Vulnerabilities

  

CVE-2025-51743 | jishenghua JSH_ERP 2.3.1 fastjson addMaterialCategory deserialization

A vulnerability was found in jishenghua JSH_ERP 2.3.1 and classified as critical. This issue affects some unknown processing of the

  

CVE-2025-51746 | jishenghua JSH_ERP 2.3.1 fastjson addSerialNumber deserialization

A vulnerability was found in jishenghua JSH_ERP 2.3.1. It has been classified as critical. Impacted is an unknown function of

  

CVE-2025-51745 | jishenghua JSH_ERP 2.3.1 fastjson /role/addcan deserialization

A vulnerability was found in jishenghua JSH_ERP 2.3.1. It has been declared as critical. The affected element is an unknown

  

CVE-2025-51744 | jishenghua JSH_ERP 2.3.1 fastjson /user/addUser deserialization

A vulnerability was found in jishenghua JSH_ERP 2.3.1. It has been rated as critical. The impacted element is an unknown

  

CVE-2025-66258 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 XML File cross site scripting

A vulnerability categorized as problematic has been discovered in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. This affects

  

CVE-2025-64983 | SwitchBot Smart Video Doorbell up to 2.01.77 Telnet debug code

A vulnerability identified as critical has been detected in SwitchBot Smart Video Doorbell up to 2.01.77. This impacts an unknown

  

CVE-2025-66264 | MegaTec ClientMate 6.2.2 CMService.exe unquoted search path

A vulnerability labeled as problematic has been found in MegaTec ClientMate 6.2.2. Affected is an unknown function of the file

  

CVE-2025-65956 | getformwork up to 2.1.x cross site scripting (GHSA-7j46-f57w-76pj)

A vulnerability marked as problematic has been reported in getformwork formwork up to 2.1.x. Affected by this vulnerability is an

  

CVE-2025-63735 | Ruckus Unleashed 200.13.6.1.319 guestAccessSubmit.jsp Name cross site scripting

A vulnerability described as problematic has been identified in Ruckus Unleashed 200.13.6.1.319. Affected by this issue is some unknown functionality

  

CVE-2025-65942 | VictoriaMetrics up to 1.110.22/1.122.7/1.129.0 allocation of resources (GHSA-66jq-2c23-2xh5)

A vulnerability classified as problematic has been found in VictoriaMetrics up to 1.110.22/1.122.7/1.129.0. This affects an unknown part. This manipulation

  

CVE-2025-9557 | zephyrproject-rtos Zephyr up to 4.2 buffer overflow

A vulnerability classified as critical was found in zephyrproject-rtos Zephyr up to 4.2. This vulnerability affects unknown code. Such manipulation

  

CVE-2025-9558 | zephyrproject-rtos Zephyr up to 4.2 pb_adv.c gen_prov_start buffer overflow

A vulnerability, which was classified as critical, has been found in zephyrproject-rtos Zephyr up to 4.2. This issue affects the

  

CVE-2025-55174 | KDE Skanpage up to 25.07.x QIODevice::ReadWrite incorrect provision of specified functionality

A vulnerability, which was classified as problematic, was found in KDE Skanpage up to 25.07.x. Impacted is the function QIODevice::ReadWrite.

  

CVE-2025-65952 | iiDk-the-actual Console up to 2.7.x path traversal (GHSA-c3f7-xh45-2xc7)

A vulnerability has been found in iiDk-the-actual Console up to 2.7.x and classified as critical. The affected element is an

  

CVE-2025-64704 | bytecodealliance wasm-micro-runtime up to 2.4.3 unusual condition (GHSA-2f2p-wf5w-82qr)

A vulnerability was found in bytecodealliance wasm-micro-runtime up to 2.4.3 and classified as problematic. The impacted element is an unknown

  

CVE-2025-64713 | bytecodealliance wasm-micro-runtime up to 2.4.3 memory corruption (GHSA-gvx3-gg3x-rjcx)

A vulnerability was found in bytecodealliance wasm-micro-runtime up to 2.4.3. It has been classified as critical. This affects an unknown

  

CVE-2025-21621 | GeoServer up to 2.24.x SLD_BODY cross site scripting (GHSA-w66h-j855-qr72)

A vulnerability was found in GeoServer up to 2.24.x. It has been declared as problematic. This impacts an unknown function.

  

CVE-2025-9191 | Houzez Plugin up to 4.1.6 on WordPress Saved Search saved-search-item.php deserialization

A vulnerability was found in Houzez Plugin up to 4.1.6 on WordPress. It has been rated as critical. Affected is

  

CVE-2025-9163 | Houzez Plugin up to 4.1.6 on WordPress SVG File houzez_property_img_upload cross site scripting

A vulnerability categorized as problematic has been discovered in Houzez Plugin up to 4.1.6 on WordPress. Affected by this vulnerability

  

CVE-2025-13698 | Deciso OPNsense diag_backup.php path traversal (ZDI-25-1022)

A vulnerability identified as critical has been detected in Deciso OPNsense. Affected by this issue is some unknown functionality of

  

CVE-2025-13084 | Opto 22 groov View exposure of sensitive information through metadata (icsa-25-329-04)

A vulnerability labeled as critical has been found in Opto 22 groov View. This affects an unknown part. The manipulation

  

CVE-2025-64126 | Zenitel TCIV-3+ prior 9.3.3.0 os command injection (icsa-25-329-03)

A vulnerability marked as critical has been reported in Zenitel TCIV-3+. This vulnerability affects unknown code. This manipulation causes os

  

CVE-2025-64127 | Zenitel TCIV-3+ prior 9.3.3.0 os command injection (icsa-25-329-03)

A vulnerability described as critical has been identified in Zenitel TCIV-3+. This issue affects some unknown processing. Such manipulation leads

  

CVE-2025-64128 | Zenitel TCIV-3+ prior 9.3.3.0 os command injection (icsa-25-329-03)

A vulnerability classified as critical has been found in Zenitel TCIV-3+. Impacted is an unknown function. Performing manipulation results in

  

CVE-2025-64129 | Zenitel TCIV-3+ prior 9.3.3.0 out-of-bounds write (icsa-25-329-03)

A vulnerability classified as critical was found in Zenitel TCIV-3+. The affected element is an unknown function. Executing manipulation can

  

CVE-2025-64130 | Zenitel TCIV-3+ prior 9.3.3.0 cross site scripting (icsa-25-329-03)

A vulnerability, which was classified as problematic, has been found in Zenitel TCIV-3+. The impacted element is an unknown function.

  

CVE-2025-59390 | Apache Druid up to 34.0.0 Kerberos cryptographic issues

A vulnerability, which was classified as problematic, was found in Apache Druid up to 34.0.0. This affects an unknown function

  

CVE-2025-66260 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 status_sql.php pg_escape_string sw1/sw2 sql injection

A vulnerability categorized as critical has been discovered in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. Affected is

  

CVE-2025-66253 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 start_upgrade.php exec filename os command injection

A vulnerability identified as critical has been detected in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. Affected by

  

CVE-2025-66259 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 main_ok.php data/hour/time os command injection

A vulnerability labeled as critical has been found in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. Affected by

  

CVE-2025-66255 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 Firmware Upgrade Endpoint upgrade_contents.php unrestricted upload

A vulnerability marked as critical has been reported in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. This affects

  

CVE-2025-62703 | fugue-project fugue up to 0.9.2 fugue/rpc/flask.py _decode deserialization (GHSA-xv5p-fjw5-vrj6)

A vulnerability described as very critical has been identified in fugue-project fugue up to 0.9.2. This vulnerability affects the function

  

CVE-2025-66252 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 Immutable File unlink infinite loop

A vulnerability classified as problematic has been found in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. This issue

  

CVE-2025-66250 | DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000 status_contents.php unrestricted upload

A vulnerability classified as critical was found in DB Electronica Telecomunicazioni Mozart FM Transmitter up to 7000. Impacted is an

SUSE: Kernel Important Bluetooth Disconnect Risk CVE-2023-53673 2025:4237-1
  

SUSE: Kernel Important Bluetooth Disconnect Risk CVE-2023-53673 2025:4237-1

* bsc#1251983 Cross-References: * CVE-2023-53673LinuxSecurity – Security AdvisoriesRead More

SUSE: wget Low Directory Traversal CVE-2025-11564 Advisory 2025:4237-2
  

SUSE: wget Low Directory Traversal CVE-2025-11564 Advisory 2025:4237-2

* bsc#1253757 Cross-References: * CVE-2025-11563LinuxSecurity – Security AdvisoriesRead More

openSUSE: Kernel Important Bluetooth Disconnect Callback CVE-2023-53673
  

openSUSE: Kernel Important Bluetooth Disconnect Callback CVE-2023-53673

An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More

Debian: pdfminer Critical CVE-2025-64512 Code Execution Risk Advisory
  

Debian: pdfminer Critical CVE-2025-64512 Code Execution Risk Advisory

A vulnerability was discovered in pdfminer, a tool for extracting information from PDF documents, which may result in the execution

Mageia 9: webkit2 Important Remote Access Issues MGASA-2025-0313
  

Mageia 9: webkit2 Important Remote Access Issues MGASA-2025-0313

MGASA-2025-0313 – Updated webkit2 packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More

openSUSE: curl Moderate Security Update CVE-2025-11563 SUSE-SU-2025:4236-1
  

openSUSE: curl Moderate Security Update CVE-2025-11563 SUSE-SU-2025:4236-1

An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More

openSUSE: buildah Important DoS Fix SUSE-SU-2025:4229-1 CVE-2025-47913
  

openSUSE: buildah Important DoS Fix SUSE-SU-2025:4229-1 CVE-2025-47913

An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More

openSUSE: Crucial Privilege Escalation Patch CVE-2025-11561 2025:4231-1
  

openSUSE: Crucial Privilege Escalation Patch CVE-2025-11561 2025:4231-1

An update that solves one vulnerability and has one security fix can now be installed.LinuxSecurity – Security AdvisoriesRead More

SUSE: sssd Important Security Fix for Privilege Escalation CVE-2025-11561
  

SUSE: sssd Important Security Fix for Privilege Escalation CVE-2025-11561

* bsc#1244325 * bsc#1251827 Cross-References: * CVE-2025-11561LinuxSecurity – Security AdvisoriesRead More

SUSE: sssd Important Privilege Escalation Risk CVE-2025-11561 2025:4232-1
  

SUSE: sssd Important Privilege Escalation Risk CVE-2025-11561 2025:4232-1

* bsc#1244325 * bsc#1251827 Cross-References: * CVE-2025-11561LinuxSecurity – Security AdvisoriesRead More

SUSE: Kernel Important Security Patch for Multiple Issues 2025:4230-1
  

SUSE: Kernel Important Security Patch for Multiple Issues 2025:4230-1

* bsc#1242882 * bsc#1245778 * bsc#1251983 Cross-References:LinuxSecurity – Security AdvisoriesRead More

SUSE: Buildah Important Execution Issue CVE-2025-47913 Advisory 2025:4229-1
  

SUSE: Buildah Important Execution Issue CVE-2025-47913 Advisory 2025:4229-1

* bsc#1253598 Cross-References: * CVE-2025-47913LinuxSecurity – Security AdvisoriesRead More

Oracle Linux 8: ELSA-2025-21917 Kernel Moderate Update DoS Risks
  

Oracle Linux 8: ELSA-2025-21917 Kernel Moderate Update DoS Risks

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More

Oracle Linux 8: ELSA-2025-21977 libssh Important Buffer Overflow Fix
  

Oracle Linux 8: ELSA-2025-21977 libssh Important Buffer Overflow Fix

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More

  

CVE-2025-64050 | Redaxo CMS 5.20.0 Template Management code injection

A vulnerability classified as critical has been found in Redaxo CMS 5.20.0. The affected element is an unknown function of

  

CVE-2025-36134 | IBM Sterling B2B Integrator/Sterling File Gateway up to 6.1.2.7/6.2.0.5/6.2.1.1 sensitive cookie with improper samesite attribute

A vulnerability classified as problematic was found in IBM Sterling B2B Integrator and Sterling File Gateway up to 6.1.2.7/6.2.0.5/6.2.1.1. The

  

CVE-2025-65084 | Ashlar-Vellum Cobalt/Xenon/Argon/Lithium/Cobalt Share up to 12.6.1204.207 out-of-bounds write (icsa-25-329-01)

A vulnerability, which was classified as critical, has been found in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium and Cobalt Share up

  

CVE-2025-65085 | Ashlar-Vellum Cobalt/Xenon/Argon/Lithium/Cobalt Share up to 12.6.1204.207 heap-based overflow (icsa-25-329-01)

A vulnerability, which was classified as critical, was found in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium and Cobalt Share up to

  

CVE-2025-63729 | Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 information disclosure

A vulnerability has been found in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 and classified as problematic. Affected is an unknown function. The manipulation

  

CVE-2025-64061 | Primakon Pi Portal 1.0.18 /api/v2/users improper authorization

A vulnerability was found in Primakon Pi Portal 1.0.18 and classified as problematic. Affected by this vulnerability is an unknown

  

CVE-2025-13483 | SiRcom SMART Alert SiSA 3.0.48 Backend API missing authentication (icsa-25-329-06)

A vulnerability was found in SiRcom SMART Alert SiSA 3.0.48. It has been classified as critical. Affected by this issue

  

CVE-2025-64066 | Primakon Pi Portal 1.0.18 REST Endpoint /api/v2/user/register improper authorization

A vulnerability was found in Primakon Pi Portal 1.0.18. It has been declared as critical. This affects an unknown part

  

CVE-2025-40890 | Nozomi Guardian/CMC up to 25.3.x Dashboards cross site scripting

A vulnerability was found in Nozomi Guardian and CMC up to 25.3.x. It has been rated as problematic. This vulnerability

  

CVE-2025-0248 | HCL iNotes cross site scripting (KB0127032)

A vulnerability categorized as problematic has been discovered in HCL iNotes. This issue affects some unknown processing. Executing manipulation can

  

CVE-2025-60739 | Ilevia EVE X1 Server /bh_web_backend cross-site request forgery

A vulnerability identified as problematic has been detected in Ilevia EVE X1 Server. Impacted is an unknown function of the

  

CVE-2025-64049 | Redaxo CMS 5.20.0 Module Management cross site scripting

A vulnerability labeled as problematic has been found in Redaxo CMS 5.20.0. The affected element is an unknown function of

  

CVE-2025-33198 | NVIDIA DGX Spark GB10 SROOT Firmware sensitive information in resource not removed before reuse

A vulnerability marked as problematic has been reported in NVIDIA DGX Spark GB10. The impacted element is an unknown function

  

CVE-2025-33200 | NVIDIA DGX Spark GB10 SROOT Firmware sensitive information in resource not removed before reuse

A vulnerability described as problematic has been identified in NVIDIA DGX Spark GB10. This affects an unknown function of the

  

CVE-2025-33204 | NVIDIA NeMo Framework NLP/LLM code injection

A vulnerability classified as critical has been found in NVIDIA NeMo Framework. This impacts an unknown function of the component

  

CVE-2025-64063 | Primakon Pi Portal 1.0.18 API Endpoint direct request

A vulnerability classified as critical was found in Primakon Pi Portal 1.0.18. Affected is an unknown function of the component

  

CVE-2025-64065 | Primakon Pi Portal 1.0.18 /api/V2/pp_udfv_admin access control

A vulnerability, which was classified as critical, has been found in Primakon Pi Portal 1.0.18. Affected by this vulnerability is

  

CVE-2025-33197 | NVIDIA DGX Spark GB10 SROOT Firmware null pointer dereference

A vulnerability, which was classified as problematic, was found in NVIDIA DGX Spark GB10. Affected by this issue is some

  

CVE-2025-33199 | NVIDIA DGX Spark GB10 SROOT Firmware control flow

A vulnerability has been found in NVIDIA DGX Spark GB10 and classified as problematic. This affects an unknown part of

  

CVE-2025-33205 | NVIDIA NeMo Framework inclusion of functionality from untrusted control sphere

A vulnerability was found in NVIDIA NeMo Framework and classified as critical. This vulnerability affects unknown code. Such manipulation leads

  

CVE-2025-64064 | Primakon Pi Portal 1.0.18 PATCH Request /api/v2/pp_users PP_SECURITY_PROFILE_ID access control

A vulnerability was found in Primakon Pi Portal 1.0.18. It has been classified as critical. This issue affects some unknown

  

CVE-2025-33203 | NVIDIA NeMo Agent ToolKit UI for Web API Endpoint server-side request forgery

A vulnerability was found in NVIDIA NeMo Agent ToolKit UI for Web. It has been declared as critical. Impacted is

  

CVE-2025-33189 | NVIDIA DGX Spark GB10 SROOT Firmware out-of-bounds write

A vulnerability was found in NVIDIA DGX Spark GB10. It has been rated as critical. The affected element is an

  

CVE-2025-61167 | SIGB PMB 8.0.1.14 ajax_selector.php id/datas sql injection

A vulnerability categorized as critical has been discovered in SIGB PMB 8.0.1.14. The impacted element is an unknown function of

  

CVE-2025-33187 | NVIDIA DGX Spark GB10 SROOT Firmware privileges management

A vulnerability identified as critical has been detected in NVIDIA DGX Spark GB10. This affects an unknown function of the

  

CVE-2025-33196 | NVIDIA DGX Spark GB10 SROOT Firmware sensitive information in resource not removed before reuse

A vulnerability labeled as problematic has been found in NVIDIA DGX Spark GB10. This impacts an unknown function of the

  

CVE-2025-64067 | Primakon Primakon Pi Portal 1.0.18 API Endpoint user_id/project_id information disclosure

A vulnerability marked as problematic has been reported in Primakon Primakon Pi Portal 1.0.18. Affected is an unknown function of

  

CVE-2025-33188 | NVIDIA DGX Spark GB10 privileges management

A vulnerability described as critical has been identified in NVIDIA DGX Spark GB10. Affected by this vulnerability is an unknown

  

CVE-2025-33190 | NVIDIA DGX Spark GB10 SROOT Firmware out-of-bounds write

A vulnerability classified as critical has been found in NVIDIA DGX Spark GB10. Affected by this issue is some unknown

  

CVE-2025-33193 | NVIDIA DGX Spark GB10 SROOT Firmware integrity check

A vulnerability classified as problematic was found in NVIDIA DGX Spark GB10. This affects an unknown part of the component

  

CVE-2025-33194 | NVIDIA DGX Spark GB10 SROOT Firmware incorrect behavior order: validate before canonicalize

A vulnerability, which was classified as problematic, has been found in NVIDIA DGX Spark GB10. This vulnerability affects unknown code

  

CVE-2025-33195 | NVIDIA DGX Spark GB10 SROOT Firmware memory corruption

A vulnerability, which was classified as critical, was found in NVIDIA DGX Spark GB10. This issue affects some unknown processing

  

CVE-2025-33191 | NVIDIA DGX Spark GB10 SROOT Firmware denial of service

A vulnerability has been found in NVIDIA DGX Spark GB10 and classified as problematic. Impacted is an unknown function of

  

CVE-2025-33192 | NVIDIA DGX Spark GB10 SROOT Firmware unchecked return value to null pointer dereference

A vulnerability was found in NVIDIA DGX Spark GB10 and classified as problematic. The affected element is an unknown function

  

CVE-2025-64062 | Primakon Pi Portal 1.0.18 /api/V2/pp_users?email improper authentication

A vulnerability was found in Primakon Pi Portal 1.0.18. It has been classified as critical. The impacted element is an

  

CVE-2025-61168 | SIGB PMB 8.0.1.14 cms_rest.php deserialization

A vulnerability was found in SIGB PMB 8.0.1.14. It has been declared as critical. This affects an unknown function of

  

CVE-2025-65960 | Contao CMS up to 4.13.56/5.3.41/5.6.4 Template::once Required type distinction

A vulnerability was found in Contao CMS up to 4.13.56/5.3.41/5.6.4. It has been rated as problematic. This impacts the function

SUSE: Moderate Update for govulncheck-vulndb – 2025:4220-1 Released
  

SUSE: Moderate Update for govulncheck-vulndb – 2025:4220-1 Released

* jsc#PED-11136 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6LinuxSecurity – Security AdvisoriesRead More

Fedora: secfix-check-security Moderate Patch 2025:6789-1
  

Fedora: secfix-check-security Moderate Patch 2025:6789-1

An update that contains one feature can now be installed.LinuxSecurity – Security AdvisoriesRead More

openSUSE 15.3/15.6: Python39 Low Severity Issues Resolved 2025:4221-1
  

openSUSE 15.3/15.6: Python39 Low Severity Issues Resolved 2025:4221-1

An update that solves two vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More

openSUSE Leap 15.3: SUSE-SU-2025:4221-1 Low Threat Fix for python39
  

openSUSE Leap 15.3: SUSE-SU-2025:4221-1 Low Threat Fix for python39

* bsc#1251305 * bsc#1252974 Cross-References: * CVE-2025-6075LinuxSecurity – Security AdvisoriesRead More

UBUNTU: Critical Spoofing Vulnerability Mitigation 2025:3333-2
  

UBUNTU: Critical Spoofing Vulnerability Mitigation 2025:3333-2

* bsc#1252379 * bsc#1252380 Cross-References: * CVE-2025-40778LinuxSecurity – Security AdvisoriesRead More

Critical Linux Kernel Issues Impacting Raspberry Pi on Ubuntu 24.04 LTS
  

Critical Linux Kernel Issues Impacting Raspberry Pi on Ubuntu 24.04 LTS

Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More

  

CVE-2025-13595 | CIBELES AI Plugin up to 1.10.8 on WordPress actualizador_git.php unrestricted upload

A vulnerability marked as critical has been reported in CIBELES AI Plugin up to 1.10.8 on WordPress. This issue affects

  

CVE-2025-13597 | AI Feeds Plugin up to 1.0.11 on WordPress actualizador_git.php unrestricted upload

A vulnerability described as critical has been identified in AI Feeds Plugin up to 1.0.11 on WordPress. Impacted is an

  

CVE-2025-59369 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 bwdpi sql injection

A vulnerability was found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 and classified as critical. This affects an unknown function of the component

  

CVE-2025-59370 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 bwdpi os command injection

A vulnerability was found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. It has been classified as critical. This impacts an unknown function of

  

CVE-2025-59371 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 IFTTT random values

A vulnerability was found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. It has been declared as critical. Affected is an unknown function of

  

CVE-2025-59372 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 path traversal

A vulnerability was found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. It has been rated as critical. Affected by this vulnerability is an

  

CVE-2025-59365 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 stack-based overflow

A vulnerability categorized as critical has been discovered in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. Affected by this issue is some unknown functionality.

  

CVE-2025-59366 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 AiCloud path traversal

A vulnerability identified as critical has been detected in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. This affects an unknown part of the component

  

CVE-2025-59368 | ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102 AiCloud integer underflow

A vulnerability labeled as critical has been found in ASUS Router 3.0.0.4_386/3.0.0.4_388/3.0.0.6_102. This vulnerability affects unknown code of the component