The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2025-29891 & CVE-2025-27636

• Severity: Awaiting analysis
• Impacted Products: Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4
• Description: his vulnerability is present in Camel’s default incoming header filter, that allows an attacker to include Camel specific headers that for some Camel components can alter the behaviours such as the camel-bean component, or the camel-exec component. If you have Camel applications that are directly connected to the internet via HTTP, then an attacker could include parameters in the HTTP requests that are sent to the Camel application that get translated into headers. The headers could be both provided as request parameters for an HTTP methods invocation or as part of the payload of the HTTP methods invocation. All the known Camel HTTP component such as camel-servlet, camel-jetty, camel-undertow, camel-platform-http, and camel-netty-http would be vulnerable out of the box. This CVE is related to the CVE-2025-27636: while they have the same root cause and are fixed with the same fix, CVE-2025-27636 was assumed to only be exploitable if an attacker could add malicious HTTP headers, while we have now determined that it is also exploitable via HTTP parameters. Like in CVE-2025-27636, exploitation is only possible if the Camel route uses particular vulnerable components.
• Remediation: Follow developer advice.
• More Info: NVD - CVE-2025-29891
• PoC: https://github.com/akamai/CVE-2025-27636-Apache-Camel-PoC/

CVE-2025-1974

• Severity: 9.3 CRITICAL
• Impacted Products: Kubernetes ingress-nginx, various versions
• Description: A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
• Remediation: Follow developer advice.
• More Info: NVD - CVE-2025-1974
• PoC: https://github.com/yoshino-s/CVE-2025-1974/

CVE-2025-0282

• Severity: 9.0 CRITICAL
• Impacted Products: Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3
• Description: A stack-based buffer overflow allows a remote unauthenticated attacker to achieve remote code execution.
• Remediation: Follow developer guidance.
• More Info: CVE-2025-0282
• PoC: https://github.com/sfewer-r7/CVE-2025-0282/

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.