CVE-2025-2006
published 2025-03-29CVE-2025-2006: The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the file uploading…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.80%
51.9th percentile
The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the file uploading functionality in all versions up to, and including, 1.1.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This may be exploitable by unauthenticated attackers when the "Allow guest users without accounts to create topics and replies" setting is enabled.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| berrypress | inline_image_upload_for_bbpress | <= 1.1.19 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-378w-m5r6-wj6p: The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploa
ghsa_unreviewed·2025-03-29
CVE-2025-2006 [HIGH] CWE-434 GHSA-378w-m5r6-wj6p: The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploa
The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploading functionality in all versions up to, and including, 1.1.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This may be exploitable by unauthenticated attackers when the "Allow guest users without accounts to create topics and replies" setting is enabled.
Red Hat
kernel: f2fs: zone: fix to avoid inconsistence in between SIT and SSA
vendor_redhat·2025-07-03·CVSS 5.5
CVE-2025-38164 [MEDIUM] kernel: f2fs: zone: fix to avoid inconsistence in between SIT and SSA
kernel: f2fs: zone: fix to avoid inconsistence in between SIT and SSA
In the Linux kernel, the following vulnerability has been resolved:
f2fs: zone: fix to avoid inconsistence in between SIT and SSA
w/ below testcase, it will cause inconsistence in between SIT and SSA.
create_null_blk 512 2 1024 1024
mkfs.f2fs -m /dev/nullb0
mount /dev/nullb0 /mnt/f2fs/
touch /mnt/f2fs/file
f2fs_io pinfile set /mnt/f2fs/file
fallocate -l 4GiB /mnt/f2fs/file
F2FS-fs (nullb0): Inconsistent segment (0) type [1, 0] in SSA and SIT
CPU: 5 UID: 0 PID: 2398 Comm: fallocate Tainted: G O 6.13.0-rc1 #84
Tainted: [O]=OOT_MODULE
Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
Call Trace:
dump_stack_lvl+0xb3/0xd0
dump_stack+0x14/0x20
f2fs_handle_critical_error+0x18c/0x220 [f2fs]
f2fs_sto
Red Hat
security flaw
vendor_redhat·2006-03-03·CVSS 6.5
CVE-2006-2025 [MEDIUM] security flaw
security flaw
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
Citrix
Citrix Security Bulletin CTX111695
vendor_citrix·CVSS 6.0
CVE-2006-6573 [MEDIUM] Citrix Security Bulletin CTX111695
Citrix Security Bulletin CTX111695
CVE References: CVE-2006-6573, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX110492
vendor_citrix·CVSS 6.5
CVE-2006-3779 [MEDIUM] Citrix Security Bulletin CTX110492
Citrix Security Bulletin CTX110492
CVE References: CVE-2006-3779, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX111615
vendor_citrix·CVSS 6.5
CVE-2006-6572 [MEDIUM] Citrix Security Bulletin CTX111615
Citrix Security Bulletin CTX111615
CVE References: CVE-2006-6572, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX111614
vendor_citrix·CVSS 6.5
CVE-2006-6572 [MEDIUM] Citrix Security Bulletin CTX111614
Citrix Security Bulletin CTX111614
CVE References: CVE-2006-6572, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX111186
vendor_citrix·CVSS 7.5
CVE-2006-5821 [HIGH] Citrix Security Bulletin CTX111186
Citrix Security Bulletin CTX111186
CVE References: CVE-2006-5821, CVE-2006-5861, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX111827
vendor_citrix·CVSS 6.8
CVE-2006-6334 [MEDIUM] Citrix Security Bulletin CTX111827
Citrix Security Bulletin CTX111827
CVE References: CVE-2006-6334, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX110439
vendor_citrix·CVSS 5.1
CVE-2006-4846 [MEDIUM] Citrix Security Bulletin CTX110439
Citrix Security Bulletin CTX110439
CVE References: CVE-2006-4846, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
Tenable
Red Hat Compliance Audit
blogs_tenable·2006-08-31·CVSS 5.3
[MEDIUM] Red Hat Compliance Audit
Blog /
Subscribe
# Red Hat Compliance Audit
Ron Gula
August 31, 2006
0 Min Read
Tenable's research group recently added a Nessus 3 audit policy for Red Hat Linux. This allows Direct Feed users who are auditing missing security patches with SSH credentials to also ensure the system has been properly locked down.
The audit tests for several hundred different items such as the permissions of /var/log/messages and if any user accounts have poor permissions in their home directories. Audit files for Solaris, security recommendations from CERT and generic UNIX checks are also available in addition to many checks for a variety of Windows policies.
## Related articles
May 13, 2025
## CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
Remote code exe
Tenable
CentOS Patch Auditing
blogs_tenable·2006-07-19·CVSS 5.3
CVE-2025-4427 [MEDIUM] CentOS Patch Auditing
Blog / Products
Subscribe
# CentOS Patch Auditing
Ron Gula
July 19, 2006
0 Min Read
Tenable is now tracking patch updates to the CentOS Linux operating system. The Nessus Direct and Registered feeds are now updated with host-based patch audits for CentOS. There are more than 200 audits currently available at the time of this post writing.
## Related articles
May 13, 2025
## CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
Remote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
By
Ben Smith
April 11, 2025
## Cybersecurity Snapshot: Beware of Mobile Spyware Attacks, Cyber Agencies Warn, While Corporate Boards Get Cyber Governance Guidance
Check out wh
Tenable
Detecting when Credentials Fail
blogs_tenable·2006-07-19·CVSS 5.3
[MEDIUM] Detecting when Credentials Fail
Blog / Products
Subscribe
# Detecting when Credentials Fail
Ron Gula
July 19, 2006
0 Min Read
If you are using Nessus to perform credentialed audits of UNIX or Windows systems, analyzing the results to determine if you had the correct passwords and SSH keys can be difficult. Nessus users can now easily detect if their credentials are not working. Tenable has added Nessus plugin #21745. This plugin detects if either SSH or Windows credentials didn't allow the scan to log into the remote host.
## Related articles
May 13, 2025
## CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
Remote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
By
Ben Smith
April 11
Bugzilla
CVE-2025-38164 kernel: f2fs: zone: fix to avoid inconsistence in between SIT and SSA
bugzilla·2025-07-03·CVSS 5.5
CVE-2025-38164 [MEDIUM] CVE-2025-38164 kernel: f2fs: zone: fix to avoid inconsistence in between SIT and SSA
CVE-2025-38164 kernel: f2fs: zone: fix to avoid inconsistence in between SIT and SSA
In the Linux kernel, the following vulnerability has been resolved:
f2fs: zone: fix to avoid inconsistence in between SIT and SSA
w/ below testcase, it will cause inconsistence in between SIT and SSA.
create_null_blk 512 2 1024 1024
mkfs.f2fs -m /dev/nullb0
mount /dev/nullb0 /mnt/f2fs/
touch /mnt/f2fs/file
f2fs_io pinfile set /mnt/f2fs/file
fallocate -l 4GiB /mnt/f2fs/file
F2FS-fs (nullb0): Inconsistent segment (0) type [1, 0] in SSA and SIT
CPU: 5 UID: 0 PID: 2398 Comm: fallocate Tainted: G O 6.13.0-rc1 #84
Tainted: [O]=OOT_MODULE
Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
Call Trace:
dump_stack_lvl+0xb3/0xd0
dump_stack+0x14/0x20
f2fs_handle_critical_error+0x18c/0x
Bugzilla
CVE-2006-2025 security flaw
bugzilla·2018-08-16·CVSS 6.5
CVE-2006-2025 [MEDIUM] CVE-2006-2025 security flaw
CVE-2006-2025 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
https://plugins.trac.wordpress.org/browser/image-upload-for-bbpress/tags/1.1.19/bbp-image-upload.php#L136https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3264738%40image-upload-for-bbpress&new=3264738%40image-upload-for-bbpress&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/df09af41-399a-4878-8420-721f1198d895?source=cve
2025-03-29
Published