Security Vulnerabilities - CVEs Published In July 2025
A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/* endpoints are expected to enforce API key validation. However, the POST /invocations endpoint failed to do so, resulting in an authentication bypass. This vulnerability allows unauthorized users to access the same inference features available on protected endpoints, potentially exposing sensitive functionality or allowing unintended access to backend resources.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-07-01
A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial of service
CVSS Score
7.5
EPSS Score
0.005
Published
2025-07-01
zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-07-01
Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
CVSS Score
4.8
EPSS Score
0.003
Published
2025-07-01
A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.5. This issue affects the function amf_state_operational of the file src/amf/amf-sm.c of the component AMF Service. The manipulation leads to reachable assertion. It is possible to launch the attack on the local host. The identifier of the patch is 53e9e059ed96b940f7ddcd9a2b68cb512524d5db. It is recommended to apply a patch to fix this issue.
CVSS Score
4.8
EPSS Score
0.001
Published
2025-07-01
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router modules allows Resource Leak Exposure. This vulnerability is associated with program files router/phonebook/pbwork-queue.C.
This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVSS Score
5.4
EPSS Score
0.003
Published
2025-07-01
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure.
This vulnerability is associated with program files tr069/tr098.c.
This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVSS Score
5.4
EPSS Score
0.003
Published
2025-07-01
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure. This vulnerability is associated with program files tr069/tr069_uci.c.
This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVSS Score
5.4
EPSS Score
0.003
Published
2025-07-01
Out-of-bounds access in ASR180x 、ASR190x in lte-telephony, This vulnerability is associated with program files apps/lzma/src/LzmaEnc.c.
This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVSS Score
7.4
EPSS Score
0.003
Published
2025-07-01
Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (traffic_stat modules) allows Resource Leak Exposure. This vulnerability is associated with program files traffic_stat/traffic_service/traffic_service.C.
This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVSS Score
5.4
EPSS Score
0.003
Published
2025-07-01