In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the query string is a duplicate of a parameter in the POST body.

CVE-2025-53603 is a high-severity vulnerability identified in Alinto SOPE's SOGo versions 2.0.2 through 5.12.2. The root cause is a NULL pointer dereference in the sope-core component, specifically within the NGExtensions/NGHashMap.m source file. This occurs when a crafted request contains a query string parameter that duplicates a parameter present in the POST body. The software fails to properly handle this condition, leading to a NULL pointer dereference and subsequent crash of the SOGo service. This vulnerability falls under CWE-476, which relates to NULL pointer dereference errors that can cause application crashes or denial of service. The CVSS v3.1 base score is 7.5, indicating a high severity, with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. This means the vulnerability is remotely exploitable over the network without authentication or user interaction, and it impacts availability only, causing service disruption but not compromising confidentiality or integrity. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability affects a widely used open-source groupware server, SOGo, which is deployed in various enterprise and institutional environments for email, calendaring, and collaboration services. The crash caused by this NULL pointer dereference can lead to denial of service, interrupting critical communication and collaboration functions.

CVE Database V5

Detailed information about CVE-2025-53603: CWE-476 NULL Pointer Dereference in Alinto SOPE affecting Alinto SOPE. Get real-time updates, technical details, and 

CVE-2025-53603: CWE-476 NULL Pointer Dereference in Alinto SOPE - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-53603: CWE-476 NULL Pointer Dereference in Alinto SOPE

The provided information pertains to a security threat categorized as malware, specifically related to OSINT (Open Source Intelligence) and payload delivery with associated network activity. The data originates from the ThreatFox MISP Feed and is dated July 4, 2025. However, the details are sparse, with no specific affected product versions, no known exploits in the wild, and no patch availability. The threat is tagged with 'type:osint' and 'tlp:white', indicating that the information is publicly shareable and relates to open-source intelligence. The technical details include a threat level of 2 (on an unspecified scale), analysis level 1, and distribution level 3, suggesting moderate distribution but limited analysis depth. No specific indicators of compromise (IOCs) are provided, and there are no CWE identifiers, which limits the ability to pinpoint exact vulnerabilities or attack vectors. Given the categorization under payload delivery and network activity, this threat likely involves malware that is distributed or activated via network channels, potentially leveraging OSINT techniques for targeting or reconnaissance. The absence of patches and known exploits suggests this may be an emerging or theoretical threat rather than an actively exploited vulnerability. Overall, the threat appears to be of medium severity but lacks detailed technical specifics to fully assess its mechanisms or impact vectors.

ThreatFox MISP Feed

Unknown Loader payload delivery domain (confidence level: 90%)

Cobalt Strike botnet C2 server (confidence level: 100%)

NjRAT botnet C2 server (confidence level: 100%)

Remcos botnet C2 server (confidence level: 100%)

Sliver botnet C2 server (confidence level: 100%)

AsyncRAT botnet C2 server (confidence level: 100%)

SectopRAT botnet C2 server (confidence level: 100%)

Unknown malware botnet C2 server (confidence level: 100%)

Havoc botnet C2 server (confidence level: 100%)

DCRat botnet C2 server (confidence level: 100%)

ValleyRAT botnet C2 server (confidence level: 100%)

Cobalt Strike botnet C2 domain (confidence level: 75%)

Cobalt Strike botnet C2 server (confidence level: 75%)

Ghost RAT botnet C2 server (confidence level: 75%)

Unknown malware botnet C2 domain (confidence level: 100%)

Stealc botnet C2 server (confidence level: 100%)

Chaos botnet C2 server (confidence level: 100%)

AdaptixC2 botnet C2 server (confidence level: 100%)

Rhadamanthys botnet C2 server (confidence level: 100%)

Detailed information about ThreatFox IOCs for 2025-07-04. Get real-time updates, technical details, and mitigation strategies.

ThreatFox IOCs for 2025-07-04 - Live Threat Intelligence - Threat Radar | OffSeq.com

ThreatFox IOCs for 2025-07-04

Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file into /Applications.

CVE-2025-43711 is a high-severity vulnerability affecting the Tunnelblick VPN client, specifically versions prior to 7.0, including 3.5beta06. The vulnerability arises from incomplete cleanup during the uninstallation process of Tunnelblick. When the application is incompletely uninstalled, an attacker can exploit this state by placing a specially crafted Tunnelblick.app file into the /Applications directory. Upon the next system boot, this malicious application can execute arbitrary code with root privileges. The root-level code execution means the attacker gains full control over the affected system, compromising confidentiality, integrity, and availability. The vulnerability is classified under CWE-459 (Incomplete Cleanup), indicating that residual files or configurations left behind after uninstallation can be leveraged maliciously. The CVSS 3.1 base score of 8.1 reflects the high impact and complexity of this vulnerability, with an attack vector requiring local access (AV:L), high attack complexity (AC:H), no privileges required (PR:N), and no user interaction (UI:N). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The vulnerability has not yet been observed exploited in the wild, and no patches have been linked at the time of publication. Tunnelblick is a popular open-source VPN client for macOS, widely used to manage OpenVPN connections. The vulnerability specifically targets macOS environments where Tunnelblick is installed and incompletely uninstalled, leaving the system vulnerable to local privilege escalation attacks.

Detailed information about CVE-2025-43711: CWE-459 Incomplete Cleanup in Tunnelblick Project Tunnelblick affecting Tunnelblick Project Tunnelblick. Get real-tim

CVE-2025-43711: CWE-459 Incomplete Cleanup in Tunnelblick Project Tunnelblick - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-43711: CWE-459 Incomplete Cleanup in Tunnelblick Project Tunnelblick

The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 potentially allows privilege escalation on managed systems.

CVE-2025-26850 is a critical security vulnerability identified in the Quest KACE Systems Management Appliance (SMA), specifically affecting versions prior to 14.0.97 and 14.1.x before 14.1.19. The vulnerability is classified under CWE-863, which corresponds to Incorrect Authorization. This flaw resides in the agent component of the KACE SMA, which is responsible for managing and administering endpoints within an enterprise environment. Due to improper authorization checks, an attacker can exploit this vulnerability to escalate privileges on managed systems without requiring prior authentication or user interaction. The CVSS v3.1 base score of 9.3 reflects the severity and ease of exploitation: the attack vector is local (AV:L), attack complexity is low (AC:L), no privileges are required (PR:N), and no user interaction is necessary (UI:N). The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component, and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). This means an attacker can gain elevated privileges, potentially full administrative control, on managed endpoints, leading to unauthorized access, data compromise, and disruption of services. Although no known exploits are currently reported in the wild, the critical nature of this vulnerability and the widespread use of KACE SMA in enterprise environments make it a significant threat. The lack of publicly available patches at the time of publication increases the urgency for organizations to implement interim mitigations and monitor for updates from the vendor. Given that KACE SMA is widely used for endpoint management, this vulnerability could be leveraged to compromise large numbers of managed devices, facilitating lateral movement, data exfiltration, or deployment of ransomware within affected networks.

Detailed information about CVE-2025-26850: CWE-863 Incorrect Authorization in Quest KACE Systems Management Appliance affecting Quest KACE Systems Management Ap

CVE-2025-26850: CWE-863 Incorrect Authorization in Quest KACE Systems Management Appliance - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-26850: CWE-863 Incorrect Authorization in Quest KACE Systems Management Appliance

The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header.

Detailed information about CVE-2025-53604: CWE-130 Improper Handling of Length Parameter Inconsistency in pimeys web-push affecting pimeys web-push. Get real-ti

CVE-2025-53604: CWE-130 Improper Handling of Length Parameter Inconsistency in pimeys web-push

CVE-2025-53604: CWE-130 Improper Handling of Length Parameter Inconsistency in pimeys web-push

Description

Technical Details

Related Threats

CVE-2025-53603: CWE-476 NULL Pointer Dereference in Alinto SOPE

CVE-2025-43711: CWE-459 Incomplete Cleanup in Tunnelblick Project Tunnelblick

CVE-2025-26850: CWE-863 Incorrect Authorization in Quest KACE Systems Management Appliance

CVE-2025-53366: CWE-248: Uncaught Exception in modelcontextprotocol python-sdk

CVE-2025-53365: CWE-248: Uncaught Exception in modelcontextprotocol python-sdk

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility