U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini
U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog July 08, 2025

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Multi-Router Looking Glass (MRLG), PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite (ZCS) flaws to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Multi-Router Looking Glass (MRLG), PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite (ZCS) flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Below are the descriptions for these flaws:

  • CVE-2014-3931 (CVSS score: 9.8) Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
  • CVE-2016-10033 (CVSS score: 9.8) PHPMailer Command Injection Vulnerability
  • CVE-2019-5418 (CVSS score: 7.5) Rails Ruby on Rails Path Traversal Vulnerability
  • CVE-2019-9621 (CVSS score: 7.5) Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability

CVE-2014-3931 vulnerability in MRLG (Multi-Router Looking Glass) resides in the fastping.c component before version 5.5.0, and allows remote attackers to perform an arbitrary memory write, leading to memory corruption.

CVE-2016-10033 vulnerability was discovered by the notorious security expert Dawid Golunski from Legal Hackers, it could be exploited by a remote unauthenticated attacker to execute arbitrary code in the context of the web server and compromise the target web application. The CVE-2016-10033 affects all versions of the library before the PHPMailer 5.2.18 release.

CVE-2019-5418 vulnerability in Action View (a component of Ruby on Rails) is a File Content Disclosure issue that affects multiple versions. An attacker can send specially crafted Accept headers (used for content negotiation in HTTP requests) that manipulate the way Action View resolves templates. This can trick the framework into rendering arbitrary files from the server’s filesystem, including secret configuration files, and /etc/passwd.

CVE-2019-9621 vulnerability impacts Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3. The flaw allows SSRF via the ProxyServlet component.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix the vulnerabilities by July 28, 2025.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)




Source link