An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.

The ABB Cylon controller suffers from an authenticated path traversal vulnerability. This can be exploited through the devName POST parameter in the ethernetUpdate.php script to write partially controlled content, such as IP address values, into arbitrary file paths, potentially leading to configuration tampering and system compromise including denial of service scenario through ethernet configuration backup file overwrite.

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

Threat Encyclopedia

1237211

EXPLOIT Fortinet FortiSIEM Pre-Auth Command Injection (CVE-2025-25256)

Critical

2025/09/25

1236127

ICS ABB Cylon Aspect 3.08.02 EthernetUpdate Authenticated Path Traversal (CVE-2024-51549)

High

2025/09/24

1237307

EXPLOIT TCPDUMP BGP Protocol Dissector Integer Overflow (CVE-2007-3798)

Critical

2025/09/23

2110362

MALWARE-FILE-TRANSFER TROJ_GEN.R002C0DGB25-2110362

High

2025/09/23