
CVE-2025-25270 – Remote Code Execution via Unauthenticated Configuration Manipulation
https://notcve.org/view.php?id=CVE-2025-25270
08 Jul 2025 — An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations. • https://certvde.com/de/advisories/VDE-2025-019 • CWE-913: Improper Control of Dynamically-Managed Code Resources •

CVE-2025-42967 – Code Injection vulnerability in SAP S/4HANA and SAP SCM (Characteristic Propagation)
https://notcve.org/view.php?id=CVE-2025-42967
08 Jul 2025 — SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. • https://me.sap.com/notes/3618955 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-53540 – CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-53540
07 Jul 2025 — This allows an attacker to upload and execute arbitrary firmware, resulting in remote code execution (RCE). ... Esto permite a un atacante cargar y ejecutar firmware arbitrario, lo que resulta en la ejecución remota de código (RCE). • https://github.com/espressif/arduino-esp32/commit/f4fdecc60c465384e465a4b1d2bd1eac8f67912e • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2025-53536 – Roo Code allows Potential Remote Code Execution via .vscode/settings.json
https://notcve.org/view.php?id=CVE-2025-53536
07 Jul 2025 — Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with the php.validate.executablePath setting which lets you set the path for the php executable for syntax validation. The attacker could have written the path to an arbitrary command there and then created a php file to... • https://github.com/RooCodeInc/Roo-Code/commit/1be6fce1a6864ae63e8160b0666db2c647f2dbba • CWE-552: Files or Directories Accessible to External Parties •

CVE-2025-32023 – Redis allows out of bounds writes in hyperloglog commands leading to RCE
https://notcve.org/view.php?id=CVE-2025-32023
07 Jul 2025 — From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. • https://github.com/leesh3288/CVE-2025-32023 • CWE-680: Integer Overflow to Buffer Overflow •

CVE-2025-45479
https://notcve.org/view.php?id=CVE-2025-45479
07 Jul 2025 — Insufficient security mechanisms for created containers in educoder challenges v1.0 allow attackers to execute arbitrary code via injecting crafted content into a container. • https://github.com/YX-hueimie/CVE-Issues/blob/main/CVE-2025-45479.md •

CVE-2025-6812 – Parallels Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-6812
07 Jul 2025 — An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. •

CVE-2025-7223 – INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7223
07 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. •

CVE-2025-7224 – INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7224
07 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. •

CVE-2025-7225 – INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-7225
07 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. •