Cythera Cyber Security

Advisories

Keep informed of evolving threats with timely insights, expert research, and real-world updates from our cybersecurity team.
Talk to an expert
Silverstripe - Host Header Injection
Silverstripe CMS is affected by a Host Header Injection flaw, which can be exploited to manipulate password reset workflows, potentially redirecting or compromising user data.
Advisories

Uncovering threats before they hit the headlines

Our security advisories are more than alerts - they’re the result of deep technical analysis, forensic investigation, and real-world testing by our specialists.
Silverstripe - Host Header Injection
Silverstripe CMS is affected by a Host Header Injection flaw, which can be exploited to manipulate password reset workflows, potentially redirecting or compromising user data.
FarCry Core Framework - Multiple Issues
FarCry Core contains multiple vulnerabilities that could let unauthenticated users upload arbitrary files and execute remote code on the hosting server.
Silverstripe – Cross-Site Scripting (XSS) Vulnerability
With local organisation admin credentials, an attacker can exploit the API to create, delete, or revert virtual machine snapshots in other organisations’ Virtual Data Centres (VDCs), breaching isolation boundaries.
Passwordstate - Authentication Bypass Vulnerability
A critical authentication bypass vulnerability in Passwordstate enables an attacker to take over any user account by simply knowing the target's username.
Multiple Security Weaknesses in perfSONAR Detected
A combined Server-Side Request Forgery and Path Traversal vulnerability was discovered in Precisely Spectrum Spatial Analyst v2020.1.0 S44. These flaws could be chained to bypass authentication mechanisms in the interactive mapping application.
Security Bypass Risk in ASP.NET Core and Visual Studio
A race condition in ASP.NET’s SignInManager permits attackers to sidestep key security controls, undermining authentication safeguards and increasing exposure to account compromise.
Accellion Kiteworks — Privilege Escalation Vulnerability
An authenticated privilege escalation flaw in the Accellion Kiteworks platform allows a malicious admin user to gain shell access with root privileges through the web interface.
Wiris MathType Vulnerable to Path Traversal Attack
A combined Server-Side Request Forgery and Path Traversal vulnerability was discovered in Precisely Spectrum Spatial Analyst v2020.1.0 S44. These flaws could be chained to bypass authentication mechanisms in the interactive mapping application.
Ruby Dragonfly Flaw Enables Argument Injection
In a recent engagement, Cythera discovered an argument injection flaw in certain configurations of Refinery CMS. Further investigation revealed the root cause resided in the widely used Ruby Gem Dragonfly, a media-handling library also adopted by other CMS platforms such as Locomotive CMS and Alchemy CMS.
Zitadel Exploit Enables One-Click Account Compromise
Stored XSS combined with email injection vulnerabilities may be used to silently hijack user accounts, bypassing traditional alerts and authentication mechanisms.
perfSONAR — Multiple Issues
A Server-Side Request Forgery (SSRF) vulnerability in the *host* header was identified, allowing attackers to probe internal network resources. Additionally, an arbitrary file read flaw could let an attacker search for specific content within system files.
Genero Enterprise — Multiple Issues
A combined Server-Side Request Forgery and Path Traversal vulnerability was discovered in Precisely Spectrum Spatial Analyst v2020.1.0 S44. These flaws could be chained to bypass authentication mechanisms in the interactive mapping application.
Statamic CMS
A local file inclusion vulnerability was identified in Statamic CMS’s upload process. This issue, particularly affecting front-end forms with asset fields, could be exploited to write files to unintended locations.
Silverstripe – Cross-Site Scripting (XSS) Vulnerability
A Cross-Site Scripting (XSS) vulnerability has been uncovered in the Silverstripe CMS admin interface. The flaw lies in how user input is processed within the form messages module, allowing for potential malicious script injection.
Zitadel Vulnerability Allows Security Control Bypass
Cythera identified a race condition in Zitadel’s password lockout policy that allows attackers to bypass account lockout safeguards, potentially exposing systems to brute-force attacks.
Silverstripe – Cross Site Scripting (XSS) vulnerability
During a recent engagement, Cythera identified a stored Cross-Site Scripting (XSS) issue within the Silverstripe CMS. The vulnerability was acknowledged by Silverstripe and rated as medium severity (CVE-2024-32981).
Kramer VIA GO
Cythera identified several critical vulnerabilities in Kramer VIA GO devices, enabling unauthenticated attackers to execute remote code. These issues may extend to other Kramer devices as well.
Microsoft – Authenticated Account Takeover
A legitimate Microsoft session can be exploited to reset user passwords and disable MFA, enabling full account takeover. This highlights a significant authentication weakness within the Microsoft ecosystem.
Testimonials

Our customers

CIO
Government Agency
Cythera operates as an extension of our team. When we call there is an immediate response and the person that answers our call is the person that resolves our issue. Cythera understands our network, and more importantly, has taken the time to understand our business. We find it easy to work with Cythera. They are approachable, flexible and have taken the time to build deep relationships with our team. It is a partnership and friendship. Cythera’s personalised, highly specialised services makes all the difference. We would recommend Cythera to anyone in the industry looking for a managed services partner.
IT Manager
National Healthcare firm
Cythera understands our network, and more importantly, has taken the time to understand our business. They work closely with our team and provided a bespoke managed service spanning voice, data, network and security all designed specifically for our business. We would recommend Cythera to anyone in the industry looking for a managed services partner.
Healthcare
Service Development Manager
Government Agency
"Great service, clear, detailed and precise information on what our vulnerabilities were and what needs addressing. Couldn't have been easier to deal with and very professional."
Security Operations
Energy Sector
"Excellent customer engagement and a thorough understanding of our diverse requirements. Outstanding testing and communication throughout the testing phase."
What comes next

We have the tools to pinpoint risks

Whether it’s hidden vulnerabilities or patterns you might miss, we help you stay one step ahead and make confident, informed decisions. Understand how our services can help your business uncover critical risks

Talk to an expert
Employee Cyber Training & Awareness
Your people are your first line of defence. Our cyber training builds awareness sharpens instincts and turns everyday staff into assets.
Advisory
When clarity is critical and stakes are high, our advisory services deliver strategic, executive-level security expertise that empowers decision-making and resilient operations.