CVE-2025-1974)
March 27, 2025
Overview Recently, NSFOCUS CERT detected that Kubernetes issued a security announcement and fixed the Kubernetes Ingress-nginx remote code execution vulnerability (CVE-2025-1974). The Ingress controller deployed in Kubernetes Pod can be accessed through the network without authentication. When the Admission webhook is open, an unauthenticated attacker can remotely inject any nginx configuration by sending a special […]
Disposal Advisory for Apache Tomcat Remote Code Execution Vulnerability (CVE-2025-24813)
March 25, 2025
Vulnerability Overview Apache Tomcat Remote Code Execution Vulnerability (CVE-2025-24813) NSFOCUS Detection Methods NSFOCUS Remote Security Assessment System (RSAS), Web Vulnerability Scanning System (WVSS) and Network Intrusion Detection System (IDS) have the ability to scan and detect this vulnerability. Users who deploy the above devices are requested to upgrade to the latest version. Upgrade site: NSFOCUS_Product Support Service_Product Upgrade […]
Next.js Middleware Permission Bypass Vulnerability (CVE-2025-29927)
March 25, 2025
Overview Recently, NSFOCUS CERT detected that Next.js issued a security announcement and fixed the middleware permission bypass vulnerability (CVE-2025-29927). Because Next.js lacks effective verification of the source of the x-middleware-subrequest header, when configuring to use middleware for authentication and authorization, an unauthenticated attacker can bypass system permission controls by manipulating the x-middleware-subrequest header to access […]
NSFOCUS Unveils AI-Driven Security Solutions at HKIB 2025 Cybersecurity Solutions Day
March 21, 2025
Hong Kong, March 21, 2025 – The Hong Kong Institute of Bankers (HKIB) 2025 Cybersecurity Solutions Day kicked off on March 20, drawing over 600 executives and experts from financial institutions and cybersecurity domains to explore strategies for bolstering the financial sector’s security posture. NSFOCUS, a global leader in cybersecurity, marked its third consecutive participation in […]
Windows File Explorer Spoofing Vulnerability (CVE-2025-24071)
March 19, 2025
Overview Recently, NSFOCUS CERT detected that Microsoft released a security announcement and fixed the spoofing vulnerability of Windows File Explorer (CVE-2025-24071), with a CVSS score of 7.5. Due to the implicit trust and automatic file parsing behavior of .library-ms files by Windows Explorer, unauthenticated attackers can save files by constructing RAR/ZIP with an embedded malicious […]
Ollama Unauthorized Access Vulnerability Due to Improper Configuration (CNVD-2025-04094)
March 13, 2025
Overview Recently, NSFOCUS detected that Ollama improperly configured and unauthorized access vulnerabilities were disclosed online (CNVD-2025-04094); Because Ollama does not have authentication and access control functions by default, when a user opens the service (port 11434 by default) to the public network, an unauthenticated attacker can directly call its API interface to steal sensitive model […]
Apache Tomcat Remote Code Execution Vulnerability (CVE-2025-24813)
March 11, 2025
Overview Recently, NSFOCUS CERT detected that Apache issued a security announcement and fixed the remote code execution vulnerability of Apache Tomcat (CVE-2025-24813). An unauthenticated attacker can execute arbitrary code to gain server privileges when the application has servlet write enabled (disabled by default), uses Tomcat file session persistence and a default storage location, and contains […]
