< ciso
brief />
Tag Banner

All news with #authentication bypass tag

344 articles · page 18 of 18

Pre-auth Exploit Chains Found in Commvault Releases

🔒 Commvault has released fixes for four vulnerabilities in versions prior to 11.36.60 that could enable unauthenticated attackers to achieve remote code execution. The flaws include an unauthenticated API access bug, a setup-time default credential exposure, a path traversal allowing filesystem access, and command-line argument injection that can elevate low-privilege sessions. Patches are available in 11.32.102 and 11.36.60; Commvault SaaS is not affected.
read more →

Siemens Mendix SAML Module: Signature Verification Flaw

⚠️ The Siemens Mendix SAML module contains an improper verification of cryptographic signature that can be exploited remotely and has been assigned CVE-2025-40758 with a CVSS v3.1 base score of 8.7. Affected versions prior to V3.6.21, V4.0.3, and V4.1.2 (depending on Mendix compatibility) may allow unauthenticated attackers to hijack accounts in specific SSO configurations. Siemens recommends updating to the fixed versions, enabling UseEncryption, and reducing network exposure using firewalls and secure VPNs.
read more →

Rockwell FactoryTalk Linx Access Control Flaw Risk

⚠️ Rockwell Automation's FactoryTalk Linx contains an improper access control vulnerability in the Network Browser that can be triggered by changing process.env.NODE_ENV to 'development', which disables FTSP token validation. An attacker with local access could create, modify, or delete Linx drivers on affected systems running versions prior to 6.50. The issue is tracked as CVE-2025-7972 (CVSS v4: 8.4) and Rockwell advises updating to 6.50 or applying recommended mitigations and network isolation.
read more →

Siemens RUGGEDCOM ROX II Authentication Bypass Advisory

⚠️ Siemens reported an authentication bypass vulnerability in the RUGGEDCOM ROX II family that permits bypassing authentication via the device Built-In-Self-Test (BIST) mode. An attacker with physical serial access could obtain a root shell (CVE-2025-40761); a CVSS v4 base score of 8.6 has been assigned. No patch is available; recommended mitigations include setting secure boot passwords and isolating devices from untrusted networks.
read more →