SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 25ISSUE 10
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Microsoft Patch Tuesday: March 2025
Published: 2025-03-11
Last Updated: 2025-03-11 17:52:02 UTC
by Johannes Ullrich (Version: 1)
The March patch Tuesday looks like a fairly light affair, with only 51 vulnerabilities total and only six rated as critical. However, this patch Tuesday also includes six patches for already exploited, aka "0-Day" vulnerabilities. None of the already exploited vulnerabilities are rated as critical.
Today's most interesting vulnerability is a not-yet exploited critical vulnerability (CVE-2025-24064) that affects the Windows Domain Name Service. A remote code attacker would exploit this vulnerability by sending a "perfectly timed" dynamic DNS update message. Many Windows DNS servers support dynamic updates, making assigning hostnames to internal IP addresses easier. It is unclear if the server is exploitable if dynamic updates are disabled.
Three of the exploited vulnerabilities affect the NTFS file system. One may lead to remote code execution. The other two are considered privilege escalation vulnerabilities. The remote code execution vulnerability, CVE-2025-24993, is due to a heap-based buffer overflow. Typically, these types of vulnerabilities are exploited when mounting a corrupt file system.
CVE-2025-24985 is related to the Windows Fast FAT File System Driver. Again a heap-based buffer overflow, or "Integer Overflow/Wraparound", the vulnerability allows for remote code execution. The attacker may be remote for both the NTFS and FAT issues, but the attacker will likely upload the corrupt VHD disk image to the victim and mount it locally. Of course, the attacker may just provide the VHD file and trick the victim into mounting it locally.
The two remaining already exploited vulnerabilities affect a security feature bypass in the Microsoft Management Console and a privilege elevation vulnerability in the Win32 kernel subsystem.
Three of the critical vulnerabilities affect the Windows Remote Desktop Services. Systems are vulnerable if they act as a remote gateway. This is important because gateways are likelier to be exposed to the internet. However, the attacker will also have to win an unspecified race condition, often resulting in less reliable exploits.
The remaining critical vulnerabilities affect Microsoft Office and the Windows subsytem for Linux ...
Read the full entry: https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+March+2025/31756/
Apple Fixes Exploited WebKit Vulnerability in iOS, MacOS, visionOS and Safari
Published: 2025-03-11
Last Updated: 2025-03-11 19:22:10 UTC
by Johannes Ullrich (Version: 1)
Today, Apple released a critical update to fix a single, already exploited, WebKit vulnerability. The patch was released for current versions of iOS, macOS, and visionOS. A standalone update for Safari was also made available, which will help address this issue in macOS 13 and 14 (Ventura, Sonoma).
Apple states that this vulnerability may be used to break out of the Web Content sandbox. The attack was initially addressed in iOS 17.2, but this additional fix is "supplementary." The vulnerability was used in targeted attacks against iOS before 17.2.
Read the full entry: https://isc.sans.edu/diary/Apple+Fixes+Exploited+WebKit+Vulnerability+in+iOS+MacOS+visionOS+and+Safari/31758/
Shellcode Encoded in UUIDs
Published: 2025-03-10
Last Updated: 2025-03-10 08:23:57 UTC
by Xavier Mertens (Version: 1)
I returned from another FOR610 class last week in London. One key tip I give to my students is to keep an eye on "strange" API calls. In the Windows ecosystem, Microsoft offers tons of API calls to developers. The fact that an API is used in a program does not always mean we are facing malicious code, but sometimes, some of them are derived from their official purpose. One of my hunting rules for malicious scripts is to search for occurrences of the ctypes library. It allows Python to call functions in DLLs or shared libraries ...
I spotted a malicious Python script that uses the following API call: UuidFromStringA(). This function converts a UUID string to its binary format.
A UUID (Universally Unique Identifier) is a 128-bit value commonly used in software systems to provide a practically guaranteed unique reference. It is represented as a string of hexadecimal digits often divided into five groups. Because of their structure and generation process (timestamp-based or random), UUIDs have an extremely low chance of collision, making them ideal for identifying objects or records across distributed systems where a central authority to track uniqueness may not exist.
The Python script I found contained an array of UUIDs that, once decoded in raw bytes, was injected in memory as a shellcode ...
Read the full entry: https://isc.sans.edu/diary/Shellcode+Encoded+in+UUIDs/31752/
Internet Storm Center Entries
Commonly Probed Webshell URLs (2025.03.09)
https://isc.sans.edu/diary/Commonly+Probed+Webshell+URLs/31748/
DShield Traffic Analysis using ELK (2025.03.06)
https://isc.sans.edu/diary/DShield+Traffic+Analysis+using+ELK/31742/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2025-22224 - VMware ESXi and Workstation are vulnerable to a TOCTOU issue that allows a local admin on a virtual machine to execute code on the host.
Product: VMware ESXi
CVSS Score: 9.3
** KEV since 2025-03-04 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22224
NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
CVE-2025-22225 - VMware ESXi is vulnerable to an arbitrary write exploit that could allow a malicious actor to escape the sandbox.
Product: VMware ESXi
CVSS Score: 8.2
** KEV since 2025-03-04 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22225
NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
CVE-2025-22226 - VMware ESXi, Workstation, and Fusion are vulnerable to an information disclosure flaw in HGFS, allowing an attacker with admin privileges to extract memory from the vmx process.
Product: VMware ESXi
CVSS Score: 7.1
** KEV since 2025-03-04 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22226
NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
CVE-2025-24985 - Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
Product: Microsoft Windows Fast FAT Driver
CVSS Score: 7.8
** KEV since 2025-03-11 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24985
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24985
CVE-2025-24993 - Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
Product: Microsoft Windows NTFS
CVSS Score: 7.8
** KEV since 2025-03-11 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24993
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24993
CVE-2025-1723 - Zohocorp ManageEngine ADSelfService Plus versions 6510 and below allows valid account holders to potentially exploit a session mishandling vulnerability for account takeover.
Product: Zohocorp ManageEngine ADSelfService Plus
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1723
ISC Podcast: https://isc.sans.edu/podcastdetail/9350
CVE-2025-24983 - Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows Win32 Kernel Subsystem
CVSS Score: 7.0
** KEV since 2025-03-11 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24983
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983
CVE-2025-26633 - Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
Product: Microsoft Management Console
CVSS Score: 7.0
** KEV since 2025-03-11 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26633
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26633
CVE-2025-24984 - Windows NTFS allows unauthorized attackers to disclose sensitive information through log file insertion via physical attack.
Product: Microsoft Windows NTFS
CVSS Score: 4.6
** KEV since 2025-03-11 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24984
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24984
CVE-2025-24991 - Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
Product: Microsoft Windows NTFS
CVSS Score: 5.5
** KEV since 2025-03-11 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24991
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24991
CVE-2024-12297 - MoxaÕs Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, is vulnerable to an authentication bypass due to flaws in its authorization mechanism, allowing attackers to potentially compromise the device's security through brute-force attacks.
Product: Moxa EDS-508A Series
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12297
ISC Podcast: https://isc.sans.edu/podcastdetail/9358
CVE-2025-1932 - Firefox and Thunderbird versions below 136/128.8 are vulnerable to potentially exploitable out-of-bounds access due to an inconsistent comparator in xslt/txNodeSorter after version 122.
Product: Mozilla Firefox and Thunderbird
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1932
NVD References:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1944313
- https://www.mozilla.org/security/advisories/mfsa2025-14/
- https://www.mozilla.org/security/advisories/mfsa2025-16/
CVE-2025-1941 - Firefox < 136 allows for potential bypass of authentication in certain user opt-in settings for Focus.
Product: Mozilla Firefox
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1941
NVD References:
CVE-2024-50704, CVE-2024-50706, CVE-2024-50707 - Uniguest Tripleplay before 24.2.1 is vulnerable to unauthenticated SQL injection and remote code execution
Product: Uniguest TripleplayCVSS Scores: 9.8 - 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50704NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50706NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50707NVD References:- https://uniguest.com/cve-bulletins/- https://uniguest.com/wp-content/uploads/2025/02/CVE-2024-50704-Vulnerability-Summary.pdf- https://uniguest.com/wp-content/uploads/2025/02/CVE-2024-50706-Vulnerability-Summary.pdf- https://uniguest.com/wp-content/uploads/2025/02/CVE-2024-50707-Vulnerability-Summary.pdfCVE-2025-27507 - ZITADEL's Admin API in versions prior to 2.71.0 contains IDOR vulnerabilities that could allow unauthorized users to modify sensitive settings, particularly affecting LDAP configurations.Product: ZITADELCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27507NVD References:- https://github.com/zitadel/zitadel/commit/d9d8339813f1c43d3eb7d8d80f11fdabb2fd2ee4- https://github.com/zitadel/zitadel/security/advisories/GHSA-f3gh-529w-v32xCVE-2025-1260 - Arista EOS with OpenConfig configured allows for unauthorized gNOI requests, potentially leading to unexpected switch configuration changes.Product: Arista Networks Arista EOSCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1260NVD References: https://www.arista.com/en/support/advisories-notices/security-advisory/21098-security-advisory-0111CVE-2025-26136 - A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.Product: mysiteformeCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26136NVD References: https://gist.github.com/xiadmin6/6d664692d31a04eb59096a488b9f3712CVE-2025-26318 - TSplus Remote Access v17.30 has insecure permissions that let attackers access a list of all connected domain accounts.Product: TSplus Remote AccessCVSS Score: 9.4NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26318NVD References:- https://github.com/Frozenka/CVE-2025-26318- https://github.com/Frozenka/CVE-2025-26318CVE-2025-26319 - FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.Product: FlowiseAI FlowiseCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26319NVD References:- https://github.com/dorattias/CVE-2025-26319- https://github.com/dorattias/CVE-2025-26319CVE-2025-1316 - Edimax IC-7100 is vulnerable to remote code execution due to improper request neutralization.Product: Edimax IC-7100CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1316NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08CVE-2025-23410 - GMOD Apollo does not check for path traversal when unzipping and inspecting organism or sequence data.Product: GMOD ApolloCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23410NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07CVE-2025-24924 - Certain functionality within GMOD Apollo does not require authentication when passed with an administrative usernameProduct: GMOD ApolloCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24924NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07CVE-2025-27638, CVE-2025-27640 through CVE-2025-27643, CVE-2025-27645 through CVE-2025-27652, CVE-2025-27655 through CVE-2025-27659, CVE-2025-27661, CVE-2025-27662, CVE-2025-27663, CVE-2025-27665 through CVE-2025-27668, CVE-2025-27670 through CVE-2025-27675, CVE-2025-27677, CVE-2025-27678, CVE-2025-27680, CVE-2025-27681, CVE-2025-27682 - Multiple vulnerabilities in Vasion Print (formerly PrinterLogic) before Virtual Appliance HostProduct: Vasion Print Virtual Appliance HostCVSS Scores: 9.1 - 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27638NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27640NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27641NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27642NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27643NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27645NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27646NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27647NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27648NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27649NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27650NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27651NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27652NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27655NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27656NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27657NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27658NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27659NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27661NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27662NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27663NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27665NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27666NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27667NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27668NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2767…
CVE-2024-50707 - Vulnerability-Summary.pdf
CVE-2025-27507 - ZITADEL's Admin API in versions prior to 2.71.0 contains IDOR vulnerabilities that could allow unauthorized users to modify sensitive settings, particularly affecting LDAP configurations.
Product: ZITADEL
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27507
NVD References:
- https://github.com/zitadel/zitadel/commit/d9d8339813f1c43d3eb7d8d80f11fdabb2fd2ee4
- https://github.com/zitadel/zitadel/security/advisories/GHSA-f3gh-529w-v32x
CVE-2025-1260 - Arista EOS with OpenConfig configured allows for unauthorized gNOI requests, potentially leading to unexpected switch configuration changes.
Product: Arista Networks Arista EOS
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1260
NVD References: https://www.arista.com/en/support/advisories-notices/security-advisory/21098-security-advisory-0111
CVE-2025-26136 - A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.
Product: mysiteforme
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26136
NVD References: https://gist.github.com/xiadmin6/6d664692d31a04eb59096a488b9f3712
CVE-2025-26318 - TSplus Remote Access v17.30 has insecure permissions that let attackers access a list of all connected domain accounts.
Product: TSplus Remote AccessCVSS Score: 9.4NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26318NVD References:- https://github.com/Frozenka/CVE-2025-26318- https://github.com/Frozenka/CVE-2025-26318CVE-2025-26319 - FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.Product: FlowiseAI FlowiseCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26319NVD References:- https://github.com/dorattias/CVE-2025-26319- https://github.com/dorattias/CVE-2025-26319CVE-2025-1316 - Edimax IC-7100 is vulnerable to remote code execution due to improper request neutralization.Product: Edimax IC-7100CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1316NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08CVE-2025-23410 - GMOD Apollo does not check for path traversal when unzipping and inspecting organism or sequence data.Product: GMOD ApolloCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23410NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07CVE-2025-24924 - Certain functionality within GMOD Apollo does not require authentication when passed with an administrative usernameProduct: GMOD ApolloCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24924NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07CVE-2025-27638, CVE-2025-27640 through CVE-2025-27643, CVE-2025-27645 through CVE-2025-27652, CVE-2025-27655 through CVE-2025-27659, CVE-2025-27661, CVE-2025-27662, CVE-2025-27663, CVE-2025-27665 through CVE-2025-27668, CVE-2025-27670 through CVE-2025-27675, CVE-2025-27677, CVE-2025-27678, CVE-2025-27680, CVE-2025-27681, CVE-2025-27682 - Multiple vulnerabilities in Vasion Print (formerly PrinterLogic) before Virtual Appliance HostProduct: Vasion Print Virtual Appliance HostCVSS Scores: 9.1 - 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27638NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27640NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27641NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27642NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27643NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27645NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27646NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27647NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27648NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27649NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27650NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27651NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27652NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27655NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27656NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27657NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27658NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27659NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27661NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27662NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27663NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27665NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27666NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27667NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27668NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27670NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27671NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27672NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27673NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27674NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27675NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27677NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27678NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27680NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27681NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27682NVD References: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htmCVE-2025-1393 - An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.Product: D-Link DIR-850L Wireless AC1200 Dual-Band Gigabit Cloud RouterCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1393NVD References: https://certvde.com/en/advisories/VDE-2025-021CVE-2025-25015 - Kibana is vulnerable to prototype pollution, allowing arbitrary code execution through crafted file uploads and HTTP requests, with differing exploitability based on user roles in various versions.Product: Elastic KibanaCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25015NVD References: https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/375441CVE-2024-12097 - Boceksoft Informatics E-Travel is vulnerable to SQL Injection before 15.12.2024.Product: Boceksoft E-TravelCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12097NVD References: https://www.usom.gov.tr/bildirim/tr-25-0053CVE-2024-13147 - Merkur Software B2B Login Panel before 15.01.2025 is vulnerable to SQL Injection.Product: Merkur Software B2B Login PanelCVSS Score: 9.8NVD: https:…
CVE-2025-26319 - FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.
Product: FlowiseAI FlowiseCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26319NVD References:- https://github.com/dorattias/CVE-2025-26319- https://github.com/dorattias/CVE-2025-26319CVE-2025-1316 - Edimax IC-7100 is vulnerable to remote code execution due to improper request neutralization.Product: Edimax IC-7100CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1316NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08CVE-2025-23410 - GMOD Apollo does not check for path traversal when unzipping and inspecting organism or sequence data.Product: GMOD ApolloCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23410NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07CVE-2025-24924 - Certain functionality within GMOD Apollo does not require authentication when passed with an administrative usernameProduct: GMOD ApolloCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24924NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07CVE-2025-27638, CVE-2025-27640 through CVE-2025-27643, CVE-2025-27645 through CVE-2025-27652, CVE-2025-27655 through CVE-2025-27659, CVE-2025-27661, CVE-2025-27662, CVE-2025-27663, CVE-2025-27665 through CVE-2025-27668, CVE-2025-27670 through CVE-2025-27675, CVE-2025-27677, CVE-2025-27678, CVE-2025-27680, CVE-2025-27681, CVE-2025-27682 - Multiple vulnerabilities in Vasion Print (formerly PrinterLogic) before Virtual Appliance HostProduct: Vasion Print Virtual Appliance HostCVSS Scores: 9.1 - 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27638NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27640NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27641NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27642NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27643NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27645NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27646NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27647NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27648NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27649NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27650NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27651NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27652NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27655NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27656NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27657NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27658NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27659NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27661NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27662NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27663NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27665NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27666NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27667NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27668NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27670NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27671NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27672NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27673NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27674NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27675NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27677NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27678NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27680NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27681NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27682NVD References: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htmCVE-2025-1393 - An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.Product: D-Link DIR-850L Wireless AC1200 Dual-Band Gigabit Cloud RouterCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1393NVD References: https://certvde.com/en/advisories/VDE-2025-021CVE-2025-25015 - Kibana is vulnerable to prototype pollution, allowing arbitrary code execution through crafted file uploads and HTTP requests, with differing exploitability based on user roles in various versions.Product: Elastic KibanaCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25015NVD References: https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/375441CVE-2024-12097 - Boceksoft Informatics E-Travel is vulnerable to SQL Injection before 15.12.2024.Product: Boceksoft E-TravelCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12097NVD References: https://www.usom.gov.tr/bildirim/tr-25-0053CVE-2024-13147 - Merkur Software B2B Login Panel before 15.01.2025 is vulnerable to SQL Injection.Product: Merkur Software B2B Login PanelCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13147NVD References: https://www.usom.gov.tr/bildirim/tr-25-0054CVE-2023-38693 - Lucee Server is vulnerable to RCE via an XML XXE attack, fixed in versions 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173.Product: Lucee ServerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-…
CVE-2025-1316 - Edimax IC-7100 is vulnerable to remote code execution due to improper request neutralization.
Product: Edimax IC-7100
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1316
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08
CVE-2025-23410 - GMOD Apollo does not check for path traversal when unzipping and inspecting organism or sequence data.
Product: GMOD Apollo
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23410
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07
CVE-2025-24924 - Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username
Product: GMOD Apollo
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24924
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07
CVE-2025-27638, CVE-2025-27640 through CVE-2025-27643, CVE-2025-27645 through CVE-2025-27652, CVE-2025-27655 through CVE-2025-27659, CVE-2025-27661, CVE-2025-27662, CVE-2025-27663, CVE-2025-27665 through CVE-2025-27668, CVE-2025-27670 through CVE-2025-27675, CVE-2025-27677, CVE-2025-27678, CVE-2025-27680, CVE-2025-27681, CVE-2025-27682 - Multiple vulnerabilities in Vasion Print (formerly PrinterLogic) before Virtual Appliance Host
Product: Vasion Print Virtual Appliance Host
CVSS Scores: 9.1 - 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27638
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27640
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27641
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27642
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27643
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27645
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27646
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27647
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27648
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27649
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27650
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27651
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27652
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27655
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27656
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27657
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27658
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27659
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27661
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27662
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27663
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27665
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27666
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27667
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27668
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27670
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27671
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27672
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27673
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27674
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27675
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27677
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27678
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27680
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27681
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27682
NVD References: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
CVE-2025-1393 - An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.
Product: D-Link DIR-850L Wireless AC1200 Dual-Band Gigabit Cloud Router
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1393
NVD References: https://certvde.com/en/advisories/VDE-2025-021
CVE-2025-25015 - Kibana is vulnerable to prototype pollution, allowing arbitrary code execution through crafted file uploads and HTTP requests, with differing exploitability based on user roles in various versions.
Product: Elastic Kibana
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25015
NVD References: https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/375441
CVE-2024-12097 - Boceksoft Informatics E-Travel is vulnerable to SQL Injection before 15.12.2024.
Product: Boceksoft E-Travel
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12097
NVD References: https://www.usom.gov.tr/bildirim/tr-25-0053
CVE-2024-13147 - Merkur Software B2B Login Panel before 15.01.2025 is vulnerable to SQL Injection.
Product: Merkur Software B2B Login Panel
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13147
NVD References: https://www.usom.gov.tr/bildirim/tr-25-0054
CVE-2023-38693 - Lucee Server is vulnerable to RCE via an XML XXE attack, fixed in versions 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173.
Product: Lucee Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38693
NVD References: https://github.com/lucee/Lucee/security/advisories/GHSA-vwjx-mmwm-pwrf
CVE-2025-25362 - Spacy-LLM v0.7.2 is vulnerable to SSTI, enabling attackers to execute malicious code by injecting a specially-crafted payload into the template field.
Product: Spacy-LLM
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25362
NVD References: https://github.com/explosion/spacy-llm/issues/492
CVE-2025-25632 - Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet.
Product: Tenda AC15
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25632
NVD References: https://github.com/Pr0b1em/IoT/blob/master/TendaAC15v15.03.05.19telnet.md
CVE-2024-12144 - Finder Fire Safety Finder ERP/CRM (Old System) allows SQL Injection before 18.12.2024.
Product: Finder Fire Safety Finder ERP/CRM
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12144
NVD References: https://www.usom.gov.tr/bildirim/tr-25-0060
CVE-2025-25361 - PublicCMS v4.0.202406 is vulnerable to arbitrary file uploads in the component /cms/CmsWebFileAdminController.java, enabling attackers to execute arbitrary code by uploading a crafted svg or xml file.
Product: PublicCMS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25361
NVD References:
- https://github.com/c0rdXy/POC/blob/master/CVE/PublicCMS/XSS_02/XSS_02.md
- https://github.com/c0rdXy/POC/blob/master/CVE/PublicCMS/XSS_02/XSS_02.md
CVE-2025-25763 - crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead() in /system/SystemDatabackupServices.php
Product: CRMEB-KYCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25763NVD References:- https://github.com/J-0k3r/CVE-2025-25763- https://github.com/J-0k3r/sql/blob/main/sql.pdfCVE-2025-27816 - Arctera InfoScale versions 7.0 through 8.0.2 are vulnerable to .NET remoting endpoint exploitation through insecure deserialization, specifically in the Windows Plugin_Host service.Product: Arctera InfoScaleCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27816NVD References: https://www.veritas.com/content/support/en_US/security/ARC25-002CVE-2025-27603 - XWiki Confluence Migrator Pro allows arbitrary code execution by users without programming rights when creating a page using the Migration Page template, fixed in 1.2.0.Product: XWiki Confluence Migrator ProCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27603NVD References:- https://github.com/xwikisas/application-confluence-migrator-pro/commit/36cef2271bd429773698ca3a21e47b6d51d6377d- https://github.com/xwikisas/application-confluence-migrator-pro/security/advisories/GHSA-6qvp-39mm-95v8- https://github.com/xwikisas/application-confluence-migrator-pro/security/advisories/GHSA-6qvp-39mm-95v8CVE-2024-42733 - Docmosis Tornado v.2.9.7 and earlier versions are susceptible to remote code execution via a maliciously crafted script.Product: Docmosis TornadoCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42733NVD References:- https://github.com/Docmosis/tornado-docker/issues/14- https://github.com/Marsman1996/pocs/blob/master/redox/CVE-2024-57492/README.mdCVE-2025-25306 - Misskey does not sufficiently validate the relation between the `id` and `url` fields of ActivityPub objects, allowing attackers to forge authority in the `url` field.Product: MisskeyCVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25306NVD References:- https://github.com/misskey-dev/misskey/releases/tag/2025.2.1- https://github.com/misskey-dev/misskey/security/advisories/GHSA-6w2c-vf6f-xf26CVE-2024-56336 - SINAMICS S200 is vulnerable to injection of malicious code or installation of untrusted firmware due to an unlocked bootloader.Product: Siemens SINAMICS S200CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56336NVD References: https://cert-portal.siemens.com/productcert/html/ssa-787280.htmlCVE-2025-27494 - SiPass integrated AC5102 (ACC-G2) and SiPass integrated ACC-AP devices < V6.4.9 have a vulnerability that could allow a remote administrator to escalate privileges by injecting arbitrary commands.Product: Siemens SiPass integrated AC5102CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27494NVD References: https://cert-portal.siemens.com/productcert/html/ssa-515903.htmlCVE-2024-9157 - Synaptics audio drivers include an unsupported privilege escalation vulnerability that allows a local attacker to load a DLL in a privileged process.Product: Synaptics audio driversCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9157ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://www.synaptics.com/sites/default/files/2025-03/audio-driver-security-brief-2025-03-11.pdfCVE-2025-24064 - Use after free in DNS Server allows an unauthorized attacker to execute code over a network.Product: Microsoft DNS ServerCVSS Score: 8.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24064ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24064CVE-2025-26701 - Percona PMM Server (OVA) before version 3.0.0-1.ova allows default service account credentials to potentially lead to SSH access, use of Sudo to root, and sensitive data exposure, fixed in later versions.Product: Percona PMM ServerCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26701NVD References: https://www.percona.com/blog/security-advisory-cve-affecting-percona-monitoring-and-management-pmm/CVE-2025-21180 - Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.Product: Microsoft Windows exFAT File SystemCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21180ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21180CVE-2025-24035 & CVE-2025-24045 - Windows Remote Desktop Services allows unauthorized code execution through vulnerable memory storage.Product: Microsoft Windows Remote Desktop ServicesCVSS Score: 8.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24035NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24045ISC Diary: https://isc.sans.edu/diary/31756NVD References:- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24035- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24045CVE-2025-24043 - Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.Product: Microsoft .NETCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24043ISC Diary: …
CVE-2025-27816 - Arctera InfoScale versions 7.0 through 8.0.2 are vulnerable to .NET remoting endpoint exploitation through insecure deserialization, specifically in the Windows Plugin_Host service.
Product: Arctera InfoScale
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27816
NVD References: https://www.veritas.com/content/support/en_US/security/ARC25-002
CVE-2025-27603 - XWiki Confluence Migrator Pro allows arbitrary code execution by users without programming rights when creating a page using the Migration Page template, fixed in 1.2.0.
Product: XWiki Confluence Migrator Pro
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27603
NVD References:
CVE-2024-42733 - Docmosis Tornado v.2.9.7 and earlier versions are susceptible to remote code execution via a maliciously crafted script.
Product: Docmosis Tornado
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42733
NVD References:
- https://github.com/Docmosis/tornado-docker/issues/14
- https://github.com/Marsman1996/pocs/blob/master/redox/CVE-2024-57492/README.md
CVE-2025-25306 - Misskey does not sufficiently validate the relation between the `id` and `url` fields of ActivityPub objects, allowing attackers to forge authority in the `url` field.
Product: Misskey
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25306
NVD References:
- https://github.com/misskey-dev/misskey/releases/tag/2025.2.1
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-6w2c-vf6f-xf26
CVE-2024-56336 - SINAMICS S200 is vulnerable to injection of malicious code or installation of untrusted firmware due to an unlocked bootloader.
Product: Siemens SINAMICS S200
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56336
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-787280.html
CVE-2025-27494 - SiPass integrated AC5102 (ACC-G2) and SiPass integrated ACC-AP devices < V6.4.9 have a vulnerability that could allow a remote administrator to escalate privileges by injecting arbitrary commands.
Product: Siemens SiPass integrated AC5102
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27494
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-515903.html
CVE-2024-9157 - Synaptics audio drivers include an unsupported privilege escalation vulnerability that allows a local attacker to load a DLL in a privileged process.
Product: Synaptics audio drivers
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9157
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://www.synaptics.com/sites/default/files/2025-03/audio-driver-security-brief-2025-03-11.pdf
CVE-2025-24064 - Use after free in DNS Server allows an unauthorized attacker to execute code over a network.
Product: Microsoft DNS Server
CVSS Score: 8.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24064
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24064
CVE-2025-26701 - Percona PMM Server (OVA) before version 3.0.0-1.ova allows default service account credentials to potentially lead to SSH access, use of Sudo to root, and sensitive data exposure, fixed in later versions.
Product: Percona PMM Server
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26701
NVD References: https://www.percona.com/blog/security-advisory-cve-affecting-percona-monitoring-and-management-pmm/
CVE-2025-21180 - Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.
Product: Microsoft Windows exFAT File System
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21180
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21180
CVE-2025-24035 & CVE-2025-24045 - Windows Remote Desktop Services allows unauthorized code execution through vulnerable memory storage.
CVE-2025-24035 & CVE-2025-24045 - Windows Remote Desktop Services allows unauthorized code execution through vulnerable memory storage.Product: Microsoft Windows Remote Desktop ServicesCVSS Score: 8.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24035NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24045ISC Diary: https://isc.sans.edu/diary/31756NVD References:- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24035- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24045CVE-2025-24043 - Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.Product: Microsoft .NETCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24043ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24043CVE-2025-24044 - Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.Product: Microsoft Windows Win32 Kernel SubsystemCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24044ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24044CVE-2025-24046 - Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.Product: Microsoft Streaming ServiceCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24046ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24046CVE-2025-24048 & CVE-2025-24050 - Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.Product: Microsoft Windows Hyper-VCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24048NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24050ISC Diary: https://isc.sans.edu/diary/31756NVD References:- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24048- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24050CVE-2025-24049 - Azure Command Line Integration (CLI) is vulnerable to command injection, allowing unauthorized attackers to locally elevate privileges.Product: Microsoft Azure Command Line Integration (CLI)CVSS Score: 8.4NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24049ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24049CVE-2025-24051 - Windows Routing and Remote Access Service (RRAS) is vulnerable to a heap-based buffer overflow, allowing remote code execution by an unauthorized attacker.Product: Microsoft Windows Routing and Remote Access Service (RRAS)CVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24051ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24051CVE-2025-24056 - Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.Product: Microsoft Windows Telephony ServerCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24056ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24056CVE-2025-24057 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.Product: Microsoft Microsoft OfficeCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24057ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24057CVE-2025-24059 - Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.Product: Microsoft Windows Common Log File System DriverCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24059ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24059CVE-2025-24061 - Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.Product: Microsoft Windows Mark of the Web (MOTW)CVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24061ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24061CVE-2025-24066 - Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.Product: Microsoft Windows Kernel-Mode DriversCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24066ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24066CVE-2025-24067 - Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.Product: Microsoft Streaming ServiceCVSS Score: 7.8NVD: htt…
CVE-2025-24043 - Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.
Product: Microsoft .NET
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24043
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24043
CVE-2025-24044 - Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows Win32 Kernel Subsystem
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24044
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24044
CVE-2025-24046 - Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
Product: Microsoft Streaming Service
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24046
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24046
CVE-2025-24048 & CVE-2025-24050 - Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-24048 & CVE-2025-24050 - Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.Product: Microsoft Windows Hyper-VCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24048NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24050ISC Diary: https://isc.sans.edu/diary/31756NVD References:- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24048- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24050CVE-2025-24049 - Azure Command Line Integration (CLI) is vulnerable to command injection, allowing unauthorized attackers to locally elevate privileges.Product: Microsoft Azure Command Line Integration (CLI)CVSS Score: 8.4NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24049ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24049CVE-2025-24051 - Windows Routing and Remote Access Service (RRAS) is vulnerable to a heap-based buffer overflow, allowing remote code execution by an unauthorized attacker.Product: Microsoft Windows Routing and Remote Access Service (RRAS)CVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24051ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24051CVE-2025-24056 - Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.Product: Microsoft Windows Telephony ServerCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24056ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24056CVE-2025-24057 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.Product: Microsoft Microsoft OfficeCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24057ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24057CVE-2025-24059 - Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.Product: Microsoft Windows Common Log File System DriverCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24059ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24059CVE-2025-24061 - Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.Product: Microsoft Windows Mark of the Web (MOTW)CVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24061ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24061CVE-2025-24066 - Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.Product: Microsoft Windows Kernel-Mode DriversCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24066ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24066CVE-2025-24067 - Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.Product: Microsoft Streaming ServiceCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24067ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24067CVE-2025-24070 - Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.Product: Microsoft ASP.NET Core & Visual StudioCVSS Score: 7.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24070ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070CVE-2025-24071 - Windows File Explorer allows unauthorized attackers to perform network spoofing by exposing sensitive information to unauthorized actors.Product: Microsoft Windows File ExplorerCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24071ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24071CVE-2025-24072 - Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.Product: Microsoft Local Security Authority ServerCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24072ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24072CVE-2025-24075 - Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.Product: Microsoft Office ExcelCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24075#ISC Diary: https:/…
CVE-2025-24049 - Azure Command Line Integration (CLI) is vulnerable to command injection, allowing unauthorized attackers to locally elevate privileges.
Product: Microsoft Azure Command Line Integration (CLI)
CVSS Score: 8.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24049
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24049
CVE-2025-24051 - Windows Routing and Remote Access Service (RRAS) is vulnerable to a heap-based buffer overflow, allowing remote code execution by an unauthorized attacker.
Product: Microsoft Windows Routing and Remote Access Service (RRAS)
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24051
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24051
CVE-2025-24056 - Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.
Product: Microsoft Windows Telephony Server
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24056
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24056
CVE-2025-24057 - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Product: Microsoft Microsoft Office
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24057
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24057
CVE-2025-24059 - Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows Common Log File System Driver
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24059
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24059
CVE-2025-24061 - Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.
Product: Microsoft Windows Mark of the Web (MOTW)
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24061
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24061
CVE-2025-24066 - Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows Kernel-Mode Drivers
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24066
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24066
CVE-2025-24067 - Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
Product: Microsoft Streaming Service
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24067
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24067
CVE-2025-24070 - Weak authentication in ASP.NET Core &amp; Visual Studio allows an unauthorized attacker to elevate privileges over a network.
Product: Microsoft ASP.NET Core & Visual Studio
CVSS Score: 7.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24070
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070
CVE-2025-24071 - Windows File Explorer allows unauthorized attackers to perform network spoofing by exposing sensitive information to unauthorized actors.
Product: Microsoft Windows File Explorer
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24071
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24071
CVE-2025-24072 - Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.
Product: Microsoft Local Security Authority Server
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24072
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24072
CVE-2025-24075 - Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Product: Microsoft Office Excel
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24075#
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24075
CVE-2025-24076 - Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows Cross Device Service
CVSS Score: 7.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24076
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24076
CVE-2025-24077 through CVE-2025-24082m
CVE-2025-26629, CVE-2025-26630 - Use after free in Microsoft Office, Access, Word, and Excel allows an unauthorized attacker to execute code locally.
Product: Microsoft Office, Word, and ExcelCVSS Scores: 7.0 - 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24077NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24078NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24079NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24080NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24081NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24082NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26629NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26630ISC Diary: https://isc.sans.edu/diary/31756NVD References:- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24077- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24078- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24079- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24080- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24081- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24082- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26629- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26630CVE-2025-24083 - Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.Product: Microsoft OfficeCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24083ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24083CVE-2025-24084 - Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.Product: Microsoft Windows Subsystem for LinuxCVSS Score: 8.4NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24084ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24084CVE-2025-24994 - Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.Product: Microsoft Windows Cross Device ServiceCVSS Score: 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24994ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24994CVE-2025-24995 - Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.Product: Microsoft Kernel Streaming WOW Thunk Service DriverCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24995ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24995CVE-2025-24998 & CVE-2025-25003 - Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.Product: Microsoft Visual StudioCVSS Score: 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24998NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25003ISC Diary: https://isc.sans.edu/diary/31756NVD References:- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24998- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25003CVE-2025-25008 - Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally.Product: Microsoft WindowsCVSS Score: 7.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25008ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25008CVE-2025-26627 - Azure Arc is vulnerable to command injection, enabling an authorized attacker to locally elevate privileges.Product: Microsoft Azure ArcCVSS Score: 7.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26627ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26627CVE-2025-26631 - Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.Product: Microsoft Visual Studio CodeCVSS Score: 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26631ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26631CVE-2025-26645 - Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.Product: Microsoft Remote Desktop ClientCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26645ISC Diary: https://isc.sans.edu/diary/31756NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26645CVE-2024-56161 - AMD CPU ROM microcode patch loader has improper signature verification, allowing a local attacker to load malicious microcode, compromising the confidentiality and integrity of a confidential guest under AMD SEV-SNP.Product: AMD CPU ROM microcode patch loaderCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56161ISC Podcast: https://isc.sans.edu/podcastdetail/9352CVE-2025-0912 - The Donations Widget plugin for WordPress is vulnerab…
CVE-2025-24083 - Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
Product: Microsoft Office
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24083
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24083
CVE-2025-24084 - Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.
Product: Microsoft Windows Subsystem for Linux
CVSS Score: 8.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24084
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24084
CVE-2025-24994 - Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows Cross Device Service
CVSS Score: 7.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24994
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24994
CVE-2025-24995 - Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
Product: Microsoft Kernel Streaming WOW Thunk Service Driver
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24995
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24995
CVE-2025-24998 & CVE-2025-25003 - Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
Product: Microsoft Visual Studio
CVSS Score: 7.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24998
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25003
ISC Diary: https://isc.sans.edu/diary/31756
NVD References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24998
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25003
CVE-2025-25008 - Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows
CVSS Score: 7.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25008
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25008
CVE-2025-26627 - Azure Arc is vulnerable to command injection, enabling an authorized attacker to locally elevate privileges.
Product: Microsoft Azure Arc
CVSS Score: 7.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26627
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26627
CVE-2025-26631 - Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.
Product: Microsoft Visual Studio Code
CVSS Score: 7.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26631
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26631
CVE-2025-26645 - Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Product: Microsoft Remote Desktop Client
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26645
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26645
CVE-2024-56161 - AMD CPU ROM microcode patch loader has improper signature verification, allowing a local attacker to load malicious microcode, compromising the confidentiality and integrity of a confidential guest under AMD SEV-SNP.
Product: AMD CPU ROM microcode patch loader
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56161
ISC Podcast: https://isc.sans.edu/podcastdetail/9352
CVE-2025-0912 - The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection, allowing unauthenticated attackers to achieve remote code execution.
Product: GiveWP
******Active Installations: 100,000
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0912
NVD References:
- https://github.com/impress-org/givewp/pull/7679/files
CVE-2025-1661 - The HUSKY - Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to 1.3.6.5, allowing unauthenticated attackers to execute arbitrary files and potentially bypass access controls, access sensitive data, or achieve code execution.
Product: HUSKY Products Filter Professional
******Active Installations: 100,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1661
NVD References:
- https://plugins.trac.wordpress.org/browser/woocommerce-products-filter/trunk/ext/by_text/index.php
CVE-2025-1307 - The Newscrunch theme for WordPress allows authenticated attackers to upload arbitrary files and potentially execute remote code due to a missing capability check in all versions up to 1.8.4.1.
Product: Spicethemes Newscrunch
Active Installations: 5,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1307
NVD References:
- https://themes.trac.wordpress.org/browser/newscrunch/1.8.3/functions.php#L486
CVE-2025-1475 - The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to 1.7.5, allowing unauthenticated attackers to log in as any existing user if SMS login is enabled.
Product: WordPress WPCOM Member plugin
Active Installations: 2,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1475
NVD References:
- https://plugins.trac.wordpress.org/browser/wpcom-member/tags/1.7.1/includes/form-validation.php#L110
- https://plugins.trac.wordpress.org/changeset/3248208/
CVE-2025-1515 - The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification, allowing unauthenticated attackers to log in as any user on the site, including administrators.
Product: WordPress WP Real Estate Manager
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1515
NVD References:
- https://themeforest.net/item/home-villa-real-estate-wordpress-theme/19446059
CVE-2024-12876 - The Golo - City Travel Guide WordPress Theme is vulnerable to privilege escalation through account takeover.
Product: Golo City Travel Guide WordPress Theme
Active Installations: Unknown. Update to version 1.6.11, or a newer patched version
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12876
NVD References:
- https://themeforest.net/item/golo-directory-listing-travel-wordpress-theme/25397810
CVE-2025-0177 - The Javo Core plugin for WordPress is vulnerable to privilege escalation through account registration.
Product: Javo Core plugin for WordPress
Active Installations: unknown. Update to version 3.0.0.266, or a newer patched version
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0177
NVD References:
- https://themeforest.net/item/javo-directory-wordpress-theme/8390513#item-description__update-history
CVE-2024-11951 - The Homey Login Register plugin for WordPress is susceptible to privilege escalation through role manipulation.
Product: WordPress Homey Login Register plugin
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11951
NVD References:
- https://themeforest.net/item/homey-booking-wordpress-theme/23338013
CVE-2024-12281 - The Homey theme for WordPress allows privilege escalation in versions up to 2.4.2 due to the ability for users to set their own roles, enabling unauthenticated attackers to gain elevated privileges.
Product: WordPress Homey theme
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12281
NVD References:
- https://themeforest.net/item/homey-booking-wordpress-theme/23338013
CVE-2025-1315 - The InWave Jobs plugin for WordPress is vulnerable to privilege escalation through password reset, allowing unauthenticated attackers to change any user's password and potentially gain access to their account.
Product: InWave Jobs plugin for WordPress
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1315
NVD References:
- https://themeforest.net/item/injob-job-board-wordpress-theme/20322987
CVE-2024-13787 - The VEDA - MultiPurpose WordPress Theme is vulnerable to PHP Object Injection, allowing authenticated attackers to inject a PHP Object with Subscriber-level access and above, potentially leading to malicious actions if a POP chain is present in the system.
Product: The VEDA MultiPurpose WordPress Theme
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13787
NVD References:
- https://themeforest.net/item/veda-multipurpose-theme/15860489
CVE-2025-26916 - Massive Dynamic in EPC is vulnerable to PHP Remote File Inclusion from versions n/a through 8.2.
Product: EPC Massive Dynamic
Active Installations: unknown
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26916
CVE-2025-26936 - Fresh Framework is vulnerable to Code Injection from versions n/a through 1.70.0.
Product: Fresh Framework
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26936
CVE-2025-28915 - ThemeEgg ToolKit allows for unrestricted upload of dangerous file types, potentially enabling attackers to upload a web shell onto a web server.
Product: ThemeEgg ToolKit
Active Installations: This plugin has been closed as of February 26, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.1
CVE-2025-25008 - Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows
CVSS Score: 7.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25008
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25008
CVE-2025-26627 - Azure Arc is vulnerable to command injection, enabling an authorized attacker to locally elevate privileges.
Product: Microsoft Azure Arc
CVSS Score: 7.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26627
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26627
CVE-2025-26631 - Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.
Product: Microsoft Visual Studio Code
CVSS Score: 7.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26631
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26631
CVE-2025-26645 - Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Product: Microsoft Remote Desktop Client
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26645
ISC Diary: https://isc.sans.edu/diary/31756
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26645
CVE-2024-56161 - AMD CPU ROM microcode patch loader has improper signature verification, allowing a local attacker to load malicious microcode, compromising the confidentiality and integrity of a confidential guest under AMD SEV-SNP.
Product: AMD CPU ROM microcode patch loader
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56161
ISC Podcast: https://isc.sans.edu/podcastdetail/9352
CVE-2025-0912 - The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection, allowing unauthenticated attackers to achieve remote code execution.
Product: GiveWP
******Active Installations: 100,000
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0912
NVD References:
CVE-2025-1661 - The HUSKY - Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to 1.3.6.5, allowing unauthenticated attackers to execute arbitrary files and potentially bypass access controls, access sensitive data, or achieve code execution.
Product: HUSKY Products Filter Professional
******Active Installations: 100,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1661
NVD References:
- https://plugins.trac.wordpress.org/browser/woocommerce-products-filter/trunk/ext/by_text/index.php
CVE-2025-1307 - The Newscrunch theme for WordPress allows authenticated attackers to upload arbitrary files and potentially execute remote code due to a missing capability check in all versions up to 1.8.4.1.
Product: Spicethemes Newscrunch
Active Installations: 5,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1307
NVD References:
- https://themes.trac.wordpress.org/browser/newscrunch/1.8.3/functions.php#L486
CVE-2025-1475 - The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to 1.7.5, allowing unauthenticated attackers to log in as any existing user if SMS login is enabled.
Product: WordPress WPCOM Member plugin
Active Installations: 2,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1475
NVD References:
- https://plugins.trac.wordpress.org/browser/wpcom-member/tags/1.7.1/includes/form-validation.php#L110
CVE-2025-1515 - The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification, allowing unauthenticated attackers to log in as any user on the site, including administrators.
Product: WordPress WP Real Estate Manager
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1515
NVD References:
- https://themeforest.net/item/home-villa-real-estate-wordpress-theme/19446059
CVE-2024-12876 - The Golo - City Travel Guide WordPress Theme is vulnerable to privilege escalation through account takeover.
Product: Golo City Travel Guide WordPress Theme
Active Installations: Unknown. Update to version 1.6.11, or a newer patched version
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12876
NVD References:
- https://themeforest.net/item/golo-directory-listing-travel-wordpress-theme/25397810
CVE-2025-0177 - The Javo Core plugin for WordPress is vulnerable to privilege escalation through account registration.
Product: Javo Core plugin for WordPress
Active Installations: unknown. Update to version 3.0.0.266, or a newer patched version
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0177
NVD References:
- https://themeforest.net/item/javo-directory-wordpress-theme/8390513#item-description__update-history
CVE-2024-11951 - The Homey Login Register plugin for WordPress is susceptible to privilege escalation through role manipulation.
Product: WordPress Homey Login Register plugin
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11951
NVD References:
- https://themeforest.net/item/homey-booking-wordpress-theme/23338013
CVE-2024-12281 - The Homey theme for WordPress allows privilege escalation in versions up to 2.4.2 due to the ability for users to set their own roles, enabling unauthenticated attackers to gain elevated privileges.
Product: WordPress Homey theme
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12281
NVD References:
- https://themeforest.net/item/homey-booking-wordpress-theme/23338013
CVE-2025-1315 - The InWave Jobs plugin for WordPress is vulnerable to privilege escalation through password reset, allowing unauthenticated attackers to change any user's password and potentially gain access to their account.
Product: InWave Jobs plugin for WordPress
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1315
NVD References:
- https://themeforest.net/item/injob-job-board-wordpress-theme/20322987
CVE-2024-13787 - The VEDA - MultiPurpose WordPress Theme is vulnerable to PHP Object Injection, allowing authenticated attackers to inject a PHP Object with Subscriber-level access and above, potentially leading to malicious actions if a POP chain is present in the system.
Product: The VEDA MultiPurpose WordPress Theme
Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13787
NVD References:
- https://themeforest.net/item/veda-multipurpose-theme/15860489
CVE-2025-26916 - Massive Dynamic in EPC is vulnerable to PHP Remote File Inclusion from versions n/a through 8.2.
Product: EPC Massive Dynamic
Active Installations: unknown
CVSS Score: 9.0
CVE-2025-26936 - Fresh Framework is vulnerable to Code Injection from versions n/a through 1.70.0.
Product: Fresh Framework
Active Installations: unknown
CVSS Score: 10.0
CVE-2025-28915 - ThemeEgg ToolKit allows for unrestricted upload of dangerous file types, potentially enabling attackers to upload a web shell onto a web server.
Product: ThemeEgg ToolKit
Active Installations: This plugin has been closed as of February 26, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.1
Sponsors
Sevco Security
Are you taking a truly proactive, comprehensive, and continuous approach to managing vulnerabilities and risks? Continuous Threat Exposure Management (CTEM) represents the future of cybersecurity. Move beyond traditional vulnerability management and address exposures and risks holistically and continuously. Read our digital white paper to learn more about the benefits and best practices of CTEM:
SANS
Webcast | SANS 2025 Threat Hunting Survey Webcast & Forum: Chasing Shadows - Advancements in Threat Hunting Amidst AI and Cloud Challenges | March 13, 10:30 am ET | Join SANS Principal Instructor Josh Lemon as he delves into results from the SANS 2025 Threat Hunting Survey. The 2025 survey analyzes how businesses enhance their threat detection capabilities amid an evolving threat landscape, characterized by increasingly sophisticated and rapid adversary tactics. Save your seat today.
SANS
Webcast | SANS 2025 Threat Hunting Survey Webcast & Forum: Chasing Shadows - Advancements in Threat Hunting Amidst AI and Cloud Challenges | March 13, 10:30 am ET | Join SANS Principal Instructor Josh Lemon as he delves into results from the SANS 2025 Threat Hunting Survey. The 2025 survey analyzes how businesses enhance their threat detection capabilities amid an evolving threat landscape, characterized by increasingly sophisticated and rapid adversary tactics. Save your seat today.
SANS
Webcast | SANS 2025 Threat Hunting Survey Webcast & Forum: Chasing Shadows - Advancements in Threat Hunting Amidst AI and Cloud Challenges | March 13, 10:30 am ET | Join SANS Principal Instructor Josh Lemon as he delves into results from the SANS 2025 Threat Hunting Survey. The 2025 survey analyzes how businesses enhance their threat detection capabilities amid an evolving threat landscape, characterized by increasingly sophisticated and rapid adversary tactics. Save your seat today.