Metasploit Weekly Wrap-Up 08/22/2025

An Early Festivus Airing of Grievances Want to tell us how much you like us? We hope! Want to tell us how much you hate us? We hope not! We are somewhat familiar with the reclusive security expert lifestyle, as it is our own, but we are asking our users and non-users to steel themselves and take ...

CVE-2025-8142 Soledad <= 8.6.7 - Authenticated (Contributor+) Local File Inclusion via 'header_layout'

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'headerlayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the serve...

Malicious code in file-load-validate-cat-decode (npm)

The package file-load-validate-cat-decode was found to contain malicious code...

MAL-2025-20547 Malicious code in file-load-validate-cat-decode (npm)

The package file-load-validate-cat-decode was found to contain malicious code...

OSV-2025-484 Heap-buffer-overflow in load_protocols_file_fd

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=426164365 Crash type: Heap-buffer-overflow READ 2 Crash state: loadprotocolsfilefd fuzzfilecfgprotocols.c...

📄 KRUKSTON BISTRO 1.0 SQL Injection

KRUKSTON BISTRO version 1.0 suffers from a remote SQL injection vulnerability. Titles: KRUKSTON-BISTRO-1.0 Multiple-SQLi Author: nu11secur1ty Date: 05/27/2025 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Reference:...

CVE-2024-47194

A vulnerability has been identified in ModelSim All versions V2024.3, Questa All versions V2024.3. vish2.exe in affected applications allows a specific DLL file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate...

CVE-2020-19510

Textpattern 4.7.3 contains an aribtrary file load via the fileinsert function in include/txpfile.php...

CVE-2020-14322

In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yuicombo needed to limit the amount of files it can load to help mitigate the risk of denial of service...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the loading of a specially crafted file. Remediation Upgrade Microsoft.NETCore.App.Runtime.osx-arm64 to version 8.0.12, 9.0.1 or higher. References - GitHub Issue...

Chicheng JFLow 访问控制错误漏洞

Chicheng JFLow is a workflow engine form from China Chicheng Chicheng. An access control error vulnerability exists in Chicheng JFLow version 2.0.0, which stems from a parameter oid in file /WF/Ath/EntityMutliFileLoad.do that can lead to improper access control...

SUSE CVE-2024-26694

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix double-free bug The storage for the TLV PC register data wasn't done like all the other storage in the drv-fw area, which is cleared at the end of deallocation. Therefore, the freeing must also be done...

CVE-2024-26540

A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimglibrary::CImg::loadanalyze...

CVE-2023-1049

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI...

Medium: babel

Issue Overview: Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files containing serialized Python objects via directory traversal, leading to code execution. CVE-2021-42771 Affected Packages: babel Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Server side request forgery lead to denial of service

Description In this case if a attacker try to load a huge file then server will try to load the file and eventually server use its all memory which will dos the server Proof of Concept 1.Goto...

GHSA-WJP3-4XCQ-598P Apache Sling JCR ContentLoader XmlReader Arbitrary File Load

The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader...

GHSA-RRC9-GQF8-8RWG Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader

This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited furth...

Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader

This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited furth...

CVE-2020-19510

Textpattern 4.7.3 contains an aribtrary file load via the fileinsert function in include/txpfile.php...