Multiple Critical Vulnerabilities Disclosed Across Major Software and Hardware Platforms
Several critical vulnerabilities have been disclosed affecting a range of widely used software frameworks and hardware platforms. Notable issues include a critical flaw in the Apache bRPC framework (CVE-2025-59789) that exposes high-performance systems to crash risks, a high-severity unauthenticated XXE vulnerability in GeoServer (CVE-2025-58360) enabling file theft and SSRF, and a critical SQL injection vulnerability in Devolutions Server (CVE-2025-13757) that allows authenticated attackers to steal all stored passwords. Additional disclosures include a proof-of-concept exploit for a Windows Administrator Protection elevation of privilege vulnerability (CVE-2025-60718), a critical boot process compromise in Snapdragon 8 Gen 3 and 5G modems (CVE-2025-47372), and a flaw in Apache Kvrocks that allows privilege escalation via the 'RESET' command.
A separate high-severity vulnerability (CVE-2025-61618) was identified in Unisoc T8100/T9100/T8200/T8300 chipsets, affecting Android devices and allowing remote denial of service through improper input validation in the NR modem. These vulnerabilities collectively highlight the ongoing risk posed by both software and hardware flaws, with several enabling remote code execution, privilege escalation, or denial of service. Organizations using affected products should prioritize patching and mitigation efforts to reduce exposure to these critical threats.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Unisoc improper input validation flaw CVE-2025-61618 reported
A vulnerability entry for CVE-2025-61618 was published describing an improper input validation issue affecting multiple Unisoc chipsets, including the T8100, T9100, T8200, and T8300.
PoC exploits released for Windows EoP CVE-2025-60718
Proof-of-concept exploit code was released for CVE-2025-60718, a Windows Administrator Protection elevation-of-privilege vulnerability, increasing the technical detail available for potential exploitation.
Apache bRPC crash-risk flaw CVE-2025-59789 disclosed
A critical vulnerability in the Apache bRPC framework, CVE-2025-59789, was publicly reported as exposing affected high-performance systems to crash risks.
Devolutions Server SQL injection CVE-2025-13757 disclosed
A critical authenticated SQL injection vulnerability in Devolutions Server, tracked as CVE-2025-13757, was reported as potentially allowing attackers to steal all stored passwords.
GeoServer XXE flaw CVE-2025-58360 disclosed
A high-severity GeoServer vulnerability, CVE-2025-58360, was disclosed as an unauthenticated XML External Entity injection issue that could enable file theft and SSRF attacks.
Apache Kvrocks RESET command flaw disclosed
A critical vulnerability affecting Apache Kvrocks was publicly reported, describing a flaw in the RESET command that could grant administrative privileges to an attacker.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
CVE-2025-59789: Critical Flaw in Apache bRPC Framework Exposes High-Performance Systems to Crash Risks
securityonline.info
Open sourceHigh-Severity GeoServer Flaw (CVE-2025-58360) Allows Unauthenticated XXE for File Theft and SSRF
securityonline.info
Open sourceCritical Devolutions Server Flaw (CVE-2025-13757) Allows Authenticated SQL Injection to Steal All Passwords
securityonline.info
Open sourceCVE-2025-61618: cwe-20 Improper Input Validation in Unisoc (Shanghai) Technologies Co., Ltd. T8100/T9100/T8200/T8300
radar.offseq.com
Open sourcePoC Exploit Releases for CVE-2025-60718 – Windows Administrator Protection Elevation of Privilege Vulnerability
securityonline.info
Open sourceCritical Alert: Apache Kvrocks ‘RESET’ Command Flaw Grants Admin Privileges
securityonline.info
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Multiple Critical Vulnerabilities in Popular Enterprise Software and Devices
Several critical vulnerabilities have been disclosed in widely used enterprise products, each posing significant security risks. A flaw in ASUSTOR devices (CVE-2025-13051) allows local attackers to escalate privileges to SYSTEM via DLL hijacking, potentially granting full control over affected systems. Separately, Apache Causeway is impacted by a remote code execution vulnerability (CVE-2025-64408) that enables authenticated attackers to execute arbitrary code through Java deserialization, threatening the integrity of applications built on this framework. Additionally, the D-Link DIR-878 router, now at end-of-life, contains three unpatched remote code execution flaws that allow unauthenticated attackers to run commands remotely, leaving users exposed with no forthcoming security updates. Apache Tomcat is also affected by a critical path traversal vulnerability (CVE-2025-55752), which can be exploited under certain rewrite configurations to access sensitive directories, especially when HTTP PUT is enabled. Organizations using these products should urgently assess their exposure and apply mitigations or seek alternatives where patches are unavailable.
Mar 21, 2026
Multiple Critical Vulnerabilities Disclosed Across Popular Software Platforms
Several critical vulnerabilities have been disclosed affecting a range of widely used software platforms, including the Linux InputPlumber component, Apache Uniffle, legacy Vivotek cameras, Ubuntu Linux Kernel, Apache Struts 2, and React Router. Each vulnerability presents unique risks, such as remote code execution, information disclosure, privilege escalation, and unauthorized access, potentially impacting both enterprise and consumer environments. Security advisories urge immediate attention to patching and mitigation, as attackers could exploit these flaws to compromise systems, intercept sensitive data, or disrupt operations. The Ubuntu Linux Kernel advisory details multiple CVEs affecting various LTS versions, with potential impacts including denial of service, elevation of privilege, and information disclosure. Other reports highlight specific vulnerabilities: InputPlumber flaws could allow hijacking of Linux gaming sessions, Apache Uniffle and Struts 2 flaws expose clusters and data to eavesdropping and leakage, React Router's CVE-2025-61686 could lead to server file exposure, and unpatched Vivotek cameras are broadcasting live video feeds publicly. Organizations are advised to review vendor advisories and apply security updates promptly to mitigate these threats.
Mar 21, 2026Multiple Critical Vulnerabilities Disclosed Across Popular Software Platforms
A series of critical vulnerabilities have been disclosed affecting a wide range of popular software platforms, including WordPress plugins, web frameworks, developer tools, and enterprise applications. Notable issues include unauthenticated remote code execution (RCE) flaws in Next.js (CVE-2025-66478), WordPress core (CVE-2025-6389), and the ACF Extended plugin (CVE-2025-13486), as well as privilege escalation and authentication bypass vulnerabilities in the WP Directory Kit plugin (CVE-2025-13390) and cPanel. Several of these vulnerabilities are reported to be under active exploitation, with proof-of-concept code available for some, increasing the urgency for immediate patching and mitigation. Other significant disclosures include a high-severity flaw in Vim for Windows (CVE-2025-66476) allowing arbitrary code execution, a critical SQL injection chain in Synology BeeStation, and a directory traversal vulnerability in cPanel that could lead to full server takeover. Additional advisories cover issues in lz4-java, Longwatch OT surveillance, Django, Elementor, Apache Struts, nopCommerce, and OpenVPN, with many rated as critical or high severity by CVSS. Organizations are strongly advised to review affected products and apply security updates promptly to mitigate the risk of exploitation.
Mar 21, 2026