Security Vulnerabilities - CVEs Published In June 2025
Memory corruption while processing I2C settings in Camera driver.
CVSS Score
6.6
EPSS Score
0.001
Published
2025-06-03
Memory corruption while handling test pattern generator IOCTL command.
CVSS Score
6.6
EPSS Score
0.001
Published
2025-06-03
Memory corruption may occur while processing the OIS packet parser.
CVSS Score
6.6
EPSS Score
0.001
Published
2025-06-03
Memory corruption may occur while attaching VM when the HLOS retains access to VM.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-06-03
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute arbitrary functions, though it does not allow user supplied parameters only single functions can be called so the impact is limited.
CVSS Score
5.6
EPSS Score
0.005
Published
2025-06-03
CVE-2025-5419
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
8.8
EPSS Score
0.035
Published
2025-06-03
Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
8.8
EPSS Score
0.004
Published
2025-06-03
An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.
CVSS Score
9.1
EPSS Score
0.004
Published
2025-06-02
An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-06-02
Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-06-02