SANS Stormcast Thursday, June 26th, 2025: Another Netscaler Vuln; CentOS Web Panel Vuln; IP Based Certs
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 26 June 2025
⏱️ 6 minutes
🧾️ Download transcript
Summary
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543
Citrix patched a memory overflow vulnerability leading to unintended control flow and denial of service.
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788
Remote code execution in CentOS Web Panel - CVE-2025-48703
An arbitrary file upload vulnerability in the user (not admin) part of Web Panel can be used to execute arbitrary code
https://fenrisk.com/rce-centos-webpanel
Gogs Arbitrary File Deletion Vulnerability
Due to the insufficient patch for the CVE-2024-39931, it's still possible to delete files under the .git directory and achieve remote command execution.
https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7
Let s Encrypt Will Soon Issue IP Address-Based Certs
Let s Encrypt is almost ready to issue certificates for IP address SANs from Let's Encrypt's production environment. They'll only be available under the short-lived profile (which has a 6-day validity period), and that profile will remain allowlist-only for a while.
https://community.letsencrypt.org/t/getting-ready-to-issue-ip-address-certificates/238777
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Thursday, June 26, 2025 edition of the Sands Internet Storm Centers. |
| 0:07.8 | Stormcast, my name is Johannes Ulrich, and this episode brought you by the Sands.edu graduate certificate program in cybersecurity engineering is recorded in Stockholm, Germany. |
| 0:20.8 | And yes, we do have an other vulnerability from Citrix, Citrix NetScaler. |
| 0:26.7 | I just talked about a warnability that allowed session credentials to leak a couple days ago. |
| 0:34.1 | This one is just a denial of service warner still a critical CFSS score, and this |
| 0:41.8 | vulnerability apparently is already being exploited. Just like |
| 0:47.4 | the Session League vulnerability, this particular vulnerability affects any |
| 0:52.2 | net scaler that is configured as a gateway. |
| 0:55.8 | So a VPN virtual server and ICA proxy, CvPN, RDP proxy, |
| 1:02.5 | which is a very common configuration for these types of devices. |
| 1:07.8 | So definitely pay attention to this. |
| 1:09.6 | Also, end-of-life versions of NetSkila are vulnerable, |
| 1:14.1 | but of course there's no patch necessarily available for them. Paches have been made available now |
| 1:19.5 | for the currently supported versions, and you should definitely be applying them quickly, |
| 1:24.5 | given that this vulnerability may already be exploited. |
| 1:29.7 | And companies that offer servers for rent often use a software package called WebPanel |
| 1:36.5 | in order to manage SendOS servers. This package has two parts. One is the admin part, that only administrator is supposed to log into and, of course, gains |
| 1:48.7 | administrator privileges to the server. |
| 1:52.1 | And then there is a user panel that the user can use to essentially manage their own website |
| 1:59.4 | on that particular server. |
| 2:01.1 | And the intent is that you have multiple users share the server and WebPenel is supposed to |
| 2:07.5 | keep those users apart, which of course is always a little bit tricky. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.