NAVAL GROUP
Company Details
Linkedin ID:
naval-group
Website:
Employees number:
11,935
Number of followers:
367,570
NAICS:
336414
Industry Type:
Homepage:
naval-group.com
IP Addresses:
0
Company ID:
NAV_2264815
Scan Status:
In-progress
NAVAL GROUP Company CyberSecurity Posture
naval-group.com
As an international naval defence player, Naval Group is a partner for countries seeking to maintain control of their maritime sovereignty. Naval Group develops innovative solutions to meet its customers’ requirements. The group is present throughout the entire life cycle of vessels. It designs, produces, equips, integrates, supports and upgrades submarines and surface ships, as well as their systems and equipment, right up to the final phases of deconstruction and dismantling. Naval Group’s unique know-how in autonomous systems, underwater weapons and drones place it in pole position to become European leader in the sector. As a high-tech company, it draws on its outstanding expertise, unique design and production resources and ability to establish strategic partnerships, in particular within the framework of transfers of technology. It also provides shipyard and naval base services. Ever mindful of the issues concerning corporate social responsibility (CSR), Naval Group is a signatory to the United Nations Global Compact. Located on five continents, the group generates revenue of 4.355 billion euros and has 16,722 employees (Full-Time Equivalent average annual workforce - figures as on 31 December 2024).
NAVAL GROUP A.I CyberSecurity Scoring
NAVAL GROUP Risk Score (AI oriented)Between 700 and 749
NAVAL GROUP
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
NAVAL GROUP Global Score (TPRM)XXXX
NAVAL GROUP
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
NAVAL GROUP Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
Naval Group
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: On July 26, 2025, Naval Group, France’s premier defense shipbuilder, experienced a severe cybersecurity breach resulting in the unauthorized leak of approximately **30 GB of sensitive internal data**, with attackers claiming possession of up to **1 TB more**. The exposed information reportedly includes **highly classified technical documents and combat system files** tied to critical French military assets, such as the **Suffren-class nuclear submarines** and **FREMM frigates**. While Naval Group asserted that no direct intrusion into its core IT infrastructure was confirmed and operational systems remained unaffected, the incident was classified as a **reputational attack** with potential long-term strategic risks. The breach has prompted a **full-scale investigation** in collaboration with French authorities to verify the authenticity of the leaked data and assess its broader implications for national security. The exposure of such sensitive defense-related intellectual property poses significant risks, including **espionage, competitive disadvantage, and erosion of trust** among international partners and clients. The incident underscores vulnerabilities in safeguarding **state-level military secrets**, raising concerns over future cyber threats targeting defense contractors.
Naval Group
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: Naval Group, a company specializing in defense naval construction, has reportedly been the target of a cyber attack. While the company claims there has been no detected intrusion or ransom demand, a hacker on the dark web claims to have stolen approximately 1 terabyte of data produced between 2019 and 2024 during an attack on July 23. This incident highlights a significant reputational risk for Naval Group.
DCNS
Cyber Attack
Rankiteo Explanation
Attack that could bring to a war
Description: In 2011, DCNS (a French submarine manufacturer) suffered a major cyber attack in India, orchestrated by an overseas actor targeting economic warfare. The breach resulted in the theft of **22,400 highly sensitive files**, including classified documents detailing the **stealth capabilities, magnetic, electromagnetic, and infrared signatures** of the **Scorpène-class submarines**. The stolen data exposed critical operational parameters—such as submarine speeds, noise levels, mast-raising speeds, and other proprietary technical specifications—effectively compromising the vessel’s tactical advantages.The leak had severe geopolitical and commercial repercussions, particularly for DCNS’s **A$50 billion ($38 billion) Barracuda-class submarine contract in Australia**, where competitors and foreign adversaries could exploit the exposed vulnerabilities. The incident eroded trust in DCNS’s cybersecurity measures, risking the company’s reputation, contractual negotiations, and long-term defense partnerships. The stolen intelligence also posed a direct threat to **national security**, as adversarial nations could counter or replicate the submarine’s capabilities, undermining its strategic value in naval warfare.
NAVAL GROUP Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for NAVAL GROUP
Incidents vs Defense and Space Manufacturing Industry Average (This Year)
NAVAL GROUP has 33.33% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
NAVAL GROUP has 28.21% more incidents than the average of all companies with at least one recorded incident.
Incident Types NAVAL GROUP vs Defense and Space Manufacturing Industry Avg (This Year)
NAVAL GROUP reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — NAVAL GROUP (X = Date, Y = Severity)
NAVAL GROUP cyber incidents detection timeline including parent company and subsidiaries
NAVAL GROUP Company Subsidiaries
As an international naval defence player, Naval Group is a partner for countries seeking to maintain control of their maritime sovereignty. Naval Group develops innovative solutions to meet its customers’ requirements. The group is present throughout the entire life cycle of vessels. It designs, produces, equips, integrates, supports and upgrades submarines and surface ships, as well as their systems and equipment, right up to the final phases of deconstruction and dismantling. Naval Group’s unique know-how in autonomous systems, underwater weapons and drones place it in pole position to become European leader in the sector. As a high-tech company, it draws on its outstanding expertise, unique design and production resources and ability to establish strategic partnerships, in particular within the framework of transfers of technology. It also provides shipyard and naval base services. Ever mindful of the issues concerning corporate social responsibility (CSR), Naval Group is a signatory to the United Nations Global Compact. Located on five continents, the group generates revenue of 4.355 billion euros and has 16,722 employees (Full-Time Equivalent average annual workforce - figures as on 31 December 2024).
Loading...
NAVAL GROUP Similar Companies
UK Ministry of Defence
We protect the security, independence and interests of the United Kingdom at home and abroad. We work with our allies and partners whenever possible. Our aim is to ensure that the UK’s Armed Forces have the training, equipment and support necessary for their work, and that we keep within budget.
Sandia National Laboratories is the nation’s premier DOE science and engineering lab for national security and technology innovation. Our team of scientists, engineers, researchers, and business specialists apply their knowledge and skill toward delivering cutting-edge technology in an array of area
Amentum is a global leader in advanced engineering and innovative technology solutions, trusted by the United States and its allies to address their most significant and complex challenges in science, security and sustainability. Our people apply undaunted curiosity, relentless ambition and boundles
Aselsan
ASELSAN is a company of Turkish Armed Forces Foundation, established in 1975 in order to meet the communication needs of the Turkish Armed Forces by national means. Currently 74,20% of the shares are owned by the Foundation whereas the remaining 25,8% runs in İstanbul Borsa stock market. ASELSAN is
Northrop Grumman
We are a close-knit community of big thinkers collaborating to keep the world safe. Our passion, creativity and expertise bring next-level technology solutions to life in autonomous systems, cyber, C4ISR, strike, space, and logistics and modernization for our customers around the globe. On the Nor
Babcock International Group
Babcock is a FTSE 100 defence company operating in our focus countries of the UK, Australasia, Canada, France and South Africa, with exports to additional markets. Our Purpose, to create a safe and secure world, together, defines our strategy. We support and enhance our customers’ defence and secu
General Atomics
The freedom to explore. The promise to deliver. General Atomics, based in San Diego, CA, develops advanced technology solutions for government and commercial applications. Privately owned and vertically integrated, we have the freedom to invest in the most innovative technologies, and the resource
Indian Army
The Indian Army is the largest branch of the Indian Armed Forces and is responsible for land-based military operations. Its primary mission is the National Security and Defense of India from external aggression and threats, and maintaining peace and security within its borders. It also conducts huma
At BAE Systems, we help our customers to stay a step ahead when protecting people and national security, critical infrastructure and vital information. We provide some of the world’s most advanced, technology-led defence, aerospace and security solutions and employ a skilled workforce of 107,000 peo
.png)
NAVAL GROUP CyberSecurity News
December 10, 2025 11:35 AM
SANDF Cyber Command issues festive season cybersecurity warning
Cyber threats do not take holidays, and neither can national vigilance, the South African National Defence Force's (SANDF's) Cyber Command...
November 18, 2025 08:00 AM
Naval Group signs contract for fourth Hellenic Navy FDI frigate
The GDDIA and France's Naval Group have a contract for construction of a fourth defence and intervention frigate (FDI) for the Hellenic...
November 17, 2025 08:00 AM
Thales, France's technological giant in defence, aerospace and cybersecurity
The industrial corporation is involved in major civil and military land, naval, air, space and cyber programmes worldwide.
November 11, 2025 10:52 AM
Naval Group and LASIGE Sign Agreement on Collaboration in R&D
Naval Group and the Portuguese research unit LASIGE from the faculty of sciences of Lisbon's University have signed a partnership cooperation agreement to...
November 07, 2025 08:00 AM
Naval Group and LASIGE Sign a Partnership Cooperation Agreem
Naval Group and the Portuguese research unit LASIGE from the Faculty of Sciences of Lisbon's University have signed a Partnership...
October 16, 2025 07:00 AM
INDIAN NAVY SUCCESSFULLY ORGANISES SEMINAR ON ‘IMPACT OF CYBER ATTACKS ON MARITIME SECTOR AND ITS EFFECTS ON NATIONAL SECURITY AND INTERNATIONAL RELATIONS’
Indian Navy successfully organized a seminar on 'Impact of Cyber Attacks on Maritime Sector and Its Effects on National Security and...
September 17, 2025 07:00 AM
Gregory Wilson’s Journey from Navy Kitchen to Cybersecurity Frontier
Gregory Wilson '24 (M.S. '25) came to Old Dominion University to study cybersecurity after deciding to leave the culinary field.
September 17, 2025 07:00 AM
From M&S to Microsoft: lessons from the biggest cyber-attacks of H1 2025
Cyber-attacks are escalating in scale and cost for companies, making cybersecurity non-negotiable. Lexology PRO examines the most...
September 03, 2025 07:00 AM
Latest threats: China, US, Russia and France
Our round-up of the latest at-a-glance news from across the globe in cybersecurity breaches. CHINA. Microsoft has confirmed that three...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
NAVAL GROUP CyberSecurity History Information
Official Website of NAVAL GROUP
The official website of NAVAL GROUP is http://www.naval-group.com.
NAVAL GROUP’s AI-Generated Cybersecurity Score
According to Rankiteo, NAVAL GROUP’s AI-generated cybersecurity score is 732, reflecting their Moderate security posture.
How many security badges does NAVAL GROUP’ have ?
According to Rankiteo, NAVAL GROUP currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does NAVAL GROUP have SOC 2 Type 1 certification ?
According to Rankiteo, NAVAL GROUP is not certified under SOC 2 Type 1.
Does NAVAL GROUP have SOC 2 Type 2 certification ?
According to Rankiteo, NAVAL GROUP does not hold a SOC 2 Type 2 certification.
Does NAVAL GROUP comply with GDPR ?
According to Rankiteo, NAVAL GROUP is not listed as GDPR compliant.
Does NAVAL GROUP have PCI DSS certification ?
According to Rankiteo, NAVAL GROUP does not currently maintain PCI DSS compliance.
Does NAVAL GROUP comply with HIPAA ?
According to Rankiteo, NAVAL GROUP is not compliant with HIPAA regulations.
Does NAVAL GROUP have ISO 27001 certification ?
According to Rankiteo,NAVAL GROUP is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of NAVAL GROUP
NAVAL GROUP operates primarily in the Defense and Space Manufacturing industry.
Number of Employees at NAVAL GROUP
NAVAL GROUP employs approximately 11,935 people worldwide.
Subsidiaries Owned by NAVAL GROUP
NAVAL GROUP presently has no subsidiaries across any sectors.
NAVAL GROUP’s LinkedIn Followers
NAVAL GROUP’s official LinkedIn profile has approximately 367,570 followers.
NAICS Classification of NAVAL GROUP
NAVAL GROUP is classified under the NAICS code 336414, which corresponds to Guided Missile and Space Vehicle Manufacturing.
NAVAL GROUP’s Presence on Crunchbase
No, NAVAL GROUP does not have a profile on Crunchbase.
NAVAL GROUP’s Presence on LinkedIn
Yes, NAVAL GROUP maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/naval-group.
Cybersecurity Incidents Involving NAVAL GROUP
As of December 21, 2025, Rankiteo reports that NAVAL GROUP has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
NAVAL GROUP has an estimated 2,373 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at NAVAL GROUP ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
How does NAVAL GROUP detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with french authorities, and and communication strategy with public statement (denial of it intrusion, operational systems unaffected)..
Incident Details
Can you provide details on each incident ?
Title: Naval Group Reputational Attack
Description: Naval Group, a defense naval construction company, claims to be the target of a reputational attack characterized by the claim of a cyber-malicious act. A hacker on the dark web claims to have stolen nearly 1 terabyte of data produced between 2019 and 2024 during an attack on July 23.
Date Detected: 2023-07-23
Type: Data Breach
Threat Actor: Unknown Hacker
Motivation: Reputational Damage
Title: DCNS (Naval Group) Cyber Espionage Incident (2011)
Description: In 2011, the French submarine company DCNS (now Naval Group) was targeted by a hacking attack in India, attributed to an overseas actor conducting economic warfare. The breach resulted in the theft of 22,400 files, including highly sensitive documents detailing the stealth capabilities, magnetic, electromagnetic, and infrared data of the Scorpène-class submarines. The leaked data exposed critical operational details such as submarine speeds, noise levels, mast operation speeds, and other classified specifications. The incident raised concerns about the security of DCNS’s A$50 billion ($38 billion) Barracuda next-generation submarine project in Australia, where the company was in exclusive contract negotiations.
Date Publicly Disclosed: 2016
Type: cyber espionage
Attack Vector: network intrusiontargeted hacking
Threat Actor: overseas actorstate-sponsored (suspected)
Motivation: economic warfarecompetitive intelligencemilitary espionage
Title: Naval Group Data Leak (July 2025)
Description: In July 26, 2025, Naval Group, France’s leading defense shipbuilder, suffered a major cybersecurity incident involving the leak of approximately 30 GB of internal data, with claims from the attackers that they possess up to 1 TB more. The exposed information allegedly includes technical documents and combat system files used in French submarines and warships, such as the Suffren-class nuclear submarines and FREMM frigates. While Naval Group stated that no intrusion into its IT infrastructure has been confirmed and operational systems remain unaffected, the breach is being treated as a reputational attack.
Date Detected: 2025-07-26
Date Publicly Disclosed: 2025-07-26
Type: data breach
Motivation: reputational damagepotential espionage
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach NAV545072725
Data Compromised: Nearly 1 terabyte of data produced between 2019 and 2024
Brand Reputation Impact: Significant
Incident : cyber espionage NAV817092125
Data Compromised: 22,400 files, Scorpène-class submarine specifications (stealth, magnetic, electromagnetic, infrared data), Operational details (speeds, noise levels, mast operation)
Operational Impact: compromised submarine project securitydoubt cast on A$50 billion Barracuda contract in Australia
Brand Reputation Impact: loss of trust in DCNS/Naval Group's cybersecuritypotential contract risks
Incident : data breach NAV403092125
Data Compromised: Technical documents, Combat system files (submarines and warships)
Operational Impact: none (operational systems reportedly unaffected)
Brand Reputation Impact: high (reputational attack)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Military Secrets, Submarine Technical Specifications, Stealth Capabilities, Electromagnetic Data, Infrared Data, Operational Manuals, , Technical Documents, Combat System Files and .
Which entities were affected by each incident ?
Incident : Data Breach NAV545072725
Entity Name: Naval Group
Entity Type: Defense Naval Construction Company
Industry: Defense
Incident : cyber espionage NAV817092125
Entity Name: DCNS (now Naval Group)
Entity Type: defense contractor
Industry: defense, shipbuilding, submarine manufacturing
Location: FranceIndia (incident context)
Customers Affected: Indian Navy (Scorpène-class submarines), Australian Department of Defence (potential Barracuda contract)
Incident : data breach NAV403092125
Entity Name: Naval Group
Entity Type: defense contractor
Industry: defense/aerospace
Location: France
Response to the Incidents
What measures were taken in response to each incident ?
Incident : data breach NAV403092125
Incident Response Plan Activated: True
Third Party Assistance: French Authorities.
Communication Strategy: public statement (denial of IT intrusion, operational systems unaffected)
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through French authorities, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach NAV545072725
Data Exfiltration: Nearly 1 terabyte of data
Incident : cyber espionage NAV817092125
Type of Data Compromised: Military secrets, Submarine technical specifications, Stealth capabilities, Electromagnetic data, Infrared data, Operational manuals
Number of Records Exposed: 22,400 files
Sensitivity of Data: top secret (military/defense)
File Types Exposed: technical documentsdesign specificationsoperational manuals
Incident : data breach NAV403092125
Type of Data Compromised: Technical documents, Combat system files
Sensitivity of Data: high (military/defense-related)
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : cyber espionage NAV817092125
Data Exfiltration: True
Incident : data breach NAV403092125
Data Exfiltration: True
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : data breach NAV403092125
Regulatory Notifications: French authorities
References
Where can I find more information about each incident ?
Incident : cyber espionage NAV817092125
Source: The Australian (2016)
Incident : cyber espionage NAV817092125
Source: BBC News
Incident : data breach NAV403092125
Source: (Hypothetical) Cybersecurity News Report
Date Accessed: 2025-07-26
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: The Australian (2016)Url: https://www.theaustralian.com.au/nation/defence/leaked-dcns-documents-reveal-secrets-of-indias-scorpene-submarines/news-story/5e2a3e3e8b1b2f6e1d4c8e7a9f3b2d1e, and Source: BBC NewsUrl: https://www.bbc.com/news/world-asia-37193094, and Source: (Hypothetical) Cybersecurity News ReportDate Accessed: 2025-07-26.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : data breach NAV403092125
Investigation Status: ongoing (authenticity and impact assessment)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through public statement (denial of IT intrusion and operational systems unaffected).
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : cyber espionage NAV817092125
High Value Targets: Scorpène-Class Submarine Data, Barracuda Project Intelligence,
Data Sold on Dark Web: Scorpène-Class Submarine Data, Barracuda Project Intelligence,
Incident : data breach NAV403092125
High Value Targets: Submarine Combat Systems, Warship Technical Data,
Data Sold on Dark Web: Submarine Combat Systems, Warship Technical Data,
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as French Authorities, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Unknown Hacker and overseas actorstate-sponsored (suspected).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-07-23.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-07-26.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Nearly 1 terabyte of data produced between 2019 and 2024, , 22,400 files, Scorpène-class submarine specifications (stealth, magnetic, electromagnetic, infrared data), operational details (speeds, noise levels, mast operation), , technical documents, combat system files (submarines and warships) and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was french authorities, .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were technical documents, combat system files (submarines and warships), Scorpène-class submarine specifications (stealth, magnetic, electromagnetic, infrared data), 22,400 files, Nearly 1 terabyte of data produced between 2019 and 2024, operational details (speeds, noise levels and mast operation).
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 22.4K.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are (Hypothetical) Cybersecurity News Report, BBC News and The Australian (2016).
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.theaustralian.com.au/nation/defence/leaked-dcns-documents-reveal-secrets-of-indias-scorpene-submarines/news-story/5e2a3e3e8b1b2f6e1d4c8e7a9f3b2d1e, https://www.bbc.com/news/world-asia-37193094 .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is ongoing (authenticity and impact assessment).
.png)
Latest Global CVEs (Not Company-Specific)
Description
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.
Risk Information
cvss3
Base: 9.9
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References
- https://github.com/n8n-io/n8n/commit/08f332015153decdda3c37ad4fcb9f7ba13a7c79
- https://github.com/n8n-io/n8n/commit/1c933358acef527ff61466e53268b41a04be1000
- https://github.com/n8n-io/n8n/commit/39a2d1d60edde89674ca96dcbb3eb076ffff6316
- https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
Description
FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flow. `generate_state_token()` is always called with an empty `state_data` dict, so the resulting JWT only contains the fixed audience claim plus an expiration timestamp. On callback, the library merely checks that the JWT verifies under `state_secret` and is unexpired; there is no attempt to match the state value to the browser that initiated the OAuth request, no correlation cookie, and no server-side cache. Any attacker can hit `/authorize`, capture the server-generated state, finish the upstream OAuth flow with their own provider account, and then trick a victim into loading `.../callback?code=<attacker_code>&state=<attacker_state>`. Because the state JWT is valid for any client for \~1 hour, the victim’s browser will complete the flow. This leads to login CSRF. Depending on the app’s logic, the login CSRF can lead to an account takeover of the victim account or to the victim user getting logged in to the attacker's account. Version 15.0.2 contains a patch for the issue.
Risk Information
cvss3
Base: 5.9
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
References
- https://github.com/fastapi-users/fastapi-users/blob/bcee8c9b884de31decb5d799aead3974a0b5b158/fastapi_users/router/oauth.py#L111
- https://github.com/fastapi-users/fastapi-users/blob/bcee8c9b884de31decb5d799aead3974a0b5b158/fastapi_users/router/oauth.py#L57
- https://github.com/fastapi-users/fastapi-users/commit/7cf413cd766b9cb0ab323ce424ddab2c0d235932
- https://github.com/fastapi-users/fastapi-users/security/advisories/GHSA-5j53-63w8-8625
Description
FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches.
Risk Information
cvss3
Base: 9.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account takeover by intercepting and using stolen reset tokens.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss4
Base: 8.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.
Risk Information
cvss3
Base: 9.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=naval-group' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
