Emergency Response

Overview Recently, NSFOCUS CERT detected that Next.js issued a security announcement and fixed the middleware permission bypass vulnerability (CVE-2025-29927). Because Next.js lacks effective verification of the source of the x-middleware-subrequest header, when configuring to use middleware for authentication and authorization, an unauthenticated attacker can bypass system permission controls by manipulating the x-middleware-subrequest header to access […]

Overview Recently, NSFOCUS CERT detected that Microsoft released a security announcement and fixed the spoofing vulnerability of Windows File Explorer (CVE-2025-24071), with a CVSS score of 7.5. Due to the implicit trust and automatic file parsing behavior of .library-ms files by Windows Explorer, unauthenticated attackers can save files by constructing RAR/ZIP with an embedded malicious […]

Overview Recently, NSFOCUS detected that Ollama improperly configured and unauthorized access vulnerabilities were disclosed online (CNVD-2025-04094); Because Ollama does not have authentication and access control functions by default, when a user opens the service (port 11434 by default) to the public network, an unauthenticated attacker can directly call its API interface to steal sensitive model […]

Overview Recently, NSFOCUS CERT detected that Apache issued a security announcement and fixed the remote code execution vulnerability of Apache Tomcat (CVE-2025-24813). An unauthenticated attacker can execute arbitrary code to gain server privileges when the application has servlet write enabled (disabled by default), uses Tomcat file session persistence and a default storage location, and contains […]

Overview Recently, NSFOCUS CERT detected that VMware issued a security announcement and fixed multiple high-risk vulnerabilities (CVE-2025-22224/CVE-2025-22225/CVE-2025-22226) in VMware ESXi&Workstation&Fusion. At present, all the 3 vulnerabilities have been found to be exploited in the wild. Please take protective measures as soon as possible. CVE-2025-22224: There is a TOCTOU (CheckTime-of-use) write vulnerability in VMware ESXi and […]

Overview Recently, NSFOCUS CERT detected that PostgreSQL has issued a security announcement and fixed the PostgreSQL SQL injection vulnerability (CVE-2025-1094), with a CVSS score of 8.1. Since the psql tool of PostgreSQL is used to detect invalid UTF-8 characters (such as hax\xC0′; \! id #), resulting in accidental segmentation of SQL statements, and unauthenticated attackers […]

Overview Recently, NSFOCUS CERT detected that Palo Alto Networks issued a security announcement and fixed the identity bypass vulnerability in PAN-OS (CVE-2025-0108). Due to the problem of path processing by Nginx/Apache in PAN-OS, unauthenticated attackers can bypass authentication to access the management web interface of PAN-OS device and call some PHP scripts, thus obtaining sensitive […]

Overview On February 12, NSFOCUS CERT detected that Microsoft released a security update patch for February, which fixed 63 security issues involving widely used products such as Windows, Microsoft Office, Azure, Apps, and Microsoft Visual Studio, including high-risk vulnerabilities such as privilege escalation and remote code execution. Among the vulnerabilities fixed in Microsoft’s monthly update […]

Overview Recently, NSFOCUS CERT detected that Oracle has released a security announcement, in which the remote code execution and denial of service vulnerabilities of Oracle WebLogic Server have been fixed. Affected users should take protective measures as soon as possible. CVE-2025-21535: When the T3/IIOP protocol is enabled, an unauthenticated attacker sends a special request to […]

Overview Recently, NSFOCUS CERT detected a security announcement issued by GitHub that fixed a search injection vulnerability (CVE-2025-23061) in Mongoose, which is an incomplete fix for CVE-2024-53900. Because Mongoose incorrectly handles the $where filter with match conditions in the populate() method, an unauthenticated attacker can manipulate a search injection when both queries are used, resulting […]