June 17, 2022
Syhunt Hybrid 6.9.15 adds Fastjson RCE vulnerability detection and more
Today we release Syhunt Hybrid 6.9.15.1 which adds the detection of the Fastjson RCE vulnerability (CVE-2022-25845) to the Syhunt Code tool. The remote code execution vulnerability affects versions 1.2.80 and older of Fastjson and is caused by the default AutoType restriction which can be bypassed under specific conditions. An attacker could exploit this critical vulnerability to perform remote code execution on the target machine.
For customers performing regular scans, the new release of Syhunt fixes a delay that occurred when loading the Past Sessions screen and when generating reports with comparison information.
Happy bug and breach hunting!