A critical denial-of-service vulnerability in HashiCorp Vault could allow malicious actors to overwhelm servers with specially crafted JSON payloads, leading to excessive resource consumption and rendering Vault instances unresponsive. 

Tracked as CVE-2025-6203 and published on August 28, 2025, the flaw affects both Vault Community and Enterprise editions from version 1.15.0 up to several patched releases. 

Operators are urged to upgrade to Vault 1.20.3 (Community and Enterprise), 1.19.9, 1.18.14, or 1.16.25 to mitigate the issue.

Memory-Based DoS Vulnerability

Vault’s audit devices are responsible for logging every request interaction before completing the request. 

A malicious user can submit a payload that meets the default max_request_size limit (32 MiB by default) but leverages deeply nested JSON structures or excessive entries to force extreme CPU and memory usage in the audit subroutine. 

As the JSON parser recurses through long string values or high object entry counts, memory consumption spikes, triggering timeouts and causing the Vault server to become unresponsive.

HashiCorp has introduced new listener configuration options to further harden Vault against abusive JSON payloads. The TCP listener may now be configured with:

• max_json_depth: Maximum nesting depth for JSON objects.
• max_json_string_value_length: Maximum length for string values.
• max_json_object_entry_count: Maximum number of key/value pairs in an object.
• max_json_array_element_count: Maximum elements in a JSON array.

Operators can find detailed guidance in the API documentation for listener parameters and the Vault upgrade guide.

HashiCorp acknowledges Darrell Bethea, Ph.D., of Indeed for responsibly reporting this vulnerability.

Mitigations

To remediate CVE-2025-6203, customers should upgrade to one of the patched versions: Vault Community Edition 1.20.3 or Vault Enterprise editions 1.20.3, 1.19.9, 1.18.14, or 1.16.25. 

Upgrading will enable built-in limits on JSON payload complexity, preventing the excessive recursion that triggers the Denial of Service. 

Administrators are also encouraged to review their max_request_size settings and apply listener-level constraints to JSON parsing as part of a defense-in-depth strategy.

Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.

The post HashiCorp Vault Vulnerability Let Attackers to Crash Servers appeared first on Cyber Security News.

A critical flaw in the Mobile Security Framework (MobSF) has been discovered, allowing authenticated attackers to upload and execute malicious files by exploiting improper path validation. 

The vulnerability, present in version 4.4.0 and patched in 4.4.1, underscores the importance of rigorous sanitization when handling user‐supplied file paths and archives.

Key Takeaways
1. MobSF v4.4.0 allowed attackers to exploit file path flaws to access sensitive files.
2. These vulnerabilities risked data leaks and system corruption.
3. Update and secure the platform.

Directory Traversal Vulnerability (CVE-2025-58161)

The first issue resides in the download handler implemented in MobSF/views/home.py. The function naively strips the /download/ prefix and concatenates the remaining string to the configured settings.DWD_DIR using Python’s Path API:

Here, is_safe_path() uses os.path.commonprefix() to verify that the resolved check_path begins with the safe_root. 

However, since commonprefix compares raw strings, a sibling directory named /home/mobsf/.MobSF/downloads_bak is incorrectly considered inside /home/mobsf/.MobSF/downloads. By issuing a request like:

An attacker can retrieve any file with an allowed extension from the sibling directory. 

This Directory Traversal vulnerability (CVE-2025-58161) carries a Low severity rating (CVSS 3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N) and affects all installations using version 4.4.0 of the mobsf package.

Absolute Path Slip Vulnerability

A second, more severe weakness (CVE-2025-58162) affects the AR archive extraction logic in mobsf/StaticAnalyzer/views/common/shared_func.py. 

The ar_extract() function decodes each archive member name and filters only for relative‐path traversals (.., %2e%2e, etc.), neglecting absolute filenames:

When filtered begins with /, Path(dst) / filtered resolves to the absolute path. An attacker-controlled .a archive containing a member like /home/mobsf/.MobSF/db.sqlite3 results in overwriting the database file outside the intended static_objects directory. 

Demonstrations showed that uploading a crafted archive triggers a server error and corrupts the SQLite database, leading to malfunctioning scans and potential Stored XSS by tampering with static templates.

This Moderate severity flaw (CVSS 3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H) enables arbitrary file writes under the MobSF process’s privileges, risking distortion of analysis results, integrity compromise, and service disruption.

Mitigation 

Credit for discovering these vulnerabilities goes to Vasily Leshchenko (Solar AppSec) and the reporter noname1337h1. 

Both issues have been addressed in MobSF 4.4.1. Users should upgrade immediately. Recommended fixes include:

• Rejecting absolute paths by normalizing input with os.path.isabs() checks.
• Using os.path.commonpath() instead of commonprefix() for robust directory boundary enforcement.
• Ensuring archive extraction always verifies that normalized target paths remain under the intended root.

Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.

The post MobSF Security Testing Tool Vulnerability Let Attackers Upload Malicious Files appeared first on Cyber Security News.

Multiple critical vulnerabilities in Qualcomm Technologies’ proprietary Data Network Stack and Multi-Mode Call Processor that permit remote attackers to execute arbitrary code. 

These flaws, tracked as CVE-2025-21483 and CVE-2025-27034, each carry a CVSS score of 9.8 and exploit buffer-corruption weaknesses to compromise device security.

Key Takeaways
1. CVE-2025-21483 & CVE-2025-27034 allow remote RCE.
2. Affects Snapdragon 8 Gen1/Gen2, FastConnect, X55, IoT/automotive chips.
3. Patch now and filter RTP/PLMN traffic.

CVE-2025-21483: Remote Heap Buffer Overflow 

The most severe issue, CVE-2025-21483, resides in Qualcomm’s Real-time Transport Protocol (RTP) packet reassembly within the Data Network Stack & Connectivity module. 

An attacker can send a malicious RTP packet that triggers a heap-based buffer overflow (CWE-119) by overrunning the NALU reassembly buffer. 

With a remote access vector and no user interaction required, this vulnerability enables full control over affected chipsets, including Snapdragon 8 Gen1, Snapdragon 8 Gen2, FastConnect 7800, and dozens more. 

Once exploited, arbitrary code execution at the kernel level can occur, compromising data confidentiality, integrity, and availability.

CVE-2025-27034: Improper Array Index Validation Flaw

Equally critical is CVE-2025-27034, which stems from an improper validation of an array index (CWE-129) in the Multi-Mode Call Processor. 

Attackers can craft a malformed Public Land Mobile Network (PLMN) selection response that corrupts memory during index parsing. 

The flaw’s remote access vector and lack of privilege requirements make it exploitable over the network. 

Affected platforms include the Snapdragon X55 5G Modem-RF System, Snapdragon 8 Gen1, QCM5430, and numerous IoT and automotive modems. Successful exploitation leads to arbitrary code execution with escalated privileges.

Mitigations 

Qualcomm has issued patches for both vulnerabilities, distributing updates directly to OEMs and urging immediate deployment. 

The recommended countermeasure is to integrate the proprietary software updates provided in the September 2025 Security Bulletin and verify the presence of hardened bounds-checking routines. 

Device manufacturers must ensure timely firmware upgrades to eliminate attack vectors in CVE-2025-21483’s RTP parser and CVE-2025-27034’s array index logic.

Security researchers emphasize the necessity of monitoring CVSS strings and employing network filtering as an interim safeguard. 

Administrators should block unexpected RTP streams and PLMN selection traffic until patched firmware is installed. Additionally, implementing strict SELinux policies on Android platforms can further constrain exploit attempts.

Stakeholders are advised to audit firmware versions, apply patches immediately, and maintain vigilant network monitoring to defend against these high-severity exploits.

Qualcomm customers and device end-users should contact their manufacturers or visit Qualcomm’s support portal for detailed patch instructions and chipset coverage details.

Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.

The post Critical Qualcomm Vulnerabilities Allow Attackers to Execute Arbitrary Code Remotely appeared first on Cyber Security News.