US-CERT Vulnerability Summary for the Week of January 20, 2025 – RedPacket Security

US-CERT Vulnerability Summary for the Week of January 20, 2025 – RedPacket Security
The CISA Vulnerability Bulletin has highlighted several new vulnerabilities identified within various software products, primarily focusing on vulnerabilities that pose risks of arbitrary code execution, cross-site scripting, and SQL injection among others. The vulnerabilities are categorized based on their severity. High-profile examples include serious security weaknesses in software from Enrich Technology, Apache Software Foundation, and WordPress plugins. These vulnerabilities can lead to significant breaches, impacting users and organizations utilizing these platforms. Affected: Enrich Technology, Apache Software Foundation, WordPress, various plugin vendors.

Keypoints :

  • The CISA Vulnerability Bulletin lists new vulnerabilities identified over the past week.
  • Vulnerabilities are categorized based on CVSS scores into high, medium, and low severity.
  • Examples include CVE-2025-0585 and CVE-2025-0586, involving Enrich Technology and WordPress plugins respectively.
  • Patch information is included when available, although some data comes from open-source reports.
  • The bulletin impacts many plugins and software tools commonly used in various applications.

MITRE Techniques :

  • Insecure Deserialization (CWE-502): CVE-2025-0585 – The a+HRD from Enrich Technology has an Insecure Deserialization vulnerability allowing remote attackers to perform arbitrary code execution.
  • PHP Object Injection (CWE-209): CVE-2025-0586, CVE-2025-0428 – WordPress plugin “AI Power: Complete AI Pack” is vulnerable via the wpaicg_export_prompts and wpaicg_export_ai_forms functions.
  • Improper Neutralization of Input (CWE-79): Reflected XSS vulnerabilities found in various plugins allowing attackers to execute arbitrary JavaScript in user browsers.
  • SQL Injection (CWE-89): Various plugins listed have SQL Injection vulnerabilities allowing unauthorized database access.
  • Remote Code Execution (RCE): CVE-2025-23624 concerning Apache Ambari allowing authenticated users to inject and execute arbitrary code.

CVE :

  • [CVE] CVE-2025-0585
  • [CVE] CVE-2025-0586
  • [CVE] CVE-2025-0428
  • [CVE] CVE-2025-23624
  • [CVE] CVE-2025-23960

Full Story: https://www.redpacketsecurity.com/cisa-vulnerability-summary-for-the-week-of-january-20-2025/