Warning of some serious vulnerabilities that can be exploited for data mining

Accordingly, the software security vulnerability on the Email service: CVE-2025-59689 - Libraesva Email Security Gateway remote command injection vulnerability.

An attacker could exploit the vulnerability by injecting a command that could be triggered by an email containing a specially crafted compressed attachment, allowing the execution of arbitrary commands as an unprivileged user.

This happens because the file scanning process does not use the method of removing executable code from files in some compressed archive formats.

This security vulnerability affects Libraesva ESG versions starting from version 4.5 up to version 5.0.31.

The Cyber ​​Security and Cybercrime Prevention Department recommends: Libraesva has released an emergency and automatic release for all customers to install ESG 5.x and no further action is required.

For customers using version 4.x, please update manually according to the following detailed instructions: https://docs.libraesva.com/document/migration/libraesva-esg-4-x-to-5-x-migration-guide/

PoC Review: The vulnerability does not have a public PoC yet.

Along with that, the software security vulnerability on the browser: CVE-2025-11152 – Integer overflow vulnerability causes escape from Sandbox on Firefox.

This vulnerability allows sandbox escape via integer overflow in Graphics: Canvas2D component, which can lead to serious security consequences such as accessing sensitive data from memory, possibly reading/writing other memory areas (memory corruption), leading to data disclosure or execution of malicious code.

The vulnerability affects Firefox versions 143.0.3 and below.

Mozzilla has fixed this vulnerability in Firefox version 143.0.3 users are advised to update to this version or a later version to mitigate the risk.

The fix has been incorporated into many Linux distributions, with Libuntu and Debian providing updated packages. Update details: https://www.mozilla.org/en-US/security/advisorieti/mfsa2025-BO/

In particular, vulnerabilities in old TP-Link Router devices also cause serious security problems.

Many old TP-Link Router models currently being used in agencies and units have stopped supporting Firmware updates or stopped providing services (End-of-Life/End-of-Service) from the manufacturer such as: TP-Link TL-WR740N, TP-Link TL-WR841N, TP-Link TL-WR940N, TP-Link Archer C50, TP-Link Archer C20, TP-Link TL-WR1043ND, TP-Link TL-MR3420...

Serious security vulnerabilities exist on these devices that will never be patched and become easy targets for cyber attacks.

Common vulnerabilities on these devices include: Command Injection, Buffer Qverflow, Authentication Bypass, and Remote Code Execution (RCE) bugs.

The above vulnerabilities can allow attackers to perform dangerous actions such as: Taking complete control of the Router; stealing login information, data transmitted over the network; redirecting users to phishing websites; creating botnets to perform distributed denial of service (DDoS) attacks; deploying malware into the internal network.

The Cyber ​​Security and High-Tech Crime Prevention Department said that instructions on how to fix security vulnerabilities for TP-Link Router devices have stopped supporting, fixing security vulnerabilities cannot be done by updating software, but requires more drastic measures.

Accordingly, make a list of all TP-Link Router devices being used in the agency or unit.

Check Model and Firmware: Identify the exact model and firmware version of each device.

Check support status: Visit TP-Link's official website to check the support status (End-of-Life/End-of-Service) of each model.

For all TP-Link Router models that have been identified as having lost support for firmware updates, it is mandatory to replace them with newer Router devices.

Network Segmentation: If possible, segment the internal network to isolate critical systems and minimize the possibility of spread if a part of the network is compromised; Ensure firewalls are tightly configured, allowing only necessary connections and blocking unused ports/services; Intrusion Detection/Prevention Systems (IDS/IPS): Deploy IDS/IPS solutions to monitor network traffic and detect signs of attacks.

To prevent these risks, the Department of Cyber ​​Security and High-Tech Crime Prevention recommends that agencies, businesses, organizations and individuals properly implement the above instructions and notes to promptly detect and overcome risks, and prevent data mining attacks.

Source: https://baovanhoa.vn/nhip-song-so/canh-bao-mot-so-lo-hong-nghiem-trong-co-the-tan-cong-khai-thac-du-lieu-180611.html