RSync: five security vulnerabilities have been identified in the RSync utility, a widely used tool for transferring and synchronising files across systems:
- CVE-2024-12084 – A ‘heap-based buffer overflow’ vulnerability with a CVSSv3 score of 9.8. When combined with CVE-2024-12085, it could enable remote code execution (RCE).
- CVE-2024-12085 – An ‘improper restriction of operations within the bounds of a memory buffer’ vulnerability, rated 7.5 on the CVSSv3 scale. When exploited alongside CVE-2024-12084, it could lead to RCE.
- CVE-2024-12086 – A ‘detection of error condition without action’ vulnerability with a CVSSv3 score of 6.1. Exploiting this flaw may allow an attacker to access and reconstruct sensitive data from client files.
- CVE-2024-12087 – A ‘path traversal’ vulnerability with a CVSSv3 score of 6.5. If exploited, it could allow an attacker to write malicious files to any location on a user's system.
- CVE-2024-12088 – Another ‘path traversal’ vulnerability, also rated 6.5 on the CVSSv3 scale. This flaw could enable an attacker to write files outside the intended directory, potentially placing malicious files on a user’s system.
F5 has released an overview of vulnerabilities for some of their networking products, including BIG-IP and BIG-IP Next. The overview of security advisories addresses 13 vulnerabilities rated as high impact, three rated as medium impact, and one as low impact.
One of the high-impact advisories concerns the command injection vulnerability CVE-2025-20029, which has a CVSSv4 score 8.7 and could allow an authenticated attacker to execute arbitrary system commands.
Cisco has released security updates to address vulnerabilities in its Nexus switches, including a high-severity command injection flaw. The critical vulnerability, identified as CVE-2025-20111, affects the health monitoring diagnostics component of Nexus 3000 and 9000 series switches. An unauthenticated attacker with network access could exploit this flaw by sending a continuous stream of crafted Ethernet frames, potentially causing the device to reload and resulting in a denial-of-service (DoS) condition.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
RSync – News for rsync
F5 – Article
Cisco – Security Advisories
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.