VF Corporation
Company Details
Linkedin ID:
vf-corporation
Website:
Employees number:
28,984
Number of followers:
602,006
NAICS:
448
Industry Type:
Homepage:
vfc.com
IP Addresses:
612
Company ID:
VF _7956999
Scan Status:
Completed
VF Corporation Company CyberSecurity Posture
vfc.com
VF Corporation is one of the world’s largest apparel, footwear and accessories companies connecting people to the lifestyles, activities and experiences they cherish most through a family of iconic outdoor, active and workwear brands including Vans®, The North Face®, Timberland® and Dickies®. Our purpose is to power movements of sustainable and active lifestyles for the betterment of people and our planet. We believe that when you discover the difference between a career and a calling, you get so much more out of life. When those lines begin to blur, you start to limit yourself much less and start aiming for more. That’s what we want for everyone who joins us at VF. And frankly, that’s what it takes to thrive here too. For more information, please visit vfc.com.
VF Corporation A.I CyberSecurity Scoring
VF Corporation Risk Score (AI oriented)Between 600 and 649
VF Corporation
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
VF Corporation Global Score (TPRM)XXXX
VF Corporation
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
VF Corporation Company CyberSecurity News & History
Past Incidents
5
Attack Types
2
VF Outdoor
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: VF Outdoor, the parent company of outdoor clothing brand The North Face, reported a data breach affecting almost 3,000 customers. The breach, which occurred in April, involved a credential stuffing attack where hackers used stolen login information from other sources to access user accounts. The compromised data included names, addresses, dates of birth, telephone numbers, and purchase history. Payment card information was not compromised as it was stored on a third-party platform.
VF Outdoor, LLC
Breach
Rankiteo Explanation
Attack without any consequences
Description: The California Office of the Attorney General reported a data breach involving VF Outdoor, LLC on April 4, 2025. The breach occurred on March 13, 2025, as a result of a credential stuffing attack, potentially affecting user accounts but not directly compromising sensitive payment information.
VF Outdoor, LLC
Breach
Rankiteo Explanation
Attack without any consequences
Description: The Maine Office of the Attorney General reported that VF Outdoor, LLC experienced a data breach on March 13, 2023, affecting a total of 15,713 individuals, with 27 residents of Maine specifically affected. The breach was discovered on March 13, 2025, and notifications were sent electronically on April 4, 2025. The type of breach was classified as 'Other.'
VF Outdoor, LLC
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: VF Outdoor, LLC, the parent company of brands like The North Face and Vans, suffered two separate data breaches in mid-2022. The breach at thenorthface.com was identified on August 11, 2022, stemming from a credential stuffing attack initiated on July 26, 2022, which compromised the personal information of approximately 162,823 individuals. The second breach at vans.com involved unauthorized access detected on August 20, 2022, affecting around 32,082 individuals. The attacks exploited reused or weak credentials, allowing threat actors to gain access to customer accounts. While the exact type of data exposed was not fully detailed, such breaches typically involve personal identifiable information (PII), including names, email addresses, and potentially payment or account details. The incidents highlight vulnerabilities in authentication mechanisms, exposing customers to risks like identity theft, phishing, or fraudulent transactions. No ransomware was reported, but the scale and nature of the breach suggest significant reputational and financial repercussions for the company, along with potential regulatory scrutiny under data protection laws like CCPA (California Consumer Privacy Act).
VF Outdoor, LLC
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: The Maine Office of the Attorney General disclosed a data breach affecting VF Outdoor, LLC (operating as Timberland®) on January 26, 2022. The incident, discovered on November 5, 2021, resulted from a credential stuffing attack, compromising the personal data of 48 individuals, including one Maine resident. The exposed information was limited to email addresses and passwords, with no financial data (e.g., payment cards) involved. Credential stuffing exploits reused login credentials from prior breaches to gain unauthorized access to user accounts. While the breach did not escalate to financial fraud or broader systemic damage, it posed risks such as account takeover, phishing, or identity theft for affected users. The company likely initiated password resets and notified impacted individuals, though the scale remained relatively contained. The absence of sensitive financial or high-value personal data (e.g., Social Security numbers) mitigated the severity, but the incident still highlighted vulnerabilities in authentication practices and the persistent threat of automated attacks targeting reused credentials.
VF Corporation Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for VF Corporation
Incidents vs Retail Apparel and Fashion Industry Average (This Year)
No incidents recorded for VF Corporation in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for VF Corporation in 2026.
Incident Types VF Corporation vs Retail Apparel and Fashion Industry Avg (This Year)
No incidents recorded for VF Corporation in 2026.
Incident History — VF Corporation (X = Date, Y = Severity)
VF Corporation cyber incidents detection timeline including parent company and subsidiaries
VF Corporation Company Subsidiaries
VF Corporation is one of the world’s largest apparel, footwear and accessories companies connecting people to the lifestyles, activities and experiences they cherish most through a family of iconic outdoor, active and workwear brands including Vans®, The North Face®, Timberland® and Dickies®. Our purpose is to power movements of sustainable and active lifestyles for the betterment of people and our planet. We believe that when you discover the difference between a career and a calling, you get so much more out of life. When those lines begin to blur, you start to limit yourself much less and start aiming for more. That’s what we want for everyone who joins us at VF. And frankly, that’s what it takes to thrive here too. For more information, please visit vfc.com.
Loading...
VF Corporation Similar Companies
Ralph Lauren
Ralph Lauren Corporation (NYSE:RL) is a global leader in the design, marketing and distribution of luxury lifestyle products in five categories: apparel, footwear & accessories, home, fragrances and hospitality. For more than 50 years, Ralph Lauren has sought to inspire the dream of a better life th
The Bata Group is one of the world's leading manufacturers and retailers of quality footwear. A global concern with more than 32,000 employees, 21 production facilities, over 5,300 stores in more than 70 countries across the globe, Bata has been providing the best shoes at the best prices, backed by
C&A
Ever since our founding by the brothers Clemens and August in 1841, C&A has been at the forefront of fashion. From making 'ready-to-wear' a thing when custom-made was the norm, to popularising miniskirts in the 60s, introducing the Com-bi-kini in the 70s, Bio Cotton in early 2000 and the first Crad
Tommy Hilfiger
TOMMY HILFIGER is one of the world’s leading designer lifestyle brands creating a platform that inspires the modern American spirit, while committing to wasting nothing and welcoming all. Founded in 1985, Tommy Hilfiger delivers premium styling, quality and value to consumers worldwide under the T
Coach
Coach was founded in 1941 as a family-run workshop. In a Manhattan loft, six artisans handcrafted a collection of leather goods using skills handed down from generation to generation. Discerning consumers soon began to seek out the quality and unique nature of Coach craftsmanship. Now greatly exp
C&A Brasil
A C&A foi fundada em 1841 pelos irmãos holandeses Clemens e August. Suas iniciais deram origem ao nome da marca. Somamos mais de 1,8 mil unidades em 24 países da Europa, América Latina e Ásia e estamos entre as maiores redes de varejo do mundo. No Brasil, tudo começou em 1976, com a inauguração da
Saks Global is the largest multi-brand luxury retailer in the world, comprising Saks Fifth Avenue, Neiman Marcus, Bergdorf Goodman, Saks OFF 5TH, Last Call and Horchow. Its retail portfolio includes 70 full-line luxury locations, additional off-price locations and five distinct e-commerce experience
J.Crew
Since 1983, we’ve been designing pieces that feel both familiar and refreshingly new, crafted with unbeatable quality and distinctive point of view...it’s no wonder we’ve been in your closet for four decades and counting. Today, we continue to do the classics our way, inspiring not only how you sho
Aditya Birla Fashion and Retail Ltd.
Aditya Birla Fashion and Retail Limited (ABFRL), part of the Aditya Birla Group, is India’s leading fashion powerhouse, offering a distinguished portfolio of renowned brands and retail formats, catering to multiple high-growth segments. As of March 31, 2025, the Company has presence across 1,167 st
.png)
VF Corporation CyberSecurity News
September 18, 2025 07:00 AM
Top Security Executives Recognized at the 2025 CarolinaCISO ORBIE Awards
Leading CISOs honored for leadership, security, and business impact. ...
September 12, 2025 07:00 AM
2025 CarolinaCISO ORBIE Leadership Award recipient: VF Corporation’s Ken Athanasiou
Ken Athanasiou, VP and global CISO at VF Corporation, is the Leadership Award recipient of the 2025 CarolinaCISO ORBIE Awards.
June 06, 2025 07:00 AM
The North Face customers’ personal information compromised in cyber attack
The North Face's e-commerce website was impacted by a cybersecurity incident in April, a brand spokesperson confirmed to Fashion Dive.
June 04, 2025 07:00 AM
North Face Is Latest Cyberattack Victim: Customer Credit Card Data Safe Remains Safe
The North Face cyberattack relied on "credential stuffing" to try to gain access to customer log-in accounts.
June 03, 2025 07:00 AM
Victoria’s Secret postponing release of report earnings amid breach impact
The intrusion follows a string of attacks that appear to be the work of the cybercrime gang Scattered Spider.
June 03, 2025 07:00 AM
North Face and Cartier hit by cyber attacks
They are the latest in a string of high-profile companies publicly reporting being hacked.
June 03, 2025 07:00 AM
The North Face Issues Customer Warning After April Credential Attack
A credential stuffing attack compromised personal data on The North Face's website in April. The US outdoor apparel retailer, owned by VF Corporation,...
June 03, 2025 07:00 AM
North Face, Cartier customer info exposed in data breaches
North Face and Cartier had customer data compromised. Fashion and apparel retailers continue reporting cyberattacks.
June 03, 2025 07:00 AM
The North Face hit by credential stuffing attack
Outdoorsy fashion brand The North Face, which says crooks broke into some customer accounts using login creds pinched from breaches elsewhere.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
VF Corporation CyberSecurity History Information
Official Website of VF Corporation
The official website of VF Corporation is http://www.vfc.com.
VF Corporation’s AI-Generated Cybersecurity Score
According to Rankiteo, VF Corporation’s AI-generated cybersecurity score is 610, reflecting their Poor security posture.
How many security badges does VF Corporation’ have ?
According to Rankiteo, VF Corporation currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has VF Corporation been affected by any supply chain cyber incidents ?
According to Rankiteo, VF Corporation has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does VF Corporation have SOC 2 Type 1 certification ?
According to Rankiteo, VF Corporation is not certified under SOC 2 Type 1.
Does VF Corporation have SOC 2 Type 2 certification ?
According to Rankiteo, VF Corporation does not hold a SOC 2 Type 2 certification.
Does VF Corporation comply with GDPR ?
According to Rankiteo, VF Corporation is not listed as GDPR compliant.
Does VF Corporation have PCI DSS certification ?
According to Rankiteo, VF Corporation does not currently maintain PCI DSS compliance.
Does VF Corporation comply with HIPAA ?
According to Rankiteo, VF Corporation is not compliant with HIPAA regulations.
Does VF Corporation have ISO 27001 certification ?
According to Rankiteo,VF Corporation is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of VF Corporation
VF Corporation operates primarily in the Retail Apparel and Fashion industry.
Number of Employees at VF Corporation
VF Corporation employs approximately 28,984 people worldwide.
Subsidiaries Owned by VF Corporation
VF Corporation presently has no subsidiaries across any sectors.
VF Corporation’s LinkedIn Followers
VF Corporation’s official LinkedIn profile has approximately 602,006 followers.
NAICS Classification of VF Corporation
VF Corporation is classified under the NAICS code 448, which corresponds to Clothing and Clothing Accessories Stores.
VF Corporation’s Presence on Crunchbase
No, VF Corporation does not have a profile on Crunchbase.
VF Corporation’s Presence on LinkedIn
Yes, VF Corporation maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/vf-corporation.
Cybersecurity Incidents Involving VF Corporation
As of January 24, 2026, Rankiteo reports that VF Corporation has experienced 5 cybersecurity incidents.
Number of Peer and Competitor Companies
VF Corporation has an estimated 4,963 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at VF Corporation ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
How does VF Corporation detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with disabled all passwords, containment measures with forced password reset, and communication strategy with breach notification letters, and and communication strategy with public disclosure via maine attorney general..
Incident Details
Can you provide details on each incident ?
Title: The North Face Data Breach
Description: A credential stuffing attack on The North Face website affected nearly 3,000 customers, exposing personal information.
Date Detected: 2023-04-23
Type: Data Breach
Attack Vector: Credential Stuffing
Vulnerability Exploited: Stolen Credentials
Threat Actor: Scattered Spider
Motivation: Unauthorized Access
Title: Data Breach at VF Outdoor, LLC
Description: The California Office of the Attorney General reported a data breach involving VF Outdoor, LLC on April 4, 2025. The breach occurred on March 13, 2025, as a result of a credential stuffing attack, potentially affecting user accounts but not directly compromising sensitive payment information.
Date Detected: 2025-03-13
Date Publicly Disclosed: 2025-04-04
Type: Data Breach
Attack Vector: Credential Stuffing
Title: VF Outdoor, LLC Data Breach
Description: The Maine Office of the Attorney General reported that VF Outdoor, LLC experienced a data breach affecting a total of 15,713 individuals, with 27 residents of Maine specifically affected.
Date Detected: 2025-03-13
Date Publicly Disclosed: 2025-04-04
Type: Data Breach
Title: Data Breaches at VF Outdoor, LLC (The North Face and Vans)
Description: The California Office of the Attorney General reported that VF Outdoor, LLC experienced data breaches at thenorthface.com and vans.com. The breach at thenorthface.com was detected on August 11, 2022, involving a credential stuffing attack that began on July 26, 2022, and affected approximately 162,823 individuals. The vans.com breach involved unauthorized access detected on August 20, 2022, impacting around 32,082 individuals.
Date Detected: 2022-08-112022-08-20
Type: Data Breach
Attack Vector: Credential StuffingUnauthorized Access
Title: Timberland Data Breach via Credential Stuffing Attack
Description: The Maine Office of the Attorney General reported a data breach involving VF Outdoor, LLC doing business as Timberland®. The breach was discovered on November 5, 2021, and involved a credential stuffing attack that affected 48 individuals, including 1 resident of Maine. The compromised information included email addresses and passwords but did not involve payment card information.
Date Detected: 2021-11-05
Date Publicly Disclosed: 2022-01-26
Type: Data Breach
Attack Vector: Credential Stuffing
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Credential Stuffing.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach VF-736060625
Data Compromised: Names, Addresses, Dates of birth, Telephone numbers, Purchase history
Systems Affected: Retail Website
Incident : Data Breach VF-335091725
Systems Affected: thenorthface.comvans.com
Identity Theft Risk: True
Incident : Data Breach VF-027091825
Data Compromised: Email addresses, Passwords
Identity Theft Risk: Potential (due to exposed credentials)
Payment Information Risk: None
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Purchase History, , User Accounts, , Email Addresses, Passwords and .
Which entities were affected by each incident ?
Incident : Data Breach VF-736060625
Entity Name: The North Face
Entity Type: Company
Industry: Retail
Customers Affected: 2,861
Incident : Data Breach VF-242072525
Entity Name: VF Outdoor, LLC
Entity Type: Company
Industry: Outdoor Apparel
Incident : Data Breach VF-517072725
Entity Name: VF Outdoor, LLC
Entity Type: Company
Customers Affected: 15713
Incident : Data Breach VF-335091725
Entity Name: VF Outdoor, LLC (The North Face)
Entity Type: E-commerce
Industry: Retail (Apparel & Footwear)
Location: California, USA
Customers Affected: 162,823
Incident : Data Breach VF-335091725
Entity Name: VF Outdoor, LLC (Vans)
Entity Type: E-commerce
Industry: Retail (Apparel & Footwear)
Location: California, USA
Customers Affected: 32,082
Incident : Data Breach VF-027091825
Entity Name: VF Outdoor, LLC (d/b/a Timberland)
Entity Type: Corporation
Industry: Apparel & Footwear
Customers Affected: 48
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach VF-736060625
Containment Measures: Disabled All PasswordsForced Password Reset
Communication Strategy: Breach Notification Letters
Incident : Data Breach VF-335091725
Incident : Data Breach VF-027091825
Communication Strategy: Public disclosure via Maine Attorney General
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach VF-736060625
Type of Data Compromised: Personal information, Purchase history
Number of Records Exposed: 2,861
Personally Identifiable Information: NamesAddressesDates of BirthTelephone Numbers
Incident : Data Breach VF-242072525
Type of Data Compromised: User accounts
Incident : Data Breach VF-517072725
Number of Records Exposed: 15713
Incident : Data Breach VF-335091725
Number of Records Exposed: 162,823, 32,082
Incident : Data Breach VF-027091825
Type of Data Compromised: Email addresses, Passwords
Number of Records Exposed: 48
Sensitivity of Data: Moderate (credentials)
Data Exfiltration: Yes
Personally Identifiable Information: Partial (email addresses)
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by disabled all passwords, forced password reset and .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach VF-736060625
Regulatory Notifications: VermontMaine
Incident : Data Breach VF-335091725
Regulatory Notifications: California Office of the Attorney General
Incident : Data Breach VF-027091825
Regulatory Notifications: Maine Attorney General
References
Where can I find more information about each incident ?
Incident : Data Breach VF-242072525
Source: California Office of the Attorney General
Date Accessed: 2025-04-04
Incident : Data Breach VF-517072725
Source: Maine Office of the Attorney General
Incident : Data Breach VF-335091725
Source: California Office of the Attorney General
Incident : Data Breach VF-027091825
Source: Maine Office of the Attorney General
Date Accessed: 2022-01-26
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2025-04-04, and Source: Maine Office of the Attorney General, and Source: California Office of the Attorney General, and Source: Maine Office of the Attorney GeneralDate Accessed: 2022-01-26.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Breach Notification Letters and Public disclosure via Maine Attorney General.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach VF-736060625
Customer Advisories: Change Passwords if Used on Multiple Sites
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Change Passwords If Used On Multiple Sites and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach VF-736060625
Entry Point: Credential Stuffing
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach VF-736060625
Root Causes: Credential Stuffing Attack
Corrective Actions: Disabled All Passwords, Forced Password Reset,
Incident : Data Breach VF-335091725
Root Causes: Credential Stuffing, Unauthorized Access,
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Disabled All Passwords, Forced Password Reset, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Scattered Spider.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-04-23.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2022-01-26.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Addresses, Dates of Birth, Telephone Numbers, Purchase History, , User Accounts, , , Email addresses, Passwords and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Retail Website and thenorthface.comvans.com.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Disabled All PasswordsForced Password Reset.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Passwords, Addresses, Names, Purchase History, Telephone Numbers, Email addresses, Dates of Birth and User Accounts.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 198.0K.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Maine Office of the Attorney General and California Office of the Attorney General.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Change Passwords if Used on Multiple Sites.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Credential Stuffing.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Credential Stuffing Attack, Credential StuffingUnauthorized Access.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Disabled All PasswordsForced Password Reset.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=vf-corporation' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
