Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2025
CVE-2025-53803
Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-09-09
CVE-2025-53796
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-09-09
CVE-2025-53797
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-09-09
CVE-2025-53798
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-09-09
CVE-2025-49734
Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.001
Published
2025-09-09
CVE-2025-47997
Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-09-09
CVE-2025-49692
Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-09-09
CVE-2025-47579
Deserialization of Untrusted Data vulnerability in ThemeGoods Photography photography allows Object Injection.This issue affects Photography: from n/a through <= 7.7.2.
CVSS Score
9.0
EPSS Score
0.001
Published
2025-09-09
CVE-2025-55147
CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute sensitive actions on behalf of the victim user. User interaction is required
CVSS Score
8.8
EPSS Score
0.004
Published
2025-09-09
CVE-2025-55148
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
CVSS Score
7.6
EPSS Score
0.019
Published
2025-09-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved