Full Disclosure Mailing List

A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

List Archives

Latest Posts

Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS) Gynvael Coldwind (Oct 15)
Vendor Response Pattern

Hi Christopher,

Vendor is correct with this one. The problem isn't the vendor's site – it's
that the browser is already pwned with the malicious browser extension
(this is site-agnostic).
You've mentioned "No user interaction required beyond normal application
usage.", but having "Malicious browser extension" installed is anything but
normal application usage.

This is not a...

Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS) Christopher Dickinson via Fulldisclosure (Oct 13)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com

CVE Identifiers

* CVE-2025-[PENDING] - Excessive Data Exposure / JWT Token Leakage
* CVE-2025-[PENDING] - Broken Object Level Authorization (IDOR)
* CVE-2025-[PENDING] - Unrestricted Resource Consumption (DoS)

Executive Summary
This security advisory details three significant vulnerabilities discovered in the Suno.com web application and API
infrastructure on October 9,...

[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal SBA Research Security Advisory via Fulldisclosure (Oct 13)
# Checkmk Path Traversal #

Link: https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250730-01_Checkmk_Path_Traversal

## Vulnerability Overview ##

Checkmk in versions before 2.4.0p13, 2.3.0p38 and 2.2.0p46, as well as since
version 2.1.0b1 is prone to a path traversal vulnerability in the report
scheduler. Due to an insufficient validation of a file name input, users can
store reports in arbitrary locations on the server.

*...

[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files SBA Research Security Advisory via Fulldisclosure (Oct 13)
# Checkmk Agent Privilege Escalation via Insecure Temporary Files #

Link:
https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250724-01_Checkmk_Agent_Privilege_Escalation_via_Insecure_Temporary_Files

## Vulnerability Overview ##

The `win_license` plugin as included in Checkmk agent for Windows versions
before 2.4.0p13, 2.3.0p38 and 2.2.0p46, as well as since version 2.1.0b2 and
2.0.0p28 allows low privileged users to escalate...

CVE-2025-59397 - Open Web Analytics SQL Injection Seralys Research Team via Fulldisclosure (Oct 08)
Seralys Security Advisory | https://www.seralys.com/research
======================================================================
Title: SQL Injection Vulnerability
Product: Open Web Analytics (OWA)
Affected: Confirmed on 1.8.0 (older versions likely affected)
Fixed in: 1.8.1
Vendor: Open Web Analytics (open-source)
Discovered: August 2025
Severity: HIGH
CWE: CWE-89: SQL Injection
CVE: CVE-2025-59397...

Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft josephgoyd via Fulldisclosure (Oct 07)
The GitHub link has a write up on the attack-chain. Along with the CNVD certs that were issued for validation.

https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201

Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft full (Oct 07)
Substack is down. If there is a replacement, it is appreciated.

-x9p

Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFER whitelisting goes black on Windows 11 Stefan Kanthak via Fulldisclosure (Oct 07)
On a fresh installation of the just released Windows 11 25H2 the former file
%SystemRoot%\System32\SecurityHealth\10.0.27840.1000-0\SecurityHealthHost.exe
is %SystemRoot%\System32\SecurityHealthHost.exe now, but the BUG persists:

| svchost.exe (PID = 9876) identified \\?\C:\Windows\System32\SecurityHealthHost.exe
| as Disallowed using default rule, Guid = {11015445-d282-4f86-96a2-9e485f593302}

stay tuned, and far away from bug-riddled Windows...

Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) josephgoyd via Fulldisclosure (Oct 02)
Updated repo location: https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201

Working exploit:
https://www.dropbox.com/scl/fi/ech6wdnpnyscbfiu2o8zh/IMG_1118.png?rlkey=jna5uo6aihs6tfbwtsk8fw7em&st=8c56raq8&dl=0

Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft josephgoyd via Fulldisclosure (Oct 02)
Updated repo location: https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201

Working exploit:
https://www.dropbox.com/scl/fi/oerpnhq1ui3xfswsszfh2/Audio-clip.amr?rlkey=7n54m1o84poezyipxvd2f9slx&st=b1tkonvr&dl=0

Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib Ron E (Sep 30)
A denial-of-service vulnerability exists in Samtools and the underlying
HTSlib when processing BED files containing extremely large interval
values. The bed_index_core() function in bedidx.c uses the interval end
coordinate to calculate allocation size without sufficient validation. By
supplying a BED record with a crafted end coordinate (e.g., near 2^61), an
attacker can trigger uncontrolled memory allocation requests via
hts_resize_array_()....

Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow Ron E (Sep 30)
In the samtools coverage subcommand, the -w / --n-bins option allows the
user to specify how many “bins” to produce in the coverage histogram. The
code computes: stats[tid].bin_width = (stats[tid].end - stats[tid].beg) /
n_bins; When the number of bins (n_bins) is extremely large relative to the
region length (end - beg), this integer division can yield zero, or lead to
unexpected behavior in subsequent arithmetic. Later in print_hist(),...

libgeotiff 1.7.4 Heap Buffer Overflow in geotifcp (libgeotiff) During 8-to-4 Bit Downsample with Odd Image Width Ron E (Sep 30)
A heap buffer overflow vulnerability exists in the geotifcp utility,
distributed as part of libgeotiff. The flaw occurs in the function
cpContig2ContigByRow_8_to_4 when processing TIFF images with an odd
ImageWidth and using the -d option (downsampling from 8-bit to 4-bit).
During conversion, the function iterates over pixels in pairs and always
accesses buf_in[i_in+1]. When the width is odd, the last iteration
dereferences one byte past the...

APPLE-SA-09-29-2025-6 visionOS 26.0.1 Apple Product Security via Fulldisclosure (Sep 30)
APPLE-SA-09-29-2025-6 visionOS 26.0.1

visionOS 26.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125338.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: Apple Vision Pro
Impact: Processing a maliciously crafted font may lead to unexpected app
termination...

APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1 Apple Product Security via Fulldisclosure (Sep 30)
APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1

macOS Sonoma 14.8.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125330.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: macOS Sonoma
Impact: Processing a maliciously crafted font may lead to unexpected app...

More Lists

Dozens of other network security lists are archived at SecLists.Org.