CVE-2025-3600
published 2025-05-14CVE-2025-3600: In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception…
PriorityP349high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
19.06%
97.0th percentile
In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | azl3_mozjs_102.15.1-1_on_azure_linux_3.0 | — | — |
| progress | telerik_ui_for_asp.net_ajax | 2011.2712 – 2025.1.218 | — |
| progress_software | telerik_ui_for_asp.net_ajax | >= 2011.2.712 < 2025.1.416 | 2025.1.416 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8g7p-xh7p-947j: In Progress® Telerik® UI for AJAX, versions 2011
ghsa_unreviewed·2025-05-14
CVE-2025-3600 [HIGH] CWE-400 GHSA-8g7p-xh7p-947j: In Progress® Telerik® UI for AJAX, versions 2011
In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.
Microsoft
During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2
vendor_msrc·2023-07-11·CVSS 8.8
CVE-2023-3600 [HIGH] CWE-416 During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2
During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Suricata
ET WEB_SPECIFIC_APPS Wangshen SecGate 3600 obj_area_export_save filename parameter Directory Traversal Attempt (2025-4185)
suricata·2025-05-02
CVE-2025-4185 ET WEB_SPECIFIC_APPS Wangshen SecGate 3600 obj_area_export_save filename parameter Directory Traversal Attempt (2025-4185)
ET WEB_SPECIFIC_APPS Wangshen SecGate 3600 obj_area_export_save filename parameter Directory Traversal Attempt (2025-4185)
Rule: alert http1 any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Wangshen SecGate 3600 obj_area_export_save filename parameter Directory Traversal Attempt (2025-4185)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"g=obj_area_export_save"; fast_pattern; content:"file_name|3d|"; pcre:"/^[^\x26]*?(?:(?:\x2e|%2[Ee]){1,2}(?:\x2f|\x5c|%5[Cc]|%2[Ff]){1,}){2,}/R"; http.header_names; content:!"|0d 0a|Cookie|0d 0a|"; content:!"|0d 0a|Authorization|0d 0a|"; reference:cve,2025-4185; reference:url,flowus.cn/share/6bd8ca39-bad2-4567-b0e1-9407991ad943?code=G8A6P3; classtype:attempted-admin; sid:2062098; rev:1; metadata:affected_product Wangshen, at
Nuclei
Wangshen SecGate 3600 Path Traversal Vulnerability
nuclei·CVSS 5.3
CVE-2025-4078 [MEDIUM] Wangshen SecGate 3600 Path Traversal Vulnerability
Wangshen SecGate 3600 Path Traversal Vulnerability
Wangshen SecGate 3600 2400 contains a path traversal caused by manipulation of the 'file_name' argument in '?g=log_export_file', letting remote attackers access arbitrary files, exploit requires remote access.
Template:
id: CVE-2025-4078
info:
name: Wangshen SecGate 3600 Path Traversal Vulnerability
author: Ark
severity: medium
description: |
Wangshen SecGate 3600 2400 contains a path traversal caused by manipulation of the 'file_name' argument in '?g=log_export_file', letting remote attackers access arbitrary files, exploit requires remote access.
impact: |
Remote attackers can access sensitive files on the system, potentially leading to information disclosure or system compromise.
remediation: |
Implement input validation and sanitiz
2025-05-14
Published