CVE-2025-41377
published 2025-05-23CVE-2025-41377: A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated…
PriorityP349high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.33%
24.4th percentile
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/consultacuotasred.php.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 6.13.0 < 6.16.12 | 6.16.12 |
| linux | linux_kernel | >= 6.17.0 < 6.17.1 | 6.17.1 |
| linux | linux_kernel | >= 6.4.0 < 6.12.52 | 6.12.52 |
| tesi | gandia_integra_total | >= 2.1.2217.3 < 4.4.2236.1 | 4.4.2236.1 |
CVSS provenance
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat6.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()
osv·2025-10-15
CVE-2025-40000 wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()
wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()
There is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to
access already freed skb_data:
BUG: KFENCE: use-after-free write in rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110
CPU: 6 UID: 0 PID: 41377 Comm: kworker/u64:24 Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS edk2-20250523-14.fc42 05/23/2025
Workqueue: events_unbound cfg80211_wiphy_work [cfg80211]
Use-after-free write at 0x0000000020309d9d (in kfence-#251):
rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core
GHSA
GHSA-5556-32h3-7q94: Cryptographic vulnerability in Iridium Certus 700
ghsa_unreviewed·2025-05-23
CVE-2025-41377 [CRITICAL] CWE-20 GHSA-5556-32h3-7q94: Cryptographic vulnerability in Iridium Certus 700
Cryptographic vulnerability in Iridium Certus 700. This vulnerability allows a user to retrieve the encryption key, resulting in the loading of malicious firmware.
Red Hat
kernel: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()
vendor_redhat·2025-10-15·CVSS 6.3
CVE-2025-40000 [MEDIUM] CWE-825 kernel: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()
kernel: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()
There is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to
access already freed skb_data:
BUG: KFENCE: use-after-free write in rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110
CPU: 6 UID: 0 PID: 41377 Comm: kworker/u64:24 Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS edk2-20250523-14.fc42 05/23/2025
Workqueue: events_unbound cfg80211_wiphy_work [cfg80211]
Use-after-free write at 0x0000000020309d9d (in kfence-#251):
rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/c
No detection rules found.
No public exploits indexed.
2025-05-23
Published