Critical RCE Flaw in Megasys Telenium App (CVSS 9.8)

Cyber Security News by CyberSum.net

Published on October 2, 2025 at 12:51 PM

6 sources

A critical vulnerability (CVE-2025-10659) has been discovered in the Megasys Telenium Online Web Application. The flaw, rated 9.8 on the CVSS scale, allows unauthenticated attackers to achieve remote code execution. It stems from a PHP endpoint that improperly handles user-supplied input, enabling OS command injection via a crafted HTTP request. Successful exploitation could give an attacker full control over the server in the context of the web application's service account. Megasys has released a patch, and users are strongly advised to apply it immediately to mitigate the risk.

Also Read

Grafana Flaw CVE-2021-43798 Sees Surge in Exploits

Security researchers have detected a sudden and coordinated surge in exploitation attempts targeting a known Grafana path traversal vulnerability, CVE-2021-43798. Over a single day, 110 unique malicious IP addresses were observed scanning for vulnerable servers, with attacks focused on endpoints in just three geographic areas. The majority of the attack traffic originated from a single region, with most of the source IPs appearing for the first time on the day of the attack. The uniform targeting patterns and shared network fingerprints suggest a coordinated campaign using a common exploit kit rather than random scans. This activity highlights the ongoing risk posed by unpatched, older vulnerabilities, which are often used as an initial entry point in multi-stage attacks.

By Cyber Security News by CyberSum.netOctober 3, 2025 at 03:00 PM