Research Worth Reading Week 34/2025

Published: 24 Aug 2025

Stop everything you’re doing! Phrack is out!

📰 Phrack Issue 0x48

The latest Phrack is out! As usual, lots of amazing content: https://phrack.org/issues/72

🔑 The 401 That Fooled Me - N-Day Review of CVE-2025-49706 in SharePoint

A very detailed walkthrough on CVE-2025-49706 impacting SharePoint: https://y4nush.com/posts/the-401-that-fooled-me-n-day-review-of-cve-2025-49706-in-sharepoint/

🎲 Trivial C# Random Exploitation

A great write-up on exploiting Random in C# from the Doyensec team: https://blog.doyensec.com/2025/08/19/trivial-exploit-on-C-random.html

💎 Marshal Madness: A Brief History of Ruby Deserialization Exploits

A great summary of the history of Ruby deserialization exploitation! More posts like this, please: https://blog.trailofbits.com/2025/08/20/marshal-madness-a-brief-history-of-ruby-deserialization-exploits/

💻 Drive-By Attack in Ollama Desktop v0.10.0

A nice write-up from the GitLab team on a vulnerability in Ollama Desktop: https://gitlab-com.gitlab.io/gl-security/security-tech-notes/red-team-tech-notes/ollama-driveby/

🐍 CVE-2025–50817: Python-Future Module Arbitrary Code Execution via Unintended Import of test.py

A quirky RCE in Python’s future module: https://medium.com/@abcd_68700/cve-2025-50817-python-future-module-arbitrary-code-execution-via-unintended-import-of-test-py-f0818ea93cf4

Photo of PentesterLab
Written by PentesterLab
The platform to learn web hacking and security code review
Related Blog Post