All news with #idis tag

IDIS ICM Viewer Argument Injection Vulnerability Reported

🔒 An argument injection vulnerability (CWE-88) in ICM Viewer v1.6.0.10 (CVE-2025-12556) could allow remote attackers to execute arbitrary code on the host system. CISA assigns a CVSS v3 score of 8.8 and a CVSS v4 score of 8.7, noting remote exploitability with low attack complexity and limited privileges required. IDIS requires immediate upgrade to v1.7.1 or uninstallation; Claroty Team82 researchers reported the issue and CISA reports no known public exploitation to date.