CVE-2025-3563
published 2025-04-14CVE-2025-3563: A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file…
PriorityP349high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.54%
41.4th percentile
A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument Setting leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | azl3_bluez_5.63-4_on_azure_linux_3.0 | — | — |
| msrc | azl3_bluez_5.63-6_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| openstack | keystone | >= 0 < 2:21.0.1-0ubuntu2.1 | 2:21.0.1-0ubuntu2.1 |
| wuzhicms | wuzhicms | — | — |
| wuzhicms | wuzhicms | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.05.8MEDIUMAV:N/AC:L/Au:M/C:P/I:P/A:P
osv7.4HIGH
vendor_msrc5.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
keystone vulnerabilities
osv·2025-12-11·CVSS 7.4
CVE-2025-65073 keystone vulnerabilities
keystone vulnerabilities
Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens
and s3tokens APIs. A remote attacker could possibly use this issue to
obtain unauthorized access and escalate privileges. (CVE-2025-65073)
It was discovered that OpenStack Keystone only validated the first 72
bytes of an application secret. An attacker could possibly use this issue
to bypass password complexity. (CVE-2021-3563)
It was discovered that OpenStack Keystone had a time lag before a token
should be revoked by the security policy. A remote administrator could use
this issue to maintain access for longer than expected. (CVE-2022-2447)
GHSA
GHSA-7p3g-jgfx-frjh: A vulnerability was found in WuzhiCMS 4
ghsa_unreviewed·2025-04-14
CVE-2025-3563 [MEDIUM] CWE-74 GHSA-7p3g-jgfx-frjh: A vulnerability was found in WuzhiCMS 4
A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument Setting leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Microsoft
Linux Kernel BlueZ mgmt-tester.c read_50_controller_cap_complete null pointer dereference
vendor_msrc·2022-10-11·CVSS 5.7
CVE-2022-3563 [LOW] CWE-404 Linux Kernel BlueZ mgmt-tester.c read_50_controller_cap_complete null pointer dereference
Linux Kernel BlueZ mgmt-tester.c read_50_controller_cap_complete null pointer dereference
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
VulDB: VulDB
Customer Action Required: Yes
Remediation: CBL-Mariner
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-14
Published