NAVAL GROUP
Company Details
Linkedin ID:
naval-group
Website:
Employees number:
11,935
Number of followers:
367,570
NAICS:
336414
Industry Type:
Homepage:
naval-group.com
IP Addresses:
0
Company ID:
NAV_2264815
Scan Status:
In-progress
NAVAL GROUP Company CyberSecurity Posture
naval-group.com
As an international naval defence player, Naval Group is a partner for countries seeking to maintain control of their maritime sovereignty. Naval Group develops innovative solutions to meet its customers’ requirements. The group is present throughout the entire life cycle of vessels. It designs, produces, equips, integrates, supports and upgrades submarines and surface ships, as well as their systems and equipment, right up to the final phases of deconstruction and dismantling. Naval Group’s unique know-how in autonomous systems, underwater weapons and drones place it in pole position to become European leader in the sector. As a high-tech company, it draws on its outstanding expertise, unique design and production resources and ability to establish strategic partnerships, in particular within the framework of transfers of technology. It also provides shipyard and naval base services. Ever mindful of the issues concerning corporate social responsibility (CSR), Naval Group is a signatory to the United Nations Global Compact. Located on five continents, the group generates revenue of 4.355 billion euros and has 16,722 employees (Full-Time Equivalent average annual workforce - figures as on 31 December 2024).
NAVAL GROUP A.I CyberSecurity Scoring
NAVAL GROUP Risk Score (AI oriented)Between 700 and 749
NAVAL GROUP
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
NAVAL GROUP Global Score (TPRM)XXXX
NAVAL GROUP
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
NAVAL GROUP Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
Naval Group
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: On July 26, 2025, Naval Group, France’s premier defense shipbuilder, experienced a severe cybersecurity breach resulting in the unauthorized leak of approximately **30 GB of sensitive internal data**, with attackers claiming possession of up to **1 TB more**. The exposed information reportedly includes **highly classified technical documents and combat system files** tied to critical French military assets, such as the **Suffren-class nuclear submarines** and **FREMM frigates**. While Naval Group asserted that no direct intrusion into its core IT infrastructure was confirmed and operational systems remained unaffected, the incident was classified as a **reputational attack** with potential long-term strategic risks. The breach has prompted a **full-scale investigation** in collaboration with French authorities to verify the authenticity of the leaked data and assess its broader implications for national security. The exposure of such sensitive defense-related intellectual property poses significant risks, including **espionage, competitive disadvantage, and erosion of trust** among international partners and clients. The incident underscores vulnerabilities in safeguarding **state-level military secrets**, raising concerns over future cyber threats targeting defense contractors.
Naval Group
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: Naval Group, a company specializing in defense naval construction, has reportedly been the target of a cyber attack. While the company claims there has been no detected intrusion or ransom demand, a hacker on the dark web claims to have stolen approximately 1 terabyte of data produced between 2019 and 2024 during an attack on July 23. This incident highlights a significant reputational risk for Naval Group.
DCNS
Cyber Attack
Rankiteo Explanation
Attack that could bring to a war
Description: In 2011, DCNS (a French submarine manufacturer) suffered a major cyber attack in India, orchestrated by an overseas actor targeting economic warfare. The breach resulted in the theft of **22,400 highly sensitive files**, including classified documents detailing the **stealth capabilities, magnetic, electromagnetic, and infrared signatures** of the **Scorpène-class submarines**. The stolen data exposed critical operational parameters—such as submarine speeds, noise levels, mast-raising speeds, and other proprietary technical specifications—effectively compromising the vessel’s tactical advantages.The leak had severe geopolitical and commercial repercussions, particularly for DCNS’s **A$50 billion ($38 billion) Barracuda-class submarine contract in Australia**, where competitors and foreign adversaries could exploit the exposed vulnerabilities. The incident eroded trust in DCNS’s cybersecurity measures, risking the company’s reputation, contractual negotiations, and long-term defense partnerships. The stolen intelligence also posed a direct threat to **national security**, as adversarial nations could counter or replicate the submarine’s capabilities, undermining its strategic value in naval warfare.
NAVAL GROUP Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for NAVAL GROUP
Incidents vs Defense and Space Manufacturing Industry Average (This Year)
NAVAL GROUP has 36.99% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
NAVAL GROUP has 29.87% more incidents than the average of all companies with at least one recorded incident.
Incident Types NAVAL GROUP vs Defense and Space Manufacturing Industry Avg (This Year)
NAVAL GROUP reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — NAVAL GROUP (X = Date, Y = Severity)
NAVAL GROUP cyber incidents detection timeline including parent company and subsidiaries
NAVAL GROUP Company Subsidiaries
As an international naval defence player, Naval Group is a partner for countries seeking to maintain control of their maritime sovereignty. Naval Group develops innovative solutions to meet its customers’ requirements. The group is present throughout the entire life cycle of vessels. It designs, produces, equips, integrates, supports and upgrades submarines and surface ships, as well as their systems and equipment, right up to the final phases of deconstruction and dismantling. Naval Group’s unique know-how in autonomous systems, underwater weapons and drones place it in pole position to become European leader in the sector. As a high-tech company, it draws on its outstanding expertise, unique design and production resources and ability to establish strategic partnerships, in particular within the framework of transfers of technology. It also provides shipyard and naval base services. Ever mindful of the issues concerning corporate social responsibility (CSR), Naval Group is a signatory to the United Nations Global Compact. Located on five continents, the group generates revenue of 4.355 billion euros and has 16,722 employees (Full-Time Equivalent average annual workforce - figures as on 31 December 2024).
Loading...
NAVAL GROUP Similar Companies
As a leading defence and security company, we offer solutions that range from the depths of the oceans to high in the sky, on land and in cyberspace, to keep people and society safe. Empowered by our 22,000 talented people, we constantly push the boundaries of technology to create a safer, more sus
Northrop Grumman
We are a close-knit community of big thinkers collaborating to keep the world safe. Our passion, creativity and expertise bring next-level technology solutions to life in autonomous systems, cyber, C4ISR, strike, space, and logistics and modernization for our customers around the globe. On the Nor
Aselsan
ASELSAN is a company of Turkish Armed Forces Foundation, established in 1975 in order to meet the communication needs of the Turkish Armed Forces by national means. Currently 74,20% of the shares are owned by the Foundation whereas the remaining 25,8% runs in İstanbul Borsa stock market. ASELSAN is
Sandia National Laboratories is the nation’s premier DOE science and engineering lab for national security and technology innovation. Our team of scientists, engineers, researchers, and business specialists apply their knowledge and skill toward delivering cutting-edge technology in an array of area
Indian Army
The Indian Army is the largest branch of the Indian Armed Forces and is responsible for land-based military operations. Its primary mission is the National Security and Defense of India from external aggression and threats, and maintaining peace and security within its borders. It also conducts huma
Leidos
Leidos is a Fortune 500® innovation company rapidly addressing the world’s most vexing challenges in national security and health. The company's global workforce of 48,000 collaborates to create smarter technology solutions for customers in heavily regulated industries. Headquartered in Reston, Virg
L3 Technologies
With headquarters in New York City and approximately 31,000 employees worldwide, L3 develops advanced defense technologies and commercial solutions in pilot training, aviation security, night vision and EO/IR, weapons, maritime systems and space. The company reported 2018 sales of $10.2 billion. To
Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion. The Group invests more than €4
General Atomics
The freedom to explore. The promise to deliver. General Atomics, based in San Diego, CA, develops advanced technology solutions for government and commercial applications. Privately owned and vertically integrated, we have the freedom to invest in the most innovative technologies, and the resource
.png)
NAVAL GROUP CyberSecurity News
November 18, 2025 02:26 PM
Naval Group signs contract for fourth Hellenic Navy FDI frigate
The GDDIA and France's Naval Group have a contract for construction of a fourth defence and intervention frigate (FDI) for the Hellenic...
November 17, 2025 08:00 AM
Thales, France's technological giant in defence, aerospace and cybersecurity
The industrial corporation is involved in major civil and military land, naval, air, space and cyber programmes worldwide.
November 11, 2025 10:52 AM
Naval Group and LASIGE Sign Agreement on Collaboration in R&D
Naval Group and the Portuguese research unit LASIGE from the faculty of sciences of Lisbon's University have signed a partnership cooperation agreement to...
September 17, 2025 07:00 AM
Gregory Wilson’s Journey from Navy Kitchen to Cybersecurity Frontier
Gregory Wilson '24 (M.S. '25) came to Old Dominion University to study cybersecurity after deciding to leave the culinary field.
September 17, 2025 07:00 AM
From M&S to Microsoft: lessons from the biggest cyber-attacks of H1 2025
Cyber-attacks are escalating in scale and cost for companies, making cybersecurity non-negotiable. Lexology PRO examines the most...
September 03, 2025 07:00 AM
Latest threats: China, US, Russia and France
Our round-up of the latest at-a-glance news from across the globe in cybersecurity breaches. CHINA. Microsoft has confirmed that three...
August 29, 2025 07:00 AM
Navy’s top cybersecurity official abruptly leaves
The Navy's chief information officer announced her sudden retirement on Aug. 22, the same day two other senior Navy officials were fired.
August 11, 2025 07:00 AM
RINA unveils Maritime Cybersecurity Task Force
Maritime cybersecurity has a definition problem: few of us try to define what maritime cybersecurity actually means, writes Dinos...
August 06, 2025 07:00 AM
Classified and compromised: why defence companies must act now
Defence companies are high-value targets for cybercriminals. With national security at stake, implementing strong access controls and...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
NAVAL GROUP CyberSecurity History Information
Official Website of NAVAL GROUP
The official website of NAVAL GROUP is http://www.naval-group.com.
NAVAL GROUP’s AI-Generated Cybersecurity Score
According to Rankiteo, NAVAL GROUP’s AI-generated cybersecurity score is 731, reflecting their Moderate security posture.
How many security badges does NAVAL GROUP’ have ?
According to Rankiteo, NAVAL GROUP currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does NAVAL GROUP have SOC 2 Type 1 certification ?
According to Rankiteo, NAVAL GROUP is not certified under SOC 2 Type 1.
Does NAVAL GROUP have SOC 2 Type 2 certification ?
According to Rankiteo, NAVAL GROUP does not hold a SOC 2 Type 2 certification.
Does NAVAL GROUP comply with GDPR ?
According to Rankiteo, NAVAL GROUP is not listed as GDPR compliant.
Does NAVAL GROUP have PCI DSS certification ?
According to Rankiteo, NAVAL GROUP does not currently maintain PCI DSS compliance.
Does NAVAL GROUP comply with HIPAA ?
According to Rankiteo, NAVAL GROUP is not compliant with HIPAA regulations.
Does NAVAL GROUP have ISO 27001 certification ?
According to Rankiteo,NAVAL GROUP is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of NAVAL GROUP
NAVAL GROUP operates primarily in the Defense and Space Manufacturing industry.
Number of Employees at NAVAL GROUP
NAVAL GROUP employs approximately 11,935 people worldwide.
Subsidiaries Owned by NAVAL GROUP
NAVAL GROUP presently has no subsidiaries across any sectors.
NAVAL GROUP’s LinkedIn Followers
NAVAL GROUP’s official LinkedIn profile has approximately 367,570 followers.
NAICS Classification of NAVAL GROUP
NAVAL GROUP is classified under the NAICS code 336414, which corresponds to Guided Missile and Space Vehicle Manufacturing.
NAVAL GROUP’s Presence on Crunchbase
No, NAVAL GROUP does not have a profile on Crunchbase.
NAVAL GROUP’s Presence on LinkedIn
Yes, NAVAL GROUP maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/naval-group.
Cybersecurity Incidents Involving NAVAL GROUP
As of December 11, 2025, Rankiteo reports that NAVAL GROUP has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
NAVAL GROUP has an estimated 2,330 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at NAVAL GROUP ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
How does NAVAL GROUP detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with french authorities, and and communication strategy with public statement (denial of it intrusion, operational systems unaffected)..
Incident Details
Can you provide details on each incident ?
Title: Naval Group Reputational Attack
Description: Naval Group, a defense naval construction company, claims to be the target of a reputational attack characterized by the claim of a cyber-malicious act. A hacker on the dark web claims to have stolen nearly 1 terabyte of data produced between 2019 and 2024 during an attack on July 23.
Date Detected: 2023-07-23
Type: Data Breach
Threat Actor: Unknown Hacker
Motivation: Reputational Damage
Title: DCNS (Naval Group) Cyber Espionage Incident (2011)
Description: In 2011, the French submarine company DCNS (now Naval Group) was targeted by a hacking attack in India, attributed to an overseas actor conducting economic warfare. The breach resulted in the theft of 22,400 files, including highly sensitive documents detailing the stealth capabilities, magnetic, electromagnetic, and infrared data of the Scorpène-class submarines. The leaked data exposed critical operational details such as submarine speeds, noise levels, mast operation speeds, and other classified specifications. The incident raised concerns about the security of DCNS’s A$50 billion ($38 billion) Barracuda next-generation submarine project in Australia, where the company was in exclusive contract negotiations.
Date Publicly Disclosed: 2016
Type: cyber espionage
Attack Vector: network intrusiontargeted hacking
Threat Actor: overseas actorstate-sponsored (suspected)
Motivation: economic warfarecompetitive intelligencemilitary espionage
Title: Naval Group Data Leak (July 2025)
Description: In July 26, 2025, Naval Group, France’s leading defense shipbuilder, suffered a major cybersecurity incident involving the leak of approximately 30 GB of internal data, with claims from the attackers that they possess up to 1 TB more. The exposed information allegedly includes technical documents and combat system files used in French submarines and warships, such as the Suffren-class nuclear submarines and FREMM frigates. While Naval Group stated that no intrusion into its IT infrastructure has been confirmed and operational systems remain unaffected, the breach is being treated as a reputational attack.
Date Detected: 2025-07-26
Date Publicly Disclosed: 2025-07-26
Type: data breach
Motivation: reputational damagepotential espionage
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach NAV545072725
Data Compromised: Nearly 1 terabyte of data produced between 2019 and 2024
Brand Reputation Impact: Significant
Incident : cyber espionage NAV817092125
Data Compromised: 22,400 files, Scorpène-class submarine specifications (stealth, magnetic, electromagnetic, infrared data), Operational details (speeds, noise levels, mast operation)
Operational Impact: compromised submarine project securitydoubt cast on A$50 billion Barracuda contract in Australia
Brand Reputation Impact: loss of trust in DCNS/Naval Group's cybersecuritypotential contract risks
Incident : data breach NAV403092125
Data Compromised: Technical documents, Combat system files (submarines and warships)
Operational Impact: none (operational systems reportedly unaffected)
Brand Reputation Impact: high (reputational attack)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Military Secrets, Submarine Technical Specifications, Stealth Capabilities, Electromagnetic Data, Infrared Data, Operational Manuals, , Technical Documents, Combat System Files and .
Which entities were affected by each incident ?
Incident : Data Breach NAV545072725
Entity Name: Naval Group
Entity Type: Defense Naval Construction Company
Industry: Defense
Incident : cyber espionage NAV817092125
Entity Name: DCNS (now Naval Group)
Entity Type: defense contractor
Industry: defense, shipbuilding, submarine manufacturing
Location: FranceIndia (incident context)
Customers Affected: Indian Navy (Scorpène-class submarines), Australian Department of Defence (potential Barracuda contract)
Incident : data breach NAV403092125
Entity Name: Naval Group
Entity Type: defense contractor
Industry: defense/aerospace
Location: France
Response to the Incidents
What measures were taken in response to each incident ?
Incident : data breach NAV403092125
Incident Response Plan Activated: True
Third Party Assistance: French Authorities.
Communication Strategy: public statement (denial of IT intrusion, operational systems unaffected)
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through French authorities, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach NAV545072725
Data Exfiltration: Nearly 1 terabyte of data
Incident : cyber espionage NAV817092125
Type of Data Compromised: Military secrets, Submarine technical specifications, Stealth capabilities, Electromagnetic data, Infrared data, Operational manuals
Number of Records Exposed: 22,400 files
Sensitivity of Data: top secret (military/defense)
File Types Exposed: technical documentsdesign specificationsoperational manuals
Incident : data breach NAV403092125
Type of Data Compromised: Technical documents, Combat system files
Sensitivity of Data: high (military/defense-related)
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : cyber espionage NAV817092125
Data Exfiltration: True
Incident : data breach NAV403092125
Data Exfiltration: True
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : data breach NAV403092125
Regulatory Notifications: French authorities
References
Where can I find more information about each incident ?
Incident : cyber espionage NAV817092125
Source: The Australian (2016)
Incident : cyber espionage NAV817092125
Source: BBC News
Incident : data breach NAV403092125
Source: (Hypothetical) Cybersecurity News Report
Date Accessed: 2025-07-26
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: The Australian (2016)Url: https://www.theaustralian.com.au/nation/defence/leaked-dcns-documents-reveal-secrets-of-indias-scorpene-submarines/news-story/5e2a3e3e8b1b2f6e1d4c8e7a9f3b2d1e, and Source: BBC NewsUrl: https://www.bbc.com/news/world-asia-37193094, and Source: (Hypothetical) Cybersecurity News ReportDate Accessed: 2025-07-26.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : data breach NAV403092125
Investigation Status: ongoing (authenticity and impact assessment)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through public statement (denial of IT intrusion and operational systems unaffected).
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : cyber espionage NAV817092125
High Value Targets: Scorpène-Class Submarine Data, Barracuda Project Intelligence,
Data Sold on Dark Web: Scorpène-Class Submarine Data, Barracuda Project Intelligence,
Incident : data breach NAV403092125
High Value Targets: Submarine Combat Systems, Warship Technical Data,
Data Sold on Dark Web: Submarine Combat Systems, Warship Technical Data,
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as French Authorities, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Unknown Hacker and overseas actorstate-sponsored (suspected).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-07-23.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-07-26.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Nearly 1 terabyte of data produced between 2019 and 2024, , 22,400 files, Scorpène-class submarine specifications (stealth, magnetic, electromagnetic, infrared data), operational details (speeds, noise levels, mast operation), , technical documents, combat system files (submarines and warships) and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was french authorities, .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Scorpène-class submarine specifications (stealth, magnetic, electromagnetic, infrared data), technical documents, operational details (speeds, noise levels, mast operation), 22,400 files, Nearly 1 terabyte of data produced between 2019 and 2024 and combat system files (submarines and warships).
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 22.4K.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are BBC News, (Hypothetical) Cybersecurity News Report and The Australian (2016).
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.theaustralian.com.au/nation/defence/leaked-dcns-documents-reveal-secrets-of-indias-scorpene-submarines/news-story/5e2a3e3e8b1b2f6e1d4c8e7a9f3b2d1e, https://www.bbc.com/news/world-asia-37193094 .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is ongoing (authenticity and impact assessment).
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=naval-group' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
