SB2025072409 - Multiple vulnerabilities in Tenable Identity Exposure

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025072409

SB2025072409 - Multiple vulnerabilities in Tenable Identity Exposure

Published: July 24, 2025

Security Bulletin ID SB2025072409
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 33% Medium 33% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Path traversal (CVE-ID: CVE-2025-4748)

The vulnerability allows a remote attacker to write arbitrary files to the system.

The vulnerability exists due to improper validation of .zip archives in the Erlang/OTP standard-library ZIP routines "zip:unzip/1,2" and "zip:extract/1,2". A remote attacker can pass a specially crafted .zip archive to the application and write files to arbitrary locations on the system. 


2) Improper Certificate Validation (CVE-ID: CVE-2025-4947)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to missing certificate validation for QUIC connections when connecting to a host specified as an IP address in the URL. A remote attacker can perform Man-in-the-middle (MitM) attack.

Note, successful exploitation of the vulnerability requires wolfSSL to be used as the TLS backend for QUIC to trigger.


3) Improper Certificate Validation (CVE-ID: CVE-2025-5025)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to libcurl does not perform pinning of the server certificate public key for HTTPS transfers when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. A remote attacker can perform Man-in-the-middle (MitM) attack and track the victim into connecting to a malicious server.


4) Infinite loop (CVE-ID: CVE-2025-5399)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the WebSocket code. A malicious web server can send a specially crafted packet to the libcurl application and perform a denial of service (DoS) attack.


5) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2025-23167)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP/1 headers in llhttp. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


6) Untrusted search path (CVE-ID: CVE-2025-30399)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to usage of an untrusted search path in .NET and Visual Studio. A remote attacker can execute arbitrary code on the target system.


Remediation

Install update from vendor's website.

References