cve 2025 42701

Siemens has disclosed a serious vulnerability in the Interniche TCP/IP stack that underpins networking in a broad array of industrial devices and controllers; the flaw (tracked as CVE‑2025‑40820) can allow an unauthenticated remote attacker who can inject spoofed IP packets at precisely timed...

A newly recorded Linux-kernel vulnerability, tracked as CVE-2025-40202, fixes a fragile implementation in the IPMI user-message accounting that could lead to improper counting and a use‑after‑free; maintainers reworked the receive-side allocation and reference‑counting so user‑message limits are...

The Linux kernel vulnerability tracked as CVE-2025-39850 — a NULL-pointer dereference in the VXLAN implementation when handling FDB nexthop objects under the vxlan "proxy" option — has been fixed upstream, and Microsoft’s public attestation currently lists Azure Linux as a product that “includes...

CrowdStrike has issued urgent fixes for two medium‑severity flaws in the Falcon sensor for Windows — tracked as CVE‑2025‑42701 and CVE‑2025‑42706 — that, while not enabling initial remote compromise, permit a local attacker who already has code execution on a host to delete arbitrary files and...

CrowdStrike has published fixes for two medium‑severity vulnerabilities in the Falcon Windows Sensor that could allow an attacker who already has local code execution to delete arbitrary files on Windows hosts — the issues are tracked as CVE‑2025‑42701 (a TOCTOU race condition) and...