June 25, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
RedLine Stealer – Active IOCs
June 19, 2025Multiple D-Link Products Vulnerabilities
June 19, 2025RedLine Stealer – Active IOCs
June 19, 2025Multiple D-Link Products Vulnerabilities
June 19, 2025
Severity
High
Analysis Summary
CVE-2025-40592 CVSS:6.2
A vulnerability has been identified in Mendix Studio Pro. A zip path traversal vulnerability exists in the module installation process of Studio Pro. By crafting a malicious module and distributing it via (for example) the Mendix Marketplace, an attacker could write or modify arbitrary files in directories outside a developer’s project directory upon module installation.
CVE-2025-40591 CVSS:7.8
A vulnerability has been identified in RUGGEDCOM ROX. The 'Log Viewers' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute the 'tail' command with root privileges and disclose contents of all files in the filesystem.
Impact
- Data Manipulation
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-40592
CVE-2025-40591
Affected Vendors
Siemens
Affected Products
- Siemens RUGGEDCOM ROX II family
- Siemens Mendix Studio Pro 8
- Siemens Mendix Studio Pro 9
- Siemens Mendix Studio Pro 10
- Siemens Mendix Studio Pro 10.6
- Siemens Mendix Studio Pro 10.12
- Siemens Mendix Studio Pro 10.18
- Siemens Mendix Studio Pro 11
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.