Vulnerability Summary for the Week of March 10, 2025

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source Info
1E–1E Client	Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.	2025-03-12	7.8	CVE-2025-1683
274056675–springboot-openai-chatgpt	A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit of the file /api/blade-user/submit of the component User Handler. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.	2025-03-14	7.3	CVE-2025-2320
274056675–springboot-openai-chatgpt	A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been classified as critical. This affects an unknown part of the file /chat […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of March 10, 2025 Related Tags: Bulletins EN Post navigation ← ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More New Akira Ransomware Decryptor Leans on Nvidia GPU Power → Search for: Social Social Media Daily summary Weekly summary Privacy Policy Legal & Contact Contact Apps Advertising Daily Summary Enter your email address: GDPR compliance Categories Categories Log in Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Primary
Vendor — Product

Description

Published

CVSS Score

Source Info

1E–1E Client

Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.

2025-03-12

7.8

CVE-2025-1683

274056675–springboot-openai-chatgpt

A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit of the file /api/blade-user/submit of the component User Handler. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

2025-03-14

7.3

CVE-2025-2320

274056675–springboot-openai-chatgpt

A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been classified as critical. This affects an unknown part of the file /chat

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Bulletins

Read the original article:

Vulnerability Summary for the Week of March 10, 2025

← ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More

New Akira Ransomware Decryptor Leans on Nvidia GPU Power →

High Vulnerabilities

Read the original article:

Related

Post navigation