Security Vulnerabilities - CVEs Published In June 2025
CVE-2025-5086
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.
Known exploited
CVSS Score
9.0
EPSS Score
0.421
Published
2025-06-02
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
CVSS Score
6.5
EPSS Score
0.006
Published
2025-06-02
Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.
CVSS Score
6.5
EPSS Score
0.006
Published
2025-06-02
Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter.
CVSS Score
7.5
EPSS Score
0.039
Published
2025-06-02
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-06-02
In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user.
CVSS Score
4.3
EPSS Score
0.003
Published
2025-06-02
In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents.
CVSS Score
8.0
EPSS Score
0.002
Published
2025-06-02
An issue was discovered in Samsung Mobile Processor Exynos 2200. A Use-After-Free in the mobile processor leads to privilege escalation.
CVSS Score
6.5
EPSS Score
0.003
Published
2025-06-02
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.
CVSS Score
6.5
EPSS Score
0.006
Published
2025-06-02
A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-06-02