VMSA-2025-0004: #VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)

VMCI heap-overflow vulnerability (CVE-2025-22224): A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

VMware ESXi arbitrary write vulnerability (CVE-2025-22225): A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

HGFS information-disclosure vulnerability (CVE-2025-22226): A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

#CVE_2025_22224 #CVE_2025_22225 #CVE_2025_22226 #infosec #cybersecurity

#curl predecessor httpget 0.2 from around 1996/1997 is 165 lines. Needless to say, it has multiple critical security vulnerabilities. How many can you spot?

If you build it on a modern system and want to try exploiting it in true 90s fashion, be sure to turn off address space layout randomisation (ASLR).

https://github.com/curl/httpget/blob/master/httpget-0.2.c

#infosec #cybersecurity

As expected #Apple has nuked Advanced Data Protection (ADP) for UK users. What does this mean in practice? UK govt will be able to decrypt all UK user's #iCloud data at will.

Existing users' access will be disabled at a later date - this will likely mean that unless if you accept the new policy Apple will delete your existing iCloud data. Which I would recommend you do right now anyway - never trust someone else's computer with sensitive data.

https://www.bbc.com/news/articles/cgj54eq4vejo

#cybersecurity #privacy #enshittification

#OpenSSH client is vulnerable to MitM attacks if VerifyHostKeyDNS is enabled - https://www.openwall.com/lists/oss-security/2025/02/18/1

#CVE_2025_26465 #coordinateddisclosure #infosec #cybersecurity

#Nordnet - nordic digital platform for savings and investments - had an issue where people could see each others information. The website has been taken down for now.

https://www.nordnet.fi/

#infosec #infosecurity #cybersecurity #privacy

#cURL doesn't validate SSH host identity if known_hosts file is missing. I think this is a #vulnerability, but the project disagrees. Advisory is here: https://sintonen.fi/advisories/curl-ssh-insufficient-host-identity-verification.txt

#infosec #cybersecurity #nocve

Warning: Do not trust *.g.co urls! #GoogleWorkspace domain verification seems to be quite lax and allow arbitrary .g.co to be created. This allows for extremely convincing #phishing to be performed where all communication appears to be coming from "google".

ref. https://gist.github.com/zachlatta/f86317493654b550c689dc6509973aa4

#infosec #cybersecurity

Apparently there's a major #vulnerability in #AMD CPUs: "AMD Microcode Signature Verification Vulnerability."

The vulnerability was leaked by #ASUS in their beta BIOS changelog:

https://web.archive.org/web/20250106151231/https://rog.asus.com/motherboards/rog-strix/rog-strix-x870-i-gaming-wifi/helpdesk_bios/

ASUS has since removed this entry from the changelog since it likely broke the embargo. Either way, this is not great as the new firmware is largely not yet available and likely won't be for a long while.

#infosec #cybersecurity

Apparently #macOS now considers #Docker malware.

#infosec #cybersecurity

#curl 8.11.1 has been released. It includes a fix to #CVE_2024_11053 - a #vulnerability I discovered.

It is a logic flaw in the way curl parses .netrc file. In certain situations, the configured password can be sent to a incorrect host. Luckily the affected configurations should be quite rare and thus the situation is unlikely to occur often.

The issue has existed in the curl source code for almost twenty-five years.

• https://curl.se/docs/CVE-2024-11053.html
• https://hackerone.com/reports/2829063

No AI tools were used in discovering or reporting the vulnerability.

#noai #handcrafted #infosec #cybersecurity

Heads up: If you've used the https://github.com/puckiestyle/CVE-2024-23113 for testing Fortinet systems vulnerable to #CVE_2024_23113: The code is broken and does not reliably check for the #vulnerability. #infosec #cybersecurity

In January 2022 I discovered that #Microsoft #Office365 Message #Encryption (OME) utilized Electronic Codebook (ECB) mode of operation. I reported this, got paid a $5000 bounty and then things fell dead silent. By autumn I tried to follow up on this, and after numerous attempts to inquire about the schedule for a fix I was told that no fix was planned.

Luckily, Microsoft seems to have changed their mind about this, and the fix was applied in late 2023, after all:

https://learn.microsoft.com/en-us/purview/technical-reference-details-about-encryption#aes256-cbc-support-for-microsoft-365

#vulnerability #infosec #cybersecurity