CVE-2025-1673
published 2025-02-25CVE-2025-1673: A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation.
PriorityP335high8.2CVSS 3.1
AVNACLPRNUINSUCNILAH
EPSS
0.32%
24.0th percentile
A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash (denial of service) or an incorrect computation.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zephyrproject-rtos | zephyr | * – 4.0 | — |
| zephyrproject | zephyr | <= 4.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
Nuclei
FOGProject <= 1.5.10.1673 - Authentication Bypass
nuclei·CVSS 9.9
CVE-2025-58443 [CRITICAL] FOGProject <= 1.5.10.1673 - Authentication Bypass
FOGProject <= 1.5.10.1673 - Authentication Bypass
FOGProject version 1.5.10.1673 suffers from an authentication bypass vulnerability that allows unauthenticated users to access the management interface without proper authentication. This can lead to unauthorized access to system configuration, host management, and potentially database information.
Template:
id: CVE-2025-58443
info:
name: FOGProject <= 1.5.10.1673 - Authentication Bypass
author: oleveloper
severity: critical
description: |
FOGProject version 1.5.10.1673 suffers from an authentication bypass vulnerability that allows unauthenticated users to access the management interface without proper authentication. This can lead to unauthorized access to system configuration, host management, and potentially database information.
im
No writeups or analysis indexed.
2025-02-25
Published