Our news and updates

In Keycloak versions 26.1.0 and prior a medium severity vulnerability CVE-2025-0604 was detected. This vulnerability allows attackers to bypass authentication by exploiting a flaw in Active Directory password resets, enabling users with expired or disabled AD accounts to regain access without proper LDAP validation. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0604.

In Kibana versions from 8.7.0 up to 8.15.0 a medium severity vulnerability CVE-2024-43710 was detected. This vulnerability allows attackers to exploit the /api/fleet/health_check API to send server-side requests to internal endpoints, with the limitation that only HTTPS endpoints returning JSON data can be accessed. To address this issue, users should upgrade Kibana to versions 8.15.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43710.

In Kibana versions up to 7.17.23 and 8.15.0 a medium severity vulnerability CVE-2024-43708 was detected. This vulnerability allows attackers to crash Kibana by sending a specially crafted payload to multiple inputs in the Kibana UI, exploiting the lack of resource allocation limits or throttling. To address this issue, users should upgrade Kibana to versions 7.17.23 or 8.15.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43708.

In Kibana versions from 8.0.0 up to 8.15.0 a high severity vulnerability CVE-2024-43707 was detected. This vulnerability allows attackers to view Elastic Agent policies without proper access, potentially exposing sensitive information based on the integrations enabled and their versions. To address this issue, users should upgrade Kibana to versions 8.15.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43707.

In Node.js versions 17.9.1 and prior a high severity vulnerability CVE-2025-23087 was detected. This vulnerability highlights the risks of using unsupported End-of-Life (EOL) versions, exposing systems to unpatched vulnerabilities, including outdated dependencies like OpenSSL v1. To address this issue, users should upgrade Node.js to version 18 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23087.

In Umbraco versions 14.0.0 up to 14.3.1 and 15.0.0 up to 15.1.1 a medium severity vulnerability CVE-2025-24011 was detected. This vulnerability allows attackers to determine if an account exists by analyzing response codes and timing from the management API. To address this issue, users should upgrade Umbraco to versions 14.3.2 or 15.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24011.

In Node.js versions 20, 22 and 23 a high severity vulnerability CVE-2025-23090 was detected. This vulnerability allows attackers to exploit the `diagnostics_channel` utility to access internal worker threads, potentially reinstating their constructors for malicious use. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23090.

In MySQL Server versions 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior a medium severity vulnerability CVE-2025-21543 was detected. This vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or repeatedly crash the server, resulting in a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21543.

In MySQL Connectors (component: Connector/Python) versions 9.1.0 and prior a medium severity vulnerability CVE-2025-21548 was detected. This vulnerability allows a high-privileged attacker with network access and user interaction to create, delete, or modify critical data, access sensitive data, and cause a complete Denial of Service (DoS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21548.