Overview On April 9, NSFOCUS CERT detected that Microsoft released a security update patch for April, fixing 126 security problems in widely used products such as Windows, Microsoft Office, Azure, Microsoft Edge for iOS, Microsoft Visual Studio, etc. This includes high-risk vulnerabilities such as privilege escalation and remote code execution....
Category: Emergency Response
Vite Arbitrary File Read Vulnerability (CVE-2025-31486)
Overview Recently, NSFOCUS CERT detected that Vite issued a security bulletin to fix the Vite arbitrary file read vulnerability (CVE-2025-31486); Because the Vite development server does not strictly verify the path when processing URL requests, unauthenticated attackers can bypass path access restrictions by constructing special URLs and read arbitrary files...
Vite Arbitrary File Read Vulnerability (CVE-2025-31125)
Overview Recently, NSFOCUS CERT detected that Vite issued a security bulletin to fix the Vite arbitrary file read vulnerability (CVE-2025-31125); Because the Vite development server does not strictly verify the path when processing URL requests, unauthenticated attackers can bypass path access restrictions by constructing special URLs and read arbitrary files...
Vite Arbitrary File Read vulnerability (CVE-2025-30208)
Overview Recently, NSFOCUS CERT detected that Vite issued a security announcement and fixed the arbitrary file reading vulnerability of Vite (CVE-2025-30208). Since the Vite development server does not strictly verify the path when processing URL requests, unauthenticated attackers can bypass path access restrictions by constructing special URLs to obtain sensitive...
Kubernetes Ingress-nginx Remote Code Execution Vulnerability (CVE-2025-1974)
Overview Recently, NSFOCUS CERT detected that Kubernetes issued a security announcement and fixed the Kubernetes Ingress-nginx remote code execution vulnerability (CVE-2025-1974). The Ingress controller deployed in Kubernetes Pod can be accessed through the network without authentication. When the Admission webhook is open, an unauthenticated attacker can remotely inject any nginx...
Disposal Advisory for Apache Tomcat Remote Code Execution Vulnerability (CVE-2025-24813)
Vulnerability Overview Apache Tomcat Remote Code Execution Vulnerability (CVE-2025-24813) NSFOCUS Detection Methods NSFOCUS Remote Security Assessment System (RSAS), Web Vulnerability Scanning System (WVSS) and Network Intrusion Detection System (IDS) have the ability to scan and detect this vulnerability. Users who deploy the above devices are requested to upgrade to the...
