CVE-2025-13598 is a vulnerability record that has been officially rejected and lacks detailed technical information, affected versions, or known exploits. There is no CVSS score or patch information available, and no evidence of active exploitation in the wild. Due to the absence of concrete data, it is not possible to assess the technical nature or impact of this vulnerability. European organizations currently face no identifiable risk from this entry. Without further details, no specific mitigation steps can be recommended beyond standard security best practices. Given the lack of information and the rejected status, this entry should not be treated as an active or credible threat at this time.

The CVE-2025-13598 entry is a vulnerability record reserved on November 24, 2025, but it has been marked as 'REJECTED' by the assigner Wordfence. There are no affected software versions, no technical details, no CWE identifiers, no patch links, and no known exploits associated with this CVE. The absence of a CVSS score and technical data indicates that this vulnerability either was a duplicate, invalid, or otherwise not accepted into the CVE list as a valid security issue. Consequently, there is no information on the nature of the vulnerability, its attack vector, or its potential impact on confidentiality, integrity, or availability. The lack of indicators and exploit data further supports that this is not an active threat. As such, this CVE does not represent a current security concern and should be considered informational only.

CVE Database V5

Detailed information about CVE-2025-13598. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-13598 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-13598

CVE-2025-11921 is a critical vulnerability in Bjango iStats version 7. 10. 4 involving an insecure XPC service that permits local, unprivileged users to escalate privileges to root via command injection. This flaw arises from incorrect permission assignment (CWE-732) combined with command injection (CWE-77) in a critical resource. Exploitation requires local access but no user interaction or authentication, making it highly dangerous for affected systems. The vulnerability has a CVSS 4. 0 score of 9. 3, reflecting its critical severity and broad impact on confidentiality, integrity, and availability. No public exploits are known yet, but the risk remains significant due to the ease of exploitation and potential for full system compromise. European organizations using iStats 7.

CVE-2025-11921 is a critical security vulnerability identified in Bjango's iStats application version 7.10.4. The root cause is an insecure XPC (interprocess communication) service that has incorrect permission assignments (CWE-732), allowing local, unprivileged users to exploit command injection flaws (CWE-77) to escalate privileges to root. XPC services are macOS-specific mechanisms for communication between processes, often running with elevated privileges. In this case, the iStats XPC service improperly exposes functionality that can be manipulated by a local attacker to execute arbitrary commands with root privileges. The vulnerability requires only local access and no user interaction or authentication, making it straightforward for an attacker who has gained limited access to the system to fully compromise it. The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H) indicates local attack vector, low complexity, no authentication, no user interaction, and high impact on confidentiality, integrity, and availability, with scope and security requirements also high. Although no public exploits are currently known, the vulnerability's nature and severity make it a prime target for attackers seeking privilege escalation on macOS systems running iStats. The lack of available patches at the time of disclosure increases the urgency for mitigation. This vulnerability is particularly concerning for environments where iStats is installed on critical endpoints, as it can lead to full system compromise, data theft, or disruption of services.

Detailed information about CVE-2025-11921: CWE-732 Incorrect Permission Assignment for Critical Resource in Bjango iStats affecting Bjango iStats. Get real-time

CVE-2025-11921: CWE-732 Incorrect Permission Assignment for Critical Resource in Bjango iStats - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-11921: CWE-732 Incorrect Permission Assignment for Critical Resource in Bjango iStats

This weekly recap highlights multiple significant cybersecurity threats including new zero-day vulnerabilities in Fortinet products and Google Chrome, supply chain and SaaS breaches, and record DDoS attacks targeting major firms like Microsoft, Salesforce, and Google. Attackers exploited trusted applications, browser alerts, and software updates to infiltrate networks. Although no known exploits are currently active in the wild for these zero-days, the potential for remote code execution (RCE) and denial of service (DoS) attacks is present. The threats collectively pose a medium severity risk due to their broad impact and complexity. European organizations relying on Fortinet security appliances, Chrome browsers, and SaaS platforms are at risk, especially those in countries with high digital infrastructure and cloud adoption. Mitigation requires rapid patching once updates are available, enhanced monitoring for unusual network activity, and strict supply chain security controls. Countries like Germany, France, the UK, and the Netherlands are likely most affected due to their extensive use of these technologies and strategic importance. Defenders should prioritize threat intelligence sharing and incident response readiness to mitigate these evolving threats.

The reported security threats encompass a range of critical vulnerabilities and attack vectors discovered within a single week, affecting widely used technologies and services. Notably, new zero-day vulnerabilities were identified in Fortinet products and the Google Chrome browser, both of which could allow remote code execution (RCE) or denial of service (DoS) attacks. These zero-days are particularly concerning because they enable attackers to execute arbitrary code or disrupt services without prior authentication, increasing the risk of widespread exploitation. Additionally, attackers have compromised supply chains and SaaS platforms, leveraging trusted applications, browser alerts, and software updates as vectors for infiltration. This multi-faceted attack approach complicates detection and mitigation efforts. Major technology companies such as Microsoft, Salesforce, and Google have been targeted with record DDoS attacks and malicious link campaigns, forcing rapid defensive responses. Although no active exploits are currently confirmed in the wild for the zero-days, the presence of these vulnerabilities in critical infrastructure components and popular software underscores the urgency for organizations to prepare and respond. The combination of RCE and DoS capabilities, alongside supply chain compromises, represents a sophisticated threat landscape requiring coordinated defense strategies.

The Hacker News

Detailed information about ⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More. Get real-time updates, technical det

⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More - Live Threat Intelligence - Threat Radar | OffSeq.com

Original Source

⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

The Sha1-Hulud supply chain attack targets the npm registry by injecting malicious preinstall scripts into hundreds of npm packages, affecting over 25,000 repositories. The malware stealthily installs or locates the Bun runtime to execute a payload that registers infected machines as self-hosted GitHub runners, enabling arbitrary command execution via injected workflows. It steals sensitive credentials such as NPM tokens and cloud provider secrets by scanning with TruffleHog and exfiltrates them through GitHub artifacts before deleting evidence. If unable to exfiltrate credentials, the malware triggers destructive wiping of the victim's home directory, marking a significant escalation from prior waves. The attack leverages compromised maintainer accounts to publish trojanized packages, propagates rapidly, and targets build and runtime environments. European organizations using npm packages and GitHub workflows are at risk, especially those with extensive DevOps pipelines. Immediate mitigation includes scanning for compromised packages, removing them, rotating credentials, and auditing GitHub workflows for suspicious files. This threat represents a medium to high severity risk due to its credential theft, persistence, and destructive fallback capabilities.

The second wave of the Sha1-Hulud supply chain attack, detected in November 2025, compromises hundreds of npm packages uploaded between November 21-23, impacting over 25,000 repositories across approximately 350 unique users. This campaign builds on the original Sha1-Hulud attack by introducing a new variant that executes malicious code during the npm preinstall phase, significantly increasing exposure in both build and runtime environments. The attack injects a preinstall script named "setup_bun.js" into the package.json file, which stealthily installs or locates the Bun runtime environment and runs a bundled malicious script "bun_environment.js." This payload performs multiple malicious actions: it registers the infected machine as a self-hosted GitHub runner named "SHA1HULUD," adds a malicious GitHub Actions workflow (.github/workflows/discussion.yaml) that contains an injection vulnerability, and enables the attacker to run arbitrary commands on the infected machine by exploiting GitHub discussions. The malware uses TruffleHog to scan the local environment for secrets such as NPM tokens, AWS, GCP, Azure credentials, and environment variables, which it exfiltrates via GitHub artifacts before deleting the workflow to hide its tracks. If the malware fails to authenticate or establish persistence (e.g., cannot obtain GitHub or npm tokens), it triggers a destructive payload that wipes the entire home directory of the current user, erasing all writable files. This destructive fallback marks a significant escalation from the previous wave, shifting from pure credential theft to punitive sabotage. The attack leverages compromised maintainer accounts to publish trojanized versions of legitimate npm packages, facilitating rapid propagation and widespread impact. Security vendors recommend immediate scanning of endpoints for compromised packages, removal of infected versions, credential rotation, and thorough auditing of GitHub workflows and repository branches for persistence mechanisms or suspicious files. The campaign is ongoing, with new repositories being infected every 30 minutes, indicating active exploitation and a rapidly evolving threat landscape.

Detailed information about Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft. Get real-time updates, technical details, an

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft - Live Threat Intelligence - Threat Radar | OffSeq.com

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft

Detailed information about CVE-2025-13541. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-13541

CVE-2025-13541

Technical Details

Community Reviews

Related Threats

CVE-2025-13598

CVE-2025-11921: CWE-732 Incorrect Permission Assignment for Critical Resource in Bjango iStats

CVE-2025-65503: n/a

CVE-2025-65502: n/a

CVE-2025-65501: n/a

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility