Vulnerability Summary for the Week of August 18, 2025

2025-08-25 20:08

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source Info
7ritn–VaulTLS	VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the password based login only effected the frontend, but still allowed login via the API. This vulnerability is fixed in 0.9.1.	2025-08-18	9.4	CVE-2025-55299
_CreativeMedia_–Elite Video Player	Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in _CreativeMedia_ Elite Video Player allows Reflected XSS. This issue affects Elite Video Player: from n/a through 10.0.5.	2025-08-20	7.1	CVE-2025-54044
ads.txt Guru–ads.txt Guru Connect	Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect allows Cross Site Request Forgery. This issue affects ads.txt Guru Connect: from n/a through 1.1.1.	2025-08-20	9.6	CVE-2025-49381
advplyr–audiobookshelf	Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An attacker can craft a login link that causes Audiobookshelf to store an arbitrary callback in a cookie, which is later used to redirect the user after authentication. The server then […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of August 18, 2025 Tags: Bulletins EN Post navigation ← Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads CISA Adds Three Known Exploited Vulnerabilities to Catalog → Search for: Pages Advertising Contact Legal and Contact information Opt-out preferences Privacy Policy Social Media Apps Telegram Channel Recent Posts How to Streamline Your Game Development Process: 4 Smart Solutions August 25, 2025 ThreatActors Leverage Google Classroom to Target 13,500 Organizations August 25, 2025 5 Cloud Security Providers You Might Be Overlooking August 25, 2025 IT Security News Hourly Summary 2025-08-25 21h : 16 posts August 25, 2025 New Stealthy Malware Hijacking Cisco, TP-Link, and Other Routers for Remote Control August 25, 2025 How to clear your Android phone cache (and greatly improve its performance) August 25, 2025 I took this camera on 5 trips, and it is now my must-have travel essential August 25, 2025 You can now add AI images directly into LibreOffice documents – here’s how August 25, 2025 BSidesSF 2025: One SOC, The Whole SOC, and Nothing But The SOC, So Help Me August 25, 2025 Randall Munroe’s XKCD ‘Disclaimer’ August 25, 2025 BSidesSF 2025: Into The Dragon’s Den August 25, 2025 Beware! Google Ads Promote Fake Tesla Websites Soliciting Fraudulent Deposits August 25, 2025 The best Amazon deals right now: Save on Apple, Eufy and more August 25, 2025 You should update your iPhone, iPad, and Mac ASAP to fix this dangerous security flaw August 25, 2025 The best Apple deals right now: Save on MacBooks, iPhones, and more August 25, 2025 This ‘Lethal Trifecta’ Can Trick AI Browsers Into Stealing Your Data August 25, 2025 Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware August 25, 2025 Hackers Sabotage Iranian Ships Using Maritime Communications Terminals in Its MySQL Database August 25, 2025 How AI is Changing the Game for SaaS Sales Teams August 25, 2025 Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3 August 25, 2025 Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com. Manage Consent To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Functional Functional Always active The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. Preferences Preferences The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. Statistics Statistics The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Marketing Marketing The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Manage options Manage services Manage {vendor_count} vendors Read more about these purposes View preferences {title} {title} {title}