Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.

CVE-2025-48965 is a medium severity vulnerability identified in Mbed TLS, a widely used open-source cryptographic library designed for embedded systems and IoT devices. The flaw arises from an incorrect behavior order in the function mbedtls_asn1_store_named_data, which handles ASN.1 encoded data storage. Specifically, the vulnerability is a NULL pointer dereference triggered when the function processes conflicting data where the pointer val.p is NULL but the length val.len is greater than zero. This inconsistency can cause the software to dereference a NULL pointer, leading to a crash or denial of service (DoS). The vulnerability affects all versions of Mbed TLS prior to 3.6.4. The CVSS v3.1 base score is 4.0, indicating a medium severity level. The vector indicates that the attack vector is network-based (AV:N), requires high attack complexity (AC:H), no privileges (PR:N), no user interaction (UI:N), and the scope is changed (S:C). The impact is limited to availability (A:L), with no confidentiality or integrity impact. There are no known exploits in the wild as of the publication date, and no patches are linked yet. This vulnerability could be exploited remotely to cause a denial of service by crashing applications relying on Mbed TLS for cryptographic operations, potentially disrupting services or embedded devices that depend on secure communications. Given Mbed TLS's role in securing communications in embedded and IoT environments, this vulnerability could affect a broad range of devices and applications if exploited.

CVE Database V5

Detailed information about CVE-2025-48965: CWE-696 Incorrect Behavior Order in Mbed mbedtls affecting Mbed mbedtls. Get real-time updates, technical details, an

CVE-2025-48965: CWE-696 Incorrect Behavior Order in Mbed mbedtls - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-48965: CWE-696 Incorrect Behavior Order in Mbed mbedtls

A vulnerability, which was classified as critical, was found in itsourcecode Insurance Management System 1.0. This affects an unknown part of the file /insertNominee.php. The manipulation of the argument nominee_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7904 is a SQL Injection vulnerability identified in version 1.0 of the itsourcecode Insurance Management System, specifically within the /insertNominee.php file. The vulnerability arises due to improper sanitization or validation of the 'nominee_id' parameter, allowing an attacker to manipulate the SQL query executed by the application. This manipulation can lead to unauthorized access or modification of the underlying database. The vulnerability is remotely exploitable without authentication or user interaction, increasing its risk profile. The CVSS 4.0 base score is 5.3 (medium severity), reflecting that while the attack vector is network-based and requires low complexity, it requires low privileges and results in low impact on confidentiality, integrity, and availability. The vulnerability has been publicly disclosed, but no known exploits are reported in the wild yet. The lack of a patch or mitigation details indicates that affected organizations must proactively address this issue to prevent potential exploitation. SQL Injection vulnerabilities can allow attackers to extract sensitive data, modify or delete records, or escalate privileges within the system, which is particularly critical in insurance management systems that handle personal and financial data.

Detailed information about CVE-2025-7904: SQL Injection in itsourcecode Insurance Management System affecting itsourcecode Insurance Management System. Get real

CVE-2025-7904: SQL Injection in itsourcecode Insurance Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7904: SQL Injection in itsourcecode Insurance Management System

A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7903 is a medium-severity vulnerability affecting yangzongzhuan RuoYi versions up to 4.8.1. The vulnerability arises from improper restriction of rendered UI layers within an unspecified functionality of the Image Source Handler component. This flaw allows an attacker to remotely manipulate how UI layers are rendered, potentially bypassing intended UI restrictions or controls. The vulnerability does not require user interaction or authentication, and the attack vector is network-based, making it exploitable remotely with low complexity. The CVSS 4.0 vector (AV:N/AC:L/AT:N/UI:N/PR:L/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P) indicates that the attacker needs low privileges (PR:L) but no user interaction, and the impact is limited primarily to integrity (VI:L) with no direct confidentiality or availability impact. The exploit has been publicly disclosed but is not yet known to be exploited in the wild. The lack of patch links suggests that a fix may not yet be available or publicly documented. The vulnerability could allow attackers to manipulate UI rendering in ways that might lead to unauthorized actions or misrepresentation of UI elements, potentially facilitating further attacks such as phishing, UI spoofing, or privilege escalation within the application context.

Detailed information about CVE-2025-7903: Improper Restriction of Rendered UI Layers in yangzongzhuan RuoYi affecting yangzongzhuan RuoYi. Get real-time updates

CVE-2025-7903: Improper Restriction of Rendered UI Layers in yangzongzhuan RuoYi - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7903: Improper Restriction of Rendered UI Layers in yangzongzhuan RuoYi

SquidLoader Malware Campaign Hits Hong Kong Financial Firms

Source: https://hackread.com/squidloader-malware-hits-hong-kong-financial-firms/

The SquidLoader malware campaign is a recently identified threat targeting financial firms in Hong Kong. SquidLoader is a type of malware typically used for initial access and persistence within compromised networks, often serving as a loader for additional malicious payloads. While specific technical details about this campaign are limited, the malware's targeting of financial institutions suggests an intent to conduct espionage, data theft, or financial fraud. The campaign was reported via a Reddit InfoSec news post linking to an external source (hackread.com), indicating that the malware is active and being observed in the wild, although no known exploits or vulnerabilities have been explicitly linked to this campaign. The campaign's medium severity rating reflects the potential impact on confidentiality and integrity of sensitive financial data, as well as possible disruption to business operations. The lack of detailed technical indicators or affected software versions limits the ability to perform a deep technical analysis, but the targeting of financial firms implies that the malware may exploit common attack vectors such as phishing, malicious attachments, or exploitation of unpatched systems within corporate environments. Given the financial sector's critical role, the malware could facilitate unauthorized access to confidential financial information, enable fraudulent transactions, or serve as a foothold for further network compromise.

Reddit InfoSec News

Detailed information about SquidLoader Malware Campaign Hits Hong Kong Financial Firms. Get real-time updates, technical details, and mitigation strategies.

SquidLoader Malware Campaign Hits Hong Kong Financial Firms - Live Threat Intelligence - Threat Radar | OffSeq.com

SquidLoader Malware Campaign Hits Hong Kong Financial Firms

Reddit Discussion: SquidLoader Malware Campaign Hits Hong Kong Financial Firms

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.

Detailed information about CVE-2025-49087: CWE-385 Covert Timing Channel in Mbed mbedtls affecting Mbed mbedtls. Get real-time updates, technical details, and m

CVE-2025-49087: CWE-385 Covert Timing Channel in Mbed mbedtls

CVE-2025-49087: CWE-385 Covert Timing Channel in Mbed mbedtls

Description

Technical Details

Related Threats

CVE-2025-48965: CWE-696 Incorrect Behavior Order in Mbed mbedtls

CVE-2025-7904: SQL Injection in itsourcecode Insurance Management System

CVE-2025-7903: Improper Restriction of Rendered UI Layers in yangzongzhuan RuoYi

CVE-2025-7902: Cross Site Scripting in yangzongzhuan RuoYi

CVE-2025-7901: Cross Site Scripting in yangzongzhuan RuoYi

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility