CVE-2025-5304 - PT Project Notebooks WordPress Privilege Escalation
CVE ID : CVE-2025-5304
Published : June 28, 2025, 6:15 a.m. | 2 hours, 2 minutes ago
Description : The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5304
Published : June 28, 2025, 6:15 a.m. | 2 hours, 2 minutes ago
Description : The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6755 - WordPress Game Users Share Buttons Plugin Remote Code Execution and File Deletion Vulnerability
CVE ID : CVE-2025-6755
Published : June 28, 2025, 6:15 a.m. | 2 hours, 2 minutes ago
Description : The Game Users Share Buttons plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaxDeleteTheme() function in all versions up to, and including, 1.3.0. This makes it possible for Subscriber-level attackers to add arbitrary file paths (such as ../../../../wp-config.php) to the themeNameId parameter of the AJAX request, which can lead to remote code execution.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6755
Published : June 28, 2025, 6:15 a.m. | 2 hours, 2 minutes ago
Description : The Game Users Share Buttons plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaxDeleteTheme() function in all versions up to, and including, 1.3.0. This makes it possible for Subscriber-level attackers to add arbitrary file paths (such as ../../../../wp-config.php) to the themeNameId parameter of the AJAX request, which can lead to remote code execution.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-38084 - Linux Kernel Hugetlb Racy Protection Vulnerability
CVE ID : CVE-2025-38084
Published : June 28, 2025, 8:15 a.m. | 4 hours, 2 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, __split_vma() triggers hugetlb page table unsharing through vm_ops->may_split(). This happens before the VMA lock and rmap locks are taken - which is too early, it allows racing VMA-locked page faults in our process and racing rmap walks from other processes to cause page tables to be shared again before we actually perform the split. Fix it by explicitly calling into the hugetlb unshare logic from __split_vma() in the same place where THP splitting also happens. At that point, both the VMA and the rmap(s) are write-locked. An annoying detail is that we can now call into the helper hugetlb_unshare_pmds() from two different locking contexts: 1. from hugetlb_split(), holding: - mmap lock (exclusively) - VMA lock - file rmap lock (exclusively) 2. hugetlb_unshare_all_pmds(), which I think is designed to be able to call us with only the mmap lock held (in shared mode), but currently only runs while holding mmap lock (exclusively) and VMA lock Backporting note: This commit fixes a racy protection that was introduced in commit b30c14cd6102 ("hugetlb: unshare some PMDs when splitting VMAs"); that commit claimed to fix an issue introduced in 5.13, but it should actually also go all the way back. [jannh@google.com: v2]
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-38084
Published : June 28, 2025, 8:15 a.m. | 4 hours, 2 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, __split_vma() triggers hugetlb page table unsharing through vm_ops->may_split(). This happens before the VMA lock and rmap locks are taken - which is too early, it allows racing VMA-locked page faults in our process and racing rmap walks from other processes to cause page tables to be shared again before we actually perform the split. Fix it by explicitly calling into the hugetlb unshare logic from __split_vma() in the same place where THP splitting also happens. At that point, both the VMA and the rmap(s) are write-locked. An annoying detail is that we can now call into the helper hugetlb_unshare_pmds() from two different locking contexts: 1. from hugetlb_split(), holding: - mmap lock (exclusively) - VMA lock - file rmap lock (exclusively) 2. hugetlb_unshare_all_pmds(), which I think is designed to be able to call us with only the mmap lock held (in shared mode), but currently only runs while holding mmap lock (exclusively) and VMA lock Backporting note: This commit fixes a racy protection that was introduced in commit b30c14cd6102 ("hugetlb: unshare some PMDs when splitting VMAs"); that commit claimed to fix an issue introduced in 5.13, but it should actually also go all the way back. [jannh@google.com: v2]
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-38085 - Linux Kernel: Huge Page Table Unshare Race Condition Vulnerability
CVE ID : CVE-2025-38085
Published : June 28, 2025, 8:15 a.m. | 4 hours, 2 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in which unrelated VMAs can afterwards be installed. If this happens in the middle of a concurrent gup_fast(), gup_fast() could end up walking the page tables of another process. While I don't see any way in which that immediately leads to kernel memory corruption, it is really weird and unexpected. Fix it with an explicit broadcast IPI through tlb_remove_table_sync_one(), just like we do in khugepaged when removing page tables for a THP collapse.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-38085
Published : June 28, 2025, 8:15 a.m. | 4 hours, 2 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in which unrelated VMAs can afterwards be installed. If this happens in the middle of a concurrent gup_fast(), gup_fast() could end up walking the page tables of another process. While I don't see any way in which that immediately leads to kernel memory corruption, it is really weird and unexpected. Fix it with an explicit broadcast IPI through tlb_remove_table_sync_one(), just like we do in khugepaged when removing page tables for a THP collapse.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-38086 - "NetChip Ch9200 Uninitialized Memory Access Vulnerability"
CVE ID : CVE-2025-38086
Published : June 28, 2025, 8:15 a.m. | 4 hours, 2 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read() utilises a local buffer called "buff", which is initialised with control_read(). However "buff" is conditionally initialised inside control_read(): if (err == size) { memcpy(data, buf, size); } If the condition of "err == size" is not met, then "buff" remains uninitialised. Once this happens the uninitialised "buff" is accessed and returned during ch9200_mdio_read(): return (buff[0] | buff[1] << 8); The problem stems from the fact that ch9200_mdio_read() ignores the return value of control_read(), leading to uinit-access of "buff". To fix this we should check the return value of control_read() and return early on error.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-38086
Published : June 28, 2025, 8:15 a.m. | 4 hours, 2 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read() utilises a local buffer called "buff", which is initialised with control_read(). However "buff" is conditionally initialised inside control_read(): if (err == size) { memcpy(data, buf, size); } If the condition of "err == size" is not met, then "buff" remains uninitialised. Once this happens the uninitialised "buff" is accessed and returned during ch9200_mdio_read(): return (buff[0] | buff[1] << 8); The problem stems from the fact that ch9200_mdio_read() ignores the return value of control_read(), leading to uinit-access of "buff". To fix this we should check the return value of control_read() and return early on error.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5937 - WordPress MicroPayments Fans Paysite CSRF Vulnerability
CVE ID : CVE-2025-5937
Published : June 28, 2025, 8:15 a.m. | 4 hours, 2 minutes ago
Description : The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the adminOptions() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5937
Published : June 28, 2025, 8:15 a.m. | 4 hours, 2 minutes ago
Description : The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the adminOptions() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6816 - HDF5 Heap-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-6816
Published : June 28, 2025, 8:15 a.m. | 4 hours, 2 minutes ago
Description : A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6816
Published : June 28, 2025, 8:15 a.m. | 4 hours, 2 minutes ago
Description : A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6817 - HDF5 Resource Consumption Denial of Service
CVE ID : CVE-2025-6817
Published : June 28, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6817
Published : June 28, 2025, 12:15 p.m. | 4 hours, 3 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1991 - IBM Informix Dynamic Server Denial of Service Buffer Overflow
CVE ID : CVE-2025-1991
Published : June 28, 2025, 1:15 p.m. | 3 hours, 3 minutes ago
Description : IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1991
Published : June 28, 2025, 1:15 p.m. | 3 hours, 3 minutes ago
Description : IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-28902 - Skoda MIB3 Infotainment Unit Integer Underflow Denial-of-Service Vulnerability
CVE ID : CVE-2023-28902
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : An integer underflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause denial-of-service of the infotainment system. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-28902
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : An integer underflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause denial-of-service of the infotainment system. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-28903 - MIB3 Infotainment Unit Integer Overflow Denial-of-Service
CVE ID : CVE-2023-28903
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-28903
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-28904 - MIB3 Infotainment Unit Bootloader Boot Process Code Execution Vulnerability
CVE ID : CVE-2023-28904
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : A logic flaw leading to a RAM buffer overflow in the bootloader component of the MIB3 infotainment unit allows an attacker with physical access to the MIB3 ECU to bypass firmware signature verification and run arbitrary code in the infotainment system at boot process.
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-28904
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : A logic flaw leading to a RAM buffer overflow in the bootloader component of the MIB3 infotainment unit allows an attacker with physical access to the MIB3 ECU to bypass firmware signature verification and run arbitrary code in the infotainment system at boot process.
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-28905 - Skoda MIB3 Infotainment Unit Heap Buffer Overflow
CVE ID : CVE-2023-28905
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-28905
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-28906 - Skoda MIB3 Infotainment Command Injection Vulnerability
CVE ID : CVE-2023-28906
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : A command injection in the networking service of the MIB3 infotainment allows an attacker already presenting in the system to escalate privileges and obtain administrative access to the system. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-28906
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : A command injection in the networking service of the MIB3 infotainment allows an attacker already presenting in the system to escalate privileges and obtain administrative access to the system. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-28907 - Skoda Superb III MIB3 CAN Bus CPU Core Isolation Bypass
CVE ID : CVE-2023-28907
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : There is no memory isolation between CPU cores of the MIB3 infotainment. This fact allows an attacker with access to the main operating system to compromise the CPU core responsible for CAN message processing. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-28907
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : There is no memory isolation between CPU cores of the MIB3 infotainment. This fact allows an attacker with access to the main operating system to compromise the CPU core responsible for CAN message processing. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-28908 - Volkswagen MIB3 Bluetooth Integer Overflow Vulnerability
CVE ID : CVE-2023-28908
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow when receiving non-fragmented HCI packets on a channel. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-28908
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow when receiving non-fragmented HCI packets on a channel. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-28909 - Skoda MIB3 Bluetooth Integer Overflow Remote Code Execution Vulnerability
CVE ID : CVE-2023-28909
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : A specific flaw exists within the Bluetooth stack of the MIB3 unit. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow when receiving fragmented HCI packets on a channel. An attacker can leverage this vulnerability to bypass the MTU check on a channel with enabled fragmentation. Consequently, this can lead to a buffer overflow in upper layer profiles, which can be used to obtain remote code execution. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-28909
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : A specific flaw exists within the Bluetooth stack of the MIB3 unit. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow when receiving fragmented HCI packets on a channel. An attacker can leverage this vulnerability to bypass the MTU check on a channel with enabled fragmentation. Consequently, this can lead to a buffer overflow in upper layer profiles, which can be used to obtain remote code execution. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-28910 - Skoda MIB3 Bluetooth Stack Assertion Bypass Vulnerability
CVE ID : CVE-2023-28910
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag eventually leading to bypassing assertion functions. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-28910
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag eventually leading to bypassing assertion functions. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-28911 - Skoda MIB3 Bluetooth Stack Channel Disconnection Denial-of-Service Vulnerability
CVE ID : CVE-2023-28911
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary channel disconnection. An attacker can leverage this vulnerability to cause a denial-of-service attack for every connected client of the infotainment device. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-28911
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary channel disconnection. An attacker can leverage this vulnerability to cause a denial-of-service attack for every connected client of the infotainment device. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-28912 - Skoda MIB3 In-vehicle Contact Data Disclosure
CVE ID : CVE-2023-28912
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an attacker with either code execution privilege on the system or physical access to the system to obtain vehicle owner's contact data. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-28912
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an attacker with either code execution privilege on the system or physical access to the system to obtain vehicle owner's contact data. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-29113 - Volkswagen Skoda MIB3 Privilege Escalation Vulnerability
CVE ID : CVE-2023-29113
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : The MIB3 infotainment unit used in Skoda and Volkswagen vehicles does not incorporate any privilege separation for the proprietary inter-process communication mechanism, leaving attackers with presence in the system an ability to undermine access control restrictions implemented at the operating system level. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-29113
Published : June 28, 2025, 4:15 p.m. | 4 hours, 3 minutes ago
Description : The MIB3 infotainment unit used in Skoda and Volkswagen vehicles does not incorporate any privilege separation for the proprietary inter-process communication mechanism, leaving attackers with presence in the system an ability to undermine access control restrictions implemented at the operating system level. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...