Vulnerability Summary for the Week of July 28, 2025

2025-08-04 20:08

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source Info
0x676e67–vproxy	vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::try_from and flows into parse_ttl_extension where it is parsed as a TTL value. If an attacker supplies a TTL of zero (e.g. by using a username such as ‘configuredUser-ttl-0’), the modulo operation ‘timestamp % ttl’ will cause a division by zero panic, causing the server to crash causing a denial-of-service. This is fixed in version 2.4.0.	2025-07-30	7.5	CVE-2025-54581
1Panel-dev–1Panel	1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate validation, leading to unauthorized interface access. Due to the presence of numerous command execution or high-privilege interfaces in 1Panel, this results in Remote Code Execution (RCE). This is fixed in version 2.0.6. The CVE has been translated from Simplified Chinese using GitHub Copilot.	2025-08-01	8.1	CVE-2025-54424
9001–copyparty	Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the “Recent Uploads” page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9.	2025-08-01	7.5	This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of July 28, 2025 Tags: Bulletins EN Post navigation ← Hacking group D4rk4rmy claimed the hack of Monte-Carlo Société des Bains de Mer Threat Actors Using AI to Scale Operations, Accelerate Attacks and Attack Autonomous AI Agents → Search for: Pages Advertising Contact Legal and Contact information Opt-out preferences Privacy Policy Social Media Apps Telegram Channel Recent Posts Modular Malware Suite Sold by Threat Actors Through Public Storefront Domains August 4, 2025 Cisco Talos Researcher Reveals Method That Causes LLMs to Reveal Training Data August 4, 2025 IT Security News Hourly Summary 2025-08-04 21h : 10 posts August 4, 2025 WordPress SQLsplorer Challenge: Bigger Scope and Bounties for All Researchers in the Wordfence Bug Bounty Program August 4, 2025 Hackers Abuse Microsoft 365 Direct Send to Deliver Internal Phishing Emails August 4, 2025 New Malware Attack Uses LNK Files to Deploy REMCOS Backdoor on Windows Systems August 4, 2025 Anthropic wants to stop AI models from turning evil – here’s how August 4, 2025 Google says its AI-based bug hunter found 20 security vulnerabilities August 4, 2025 Surge in Threat Actor Exploitation Attempts Serves as Early Warning of Emerging Cyber Vulnerabilities August 4, 2025 Introducing DataTrap: A Smarter, More Adaptive Honeypot Framework August 4, 2025 Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies August 4, 2025 Proton Authenticator Rolls Out As A Free Login Security App August 4, 2025 New Feature: Daily Trends Report, (Mon, Aug 4th) August 4, 2025 The latest from Black Hat USA 2025 August 4, 2025 New LegalPwn Attack Exploits Gemini, ChatGPT and other AI Tools into Executing Malicious Code via Disclaimers August 4, 2025 SonicWall VPNs Actively Exploited for 0-Day Vulnerability to Bypass MFA and Deploy Ransomware August 4, 2025 New Python-Based PXA Stealer Via Telegram Stolen 200,000 Unique Passwords and Hundreds of Credit Cards August 4, 2025 Threat Actors Using AI to Scale Operations, Accelerate Attacks and Attack Autonomous AI Agents August 4, 2025 Vulnerability Summary for the Week of July 28, 2025 August 4, 2025 Hacking group D4rk4rmy claimed the hack of Monte-Carlo Société des Bains de Mer August 4, 2025 Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com. Manage Consent To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Functional Functional Always active The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. Preferences Preferences The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. Statistics Statistics The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Marketing Marketing The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Manage options Manage services Manage {vendor_count} vendors Read more about these purposes View preferences {title} {title} {title}