Vulnerability News

A critical pre-authentication denial of service vulnerability was identified as CVE-2025-6709, affecting multiple versions of MongoDB Server across its 6.0, 7.0, and 8.0 release branches.  Summary1. MongoDB CVE-2025-6709 allows unauthenticated attackers to crash servers (CVSS 7.5).2. Malicious JSON payloads with crafted date values sent via MongoDB shell exploit OIDC authentication flaws.3. MongoDB Server v6.0 (prior-6.0.21), The post MongoDB Server Pre-Authentication Vulnerability Let Attackers Trigger DoS Condition appeared first on Cyber Security News.

Mitsubishi Electric has disclosed a critical authentication bypass vulnerability affecting 27 different air conditioning system models, potentially allowing remote attackers to gain unauthorized control over building HVAC systems. The vulnerability, tracked as CVE-2025-3699, carries a maximum CVSS score of 9.8, indicating its severe nature. The vulnerability stems from a “Missing Authentication for Critical Function” weakness The post Mitsubishi Electric AC Systems Vulnerability Allows Remote Control Without User Interaction appeared first on Cyber Security News.

A significant security vulnerability in Hewlett-Packard Enterprise OneView for VMware vCenter (OV4VC) platform that could allow attackers with limited access to escalate their privileges to administrative levels.  The vulnerability, tracked as CVE-2025-37101, affects all versions of the software prior to version 11.7 and carries a high CVSS severity score of 8.7, indicating a substantial risk The post HPE OneView for VMware vCenter Allows Escalation of Privileges appeared first on Cyber Security News.

CISA has issued an urgent warning regarding a critical path traversal vulnerability affecting D-Link DIR-859 routers that is being actively exploited in the wild.  The vulnerability, designated as CVE-2024-0769, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on June 25, 2025, with federal agencies required to implement remediation measures by July 16, 2025. Critical The post CISA Warns of D-Link Path Traversal Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A critical security vulnerability affecting multiple versions of IBM i that could allow attackers to escalate privileges through an unqualified library call in IBM Facsimile Support for i.  The vulnerability, tracked as CVE-2025-36004, carries a high CVSS base score of 8.8 and affects a significant portion of IBM i installations across enterprise environments.  Security researchers The post IBM i Vulnerability Allows Let Attackers Escalate Privileges appeared first on Cyber Security News.

A significant security vulnerability has been identified in Realtek’s RTL8762E SDK v1.4.0 that allows attackers to exploit the Bluetooth Low Energy (BLE) Secure Connections pairing process to launch denial-of-service attacks.  The vulnerability, discovered in the RTL8762EKF-EVB development platform, stems from improper validation of protocol state transitions during the pairing sequence. The flaw enables malicious actors The post Realtek Vulnerability Let Attackers Trigger DoS Attack via Bluetooth Secure Connections Pairing Process appeared first on Cyber Security News.

A critical memory overflow vulnerability in NetScaler ADC and Gateway products could enable denial-of-service attacks. Exploits of this vulnerability have already been observed in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS v4.0 base score of 9.2, classifying it as critical severity. This memory overflow flaw stems from improper restriction of operations within The post New ‘CitrixBleed2’ NetScaler ADC and Gateway Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.

A newly disclosed vulnerability in Kubernetes has been identified that could allow compromised nodes to bypass critical authorization checks within the container orchestration platform.  The security flaw, tracked as CVE-2025-4563, affects the NodeRestriction admission controller and poses potential risks for organizations utilizing dynamic resource allocation features in their Kubernetes clusters. Kubernetes Privilege Escalation Flaw The The post Kubernetes NodeRestriction Vulnerability Allows Nodes to Bypass Resource Allocation Checks appeared first on Cyber Security News.

Critical security vulnerabilities in NVIDIA Megatron LM large language model framework that could allow attackers to inject malicious code and gain unauthorized system access.  The company released emergency security patches on June 24, 2025, addressing two high-severity vulnerabilities that affect all versions of the popular AI training platform prior to version 0.12.0. Overview of Code The post NVIDIA Megatron LM Vulnerability Let Attackers Inject Malicious Code appeared first on Cyber Security News.

A significant security vulnerability in the TeamViewer Remote Management solution for Windows that could allow attackers with local access to delete arbitrary files with SYSTEM privileges, potentially leading to privilege escalation.  The vulnerability, identified as CVE-2025-36537, was announced on June 24, 2025, and carries a CVSS score of 7.0 (High).  TeamViewer has released patches and The post TeamViewer for Windows Vulnerability Let Attackers Delete Files Using SYSTEM Privileges appeared first on Cyber Security News.