Vulnerability Summary for the Week of August 4, 2025

2025-08-11 19:08

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source Info
Adobe–Adobe Experience Manager	Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.	2025-08-05	10	CVE-2025-54253
Adobe–Adobe Experience Manager	Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system. Exploitation of this issue does not require user interaction.	2025-08-05	8.6	CVE-2025-54254
ADOdb–ADOdb	ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. This is fixed in version 5.22.10. To workaround this issue, only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method’s $table parameter.	2025-08-05	10	CVE-2025-54119
array […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of August 4, 2025 Tags: Bulletins EN Post navigation ← New TETRA Radio Encryption Flaws Expose Law Enforcement Communications US scrambles to recoup $1M+ nicked by NORKs → Search for: Pages Advertising Contact Legal and Contact information Opt-out preferences Privacy Policy Social Media Apps Telegram Channel Recent Posts How DataDome Blocked 214M+ Malicious Requests With Server-Side Behavioral Detection August 12, 2025 Here are all the GPT-5 updates OpenAI has rolled out since launch August 11, 2025 Randall Munroe’s XKCD ‘Kite Incident’ August 11, 2025 BSidesSF 2025: Netsec Is Dead(?): Modern Network Fingerprinting For Real-World Defense August 11, 2025 Carmaker Portal Flaw Could Let Hackers Unlock Cars, Steal Data August 11, 2025 Study warns of security risks as ‘OS agents’ gain control of computers and phones August 11, 2025 How you can still access GPT-4o, o3, and other older models in ChatGPT August 11, 2025 IT Security News Hourly Summary 2025-08-11 21h : 19 posts August 11, 2025 Finally, I found a portable charger that checks all of my boxes for traveling August 11, 2025 Why I recommend this $200 Android phone with a paper-like display over competing models August 11, 2025 The tablet that replaced my iPad and Kindle got a worthy successor – and I’m loving the upgrades August 11, 2025 I jump-started a bus from the 1930s with this power bank – here’s the verdict August 11, 2025 How Apple may revamp Siri to a voice assistant I’d actually use (and ditch Gemini for) August 11, 2025 US government seized $1M from Russian ransomware gang August 11, 2025 I did not expect this JBL soundbar to outperform pricier models by Sonos and Bose like this August 11, 2025 US government seized $1 million from Russian ransomware gang August 11, 2025 Russia’s RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks August 11, 2025 Malware analysis on AWS: Setting up a secure environment August 11, 2025 Hackers Exploit ClickFix Technique to Compromise Windows and Run PowerShell Commands August 11, 2025 Development of System Configuration Management: Introduction August 11, 2025 Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com. Manage Consent To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Functional Functional Always active The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. Preferences Preferences The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. Statistics Statistics The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Marketing Marketing The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Manage options Manage services Manage {vendor_count} vendors Read more about these purposes View preferences {title} {title} {title}