CVE-2025-5000
published 2025-05-20CVE-2025-5000: A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function…
PriorityP275critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
8.69%
94.5th percentile
A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function control_panel_sw of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument filename leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
40 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | bep_imagemeta | >= 0 < 0.10.0 | 0.10.0 |
| linksys | fgw3000-ah | — | — |
| linksys | fgw3000-ah | — | — |
| linksys | fgw3000-ah | — | — |
| linksys | fgw3000-ah | — | — |
| linksys | fgw3000-ah | — | — |
| linksys | fgw3000-ah | — | — |
| linksys | fgw3000-ah | — | — |
| linksys | fgw3000-ah | — | — |
| linksys | fgw3000-ah | — | — |
| linksys | fgw3000-ah | — | — |
| linksys | fgw3000-ah | — | — |
| linksys | fgw3000-ah | — | — |
| linksys | fgw3000-ah | — | — |
| linksys | fgw3000-ah | — | — |
| linksys | fgw3000-ah | — | — |
| linksys | fgw3000-ah | — | — |
| linksys | fgw3000-ah | — | — |
| linksys | fgw3000-ah | — | — |
| linksys | fgw3000-ah_firmware | <= 1.0.17.000000 | — |
| linksys | fgw3000-hk | — | — |
| linksys | fgw3000-hk | — | — |
| linksys | fgw3000-hk | — | — |
| linksys | fgw3000-hk | — | — |
| linksys | fgw3000-hk | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
zot logs secrets
ghsa·2025-05-22
CVE-2025-48374 [MEDIUM] CWE-532 zot logs secrets
zot logs secrets
### Summary
When using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout logs for an example at container startup.
### Details
Container Image (15.04.2025): ghcr.io/project-zot/zot-linux-amd64:latest
Here is an example how the configuration can look which causes the above stated problem:
` http:
address: "0.0.0.0"
port: 5000
externalUrl: "https://zot.example.com"
auth: {
failDelay: 1,
openid: {
providers: {
oidc: {
name: "Keycloak",
clientid: "zot-client-id",
clientsecret: fsdfkmmiwljasdklfsjaskldjfkljewijrf234i52k3j45l,
keypath: "",
issuer: "https://keycloak.example.com/realms/example",
scopes: ["openid"]
}
}
}
}
`
### PoC
Set up a blank new zot k8s deployment with the code snippet above.
### Impact
exposure of secrets, on configur
GHSA
GHSA-qp64-fxm9-hxp3: A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1
ghsa_unreviewed·2025-05-20
CVE-2025-5000 [MEDIUM] CWE-74 GHSA-qp64-fxm9-hxp3: A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1
A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function control_panel_sw of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument filename leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
GHSA
bep/imagemeta allows excessively large EXIF data structures
ghsa·2025-04-09
CVE-2025-32024 [MEDIUM] CWE-770 bep/imagemeta allows excessively large EXIF data structures
bep/imagemeta allows excessively large EXIF data structures
### Impact
The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before `v0.10.0`, If you didn't trust the input images, this could be abused to construct denial-of-service attacks.
### Patches
`v0.10.0` added LimitNumTags (default 5000) and LimitTagSize (default 10000) options.
No detection rules found.
No writeups or analysis indexed.
2025-05-20
Published