Skip to content

RCE

CVE-2025-20281 (Cisco ISE)

Description:  Injection vulnerability in Cisco ISE API enabling unauthenticated RCE. Technical Details: CVSS Score: 10.0 (Critical) Exploit: Attackers submit crafted POST requests to /admin/XXX endpoints with malicious JSON payloads ({“command”:”exec”}), exploiting insufficient input validation to execute code with root privileges. Bobby Gould’s PoC showed unsafe deserialization in JSON inputs, enabling RCE from Chinese IPs (e.g.,… Read More »CVE-2025-20281 (Cisco ISE)

CoinDCX Cryptocurrency Exchange Breach

Overview: Indian crypto exchange CoinDCX was breached, with attackers stealing wallet credentials and transaction data, causing $1.2M in losses. Technical Details: Attack Vector: Exploited CVE-2025-20281 (Cisco ISE injection vulnerability, CVSS 10.0) in a third-party payment gateway’s API endpoint (/admin/XXX) integrated with CoinDCX. Exploitation: Attackers sent crafted POST requests (Content-Type: application/json) with malicious SQL payloads (‘… Read More »CoinDCX Cryptocurrency Exchange Breach

CVE-2025-53770 (Microsoft SharePoint)

Description: Deserialization vulnerability enabling unauthenticated RCE via the /_layouts/15/ToolPane.aspx endpoint. Technical Details: CVSS Score: 9.8 (Critical) Exploit: Attackers craft malicious ASPX payloads (spinstall0.aspx) to exploit unsafe deserialization, extracting ValidationKey and DecryptionKey from __VIEWSTATE. Spoofed Referer headers (/layouts/SignOut.aspx) bypass authentication. The exploit chains with CVE-2025-49704 (spoofing, CVSS 8.8) and CVE-2025-49706 (RCE bypass), deploying .dll payloads (SHA256:… Read More »CVE-2025-53770 (Microsoft SharePoint)

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches July 14-21, 2025

The week of July 14-21, 2025, marked an unprecedented surge in critical cybersecurity incidents, characterized by multiple zero-day exploitations, state-sponsored campaigns, and a significant data breach affecting millions of individuals. The security landscape witnessed five critical-severity incidents, including active exploitation of Microsoft SharePoint servers, CrushFTP file transfer systems, and Citrix NetScaler appliances. Concurrently, Chinese APT… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches July 14-21, 2025

CrushFTP Vulnerability (CVE-2025-54309): Securing File Transfer Services

Overview On July 18, 2025, CrushFTP disclosed a critical vulnerability (CVE-2025-54309, CVSS 9.0) in versions 10 before 10.8.5 and 11 before 11.3.4_23, exploited via HTTP(S) to gain admin access. The flaw, related to AS2 validation mishandling, allows remote attackers to bypass authentication when the DMZ proxy feature is disabled. Explanation The vulnerability arises from improper… Read More »CrushFTP Vulnerability (CVE-2025-54309): Securing File Transfer Services

Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.