CVE-2025-2216
published 2025-03-12CVE-2025-2216: A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1.3. Affected by this issue is the function…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.69%
48.0th percentile
A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1.3. Affected by this issue is the function UploadCrash of the file /crash/log/SaveCrash.ashx. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 5.12.0 < 6.1.160 | 6.1.160 |
| linux | linux_kernel | >= 6.13.0 < 6.17.13 | 6.17.13 |
| linux | linux_kernel | >= 6.18.0 < 6.18.2 | 6.18.2 |
| linux | linux_kernel | >= 6.2.0 < 6.6.120 | 6.6.120 |
| linux | linux_kernel | >= 6.7.0 < 6.12.63 | 6.12.63 |
| zzskzy | warehouse_refinement_management_system | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat5.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
bpf: Check skb->transport_header is set in bpf_skb_check_mtu
osv·2025-12-24
CVE-2025-68363 bpf: Check skb->transport_header is set in bpf_skb_check_mtu
bpf: Check skb->transport_header is set in bpf_skb_check_mtu
In the Linux kernel, the following vulnerability has been resolved:
bpf: Check skb->transport_header is set in bpf_skb_check_mtu
The bpf_skb_check_mtu helper needs to use skb->transport_header when
the BPF_MTU_CHK_SEGS flag is used:
bpf_skb_check_mtu(skb, ifindex, &mtu_len, 0, BPF_MTU_CHK_SEGS)
The transport_header is not always set. There is a WARN_ON_ONCE
report when CONFIG_DEBUG_NET is enabled + skb->gso_size is set +
bpf_prog_test_run is used:
WARNING: CPU: 1 PID: 2216 at ./include/linux/skbuff.h:3071
skb_gso_validate_network_len
bpf_skb_check_mtu
bpf_prog_3920e25740a41171_tc_chk_segs_flag # A test in the next patch
bpf_test_run
bpf_prog_test_run_skb
For a normal ingress skb (not test_run), skb_reset_transport_header
i
GHSA
GHSA-jmqf-c98c-f92x: A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1
ghsa_unreviewed·2025-03-12
CVE-2025-2216 [MEDIUM] CWE-284 GHSA-jmqf-c98c-f92x: A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1
A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1.3. Affected by this issue is the function UploadCrash of the file /crash/log/SaveCrash.ashx. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Red Hat
kernel: bpf: Check skb->transport_header is set in bpf_skb_check_mtu
vendor_redhat·2025-12-24·CVSS 5.5
CVE-2025-68363 [LOW] CWE-908 kernel: bpf: Check skb->transport_header is set in bpf_skb_check_mtu
kernel: bpf: Check skb->transport_header is set in bpf_skb_check_mtu
In the Linux kernel, the following vulnerability has been resolved:
bpf: Check skb->transport_header is set in bpf_skb_check_mtu
The bpf_skb_check_mtu helper needs to use skb->transport_header when
the BPF_MTU_CHK_SEGS flag is used:
bpf_skb_check_mtu(skb, ifindex, &mtu_len, 0, BPF_MTU_CHK_SEGS)
The transport_header is not always set. There is a WARN_ON_ONCE
report when CONFIG_DEBUG_NET is enabled + skb->gso_size is set +
bpf_prog_test_run is used:
WARNING: CPU: 1 PID: 2216 at ./include/linux/skbuff.h:3071
skb_gso_validate_network_len
bpf_skb_check_mtu
bpf_prog_3920e25740a41171_tc_chk_segs_flag # A test in the next patch
bpf_test_run
bpf_prog_test_run_skb
For a normal ingress skb (not test_run), skb_reset_transport_header
No detection rules found.
No public exploits indexed.
2025-03-12
Published