2025-12-14 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2025-14542 | undefined - undefined | The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual (e.g., one defining an HTTP tool call), earning the clients’ trust, a malicious provider can later change the manual to exploit the client. | CVSS3.1: 7.5 - HIGH | 0 1 | Exploitation: pocAutomatable: noTechnical Impact: total | Command execution in python-utcp allows attackers to achieve remote code execution when fetching a remote Manual from a malicious endpoint | github |
This post is licensed under CC BY 4.0 by the author.