Top 10 CVEs 2025 – January-February
| SL.NO | CVE | Vulnerability | Vendor | Service | Version | CVSS | Severity |
| 1 | CVE-2025-0316 | authentication bypass | Chimpstudio | WP Directory box Manager | 3.1 | 9.8 | CRITICAL |
| 2 | CVE-2025-24370 | XSS, DoS, and Authentication Bypass | Adamghill | Django-unicorn | 4.0 | 9.3 | CRITICAL |
| 3 | CVE-2025-23196 | Code Injection | Apache Software Foundation | Apache Ambari | <2.7.9 | 8.8 | HIGH |
| 4 | CVE-2025-26768 | CSRF to Stored XSS | what3words | Driver Lite – Google Drive Plugin | <= 4.0.15 | 7.1 | HIGH |
| 5 | CVE-2025-1099 | Information Disclosure | TP-Link | Tapo C500 V1 Wi-Fi Camera | <=1.1.4 | 7.0 | HIGH |
| 6 | CVE-2025-0486 | SQL injection | Fanli2012 | native-php-cms | 4.0 | 6.9 | MEDIUM |
| 7 | CVE-2025-0693 | Possible Username Enumeration | AWS | AWS Sign-in IAM Login Flow | All | 6.9 | MEDIUM |
| 8 | CVE-2025-22676 | Cross-site scripting (XSS) | Upcasted | AWS S3 for WordPress Plugin | <= 3.0.3 | 6.5 | MEDIUM |
| 9 | CVE-2025-27016 | Stored Cross-Site Scripting (XSS) | awsm.in | Drivr Lite – Google Drive Plugin | 1.0.1 | 6.5 | MEDIUM |
| 10 | CVE-2025-23206 | IAM OIDC custom resource allows connection to unauthorized OIDC provider in aws-cdk | AWS | aws-cdk | < 2.177.0 | 1.8 | LOW |
Description
- CVE-2025-0316
The WP Directorybox Manager plugin for WordPress has a vulnerability that allows for authentication bypass in versions up to and including 2.5. This issue arises from improper authentication in the function ‘wp_dp_enquiry_agent_contact_form_submit_callback.’ As a result, unauthenticated attackers can gain access as any existing user on the site, including administrators, if they know the username.
References:
- CVE-2025-24370
Django-Unicorn introduces modern reactive component capabilities to Django templates. However, certain versions of Django-Unicorn are susceptible to a python class pollution vulnerability. This issue stems from the core functionality called `set_property_value`, which can be exploited by users who craft specific component requests and manipulate the second and third parameters of the vulnerable function. This can lead to arbitrary alterations in the Python runtime environment. Our investigation has uncovered at least five distinct methods of exploiting this vulnerability, consistently resulting in attacks such as Cross-Site Scripting (XSS), Denial of Service (DoS), and Authentication Bypass in nearly all applications using Django-Unicorn. This problem has been resolved in version 0.62.0, and it is strongly recommended that all users upgrade. Currently, there are no known workarounds for this vulnerability.
References:
https://github.com/adamghill/django-unicorn/security/advisories/GHSA-g9wf-5777-gq43
- CVE-2025-23196
A code injection vulnerability has been identified in the Ambari Alert Definition feature, which allows authenticated users to inject and execute arbitrary shell commands. This issue occurs when defining alert scripts, as the script filename field is executed using `sh -c`. An attacker with authenticated access could take advantage of this vulnerability to insert malicious commands, resulting in remote code execution on the server. The development team has addressed this issue in the latest versions of Ambari.
References:
https://lists.apache.org/thread/70g1l5lxvko7kvhyxmtmklhhfrlon837
- CVE-2025-26768
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the what3words Address Field, which can lead to Stored XSS attacks. This issue impacts versions ranging from n/a up to 4.0.15 of the what3words Address Field.
References:
- CVE-2025-1099
This vulnerability is present in the Tapo C500 Wi-Fi camera due to the hard-coded RSA private key embedded in its firmware. An attacker with physical access to the device could take advantage of this flaw to extract the cryptographic private keys. With these keys in hand, they could carry out impersonation, decrypt data, and conduct man-in-the-middle attacks on the targeted device.
References:
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0017
- CVE-2025-0486
A critical vulnerability has been identified in Fanli2012 native-php-cms version 1.0. This issue affects an unspecified function within the file /fladmin/login.php. Specifically, exploiting the “username” argument can lead to SQL injection attacks. The attack can be executed remotely, and the details about the exploit have been made public, meaning it could potentially be used by malicious actors.
References:
- CVE-2025-0693
Inconsistent response times during the AWS Sign-in IAM user login process made it possible for attackers to employ brute force enumeration techniques to discover valid IAM usernames within any AWS account.
References:
https://aws.amazon.com/security/security-bulletins/AWS-2025-002
- CVE-2025-22676
A vulnerability known as “Improper Neutralization of Input During Web Page Generation,” commonly referred to as Cross-site Scripting (XSS), has been identified in the Upcasted AWS S3 for WordPress Plugin. This flaw allows for Stored XSS attacks. The issue affects versions from n/a up to 3.0.3 of the AWS S3 for WordPress Plugin – Upcasted.
References:
- CVE-2025-27016
A vulnerability known as ‘Cross-site Scripting’ (XSS) has been identified in the awsm.in Drivr Lite – Google Drive Plugin, allowing for stored XSS attacks. This issue affects versions of Drivr Lite – Google Drive Plugin from n/a up to 1.0.1
References:
- CVE-2025-23206
The AWS Cloud Development Kit (AWS CDK) is an open-source framework that allows developers to define cloud infrastructure using code and provision it via AWS CloudFormation. When users employ the IAM OIDC custom resource provider package, they will download CA thumbprints as part of the custom resource process. However, a notable security concern arises from the fact that the current `tls.connect` method always sets `rejectUnauthorized: false`.
References:
https://github.com/aws/aws-cdk/security/advisories/GHSA-v4mq-x674-ff73
Identify vulnerabilities, implement security measures, and respond to security breaches.