Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw

April 8, 2025

Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes.
The vulnerability, tracked as CVE-2024-48887, carries a CVSS score of 9.3 out of a maximum of 10.0.
“An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker to modify

Source: Read More

Previous ArticleMicrosoft Patch Tuesday April 2025: One Zero-Day, 11 High-Risk Flaws

Next Article Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal

Highlights

CVE-2025-30675 – Apache CloudStack Access Control Bypass Vulnerability

June 10, 2025

CVE ID : CVE-2025-30675

Published : June 11, 2025, 12:15 a.m. | 1 hour, 35 minutes ago

Description : In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource Admin can exploit this issue by intentionally specifying the ‘domainid’ parameter along with the ‘filter=self’ or ‘filter=selfexecutable’ values. This allows the attacker to gain unauthorized visibility into templates and ISOs under the ROOT domain.

A malicious admin can enumerate and extract metadata of templates and ISOs that belong to unrelated domains, violating isolation boundaries and potentially exposing sensitive or internal configuration details.

This vulnerability has been fixed by ensuring the domain resolution strictly adheres to the caller’s scope rather than defaulting to the ROOT domain.

Affected users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw

GPT-5 is Coming: Revolutionizing Software Testing

Win the Accessibility Game: Combining AI with Human Judgment

CVE-2025-49130 – Laravel Translation Manager Stored Cross-Site Scripting Vulnerability

OpenLiteSpeed – HTTP server

Grafana Patches XSS (CVE-2025-6023) and Open Redirect (CVE-2025-6197) Flaws in Recent Security Release

CVE-2025-47712 – “nbdkit Blocksize Filter Denial of Service Vulnerability”

CVE-2025-30675 – Apache CloudStack Access Control Bypass Vulnerability

Samsung offers enticing preorder deal for new Galaxy foldable phones ahead of July Unpacked

799 rejections… but he got the job! Braydon Coyer developer interview [Podcast #179]

Build multi-agent systems with LangGraph and Amazon Bedrock

Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw

Related Posts