CrushFTP CVE-2025-31161 Vulnerability
Executive Summary On March 21, 2025, a critical vulnerability was discovered in CrushFTP, identified as CVE-2025-31161. This allows for an authentication bypass via unauthenticated HTTP(s) port ...
Posts for category: Vulnerabilities Weekly Summaries
Active Exploitation of Apache Tomcat CVE-2025-24813 Vulnerability
Executive Summary On March 10, 2025, a critical remote code execution vulnerability was found within Apache Tomcat. Identified as CVE-2025-24813, this vulnerability exploits how the server handles ...
Next.js Middleware CVE-2025-29927 Vulnerability
Executive Summary A critical vulnerability identified as CVE-2025-29927 was discovered in Next.js Middleware. Attackers can bypass authorization checks handled by Middleware. The vulnerability ...
Executive Summary On March 4, 2025, three critical VMware ESXi vulnerabilities were exploited in VMware products. This includes CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, all involved ...
Executive Summary A critical vulnerability, CVE-2025-27364, targets MITRE Caldera. It allows for the execution of remote code without authentication. Patches have been made for all affected ...
Exploitation of Palo Alto Networks–CVE-2025-108
Executive Summary On February 12, 2025, a critical authentication bypass vulnerability, CVE-2025-0108, was discovered in Palo Alto’s PAN-OS. With a common vulnerability score of 8.8, the ...
Zero Day 7-Zip Vulnerability exploited to target Ukrainian Organizations
Executive Summary On October 1, 2024, a severe vulnerability was discovered in 7-Zip. The weakness allows homoglyph attacks by circumventing the Mark-of-the-Web (MOTW) security mechanism. This zero ...
Windows NTLM v1 Elevation of Privilege Vulnerability
Executive Summary On January 13, 2025, a critical elevation of privilege vulnerability, CVE-2025-21311, was discovered in the NTLMv1 authentication protocol used by Windows. This vulnerability ...
Executive Summary On January 14, 2025, a critical Remote Code Execution (RCE) vulnerability, CVE-2025-21298, affected the Windows Object Linking and Embedding (OLE). This vulnerability involves ...
Subaru’s STARLINK Vulnerability
Executive Summary On November 20, 2024, a vulnerability was discovered in Subaru’s STARLINK vehicle service. This gave unauthorized access to sensitive user data such as Personally Identifiable ...