June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
CVE-2025-41235 – VMware Spring Cloud Gateway Server Vulnerability
May 30, 2025
Spear-Phishing Campaign Drops NetBird RAT on Financial Targets – Active IOCs
May 30, 2025
CVE-2025-41235 – VMware Spring Cloud Gateway Server Vulnerability
May 30, 2025
Spear-Phishing Campaign Drops NetBird RAT on Financial Targets – Active IOCs
May 30, 2025
Severity
High
Analysis Summary
CVE-2025-48734 CVSS:8.8
Apache Commons BeanUtils could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw when accessing enum properties in an uncontrolled way.
CVE-2025-27528 CVSS:9.1
Apache InLong could allow a remote attacker to bypass the security mechanisms of JDBC and read arbitrary files, caused by an unsafe deserialization flaw.
CVE-2025-27526 CVSS:6.5
Apache InLong could allow a remote attacker to bypass URLEncdoe and backspace, caused by an unsafe deserialization flaw.
CVE-2025-27522 CVSS:6.5
Apache InLong could allow a remote attacker to perform a secondary mining bypass, caused by an unsafe deserialization flaw.
Impact
- Code Execution
- Security Bypass
Indicators of Compromise
CVE
CVE-2025-48734
CVE-2025-27528
CVE-2025-27526
CVE-2025-27522
Affected Vendors
Apache
Affected Products
- Apache Commons BeanUtils - 1.0 - 2.0.0-M1
- Apache InLong - 1.13.0 - 2.1.0
Remediation
Refer to Apache Website for patch, upgrade, or suggested workaround information.
