Recently, NSFOCUS CERT detected that Ivanti issued a security advisory to fix the authentication bypass and remote code execution vulnerabilities (CVE-2025-4427/CVE-2025-4428) in Ivanti Endpoint Manager Mobile (EPMM). At present, both 2 vulnerabilities have been found to be exploited in the wild. Please take measures to protect them as soon as...
Category: Emergency Response
Elastic Kibana Prototype Contamination Leads to Arbitrary Code Execution Vulnerability (CVE-2025-25014)
Overview Recently, NSFOCUS CERT detected that Elastic issued a security bulletin to fix the arbitrary code execution vulnerability caused by Elastic Kibana prototype contamination (CVE-2025-25014); Due to the prototype contamination problem in Kibana, an attacker with specific role privileges can bypass the authentication mechanism by constructing specially crafted file uploads...
Critical Patch Update Announcement in April for All Oracle Products
Overview On April 16, 2025, NSFOCUS CERT detected that Oracle officially released the Critical Patch Update (CPU) for April. A total of 390 vulnerabilities with different degrees were fixed this time. This security update involves Oracle MySQL Connectors, Oracle MySQL Server, Oracle Java SE, Oracle Fusion Middleware, Oracle Financial Services...
Microsoft’s April Security Update of High-Risk Vulnerabilities in Multiple Products
Overview On April 9, NSFOCUS CERT detected that Microsoft released a security update patch for April, fixing 126 security problems in widely used products such as Windows, Microsoft Office, Azure, Microsoft Edge for iOS, Microsoft Visual Studio, etc. This includes high-risk vulnerabilities such as privilege escalation and remote code execution....
Vite Arbitrary File Read Vulnerability (CVE-2025-31486)
Overview Recently, NSFOCUS CERT detected that Vite issued a security bulletin to fix the Vite arbitrary file read vulnerability (CVE-2025-31486); Because the Vite development server does not strictly verify the path when processing URL requests, unauthenticated attackers can bypass path access restrictions by constructing special URLs and read arbitrary files...
Vite Arbitrary File Read Vulnerability (CVE-2025-31125)
Overview Recently, NSFOCUS CERT detected that Vite issued a security bulletin to fix the Vite arbitrary file read vulnerability (CVE-2025-31125); Because the Vite development server does not strictly verify the path when processing URL requests, unauthenticated attackers can bypass path access restrictions by constructing special URLs and read arbitrary files...
