Sign up to save your podcasts
Or
Share SANS Stormcast Thursday, June 26th, 2025: Another Netscaler Vuln; CentOS Web Panel Vuln; IP Based Certs
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
SANS Stormcast Thursday, June 26th, 2025: Another Netscaler Vuln; CentOS Web Panel Vuln; IP Based Certs
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543
Citrix patched a memory overflow vulnerability leading to unintended control flow and denial of service.
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788
Remote code execution in CentOS Web Panel - CVE-2025-48703
An arbitrary file upload vulnerability in the user (not admin) part of Web Panel can be used to execute arbitrary code
https://fenrisk.com/rce-centos-webpanel
Gogs Arbitrary File Deletion Vulnerability
Due to the insufficient patch for the CVE-2024-39931, it's still possible to delete files under the .git directory and achieve remote command execution.
https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7
Let s Encrypt Will Soon Issue IP Address-Based Certs
Let s Encrypt is almost ready to issue certificates for IP address SANs from Let's Encrypt's production environment. They'll only be available under the short-lived profile (which has a 6-day validity period), and that profile will remain allowlist-only for a while.
https://community.letsencrypt.org/t/getting-ready-to-issue-ip-address-certificates/238777
View all episodes
By Johannes B. Ullrich
4.9
629629 ratings
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543
Citrix patched a memory overflow vulnerability leading to unintended control flow and denial of service.
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788
Remote code execution in CentOS Web Panel - CVE-2025-48703
An arbitrary file upload vulnerability in the user (not admin) part of Web Panel can be used to execute arbitrary code
https://fenrisk.com/rce-centos-webpanel
Gogs Arbitrary File Deletion Vulnerability
Due to the insufficient patch for the CVE-2024-39931, it's still possible to delete files under the .git directory and achieve remote command execution.
https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7
Let s Encrypt Will Soon Issue IP Address-Based Certs
Let s Encrypt is almost ready to issue certificates for IP address SANs from Let's Encrypt's production environment. They'll only be available under the short-lived profile (which has a 6-day validity period), and that profile will remain allowlist-only for a while.
https://community.letsencrypt.org/t/getting-ready-to-issue-ip-address-certificates/238777
More shows like SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
View all
Security Now (Audio)
1,982 Listeners
Risky Business
364 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
371 Listeners
Hacked
181 Listeners
CyberWire Daily
1,017 Listeners
Smashing Security
317 Listeners
Click Here
407 Listeners
Darknet Diaries
7,912 Listeners
Cybersecurity Today
163 Listeners
CISO Series Podcast
190 Listeners
Hacking Humans
311 Listeners
Defense in Depth
76 Listeners
Cyber Security Headlines
128 Listeners
Risky Bulletin
43 Listeners
Hacker And The Fed
168 Listeners