ZeroPath Blog & Research
Explore our team's latest research and stay up to date with ZeroPath's capabilities.
CVE Analysis
•2025-10-22
•8 min read
BIND 9 PRNG Weakness (CVE-2025-40780): Brief Summary and Technical Review
This post provides a brief summary of CVE-2025-40780, a pseudo random number generator (PRNG) weakness in BIND 9 that allows attackers to predict source port and query ID, enabling DNS cache poisoning. Includes affected versions, technical mechanism, and links to advisories.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-22
•9 min read
BIND 9 Malformed DNSKEY CPU Exhaustion (CVE-2025-8677) – Technical Summary and Impact Review
Brief summary of CVE-2025-8677: A vulnerability in BIND 9 (versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1) allows remote attackers to trigger CPU exhaustion by querying zones with malformed DNSKEY records. This post covers technical details, affected versions, and vendor security context.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-21
•8 min read
Hikvision iSecure Center CVE-2023-53691 Directory Traversal File Upload: Brief Technical Summary
This post provides a brief summary of CVE-2023-53691, a directory traversal file upload vulnerability in Hikvision iSecure Center through 2023-06-25. The summary covers technical exploitation details, affected versions, and vendor security history based on available public sources.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-21
•9 min read
Hikvision iSecure Center Command Injection (CVE-2024-58274): Brief Summary and PoC Overview
This post provides a brief summary of the command injection vulnerability in Hikvision iSecure Center (CVE-2024-58274), including technical details, affected versions, and a proof of concept based on public sources.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-21
•8 min read
ManageEngine ADManager Plus CVE-2025-10020: Brief Summary of Critical Authenticated Command Injection Vulnerability
This post provides a brief summary of CVE-2025-10020, a critical authenticated command injection vulnerability in ManageEngine ADManager Plus versions before Build 8025. The flaw affects the Custom Script component and allows authenticated users to execute arbitrary commands on the server. Patch and version details included.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-21
•7 min read
Oracle Financial Services Analytical Applications Infrastructure CVE-2025-53037: Critical Remote Compromise - Brief Summary
A brief summary of CVE-2025-53037, a critical remote unauthenticated compromise vulnerability in Oracle Financial Services Analytical Applications Infrastructure (OFSAAI) Platform component, affecting versions 8.0.7.9, 8.0.8.7, and 8.1.2.5. This post outlines affected versions, technical context, and Oracle's recent security history, with references to official advisories.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-21
•7 min read
Oracle E-Business Suite Product Hub CVE-2025-53043: Brief Summary of Unauthorized Data Access Vulnerability
A brief summary of CVE-2025-53043 affecting Oracle Product Hub in E-Business Suite versions 12.2.3 through 12.2.14. This post covers technical details, affected versions, and vendor security context for security professionals.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-21
•7 min read
Oracle E-Business Suite CVE-2025-53072: Brief Summary of Critical Unauthenticated RCE in Marketing Administration
This post provides a brief summary of CVE-2025-53072, a critical unauthenticated remote code execution vulnerability in Oracle E-Business Suite Marketing Administration (versions 12.2.3 to 12.2.14). It covers affected versions, technical details from official advisories, and links to primary sources.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-21
•11 min read
Oracle WebLogic Server CVE-2025-61752: Brief Summary of HTTP/2 Denial of Service Vulnerability
This post provides a brief summary of CVE-2025-61752, a denial of service vulnerability in Oracle WebLogic Server 14.1.1.0.0 and 14.1.2.0.0 that can be exploited via HTTP/2. It covers technical details, affected versions, and vendor security history based on available public information.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-21
•8 min read
Oracle Identity Manager REST API Critical Vulnerability (CVE-2025-61757): Brief Summary and Technical Details
This post provides a brief summary and technical review of CVE-2025-61757, a critical unauthenticated remote vulnerability in Oracle Identity Manager's REST WebServices component. It covers affected versions, technical vectors, and Oracle's security history, with references for further reading.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-21
•8 min read
Oracle E-Business Suite Marketing CVE-2025-62481: Brief Summary of Critical Unauthenticated Remote Compromise
This post provides a brief summary of CVE-2025-62481, a critical unauthenticated remote vulnerability in Oracle E-Business Suite Marketing Administration (versions 12.2.3 through 12.2.14). It covers affected versions, technical characteristics, patch information, and Oracle's recent security history.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-21
•7 min read
Oracle VM VirtualBox CVE-2025-62589: Brief Summary of a High Severity Privilege Escalation Vulnerability
This post provides a brief summary of CVE-2025-62589, a high severity privilege escalation vulnerability in Oracle VM VirtualBox Core component affecting versions 7.1.12 and 7.2.2. It covers affected versions, technical details from available advisories, and vendor security context.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-21
•8 min read
Oracle Financial Services Analytical Applications Infrastructure CVE-2025-53036: Brief Summary of a Critical Information Disclosure Vulnerability
This post provides a brief summary of CVE-2025-53036, a critical information disclosure vulnerability in Oracle Financial Services Analytical Applications Infrastructure affecting versions 8.0.7.9, 8.0.8.7, and 8.1.2.5. The summary covers technical details, affected versions, and vendor context based on available advisories.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-21
•8 min read
Oracle Java SE JAXP Confidentiality Vulnerability (CVE-2025-53066): Brief Summary and Technical Review
This post provides a brief summary and technical review of CVE-2025-53066, a high-severity confidentiality vulnerability in the JAXP component affecting Oracle Java SE, Oracle GraalVM for JDK, and GraalVM Enterprise Edition. Includes affected versions, technical details, and vendor security context.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-20
•8 min read
Samsung Exynos Baseband NULL Pointer Dereference (CVE-2024-55568): Brief Summary and Technical Review
A brief summary and technical review of CVE-2024-55568, a NULL pointer dereference vulnerability in Samsung Exynos mobile processors, wearable processors, and modems. This post details affected versions, technical root cause, and vendor security history, with references to advisories and research.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-20
•8 min read
Samsung Exynos RLC AM PDU Handling: Brief Summary of CVE-2025-26781 Denial of Service Vulnerability
This post provides a brief summary of CVE-2025-26781, a denial of service vulnerability in the RLC AM PDU handling of Samsung Exynos mobile, wearable, and modem chipsets. We focus on technical details, affected versions, and vendor security history based on available public sources.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-20
•11 min read
Samsung Exynos RLC AM Denial of Service (CVE-2025-26782): Brief Summary and Technical Review
A brief summary and technical review of CVE-2025-26782, a denial of service vulnerability in the RLC AM protocol implementation of Samsung Exynos mobile, wearable, and modem processors. This post covers affected products, technical root cause, and relevant references.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-20
•8 min read
Zyxel ATP and USG FLEX Firewalls CVE-2025-9133: Brief Summary of a Missing Authorization Vulnerability
This post provides a brief summary of CVE-2025-9133, a missing authorization vulnerability in Zyxel ATP, USG FLEX, USG FLEX 50(W), and USG20(W)-VPN firewalls. The flaw allows attackers who have completed only the first stage of two-factor authentication to download sensitive configuration files. Includes affected versions, technical details, and vendor security context.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-17
•9 min read
Squid Proxy CVE-2025-62168: Brief Summary of Critical Credential Disclosure Vulnerability
This post provides a brief summary of CVE-2025-62168, a critical vulnerability in Squid Proxy (prior to 7.2) that can expose HTTP authentication credentials through error handling. Includes technical details, affected versions, and references to advisories and fixes.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-17
•9 min read
CVE-2025-62645: Privilege Escalation in Restaurant Brands International Assistant Platform (Brief Summary)
Brief summary of CVE-2025-62645, a critical privilege escalation vulnerability in Restaurant Brands International's assistant platform affecting Burger King, Tim Hortons, and Popeyes. Exploitation is possible via the createToken GraphQL mutation due to AWS Cognito misconfiguration and insufficient access controls. No patch or detection methods are currently published.
ZeroPath CVE Analysis