Table of Contents

    About the Author

    Security Advisory

    Security Advisory

    The CyberMaxx team publishes weekly security advisories based on data and research found in the wild.

    More Articles

    Additional Resources:

    The Lockbit Leak Exposed: Secrets of a Ransomware Gang

    The Lockbit Leak Exposed: Secrets of a Ransomware Gang

    Cybersecurity News

    3 min read

    On-Demand Webinar: Improving Healthcare Cybersecurity So Patient Data Doesn’t End Up on the Dark Web

    On-Demand Webinar: Improving Healthcare Cybersecurity So Patient Data Doesn’t End Up on the Dark Web

    Videos And On-Demand Webinars

    1 min read

    In this week’s Security Advisory:

    • Apache Parquet Vulnerable to Remote Code Execution
    • Langflow Vulnerability Under Active Exploitation
    • Commvault Vulnerability Added to CISA KEV List
    • Proof-of-Concept Released for Samsung MagicInfo Vulnerability
    • OttoKit Plugin Vulnerable to Unauthenticated Admin Account Creation
    • Android Releases May Patch Cycle

    Apache Parquet Vulnerable to Remote Code Execution

    As an update to the previously released Advisory, there is now a Proof-of-Concept tool circulating for CVE-2025-30065. CyberMaxx strongly recommends patching this if you have not done so already.

    More Reading / Information

    Original Advisory:

    Apache Parquet is an open-source file format that enables efficient data storage and retrieval. It is typically used by multiple analytics tools and programming languages. The vulnerability, CVE-2025-30065 (CVSS 10/10), is a deserialization of untrusted data that affects the library’s Parquet-avro module. This vulnerability is executed when a system reads a crafted Parquet file, resulting in remote code execution.

    Affected Versions

    • Apache Parquet Java through 1.15.0.

    Recommendations

    • Upgrade to Apache Parquet version 1.15.1.

    More Reading / Information

    Langflow Vulnerability Under Active Exploitation

    Langflow is an open-source programming tool for building LLM-powered workflows using LangChain components. The tool is typically used for prototyping chatbots, data pipelines, agent systems, and AI applications. The vulnerability, CVE-2025-3248 (CVSS 9.8/10), allows an unauthenticated attacker to exploit code remotely and take full control of the Langflow servers.

    Affected Versions

    • Langflow versions before 1.3.0.

    Recommendations

    • Upgrade to Langflow version 1.4.0.
    • If you cannot upgrade to the safe version immediately, it is recommended that you restrict network access to Langflow by putting it behind a firewall or VPN.

    More Reading / Information

    Commvault Vulnerability Added to CISA KEV List

    Commvault has released an advisory for a vulnerability, CVE-2025-34028 (CVSS 10/10). This vulnerability allows a malicious actor to execute code remotely without authentication by uploading ZIP files to the Commvault Command Center. Successful exploitation could lead to a full compromise of the Commvault Command Center environment. Commvault makes no mention of this being exploited in the wild, however, CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) list.

    Affected Versions

    • Command Center versions 11.38.0 to 11.38.19 (only the Innovation Release).

    Recommendations

    • Upgrade to one of 11.38.20 and 11.38.25 (Innovation Update releases).

    More Reading / Information

    Proof-of-Concept Released for Samsung MagicInfo Vulnerability

    MagicInfo is a multi-purpose solution that can allow organizations to remotely manage specific content, data, and the device itself. The vulnerability, CVE-2024-7399 (CVSS 7.5/10), is exploitable due to the content management system not properly validating file extensions. This can allow an unauthenticated attacker to execute code remotely and write arbitrary files with system privileges.

    Affected Versions

    • MagicInfo 9 Server versions prior to 21.1050.

    Recommendations

    • Upgrade MagicINFO 9 Server version 21.1050 or newer.

    More Reading / Information

    OttoKit Plugin Vulnerable to Unauthenticated Admin Account Creation

    OttoKit is a WordPress plugin that allows site admins the ability to task items for automation and connect to different apps, websites, or other plugins. The vulnerability, CVE-2025-3102 (CVSS 8.1/10), allows an unauthenticated attacker to create admin accounts on the targeted website and completely take control. A patch was previously released for this, however, another vulnerability in the plugin, CVE-2025-27007 (CVSS 9.8/10), can allow unauthenticated attackers to escalate their privileges. A new patch covering both vulnerabilities has since been released.

    Affected Versions

    • All versions up to, and including, 1.0.82.

    Recommendations

    • Upgrade to OttoKit version 1.0.83.

    More Reading / Information

    Android Releases May Patch Cycle

    Android published its May Security Bulletin, which addressed over fifty vulnerabilities, one of which is under active exploitation. The exploited vulnerability is tracked as CVE-2025-27363 (CVSS 8.1/10). This vulnerability is an out-of-bounds write in the rendering engine of the FreeType software development library that could lead to remote code execution.

    Affected Versions

    • A full list of affected versions can be found here.

    Recommendations

    • Apply any relevant updates.

    More Reading / Information

    Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.