Vulnerability News

ASUS has disclosed a high security vulnerability in its MyASUS application that could allow local attackers to escalate their privileges to SYSTEM-level access on affected Windows devices. The flaw, tracked as CVE-2025-59373, carries a high-severity CVSS 4.0 score of 8.5, indicating a significant risk to millions of ASUS computer users worldwide. Vulnerability Overview The security The post ASUS MyASUS Flaw Lets Hackers Escalate to SYSTEM-Level Access appeared first on Cyber Security News.

A critical memory corruption vulnerability in vLLM versions 0.10.2 and later allows attackers to achieve remote code execution through the Completions API endpoint by sending maliciously crafted prompt embeddings. The vulnerability resides in the tensor deserialization process within vLLM’s entrypoints/renderer.py at line 148. When processing user-supplied prompt embeddings, the system loads serialized tensors using torch.load() The post vLLM Vulnerability Enables Remote Code Execution Via Malicious Payloads appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical vulnerability affecting Fortinet FortiWeb appliances that threat actors are currently exploiting in active attacks. The agency added CVE-2025-58034 to its Known Exploited Vulnerabilities (KEV) catalog on November 18, 2025, signaling immediate risk to organizations using the affected product. The vulnerability The post CISA Warns of Fortinet FortiWeb OS Command Injection Vulnerability Exploited in the Wild appeared first on Cyber Security News.

Palo Alto Networks has disclosed a critical denial-of-service vulnerability in its PAN-OS firewall software that allows unauthenticated attackers to remotely reboot firewalls by sending specially crafted packets. Tracked as CVE-2025-4619, the vulnerability poses significant risks to organizations relying on Palo Alto firewalls for network security. The flaw, identified as CWE-754 (Improper Check for Unusual or The post Palo Alto PAN-OS Firewall Vulnerability Let Attackers Reboot Firewall by Sending Malicious Packet appeared first on Cyber Security News.

A security vulnerability has been discovered in Zoom Workplace VDI Client for Windows that could allow attackers to gain elevated privileges on affected systems. The flaw, tracked as CVE-2025-64740, has been assigned a high severity rating with a CVSS score of 7.5, according to Zoom’s security bulletin ZSB-25042. The vulnerability stems from improper verification of The post Zoom Workplace for Windows Vulnerability Allow Users to Escalate Privilege appeared first on Cyber Security News.

A critical security flaw has been discovered in the widely used npm package expr-eval, potentially exposing AI and natural language processing applications to remote code execution attacks. The vulnerability, tracked as CVE-2025-12735, allows attackers to execute arbitrary system commands through maliciously crafted input. The expr-eval library is a JavaScript tool designed to parse and evaluate mathematical The post Critical Vulnerability in Popular NPM Library Exposes AI and NLP Apps to Remote Code Execution appeared first on Cyber Security News.

Active Directory sites are designed to optimize network performance across geographically separated organizations by managing replication and authentication across multiple locations. The Synacktiv security researchers have demonstrated that these supposedly safe network management tools can be weaponized to launch powerful attacks against enterprise environments.​ The vulnerability emerges because Active Directory sites can be linked to The post Hackers Can Attack Active Directory Sites to Escalate Privileges and Domain Compromise appeared first on Cyber Security News.

Cisco has disclosed multiple critical vulnerabilities in Unified Contact Center Express (CCX) that allow unauthenticated remote attackers to execute malicious code and escalate privileges. The vulnerabilities affect the Java Remote Method Invocation (RMI) process and authentication mechanisms, potentially compromising entire contact center deployments. RCE and Authentication Bypass Vulnerability The primary vulnerability, CVE-2025-20354, has a critical The post Cisco Unified Contact Center Express Vulnerabilities Let Remote Attacker Execute Malicious Code appeared first on Cyber Security News.

A critical remote code execution vulnerability affecting XWiki’s SolrSearch component has become the target of widespread exploitation attempts, prompting cybersecurity authorities to add it to their watchlist. The flaw allows attackers with minimal guest privileges to execute arbitrary commands on vulnerable systems, posing a significant security risk to organizations using this open-source enterprise wiki platform. The post Hackers Actively Scanning Internet to Exploit XWiki Remote Code Execution Vulnerability appeared first on Cyber Security News.

AMD has disclosed a critical vulnerability affecting its Zen 5 processor lineup that compromises the reliability of random number generation, a fundamental security feature in modern computing. The flaw, tracked as CVE-2025-62626, impacts the RDSEED instruction used by systems to generate cryptographically secure random numbers essential for encryption, authentication, and other security operations. The vulnerability The post AMD Zen 5 Processors RDSEED Vulnerability Breaks Integrity With Randomness appeared first on Cyber Security News.