Our news and updates

In Redis versions from 7.0.0 to before 8.0.2 a medium severity vulnerability CVE-2025-27151 was detected. This vulnerability allows attackers to trigger a stack-based buffer overflow in redis-check-aof by exploiting unsafe use of memcpy with user-supplied file paths, potentially leading to remote code execution. To address this issue, users should upgrade Redis to versions 8.0.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27151.

In Argo CD versions prior to 2.13.8, 2.14.13 and 3.0.4 a critical severity vulnerability CVE-2025-47933 was detected. This vulnerability allows attackers with repository edit permissions to perform arbitrary actions on behalf of victims through a cross-site scripting (XSS) flaw caused by improper filtering of URL protocols on the repository page. To address this issue, users should upgrade Argo CD to versions 2.13.8, 2.14.13, 3.0.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47933.

In GitLab EE versions from 16.6 before 17.9.7, 17.10 before 17.10.5 and 17.11 before 17.11.1 a high severity vulnerability CVE-2025-1763 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) attacks and bypass content security policies in a user’s browser under specific conditions. To address this issue, users should upgrade GitLab EE to versions 17.9.7, 17.10.5, 17.11.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1763.

In Mattermost versions 10.7.0 and earlier, 10.6.2 and earlier, 10.5.3 and earlier, and 9.11.12 and earlier a medium severity vulnerability CVE-2025-3913 was detected. This vulnerability allows team administrators without the ‘invite user’ permission to access and modify team invite IDs via the /api/v4/teams/:teamId/privacy endpoint due to improper permission validation when changing team privacy settings. To address this issue, users should upgrade Mattermost to versions 10.7.1, 10.6.3, 10.5.4, 9.11.13 or 8.0.0-20250412152950-02c76784380a. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3913.

In Next.js versions 13.0 to before 15.2.2 a low severity vulnerability CVE-2025-48068 was detected. This vulnerability allows limited source code exposure when the development server is running with the App Router enabled. It can be exploited if a user visits a malicious webpage while npm run dev is active. To address this issue, users should upgrade Next.js to versions 15.2.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48068.

In Mautic versions above 4.0 a medium severity vulnerability CVE-2025-5257 was detected. This vulnerability allows unauthenticated attackers to access unpublished page previews via predictable URLs, potentially exposing draft content or sensitive information to the public and search engine indexing. To address this issue, users should upgrade Mautic to versions 6.0.2, 5.2.6 or 4.4.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5257.

In Mautic versions above 1.0 a medium severity vulnerability CVE-2025-5256 was detected. This vulnerability allows attackers to redirect users to malicious external websites via the returnUrl parameter in the user unlocking endpoint, potentially leading to phishing or exploit delivery. To address this issue, users should upgrade Mautic to versions 6.0.2, 5.2.6 or 4.4.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5256.

In Mautic versions above 1.0 a medium severity vulnerability CVE-2024-47057 was detected. This vulnerability allows unauthenticated attackers to enumerate valid usernames through the “Forget your password” functionality by exploiting differences in response times for valid and invalid users. To address this issue, users should upgrade Mautic to versions 6.0.2, 5.2.6 or 4.4.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-47057.

In Mautic versions above 4.4 a high severity vulnerability CVE-2024-47056 was detected. This vulnerability allows unauthenticated attackers to access sensitive .env configuration files via a web browser due to improper web server restrictions, potentially exposing database credentials, API keys, and other critical data. To address this issue, users should upgrade Mautic to versions 6.0.2, 5.2.6 or 4.4.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-47056.