ZeroPath at Black Hat USA 2026

ZeroPath Blog & Research

Explore our team's latest research and stay up to date with ZeroPath's capabilities.
Oracle E-Business Suite CVE-2025-53072: Brief Summary of Critical Unauthenticated RCE in Marketing Administration
CVE Analysis

2025-10-21

7 min read

Oracle E-Business Suite CVE-2025-53072: Brief Summary of Critical Unauthenticated RCE in Marketing Administration

This post provides a brief summary of CVE-2025-53072, a critical unauthenticated remote code execution vulnerability in Oracle E-Business Suite Marketing Administration (versions 12.2.3 to 12.2.14). It covers affected versions, technical details from official advisories, and links to primary sources.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Oracle WebLogic Server CVE-2025-61752: Brief Summary of HTTP/2 Denial of Service Vulnerability
CVE Analysis

2025-10-21

11 min read

Oracle WebLogic Server CVE-2025-61752: Brief Summary of HTTP/2 Denial of Service Vulnerability

This post provides a brief summary of CVE-2025-61752, a denial of service vulnerability in Oracle WebLogic Server 14.1.1.0.0 and 14.1.2.0.0 that can be exploited via HTTP/2. It covers technical details, affected versions, and vendor security history based on available public information.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Oracle Identity Manager REST API Critical Vulnerability (CVE-2025-61757): Brief Summary and Technical Details
CVE Analysis

2025-10-21

8 min read

Oracle Identity Manager REST API Critical Vulnerability (CVE-2025-61757): Brief Summary and Technical Details

This post provides a brief summary and technical review of CVE-2025-61757, a critical unauthenticated remote vulnerability in Oracle Identity Manager's REST WebServices component. It covers affected versions, technical vectors, and Oracle's security history, with references for further reading.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Oracle E-Business Suite Marketing CVE-2025-62481: Brief Summary of Critical Unauthenticated Remote Compromise
CVE Analysis

2025-10-21

8 min read

Oracle E-Business Suite Marketing CVE-2025-62481: Brief Summary of Critical Unauthenticated Remote Compromise

This post provides a brief summary of CVE-2025-62481, a critical unauthenticated remote vulnerability in Oracle E-Business Suite Marketing Administration (versions 12.2.3 through 12.2.14). It covers affected versions, technical characteristics, patch information, and Oracle's recent security history.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Oracle VM VirtualBox CVE-2025-62589: Brief Summary of a High Severity Privilege Escalation Vulnerability
CVE Analysis

2025-10-21

7 min read

Oracle VM VirtualBox CVE-2025-62589: Brief Summary of a High Severity Privilege Escalation Vulnerability

This post provides a brief summary of CVE-2025-62589, a high severity privilege escalation vulnerability in Oracle VM VirtualBox Core component affecting versions 7.1.12 and 7.2.2. It covers affected versions, technical details from available advisories, and vendor security context.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Oracle Financial Services Analytical Applications Infrastructure CVE-2025-53036: Brief Summary of a Critical Information Disclosure Vulnerability
CVE Analysis

2025-10-21

8 min read

Oracle Financial Services Analytical Applications Infrastructure CVE-2025-53036: Brief Summary of a Critical Information Disclosure Vulnerability

This post provides a brief summary of CVE-2025-53036, a critical information disclosure vulnerability in Oracle Financial Services Analytical Applications Infrastructure affecting versions 8.0.7.9, 8.0.8.7, and 8.1.2.5. The summary covers technical details, affected versions, and vendor context based on available advisories.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Oracle Java SE JAXP Confidentiality Vulnerability (CVE-2025-53066): Brief Summary and Technical Review
CVE Analysis

2025-10-21

8 min read

Oracle Java SE JAXP Confidentiality Vulnerability (CVE-2025-53066): Brief Summary and Technical Review

This post provides a brief summary and technical review of CVE-2025-53066, a high-severity confidentiality vulnerability in the JAXP component affecting Oracle Java SE, Oracle GraalVM for JDK, and GraalVM Enterprise Edition. Includes affected versions, technical details, and vendor security context.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Samsung Exynos Baseband NULL Pointer Dereference (CVE-2024-55568): Brief Summary and Technical Review
CVE Analysis

2025-10-20

8 min read

Samsung Exynos Baseband NULL Pointer Dereference (CVE-2024-55568): Brief Summary and Technical Review

A brief summary and technical review of CVE-2024-55568, a NULL pointer dereference vulnerability in Samsung Exynos mobile processors, wearable processors, and modems. This post details affected versions, technical root cause, and vendor security history, with references to advisories and research.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Samsung Exynos RLC AM PDU Handling: Brief Summary of CVE-2025-26781 Denial of Service Vulnerability
CVE Analysis

2025-10-20

8 min read

Samsung Exynos RLC AM PDU Handling: Brief Summary of CVE-2025-26781 Denial of Service Vulnerability

This post provides a brief summary of CVE-2025-26781, a denial of service vulnerability in the RLC AM PDU handling of Samsung Exynos mobile, wearable, and modem chipsets. We focus on technical details, affected versions, and vendor security history based on available public sources.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Samsung Exynos RLC AM Denial of Service (CVE-2025-26782): Brief Summary and Technical Review
CVE Analysis

2025-10-20

11 min read

Samsung Exynos RLC AM Denial of Service (CVE-2025-26782): Brief Summary and Technical Review

A brief summary and technical review of CVE-2025-26782, a denial of service vulnerability in the RLC AM protocol implementation of Samsung Exynos mobile, wearable, and modem processors. This post covers affected products, technical root cause, and relevant references.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Zyxel ATP and USG FLEX Firewalls CVE-2025-9133: Brief Summary of a Missing Authorization Vulnerability
CVE Analysis

2025-10-20

8 min read

Zyxel ATP and USG FLEX Firewalls CVE-2025-9133: Brief Summary of a Missing Authorization Vulnerability

This post provides a brief summary of CVE-2025-9133, a missing authorization vulnerability in Zyxel ATP, USG FLEX, USG FLEX 50(W), and USG20(W)-VPN firewalls. The flaw allows attackers who have completed only the first stage of two-factor authentication to download sensitive configuration files. Includes affected versions, technical details, and vendor security context.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Squid Proxy CVE-2025-62168: Brief Summary of Critical Credential Disclosure Vulnerability
CVE Analysis

2025-10-17

9 min read

Squid Proxy CVE-2025-62168: Brief Summary of Critical Credential Disclosure Vulnerability

This post provides a brief summary of CVE-2025-62168, a critical vulnerability in Squid Proxy (prior to 7.2) that can expose HTTP authentication credentials through error handling. Includes technical details, affected versions, and references to advisories and fixes.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

CVE-2025-62645: Privilege Escalation in Restaurant Brands International Assistant Platform (Brief Summary)
CVE Analysis

2025-10-17

9 min read

CVE-2025-62645: Privilege Escalation in Restaurant Brands International Assistant Platform (Brief Summary)

Brief summary of CVE-2025-62645, a critical privilege escalation vulnerability in Restaurant Brands International's assistant platform affecting Burger King, Tim Hortons, and Popeyes. Exploitation is possible via the createToken GraphQL mutation due to AWS Cognito misconfiguration and insufficient access controls. No patch or detection methods are currently published.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: CVE-2025-62650 Client-Side Authentication Flaw in Restaurant Brands International Assistant Platform
CVE Analysis

2025-10-17

11 min read

Brief Summary: CVE-2025-62650 Client-Side Authentication Flaw in Restaurant Brands International Assistant Platform

This post provides a brief summary of CVE-2025-62650, a client-side authentication vulnerability affecting Restaurant Brands International's assistant platform through 2025-09-06. The flaw allowed unauthorized access to diagnostic screens and sensitive data across Burger King, Popeyes, and Tim Hortons platforms. No patch or detection guidance is included as none is available in public sources.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Keras CVE-2025-49655: Brief Summary of Critical Deserialization Vulnerability in TorchModuleWrapper
CVE Analysis

2025-10-17

8 min read

Keras CVE-2025-49655: Brief Summary of Critical Deserialization Vulnerability in TorchModuleWrapper

This post provides a brief summary of CVE-2025-49655, a critical deserialization vulnerability in Keras versions 3.11.0 up to but not including 3.11.3. The flaw allows arbitrary code execution via malicious TorchModuleWrapper objects in model files, even with safe mode enabled. Includes affected versions, technical details, and references.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Strapi CVE-2024-56143: Brief Summary of Private Field Exposure via Document Service Lookup
CVE Analysis

2025-10-16

7 min read

Strapi CVE-2024-56143: Brief Summary of Private Field Exposure via Document Service Lookup

This post offers a brief summary of CVE-2024-56143, a high-severity vulnerability in Strapi versions 5.0.0 through 5.5.1. The flaw allows attackers to access private fields, including admin credentials, by abusing the document service lookup operator. Patch and affected version details are included.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

WSO2 REST API Authentication Bypass (CVE-2025-10611): Brief Summary and Technical Review
CVE Analysis

2025-10-16

7 min read

WSO2 REST API Authentication Bypass (CVE-2025-10611): Brief Summary and Technical Review

This post provides a brief summary and technical review of CVE-2025-10611, a critical authentication and authorization bypass in multiple WSO2 products affecting REST APIs. The vulnerability allows unauthenticated administrative operations. No patch or detection guidance is available at this time.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Spring Cloud Gateway CVE-2025-41253: Brief Summary of Environment Variable Exposure via SpEL Injection
CVE Analysis

2025-10-16

12 min read

Spring Cloud Gateway CVE-2025-41253: Brief Summary of Environment Variable Exposure via SpEL Injection

This post provides a brief summary of CVE-2025-41253, a high-severity vulnerability in Spring Cloud Gateway Server Webflux that can expose environment variables and system properties through SpEL injection when actuator endpoints are misconfigured. The summary covers affected versions, technical details, and official patch guidance.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Mattermost OAuth State Manipulation (CVE-2025-58073) – Brief Summary and Technical Review
CVE Analysis

2025-10-16

8 min read

Mattermost OAuth State Manipulation (CVE-2025-58073) – Brief Summary and Technical Review

This post provides a brief summary and technical review of CVE-2025-58073, a high-severity authorization bypass in Mattermost affecting versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, and 10.5.x <= 10.5.10. The flaw allows attackers to join any team by manipulating OAuth state during team invitation flows. Includes affected versions, technical mechanism, and references.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Mattermost CVE-2025-58075: Brief Summary of Authorization Bypass via Invite Token and RelayState Manipulation
CVE Analysis

2025-10-16

8 min read

Mattermost CVE-2025-58075: Brief Summary of Authorization Bypass via Invite Token and RelayState Manipulation

This post provides a brief summary of CVE-2025-58075, a high-severity authorization bypass in Mattermost versions 10.11.x through 10.11.1, 10.10.x through 10.10.2, and 10.5.x through 10.5.10. The flaw allows unauthorized team access by manipulating the RelayState parameter with a valid invite token. Includes affected versions, technical details, and vendor security context.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization
CVE Analysis | ZeroPath Security Blog - Vulnerability Research & Exploits | Page 37 | ZeroPath