Multiple Critical Vulnerabilities in Popular Enterprise Software and Devices
Several critical vulnerabilities have been disclosed in widely used enterprise products, each posing significant security risks. A flaw in ASUSTOR devices (CVE-2025-13051) allows local attackers to escalate privileges to SYSTEM via DLL hijacking, potentially granting full control over affected systems. Separately, Apache Causeway is impacted by a remote code execution vulnerability (CVE-2025-64408) that enables authenticated attackers to execute arbitrary code through Java deserialization, threatening the integrity of applications built on this framework.
Additionally, the D-Link DIR-878 router, now at end-of-life, contains three unpatched remote code execution flaws that allow unauthenticated attackers to run commands remotely, leaving users exposed with no forthcoming security updates. Apache Tomcat is also affected by a critical path traversal vulnerability (CVE-2025-55752), which can be exploited under certain rewrite configurations to access sensitive directories, especially when HTTP PUT is enabled. Organizations using these products should urgently assess their exposure and apply mitigations or seek alternatives where patches are unavailable.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Apache Causeway RCE flaw CVE-2025-64408 disclosed
A critical vulnerability in Apache Causeway, tracked as CVE-2025-64408, was reported as enabling authenticated remote code execution through Java deserialization. The reference presents this as a newly reported vulnerability disclosure.
ASUSTOR privilege-escalation flaw CVE-2025-13051 disclosed
A critical vulnerability report described CVE-2025-13051 in ASUSTOR products, allowing local DLL hijacking that could lead to SYSTEM-level privilege escalation. The reference does not provide a separate patch or vendor response date.
D-Link DIR-878 reaches end of life with 3 unpatched RCE flaws reported
A report disclosed that the D-Link DIR-878 had reached end of life while three unauthenticated remote code execution vulnerabilities remained unpatched. The issue highlights continued exposure for users of the unsupported device.
Apache Tomcat path traversal flaw CVE-2025-55752 disclosed
A vulnerability report was published describing CVE-2025-55752, a path traversal vulnerability affecting Apache Tomcat. No additional remediation or exploitation details are provided in the reference.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Critical ASUSTOR Flaw (CVE-2025-13051) Allows Local DLL Hijacking for SYSTEM Privilege Escalation
securityonline.info
Open sourceCritical Apache Causeway RCE Flaw (CVE-2025-64408) Allows Authenticated Code Execution via Java Deserialization
securityonline.info
Open sourceD-Link DIR-878 Reaches EOL: 3 Unpatched RCE Flaws Allow Unauthenticated Remote Command Execution
securityonline.info
Open sourceCVE-2025-55752: Apache Tomcat Path Traversal Vulnerability
indusface.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Multiple Critical Vulnerabilities Disclosed Across Major Software and Hardware Platforms
Several critical vulnerabilities have been disclosed affecting a range of widely used software frameworks and hardware platforms. Notable issues include a critical flaw in the Apache bRPC framework (CVE-2025-59789) that exposes high-performance systems to crash risks, a high-severity unauthenticated XXE vulnerability in GeoServer (CVE-2025-58360) enabling file theft and SSRF, and a critical SQL injection vulnerability in Devolutions Server (CVE-2025-13757) that allows authenticated attackers to steal all stored passwords. Additional disclosures include a proof-of-concept exploit for a Windows Administrator Protection elevation of privilege vulnerability (CVE-2025-60718), a critical boot process compromise in Snapdragon 8 Gen 3 and 5G modems (CVE-2025-47372), and a flaw in Apache Kvrocks that allows privilege escalation via the 'RESET' command. A separate high-severity vulnerability (CVE-2025-61618) was identified in Unisoc T8100/T9100/T8200/T8300 chipsets, affecting Android devices and allowing remote denial of service through improper input validation in the NR modem. These vulnerabilities collectively highlight the ongoing risk posed by both software and hardware flaws, with several enabling remote code execution, privilege escalation, or denial of service. Organizations using affected products should prioritize patching and mitigation efforts to reduce exposure to these critical threats.
Mar 21, 2026
Multiple Critical Vulnerabilities Disclosed Across Popular Software Platforms
Several critical vulnerabilities have been disclosed affecting a range of widely used software platforms, including the Linux InputPlumber component, Apache Uniffle, legacy Vivotek cameras, Ubuntu Linux Kernel, Apache Struts 2, and React Router. Each vulnerability presents unique risks, such as remote code execution, information disclosure, privilege escalation, and unauthorized access, potentially impacting both enterprise and consumer environments. Security advisories urge immediate attention to patching and mitigation, as attackers could exploit these flaws to compromise systems, intercept sensitive data, or disrupt operations. The Ubuntu Linux Kernel advisory details multiple CVEs affecting various LTS versions, with potential impacts including denial of service, elevation of privilege, and information disclosure. Other reports highlight specific vulnerabilities: InputPlumber flaws could allow hijacking of Linux gaming sessions, Apache Uniffle and Struts 2 flaws expose clusters and data to eavesdropping and leakage, React Router's CVE-2025-61686 could lead to server file exposure, and unpatched Vivotek cameras are broadcasting live video feeds publicly. Organizations are advised to review vendor advisories and apply security updates promptly to mitigate these threats.
Mar 21, 2026Multiple Critical Vulnerabilities Disclosed Across Popular Software Platforms
A series of critical vulnerabilities have been disclosed affecting a wide range of popular software platforms, including WordPress plugins, web frameworks, developer tools, and enterprise applications. Notable issues include unauthenticated remote code execution (RCE) flaws in Next.js (CVE-2025-66478), WordPress core (CVE-2025-6389), and the ACF Extended plugin (CVE-2025-13486), as well as privilege escalation and authentication bypass vulnerabilities in the WP Directory Kit plugin (CVE-2025-13390) and cPanel. Several of these vulnerabilities are reported to be under active exploitation, with proof-of-concept code available for some, increasing the urgency for immediate patching and mitigation. Other significant disclosures include a high-severity flaw in Vim for Windows (CVE-2025-66476) allowing arbitrary code execution, a critical SQL injection chain in Synology BeeStation, and a directory traversal vulnerability in cPanel that could lead to full server takeover. Additional advisories cover issues in lz4-java, Longwatch OT surveillance, Django, Elementor, Apache Struts, nopCommerce, and OpenVPN, with many rated as critical or high severity by CVSS. Organizations are strongly advised to review affected products and apply security updates promptly to mitigate the risk of exploitation.
Mar 21, 2026