ZeroPath Blog & Research
Explore our team's latest research and stay up to date with ZeroPath's capabilities.
CVE Analysis
•2025-07-17
•9 min read
Node.js HTTP Request Smuggling (CVE-2022-35256): Anatomy of a Parsing Flaw in llhttp
A deep technical analysis of CVE-2022-35256, a request smuggling vulnerability in Node.js's llhttp parser. We dissect the parsing flaw, affected versions, real-world impact, and the precise patch that closes the door on this attack vector.
ZeroPath Security Research
CVE Analysis
•2025-07-17
•18 min read
MOVEit Transfer CVE-2023-34362: Anatomy of a Critical SQL Injection and Real-World Exploitation
A critical SQL injection flaw in Progress MOVEit Transfer (CVE-2023-34362) enabled unauthenticated attackers to breach sensitive databases and deploy web shells, fueling a global ransomware campaign. This post dissects the technical exploitation, proof-of-concept, patch guidance, and detection strategies for defenders.
ZeroPath Security Research
CVE Analysis
•2025-07-17
•8 min read
ReDoS in Chai’s get-func-name: CVE-2023-43646 Technical Analysis & PoC
A critical ReDoS vulnerability (CVE-2023-43646) in Chai’s get-func-name module exposes Node.js and browser apps to denial of service via inefficient regex parsing. This post delivers a technical breakdown, PoC, patch details, and detection strategies for security teams.
ZeroPath Security Research
CVE Analysis
•2025-07-17
•8 min read
Sophos Intercept X Updater LPE: Dissecting CVE-2024-13972’s Registry Permission Flaw
A deep technical analysis of CVE-2024-13972, a critical local privilege escalation in Sophos Intercept X for Windows caused by insecure registry permissions during upgrades. We detail the vulnerability’s mechanism, affected versions, patch guidance, and detection strategies for defenders.
ZeroPath Security Research
CVE Analysis
•2025-07-17
•8 min read
Rails ReDoS: CVE-2024-26142 and the Accept Header Parsing Flaw
A critical flaw in Rails 7.1.x's Accept header parsing exposes applications to ReDoS attacks. We break down the technical root cause, affected versions, and the official patch that neutralizes this threat.
ZeroPath Security Research
CVE Analysis
•2025-07-17
•13 min read
When Containers Break the Rules: CVE-2025-23267 in NVIDIA Container Toolkit and the Perils of Link Following
A critical flaw in NVIDIA's Container Toolkit (CVE-2025-23267) allows attackers to escape container boundaries and tamper with host files via a link following bug in the update-ldcache hook. This post dissects the technical root cause, affected versions, and how to patch before attackers strike.
ZeroPath Security Research
CVE Analysis
•2025-07-17
•12 min read
Cache Poisoning Reloaded: Deep Dive into CVE-2025-4366 and Pingora's Request Smuggling Flaw
A high-severity request smuggling vulnerability in Cloudflare's Pingora proxy framework (CVE-2025-4366) exposes HTTP/1.1 cache users to unauthorized request execution and cache poisoning. This technical analysis unpacks the bug's mechanism, affected versions, patch details, and detection strategies for defenders.
ZeroPath Security Research
CVE Analysis
•2025-07-17
•8 min read
RCE Risk in WooCommerce Refund and Exchange with RMA: Unauthenticated File Upload (CVE-2025-6222)
A critical unauthenticated file upload vulnerability (CVE-2025-6222) in WooCommerce Refund and Exchange with RMA plugin enables remote code execution on WordPress sites. This post delivers a technical breakdown, affected versions, and patch details.
ZeroPath Security Research
CVE Analysis
•2025-07-17
•8 min read
Multer DoS Vulnerability (CVE-2025-7338): How a Single Malformed Upload Can Crash Your Node.js App
A critical Denial of Service flaw in Multer (CVE-2025-7338) lets attackers crash Node.js servers with a single malformed multipart upload. Here’s a technical breakdown, affected versions, and how to patch.
ZeroPath Security Research
CVE Analysis
•2025-07-17
•8 min read
Cracking the Shell: CVE-2025-7433 Local Privilege Escalation in Sophos Intercept X for Windows
A deep technical analysis of CVE-2025-7433, a high-severity local privilege escalation flaw in Sophos Intercept X for Windows with Central Device Encryption. Discover how insecure deserialization (CWE-502) enables arbitrary code execution, which versions are at risk, and exactly how to patch.
ZeroPath Security Research
CVE Analysis
•2025-07-17
•8 min read
Attachment Manager ≤2.1.2: CVE-2025-7643 and the Perils of Unauthenticated File Deletion in WordPress
A critical flaw in the Attachment Manager WordPress plugin (≤2.1.2) enables unauthenticated attackers to delete arbitrary files, risking RCE and total site compromise. We dissect the vulnerability, affected versions, and the plugin's troubled security history.
ZeroPath Security Research
CVE Analysis
•2025-07-17
•12 min read
F5 BIG-IP CVE-2023-46747: Anatomy of a Critical TMUI Authentication Bypass and Remote Code Execution
CVE-2023-46747 exposes F5 BIG-IP to unauthenticated remote code execution via a critical TMUI authentication bypass. This post delivers a technical breakdown, PoC insights, patching instructions, detection methods, and a candid look at F5's security history.
ZeroPath Security Research
CVE Analysis
•2025-07-17
•15 min read
Fortinet FortiWeb CVE-2025-25257: Pre-Auth SQL Injection to RCE – Anatomy of a Critical WAF Compromise
CVE-2025-25257 exposes a critical pre-auth SQL injection flaw in Fortinet FortiWeb (7.6.0–7.6.3, 7.4.0–7.4.7, 7.2.0–7.2.10, <7.0.11), enabling unauthenticated attackers to achieve remote code execution via crafted HTTP requests. This post delivers a technical breakdown, PoC, detection guidance, and patch details for security teams.
ZeroPath Security Research
CVE Analysis
•2025-07-17
•8 min read
GitLab Group 2FA Bypass (CVE-2025-0605): Anatomy of a Subtle Access Control Flaw
A deep technical analysis of CVE-2025-0605, a GitLab vulnerability allowing group-level two-factor authentication (2FA) bypass via Git operations. We break down the root cause, affected versions, exploitation vectors, and GitLab's patch response.
ZeroPath Security Research
CVE Analysis
•2025-07-17
•8 min read
GitLab Forking Restriction Bypass (CVE-2025-3396): Anatomy of an Authorization Flaw
A deep technical analysis of CVE-2025-3396, where GitLab project owners could bypass group-level forking restrictions via API manipulation. We detail the root cause, affected versions, patch details, and detection strategies for defenders.
ZeroPath Security Research
CVE Analysis
•2025-07-17
•8 min read
GitLab EE CVE-2025-4972: How a Low-Severity Auth Bypass Could Undermine Group Security
A deep technical analysis of CVE-2025-4972, a low-severity but impactful authorization flaw in GitLab EE that allowed users with invitation privileges to bypass group-level restrictions. We detail the vulnerability's mechanism, affected versions, patch details, and detection strategies.
ZeroPath Security Research
CVE Analysis
•2025-07-17
•12 min read
GitLab EE Maintainer Authorization Bypass (CVE-2025-6168): Technical Analysis and Detection Guidance
A technical breakdown of CVE-2025-6168, an authorization bypass in GitLab EE allowing maintainers to circumvent group-level user invitation restrictions via crafted API requests. Includes affected versions, patch details, and detection strategies.
ZeroPath Security Research
CVE Analysis
•2025-07-17
•12 min read
NVIDIAScape: Breaking Container Isolation with CVE-2025-23266 in NVIDIA Container Toolkit
CVE-2025-23266 (NVIDIAScape) exposes a critical container escape flaw in NVIDIA Container Toolkit, allowing attackers to gain root on the host via OCI hook misconfiguration. We detail the technical root cause, PoC, detection, and patching strategies for this high-impact vulnerability affecting AI/ML and cloud GPU environments.
ZeroPath Security Research
CVE Analysis
•2025-07-11
•7 min read
Root Access Redux: Analyzing CVE-2025-52983 in Juniper Junos OS
Explore the critical UI discrepancy vulnerability CVE-2025-52983 in Juniper Junos OS, enabling unauthorized root access even after SSH public key removal.
ZeroPath Security Research
CVE Analysis
•2025-07-11
•8 min read
Juniper SRX300 Series at Risk: Byte-Ordering Bug CVE-2025-52980 Opens Door to BGP DoS Attacks
A critical byte-ordering vulnerability, CVE-2025-52980, in Juniper's SRX300 Series allows attackers to crash routing daemons via crafted BGP UPDATE messages.
ZeroPath Security Research