Skip to main content
CVE-2025-61498 HIGH This Week

Denial of service in the Tenda AC8 dual-band gigabit router (hardware revision v03.03.10.01) allows a remote attacker to crash the device by sending a single crafted packet to its UPnP service, triggering a stack-based buffer overflow (CWE-121). The flaw requires no authentication or user interaction per the CVSS vector (PR:N/UI:N) and impacts availability only (A:H, no confidentiality/integrity impact). Publicly available exploit material exists via a researcher GitHub repository, though the issue is not listed in CISA KEV and carries a modest EPSS score of 0.39% (31st percentile).

Buffer Overflow Tenda Denial Of Service Stack Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-62230 HIGH PATCH This Week

Use-after-free memory corruption in X.Org X server's Xkb extension allows local authenticated attackers to achieve high confidentiality impact, low integrity impact, and high availability impact (CVSS 7.3) through improper resource cleanup during client disconnection. The vulnerability affects Red Hat Enterprise Linux distributions with multiple security advisories released (RHSA-2025:19432 through RHSA-2025:22055). EPSS data not provided, but the local attack vector (AV:L) and low complexity (AC:L) indicate exploitation requires authenticated local access. No CISA KEV listing or public POC identified at time of analysis.

Memory Corruption Use After Free Buffer Overflow X Server Xwayland +9
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-62231 HIGH PATCH This Week

Local privilege escalation in X.Org X server's Xkb extension affects RHEL-family distributions, allowing authenticated users to corrupt memory or crash the X server via integer overflow in XkbSetCompatMap(). Attack requires local access with low-privilege credentials. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation. Red Hat has released patches across multiple RHEL versions (RHSA-2025:19432 through RHSA-2025:22055).

Integer Overflow Buffer Overflow X Server Xwayland Vios +8
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-62229 HIGH PATCH This Week

Use-after-free in X.Org X server and Xwayland during Present extension notification processing allows local authenticated users to achieve arbitrary code execution or denial of service. The flaw affects core display server components across multiple Linux distributions, with Red Hat confirming patches through 15 security advisories (RHSA-2025:19432 through RHSA-2025:22055). CVSS 7.3 reflects high integrity and availability impact with low confidentiality impact. No active exploitation confirmed (not in CISA KEV). EPSS data not provided, but the local attack vector and authentication requirement reduce remote exploitation risk despite the severity of potential impact.

Use After Free Memory Corruption Denial Of Service Buffer Overflow RCE +2
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-40105 Awaiting Data

In the Linux kernel, the following vulnerability has been resolved: vfs: Don't leak disconnected dentries on umount When user calls open_by_handle_at() on some inode that is not cached, we will create disconnected dentry for it. If such dentry is a directory, exportfs_decode_fh_raw() will then try to connect this dentry to the dentry tree through reconnect_path(). It may happen for various reasons (such as corrupted fs or race with rename) that the call to lookup_one_unlocked() in reconnect_one() will fail to find the dentry we are trying to reconnect and instead create a new dentry under the parent. Now this dentry will not be marked as disconnected although the parent still may well be disconnected (at least in case this inconsistency happened because the fs is corrupted and .. doesn't point to the real parent directory). This creates inconsistency in disconnected flags but AFAICS it was mostly harmless. At least until commit f1ee616214cb ("VFS: don't keep disconnected dentries on d_anon") which removed adding of most disconnected dentries to sb->s_anon list. Thus after this commit cleanup of disconnected dentries implicitely relies on the fact that dput() will immediately reclaim such dentries. However when some leaf dentry isn't marked as disconnected, as in the scenario described above, the reclaim doesn't happen and the dentries are "leaked". Memory reclaim can eventually reclaim them but otherwise they stay in memory and if umount comes first, we hit infamous "Busy inodes after unmount" bug. Make sure all dentries created under a disconnected parent are marked as disconnected as well.

Linux Information Disclosure
NVD
EPSS
0.2%
CVE-2025-40103 PATCH Awaiting Data

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifs_sb_tlink Fix three refcount inconsistency issues related to `cifs_sb_tlink`. Comments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be called after successful calls to `cifs_sb_tlink()`. Three calls fail to update refcount accordingly, leading to possible resource leaks.

Linux Information Disclosure
NVD
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy