CISA Warns Of Critical Veeder-Root Vulnerabilities Let Attackers Execute System-level Commands

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark advisory highlighting two severe vulnerabilities in Veeder-Root’s TLS4B Automatic Tank Gauge System, a critical tool used in fuel storage and management across the energy sector.

These flaws, if exploited, could enable attackers to run arbitrary system-level commands on affected devices, potentially leading to widespread disruptions in critical infrastructure.

The primary vulnerability has a CVSS v4 score of 9.4, making it highly exploitable remotely and low-complexity, especially for those with basic credentials.

Veeder-Root, a U.S.-based company with global deployments, urges immediate upgrades to mitigate these risks, as reported by researcher Pedro Umbelino of Bitsight.

The vulnerabilities stem from flaws in the system’s handling of commands and time values, exposing Linux-based consoles to manipulation.

Discovered in systems deployed worldwide for monitoring underground storage tanks, they underscore ongoing challenges in securing industrial control systems (ICS) against sophisticated threats.

CISA emphasizes that these issues affect energy operations, where downtime could cascade into fuel supply interruptions or safety hazards.

Vulnerability Breakdown

The TLS4B system, versions prior to 11.A, suffers from a command injection flaw and an integer overflow related to the 2038 Unix epoch problem.

The command injection (CWE-77) arises in the SOAP-based web services interface, allowing authenticated remote attackers to inject malicious elements and execute Linux shell commands.

This could grant full system access, enabling data theft or further network compromise.

A secondary integer overflow (CWE-190) mishandles time values beyond the 2038 rollover, resetting the clock to 1901 and causing authentication failures, log corruption, and halted leak detection.

Attackers could exploit this for denial-of-service (DoS) by tampering with system time, locking out administrators, and disrupting operations.

CVE ID	Description	Affected Products	CVSS v3.1 Score (Vector)	CVSS v4 Score (Vector)
CVE-2025-58428	Command Injection (CWE-77) via SOAP interface; enables RCE and shell access.	TLS4B (prior to 11.A)	9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)	9.4 (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)
CVE-2025-55067	Integer Overflow (CWE-190) in Unix time handling; triggers DoS and functional disruptions.	TLS4B (prior to 11.A)	7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)	7.1 (AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N)

Mitigations

Exploitation could yield remote command execution, lateral movement, administrative lockouts, and DoS conditions, severely impacting energy infrastructure reliability.

With low barriers to entry requiring only valid credentials, these flaws heighten risks for unpatched systems.

Veeder-Root recommends upgrading to TLS4B version 11.A for the command injection fix; for the overflow issue, a patch is in development, so users should follow network security best practices like isolating devices and securing ports.

CISA advises minimizing internet exposure, deploying firewalls, and using VPNs for remote access while conducting thorough risk assessments.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post CISA Warns Of Critical Veeder-Root Vulnerabilities Let Attackers Execute System-level Commands appeared first on Cyber Security News.

¶¶¶¶¶

Windows Introduces Quick Memory Scan Feature During Restart After BSOD Crashes

·

Tech News, Windows, Windows 11

Microsoft is enhancing Windows 11’s stability with a new feature that prompts users for a quick memory diagnostic scan following blue screen of death (BSOD) incidents.

This proactive tool aims to detect and mitigate memory corruption issues that often lead to unexpected restarts, potentially reducing future system crashes.

Announced in recent Windows Insider builds, the update reflects Microsoft’s ongoing efforts to refine OS diagnostics amid rising reports of hardware-related failures.

The system triggers a notification upon login after a bugcheck, which is a critical kernel or driver error causing a BSOD. Users see a prompt suggesting a “quick memory scan,” scheduling the Windows Memory Diagnostic tool to run during the next reboot.

This scan typically lasts under five minutes, allowing the PC to boot into Windows afterward.

Windows Memory Diagnostics dialog

If memory problems are identified and addressed, a post-reboot alert informs the user of the resolution. In early testing, all bugcheck codes activate the prompt to gather data on memory-crash correlations.

Not every device supports this yet; it’s unavailable on Arm64-based systems, on systems with Administrator Protection enabled, or on BitLocker setups without Secure Boot.

The feature debuted in Insider Preview Build 26220.6982 for the Dev Channel and Build 26120.6982 for Beta, via update KB5067109.

Microsoft plans to narrow triggers to specific error types in future releases, improving precision without overwhelming users.

This aligns with broader Windows 11 updates, including AI enhancements like Copilot integrations. As PCs handle more demanding tasks, such tools could prevent data loss and downtime, especially for professionals reliant on stable systems.

The initiative underscores memory issues as a common BSOD culprit, urging timely hardware checks. With rollout expanding, Windows users may soon experience fewer frustrating interruptions.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Windows Introduces Quick Memory Scan Feature During Restart After BSOD Crashes appeared first on Cyber Security News.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
CISA Alerts on Critical Veeder-Root Flaws Allowing Attackers to Execute System Commands

·

CVE/vulnerability, cyber security, Cyber Security News, Vulnerabilities, vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding serious vulnerabilities in Veeder-Root’s TLS4B Automatic Tank Gauge System. Released on October 23, 2025, the alert warns that attackers could exploit these flaws to take control of industrial systems used worldwide, particularly in the energy sector. Two Critical Vulnerabilities Discovered Security […]

The post CISA Alerts on Critical Veeder-Root Flaws Allowing Attackers to Execute System Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
OpenVPN Vulnerability Exposes Linux, macOS Systems to Script Injection Attacks

·

cyber security, Cyber Security News, vulnerability, Vulnerability News

A new vulnerability in early versions of OpenVPN has been disclosed, potentially allowing malicious servers to execute arbitrary commands on client machines.

The flaw affects OpenVPN releases from 2.7_alpha1 to 2.7_beta1, enabling script-injection attacks on POSIX-based systems such as Linux, macOS, and BSD variants.

The issue stems from inadequate sanitization of the –dns and –dhcp-option arguments. When a client connects to an untrusted VPN service, these parameters are passed unsanitized to the –dns-updown script hook.

This oversight lets attackers embed malicious commands that run with elevated privileges on the client device, risking data theft, malware deployment, or full system compromise.

Security researchers warn that users relying on these beta builds for remote access or secure networking face immediate risks, especially in enterprise or personal setups involving third-party VPN providers.

OpenVPN – Script Injection Attack

Designated as CVE-2025-10680, the vulnerability has a CVSS score of 8.1 (high severity), highlighting its exploitability over the network without authentication.

It exploits the trust model where clients assume server-pushed DNS configurations are benign. On affected Unix-like systems, the –dns-updown script executes these inputs directly, opening the door to command injection.

Windows users are also impacted if using the built-in PowerShell integration, though the primary exposure remains on Linux and macOS.

Proof-of-concept exploits could involve crafting DNS strings with shell metacharacters, such as backticks or semicolons, to chain additional commands.

The OpenVPN project has confirmed no evidence of widespread exploitation yet, but urges immediate updates.

Patch Released With OpenVPN 2.7_beta2

Responding swiftly, the OpenVPN community released version 2.7_beta2 on October 27, 2025, incorporating critical fixes.

Key among them is enhanced input sanitation for DNS strings, blocking injection attempts from trusted-but-malicious servers.

The update also addresses Windows-specific issues, like improved event logging via a new openvpnservmsg.dll, and restores IPv4 broadcast configuration on Linux.

Additional bug fixes include better handling of multi-socket setups on Windows and repairs to DHCP options in TAP mode. Users should download the beta2 build from the official OpenVPN website and test in non-production environments.

For production use, sticking to stable 2.6.x releases remains advisable until 2.7 stabilizes. This incident underscores the importance of validating VPN software betas, particularly in diverse OS ecosystems.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post OpenVPN Vulnerability Exposes Linux, macOS Systems to Script Injection Attacks appeared first on Cyber Security News.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Gamaredon Phishing Campaign Exploits WinRAR Vulnerability to Target Government Agencies

·

cyber security, Cyber Security News, Phishing, vulnerability, WinRAR

Cybersecurity researchers have uncovered a sophisticated phishing campaign orchestrated by the notorious Gamaredon threat group, specifically targeting government entities through exploitation of a critical WinRAR vulnerability. The attack leverages CVE-2025-8088, a path traversal vulnerability in the popular file compression software, to deliver weaponized RAR archives that silently deploy malicious payloads without requiring user interaction beyond […]

The post Gamaredon Phishing Campaign Exploits WinRAR Vulnerability to Target Government Agencies appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Apache Tomcat Flaws Allow Remote Code Execution on Vulnerable Servers

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

The Apache Software Foundation has disclosed two security vulnerabilities affecting multiple versions of Apache Tomcat, with one flaw posing a serious risk of remote code execution on vulnerable servers. The flaws impact Apache Tomcat versions 9, 10, and 11, prompting urgent warnings for administrators to upgrade their installations immediately. CVE ID Vulnerability Severity CVSS Score […]

The post Apache Tomcat Flaws Allow Remote Code Execution on Vulnerable Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Beware of Free Video Game Cheats that Deliver Infostealer Malwares

·

cyber security, Cyber Security News, Malware

The competitive gaming landscape has become a breeding ground for cybercriminals who exploit players’ desire to gain an unfair advantage. While major esports tournaments like last year’s CS2 PGL Major in Copenhagen boast prize pools reaching $1.25 million, the temptation to cheat extends far beyond professional competition. The industry noted one of its most notorious […]

The post Beware of Free Video Game Cheats that Deliver Infostealer Malwares appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
OpenAI Atlas Browser Vulnerability Lets Attackers Execute Malicious Scripts in ChatGPT

·

ChatGPT, CVE/vulnerability, cyber security, Cyber Security News, vulnerability

Cybersecurity firm LayerX has identified a critical vulnerability in OpenAI’s ChatGPT Atlas browser that allows malicious actors to inject harmful instructions into ChatGPT’s memory and execute remote code. This security flaw poses significant risks to users across all browsers but presents particularly severe dangers for those using the new ChatGPT Atlas browser. Cross-Site Request Forgery […]

The post OpenAI Atlas Browser Vulnerability Lets Attackers Execute Malicious Scripts in ChatGPT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats

·

A European embassy located in the Indian capital of New Delhi, as well as multiple organizations in Sri Lanka, Pakistan, and Bangladesh, have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder in September 2025. The activity “reveals a notable evolution in SideWinder’s TTPs, particularly the adoption of a novel PDF and ClickOnce-based infection chain, in

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

Apache Tomcat Security Vulnerabilities Expose Servers to Remote Code Execution Attacks

cyber security, Cyber Security News, vulnerability, Vulnerability News

The Apache Software Foundation has highlighted critical flaws in Apache Tomcat, a widely used open-source Java servlet container that powers numerous web applications.

On October 27, 2025, Apache disclosed two vulnerabilities, CVE-2025-55752 and CVE-2025-55754, affecting multiple versions of Tomcat.

While the first poses a risk of remote code execution (RCE) under specific configurations, the second enables potential console manipulation, underscoring the need for immediate patching in enterprise environments.

These issues stem from regressions and unescaped sequences, potentially exposing servers to unauthorized access and control.

Directory Traversal Flaw Enables RCE

The more severe vulnerability, CVE-2025-55752, involves a directory traversal bug introduced in the fix for an earlier issue (bug 60013).

In this regression, rewritten URLs are normalized before decoding, allowing attackers to manipulate query parameters and bypass protections for sensitive directories like /WEB-INF/ and /META-INF/.

If PUT requests are enabled, a configuration typically restricted to trusted users, malicious files can be uploaded, leading to RCE.

Discovered by Chumy Tsai of CyCraft Technology, this flaw is rated as Important severity, emphasizing its potential impact on unpatched systems running Tomcat in production.

Affected versions include Apache Tomcat 11.0.0-M1 to 11.0.10, 10.1.0-M1 to 10.1.44, and 9.0.0-M11 to 9.0.108, with older end-of-life (EOL) releases also vulnerable.

The technical specifics revolve around URL rewriting rules that inadvertently allow path manipulation, exploiting the order of normalization and decoding processes to evade security constraints.

CVE ID	Severity	Affected Versions	CVSS Score	Technical Description	Credit
CVE-2025-55752	Important	11.0.0-M1 to 11.0.10 10.1.0-M1 to 10.1.44 9.0.0.M11 to 9.0.108	N/A (Important)	Directory traversal via rewritten URL normalization before decoding; enables file upload and RCE if PUT enabled. Bypasses /WEB-INF/ and /META-INF/ protections.	Chumy Tsai (CyCraft) lists.apache

Console Manipulation Through Log Escapes

In addition to the traversal issue, CVE-2025-55754 addresses improper neutralization of ANSI escape sequences in Tomcat’s log messages.

On Windows systems with ANSI-supporting consoles, attackers could craft URLs to inject sequences that manipulate the console display, clipboard, or even trick administrators into executing commands.

Although no direct attack vector was identified for other OSes, the potential for social engineering remains a concern. Rated Low severity, this flaw affects Tomcat 11.0.0-M1 to 11.0.10, 10.1.0-M1 to 10.1.44, and 9.0.0.40 to 9.0.108, plus select EOL versions like 8.5.60 to 8.5.100.

Identified by Elysee Franchuk of MOBIA Technology Innovations, the issue arises from unescaped logs, allowing control sequences to influence terminal behavior without authentication.

CVE ID	Severity	Affected Versions	CVSS Score	Technical Description	Credit
CVE-2025-55754	Low	11.0.0-M1 to 11.0.10 10.1.0-M1 to 10.1.44 9.0.0.40 to 9.0.108	N/A (Low)	Unescaped ANSI sequences in logs enable console/clipboard manipulation on Windows; potential command trickery via crafted URLs.	Elysee Franchuk (MOBIA) lists.apache

Experts note that while less critical, combining this with other flaws could amplify threats in console-monitored setups.

Mitigations

Apache urges users to upgrade to mitigated versions: Tomcat 11.0.11, 10.1.45, or 9.0.109 and later, which address both vulnerabilities through enhanced URL handling and log escaping.

Organizations should audit configurations, particularly those enabling PUT requests alongside rewrites, to prevent RCE chains. Given Tomcat’s prevalence in Java-based applications, unpatched instances could face targeted attacks, echoing earlier exploits like CVE-2025-24813.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Apache Tomcat Security Vulnerabilities Expose Servers to Remote Code Execution Attacks appeared first on Cyber Security News.

¶¶¶¶¶

Vulnerability Breakdown

Mitigations

OpenVPN – Script Injection Attack

Patch Released With OpenVPN 2.7_beta2

Directory Traversal Flaw Enables RCE

Console Manipulation Through Log Escapes

Mitigations