Aggregator

Submit #634309 / VDB-321541

A vulnerability categorized as problematic has been discovered in Google Android 12/12L/13/14/15. This affects an unknown part of the component avdtp/avctp. Executing manipulation can lead to Local Privilege Escalation. This vulnerability is tracked as CVE-2025-0079. The attack is restricted to local execution. No exploit exists. It is advisable to implement a patch to correct this issue.

A vulnerability was found in Google Android 12/12L. It has been rated as critical. Affected by this issue is the function btif_hh_hsdata_rpt_copy_cb of the file bta_hh.cc. Performing manipulation results in use after free. This vulnerability is identified as CVE-2023-21125. The attack is only possible with local access. There is not any exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in Google Android 12/12L/13/14/15. It has been declared as problematic. Affected by this vulnerability is the function checkWhetherCallingAppHasAccess of the file DownloadProvider.java. Such manipulation leads to information disclosure. This vulnerability is referenced as CVE-2025-26417. The attack can only be performed from a local environment. No exploit is available. A patch should be applied to remediate this issue.

A vulnerability was found in Google Android and classified as problematic. This impacts an unknown function of the file hyp-main.c. The manipulation results in information disclosure. This vulnerability was named CVE-2025-22413. The attack needs to be approached locally. There is no available exploit. Applying a patch is advised to resolve this issue.

A vulnerability was found in Google Android 12/12L/13/14/15. It has been classified as problematic. Affected is an unknown function of the component URI Encoding. This manipulation causes information disclosure. The identification of this vulnerability is CVE-2025-0083. The attack can only be executed locally. There is no exploit available. It is suggested to install a patch to address this issue.

A vulnerability has been found in Google Android 15 and classified as problematic. This affects the function hidd_check_config_done of the file hidd_conn.cc. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-22407. Local access is required to approach this attack. No exploit exists. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Agiloft 28/29. The impacted element is an unknown function of the component HTTP Connection Handler. Executing manipulation can lead to download of code without integrity check. This vulnerability is handled as CVE-2025-35115. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Google Android 12/12L/13/14/15. The affected element is the function onResult of the file AccountManagerService.java. Performing manipulation results in information disclosure. This vulnerability is known as CVE-2025-0086. Attacking locally is a requirement. No exploit is available. Applying a patch is the recommended action to fix this issue.

A vulnerability classified as critical has been found in Google Android 15. This issue affects the function bnepu_check_send_packet of the file bnep_utils.cc. This manipulation causes use after free. This vulnerability appears as CVE-2025-22406. The attack requires local access. There is no available exploit. To fix this issue, it is recommended to deploy a patch.

A vulnerability classified as problematic was found in Agiloft 28/29/30. Impacted is an unknown function of the component EUI Template Engine. Such manipulation leads to improper neutralization of special elements used in a template engine. This vulnerability is traded as CVE-2025-35113. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Buttercup: Open-source AI-driven system detects and patches vulnerabilities Buttercup is a free, automated, AI-powered platform that finds and fixes vulnerabilities in open-source software. Developed by Trail of Bits, it recently earned second place in DARPA’s AI Cyber Challenge (AIxCC). EntraGoat: Vulnerable Microsoft Entra ID infrastructure to simulate identity security misconfigurations EntraGoat is a purpose-built tool that sets … More →

The post Hottest cybersecurity open-source tools of the month: August 2025 appeared first on Help Net Security.

A vulnerability described as problematic has been identified in Google Android 12/12L/13/14/15. This vulnerability affects unknown code of the file StatusHint.java. The manipulation results in information disclosure. This vulnerability is reported as CVE-2025-0082. The attack requires a local approach. No exploit exists. A patch should be applied to remediate this issue.

A vulnerability marked as critical has been reported in Google Android 12/12L/13/14/15. This affects the function main of the file main.cpp of the component SELinux. The manipulation leads to improper access controls. This vulnerability is documented as CVE-2025-0078. The attack needs to be performed locally. There is not any exploit available. It is suggested to install a patch to address this issue.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-08-27, 84 days ago. The vendor is given until 2025-12-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-08-27, 84 days ago. The vendor is given until 2025-12-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-08-27, 84 days ago. The vendor is given until 2025-12-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus (@gothburz) and Brandon Niemczyk of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-08-27, 85 days ago. The vendor is given until 2025-12-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus (@gothburz) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-08-27, 90 days ago. The vendor is given until 2025-12-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

株式会社ディー・オー・エスが提供するSS1には、複数の脆弱性が存在します。