#authentication-bypass

#authentication-bypass

CVE-2025-61675 (CVSS score: 8.6) - Numerous authenticated SQL injection vulnerabilities impacting four unique endpoints (basestation, model, firmware, and custom extension) and 11 affected parameters that enable read and write access to the underlying SQL database CVE-2025-61678 (CVSS score: 8.6) - An authenticated arbitrary file upload vulnerability that allows an attacker to exploit the firmware upload endpoint to upload a PHP web shell after obtaining a valid PHPSESSID and run arbitrary commands to leak the contents of sensitive files (e.g., "/etc/passwd")

Searchlight Cyber researchers Adam Kues and Shubham Shah, who discovered the flaw, said it can permit an attacker to access API endpoints that, in turn, can allow them "to manipulate authentication flows, escalate privileges, and move laterally across an organization's core systems." Specifically, it stems from a bypass of a security filter that tricks protected endpoints into being treated as publicly accessible by simply adding "?WSDL" or ";.wadl" to any URI.

A vulnerability in Fortinet FortiWeb is being actively exploited worldwide to create new administrator accounts without authentication on devices that are directly accessible from the internet. This involves a path traversal that makes it possible to call an internal CGI script via the management path. Researchers have observed attackers scanning large numbers of devices and bombarding them with automated requests, immediately affecting any system with an open management interface.

Red Lion's Sixnet RTUs provide advanced automation, control, and data acquisition capabilities in industrial automation and control systems, primarily across energy, water, and wastewater treatment, transportation, utilities, and manufacturing sectors. These industrial devices are configured using a Windows utility called Sixnet IO Tool Kit, with a proprietary Sixnet "Universal" protocol used to interface and enable communication between the kit and the RTUs.

Not every security vulnerability is high risk on its own - but in the hands of an advanced attacker, even small weaknesses can escalate into major breaches.