WAFMR-Release-08-Sep #24995
Merged
WAFMR-Release-08-Sep #24995
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vs-mg
approved these changes
Sep 8, 2025
pedrosousa
reviewed
Sep 8, 2025
|
|
||
| import { RuleID } from "~/components"; | ||
|
|
||
| This week's update |
Contributor
There was a problem hiding this comment.
Suggested change
| This week's update | |
| **This week's update** |
pedrosousa
reviewed
Sep 8, 2025
|
|
||
| **Key Findings** | ||
|
|
||
| * Next.js (CVE-2025-57822): Improper handling of redirects in custom middleware can lead to server-side request forgery (SSRF) when user-supplied headers are forwarded. Attackers could exploit this to access internal services or cloud metadata endpoints. The issue has been resolved in versions 14.2.32 and 15.4.7. Developers using custom middleware should upgrade and verify proper redirect handling in next() calls. |
Contributor
There was a problem hiding this comment.
Suggested change
| * Next.js (CVE-2025-57822): Improper handling of redirects in custom middleware can lead to server-side request forgery (SSRF) when user-supplied headers are forwarded. Attackers could exploit this to access internal services or cloud metadata endpoints. The issue has been resolved in versions 14.2.32 and 15.4.7. Developers using custom middleware should upgrade and verify proper redirect handling in next() calls. | |
| * Next.js (CVE-2025-57822): Improper handling of redirects in custom middleware can lead to server-side request forgery (SSRF) when user-supplied headers are forwarded. Attackers could exploit this to access internal services or cloud metadata endpoints. The issue has been resolved in versions 14.2.32 and 15.4.7. Developers using custom middleware should upgrade and verify proper redirect handling in `next()` calls. |
pedrosousa
reviewed
Sep 8, 2025
|
|
||
| * Next.js (CVE-2025-57822): Improper handling of redirects in custom middleware can lead to server-side request forgery (SSRF) when user-supplied headers are forwarded. Attackers could exploit this to access internal services or cloud metadata endpoints. The issue has been resolved in versions 14.2.32 and 15.4.7. Developers using custom middleware should upgrade and verify proper redirect handling in next() calls. | ||
|
|
||
| * ScriptCase (CVE-2025-47227,CVE-2025-47228):In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), two vulnerabilities allow attackers to reset admin accounts and execute system commands, potentially leading to full compromise of affected deployments. |
Contributor
There was a problem hiding this comment.
Suggested change
| * ScriptCase (CVE-2025-47227,CVE-2025-47228):In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), two vulnerabilities allow attackers to reset admin accounts and execute system commands, potentially leading to full compromise of affected deployments. | |
| * ScriptCase (CVE-2025-47227, CVE-2025-47228): In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), two vulnerabilities allow attackers to reset admin accounts and execute system commands, potentially leading to full compromise of affected deployments. |
pedrosousa
reviewed
Sep 8, 2025
|
|
||
| * ScriptCase (CVE-2025-47227,CVE-2025-47228):In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), two vulnerabilities allow attackers to reset admin accounts and execute system commands, potentially leading to full compromise of affected deployments. | ||
|
|
||
| * Sar2HTML (CVE-2025-34030): In Sar2HTML version 3.2.2 and prior, insufficient input sanitization of the plot parameter allows remote, unauthenticated attackers to execute arbitrary system commands. Exploitation could compromise the underlying server and its data. |
Contributor
There was a problem hiding this comment.
Suggested change
| * Sar2HTML (CVE-2025-34030): In Sar2HTML version 3.2.2 and prior, insufficient input sanitization of the plot parameter allows remote, unauthenticated attackers to execute arbitrary system commands. Exploitation could compromise the underlying server and its data. | |
| * Sar2HTML (CVE-2025-34030): In Sar2HTML version 3.2.2 and earlier, insufficient input sanitization of the plot parameter allows remote, unauthenticated attackers to execute arbitrary system commands. Exploitation could compromise the underlying server and its data. |
pedrosousa
reviewed
Sep 8, 2025
|
|
||
| * Sar2HTML (CVE-2025-34030): In Sar2HTML version 3.2.2 and prior, insufficient input sanitization of the plot parameter allows remote, unauthenticated attackers to execute arbitrary system commands. Exploitation could compromise the underlying server and its data. | ||
|
|
||
| * Zhiyuan OA (CVE-2025-34040): An arbitrary file upload vulnerability exists in the Zhiyuan OA platform. Improper validation in the wpsAssistServlet interface allows unauthenticated attackers to upload crafted files via path traversal, which can be executed on the web server, leading to remote code execution. |
Contributor
There was a problem hiding this comment.
Suggested change
| * Zhiyuan OA (CVE-2025-34040): An arbitrary file upload vulnerability exists in the Zhiyuan OA platform. Improper validation in the wpsAssistServlet interface allows unauthenticated attackers to upload crafted files via path traversal, which can be executed on the web server, leading to remote code execution. | |
| * Zhiyuan OA (CVE-2025-34040): An arbitrary file upload vulnerability exists in the Zhiyuan OA platform. Improper validation in the `wpsAssistServlet` interface allows unauthenticated attackers to upload crafted files via path traversal, which can be executed on the web server, leading to remote code execution. |
pedrosousa
reviewed
Sep 8, 2025
|
|
||
| **Impact** | ||
|
|
||
| These vulnerabilities could allow attackers to gain unauthorized access, execute malicious code, or take full control of affected systems. The Next.js, SSRF flaw may expose internal services or cloud metadata endpoints to attackers. Exploitations of ScriptCase & Sar2HTML could result in remote code execution, administrative takeover, and full server compromise. In Zhiyuan OA, the arbitrary file upload vulnerability allows attackers to execute malicious code on the web server, potentially exposing sensitive data and applications. The authentication bypass in WordPress InfiniteWP Client enables attackers to gain administrative access, risking data exposure and unauthorized control of connected sites. |
Contributor
There was a problem hiding this comment.
Suggested change
| These vulnerabilities could allow attackers to gain unauthorized access, execute malicious code, or take full control of affected systems. The Next.js, SSRF flaw may expose internal services or cloud metadata endpoints to attackers. Exploitations of ScriptCase & Sar2HTML could result in remote code execution, administrative takeover, and full server compromise. In Zhiyuan OA, the arbitrary file upload vulnerability allows attackers to execute malicious code on the web server, potentially exposing sensitive data and applications. The authentication bypass in WordPress InfiniteWP Client enables attackers to gain administrative access, risking data exposure and unauthorized control of connected sites. | |
| These vulnerabilities could allow attackers to gain unauthorized access, execute malicious code, or take full control of affected systems. The Next.js SSRF flaw may expose internal services or cloud metadata endpoints to attackers. Exploitations of ScriptCase and Sar2HTML could result in remote code execution, administrative takeover, and full server compromise. In Zhiyuan OA, the arbitrary file upload vulnerability allows attackers to execute malicious code on the web server, potentially exposing sensitive data and applications. The authentication bypass in WordPress InfiniteWP Client enables attackers to gain administrative access, risking data exposure and unauthorized control of connected sites. |
pedrosousa
reviewed
Sep 8, 2025
| <td>100007D</td> | ||
| <td>Command Injection - Common Attack Commands Args</td> | ||
| <td>Log</td> | ||
| <td>Blocked</td> |
Contributor
There was a problem hiding this comment.
Suggested change
| <td>Blocked</td> | |
| <td>Block</td> |
pedrosousa
reviewed
Sep 8, 2025
| <td>100617</td> | ||
| <td>Next.js - SSRF - CVE:CVE-2025-57822</td> | ||
| <td>Log</td> | ||
| <td>Blocked</td> |
Contributor
There was a problem hiding this comment.
Suggested change
| <td>Blocked</td> | |
| <td>Block</td> |
pedrosousa
reviewed
Sep 8, 2025
| <td>100659_BETA</td> | ||
| <td>Common Payloads for Server-Side Template Injection - Beta</td> | ||
| <td>Log</td> | ||
| <td>Blocked</td> |
Contributor
There was a problem hiding this comment.
Suggested change
| <td>Blocked</td> | |
| <td>Block</td> |
pedrosousa
reviewed
Sep 8, 2025
Comment on lines
46
to
47
| <td>2025-09-01</td> | ||
| <td>2025-09-08</td> |
Contributor
There was a problem hiding this comment.
Suggested change
| <td>2025-09-01</td> | |
| <td>2025-09-08</td> | |
| <td>2025-09-08</td> | |
| <td>2025-09-15</td> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
WAFMR - Change-log Release - September 8th, 2025