Intrucept Security Advisories

ADVISORY	IMPACT	CVE	LAST UPDATED	VERSION
Critical RCE Vulnerability Patched in Ivanti Endpoint Manager	Critical	CVE-2024-29847	18/09/2024	1.0
Widespread of the Necro Trojan Targeting Android Users	Critical	--	26/09/2024	1.0
Zimbra Remote Code Execution Vulnerability (CVE-2024-45519)	Critical	CVE-2024-45519	03/10/2024	1.0
Security Advisory Microsoft’s October Security Patches Mitigate Remote Code Execution & Spoofing Risk	Critical	--	10/10/2024	1.0
Critical Fortinet Vulnerability Exploiting in Wild	Critical	CVE-2024-23113	16/10/2024	1.0
Veeam Vulnerability (CVE-2024-40711) Exploited by Ransomware	Critical	CVE-2024-40711	17/10/2024	1.0
Threat Campaign Targeting WordPress Sites with Malicious Plugins	Critical	--	22/10/2024	1.0
Critical Remote Code Execution Vulnerability in VMware vCenter Server (CVE-2024-38812)	Critical	CVE-2024-38812, CVE-2024-38813	23/10/2024	1.0
Palo Alto Account Takeover Vulnerability Actively Exploited	Critical	CVE-2024-5910	08/11/2024	1.0
November 2024 Microsoft Patches: Addressing Zero-Day Exploits and High-Priority Vulnerabilities	High	--	13/11/2024	1.0
Re-release of November 2024 Exchange Server Security Updates	High	CVE-2024-49040	27/11/2024	1.0
Security Update for NVIDIA Base Command & Bright Cluster Managers	Medium	CVE-2024-0139	29/11/2024	1.0
RCE and File Deletion Vulnerabilities in Veeam Service Provider Console	Critical	CVE-2024-42448, CVE-2024-42449	05/12/2024	1.0
Advisory on MUT-8694: Threat Actors Exploiting Developer Trust in Open-Source Libraries	High	--	10/12/2024	1.0
Microsoft December 2024 Patch Tuesday: Critical Fixes for Zero-Day and Remote Code Execution	High	--	12/12/2024	1.0
Security Advisory Zero-Day Vulnerability in Windows Exposes NTLM Credentials	Critical	Not yet assigned	13/12/2024	1.0
Critical Flaw in WordPress Hunk Companion Plugin Enables Unauthorized Plugin Installation	Critical	CVE-2024-11972	17/12/2024	1.0
Security Advisory Cleo Releases Patch for Critical Vulnerabilities Exploited in the Wild	Critical	CVE-2024-55956, CVE-2024-50623	18/12/2024	1.0
Critical Apache Tomcat Vulnerabilities Allow RCE & DoS	Critical	CVE-2024-50379, CVE-2024-54677	21/12/2024	1.0
Denial of Service Vulnerability in DNS Security Feature of Palo Alto Networks PAN-OS	High	CVE-2024-3393	03/01/2025	1.0
Exploit Proof-of-Concept Released for LDAP CVE-2024-49113	Critical	CVE-2024-49113	06/01/2025	1.1
Critical Windows Privilege Escalation Vulnerability with Public Exploit	High	CVE-2024-43641	07/01/2025	1.0
Race Condition Vulnerability in OpenSSH (CVE-2024-6387): PoC Exploit Released	High	CVE-2024-6387	09/01/2025	1.0
Ivanti Connect Secure VPN Actively Being Exploited in the Wild	High	CVE-2025-0282, CVE-2025-0283	10/01/2025	1.0
GitLab Releases Patch to Fix Critical and High-Severity Vulnerabilities	High	--	13/01/2025	1.0
Important Security Alert: SonicWall Issues Patch for SSL-VPN Vulnerabilities	High	CVE-2024-53704	15/01/2025	1.0
Banshee Stealer: A Growing Threat to macOS Users	High	--	15/01/2025	1.0
Critical Security Updates: Microsoft Jan 2025 Patch Tuesday Fixes 8 Zero-Days & 159 Vulnerabilities	Critical	--	16/01/2025	1.0

Privilege Escalation Vulnerability in ComboBlocks Plugin Affects Thousands of Sites	Critical	CVE-2024-9636	17/01/2025	1.0
Critical Zero-Day Vulnerability in Windows (CVE-2024-49138): PoC Released, Exploited in the Wild	High	CVE-2024-49138	20/01/2025	1.0
Critical Authentication Bypass Vulnerability in Fortinet Products Under Active Exploitation	Critical	CVE-2024-55591	23/01/2025	1.0
Privilege Escalation Vulnerability Exposes Cisco Meeting Management to Attacks	Critical	CVE-2025-20156	24/01/2025	1.0
High-Severity SMB Server Flaws (CVE-2024-56626 & CVE-2024-56627) in Linux Kernel	High	CVE-2024-56626, CVE-2024-56627	29/01/2025	1.0
Apple Patched Actively Exploited Zero-Day Vulnerability	High	CVE-2025-24085	29/01/2025	1.0
macOS Security at Risk: PoC Exploit for CVE-2025-24118 Kernel Flaw	Critical	CVE-2025-24118	03/02/2025	1.0
Zero-Day Vulnerability in Microsoft Sysinternals Tools	High	--	05/02/2025	1.0
Active Exploitation of Microsoft Outlook RCE Vulnerability (CVE-2024-21413)	Critical	CVE-2024-21413	07/02/2025	1.0
7Zip Mark-Of-The-Web Vulnerability	High	CVE-2025-0411	10/02/2025	1.0
Apple’s USB Restricted Mode Exploited in Targeted Attacks	High	--	12/02/2025	1.0
Microsoft Updates Patch Tuesday for Feb 2025; Address 67 Vulnerabilities, Includes 2 Exploited Zero-Days	High	--	12/02/2025	1.0
Authentication Bypass Vulnerability in FortiOS & FortiProxy	Critical	CVE-2025-24472	13/02/2025	1.0
Palo Alto Firewall Vulnerabilities Under Active Exploitation	High	CVE-2025-0108	20/02/2025	1.0
Exploitable Command Injection in F5 BIG-IP (CVE-2025-20029)	High	CVE-2025-20029	24/02/2025	1.0
Critical WordPress Security Flaw in Everest Forms Plugin	Critical	CVE-2025-1128	27/02/2025	1.0
High-Severity DoS Vulnerability in Cisco NX-OS Software	High	CVE-2025-20111	28/02/2025	1.0
Wazuh Server Vulnerability (CVE-2025-24016) Exposes Systems to RCE Attacks	Critical	CVE-2025-24016	04/03/2025	1.0
Decade-Old Threat: CVE-2018-8639 Still Poses Risks to Unpatched Windows	High	CVE-2018-8639	05/03/2025	1.0
Critical Vulnerabilities in IBM Storage: Authentication Bypass and Code Execution Risks	Critical	CVE-2025-0159, CVE-2025-0160	06/03/2025	1.0
Critical VMware Vulnerabilities Exploited in the Wild – Patch Immediately	Critical	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	07/03/2025	1.0
Critical Security Flaw in Kibana Requires Immediate Attention	Critical	CVE-2025-25012	07/03/2025	1.0
PoC Released for High-Severity Linux Kernel UVC Driver Vulnerability	High	CVE-2024-53104	11/03/2025	1.0
High-Severity RCE Vulnerability in WinDbg (CVE-2025-24043)	High	CVE-2025-24043	12/03/2025	1.0
Zero-Day Threats Addressed in Microsoft’s March 2025 Patch Tuesday	Critical	--	13/03/2025	1.0
Multiple High-Severity Vulnerabilities Patched in Zoom	High	CVE-2025-27440, CVE-2025-27439, CVE-2025-0151, CVE-2025-0150, CVE-2025-0149	14/03/2025	1.0
Apache NiFi Security Flaw Exposes MongoDB Credentials	Medium	CVE-2025-27017	17/03/2025	1.0
New Exploit Allows Remote Code Execution in Apache Tomcat	Critical	CVE-2025-24813	20/03/2025	1.0
WordPress Age Gate Plugin Critical Vulnerability (CVE-2025-2505) Affects Over 40,000 Websites	Critical	CVE-2025-2505	24/03/2025	1.0
Update Google Chrome to Fix Critical Remote Code Execution Vulnerability in Lens	High	CVE-2025-2476	25/03/2025	1.0
Critical NGINX Ingress Vulnerabilities Expose Kubernetes Clusters to Compromise	Critical	N/A	25/03/2025	1.0
Windows Zero-Day Exploit NTLM Hash Disclosure via Malicious Files	Critical	Zero-Day	28/03/2025	1.0
Critical Chrome Vulnerability (CVE-2025-2783) Exploited in Cyber-Espionage Campaign	High	CVE-2025-2783	28/03/2025	1.0
3 Zero-Day Vulnerabilities backported & fixed in Apple Devices	High	CVE-2025-24201, CVE-2025-24085, and CVE-2025-24200.	02/04/2025	1.0
WordPress Ultimate CSV Importer Flaws Put 20,000+ Sites at Risk	High	CVE-2025-2008, CVE- 2025-2007	03/04/2025	1.0
Spoofing Vulnerability in WhatsApp Desktop for Windows	Medium	CVE-2025-30401	09/04/2025	1.0
April Zero-Day Threats Addressed in Microsoft’s Patch Tuesday	High	N/A	09/04/2025	1.0
Critical Flaw in FortiSwitch of Fortinet Allows Attackers to Change Admin Password	Critical	CVE-2024-48887	10/04/2025	1.0
Dell Releases Patches for Multiple PowerScale OneFS Security Vulnerabilities	Critical	CVE-2025-27690, CVE-2025- 26330, CVE-2025-22471	13/04/2025	1.0
Critical Session Management Vulnerability in Apache Roller	Critical	CVE-2025-24859	15/04/2025	1.0
Windows 11 DLL Flaws Open Doors to Privilege Escalation!	High	CVE-2025-24994, CVE-2025-24076	21/04/2025	1.0
Windows Update Stack Privilege Escalation Vulnerability (CVE-2025-21204) – PoC Released	High	CVE-2025-21204	23/04/2025	1.0
Critical SAP NetWeaver Zero-day Vulnerability Exploited in the Wild	Critical	CVE-2025-31324	29/04/2025	1.0
High-Severity Linux Kernel Flaw Exposes Systems to Root-Level Attacks	High	CVE-2025-21756	30/04/2025	1.0
Tesla Model 3 VCSEC Vulnerability Allows Remote Code Execution via TPMS Exploit	High	CVE-2025-2082	02/05/2025	1.0
Apache Parquet Java Vulnerability Enables Remote Code Execution via Avro Schema	High	CVE-2025-46762	05/05/2025	1.0
OpenCTI Web-Hook Flaw Enables Full System Compromise	Critical	CVE-2025-24977	06/05/2025	1.0
FBI Warns End-of-Life Routers Exploited in Active Botnet and Proxy Campaigns	High	N/A	11/05/2025	1.0
Microsoft May 2025 Patch Tuesday Released; Fixed 83 Vulnerabilities, Including 5 Zero-Days	High	N/A	13/05/2025	1.0
Critical SAP NetWeaver Vulnerabilities Addressed in May 2025 Patch – Immediate Action Required	High	CVE-2025-31324, CVE-2025-42999	13/05/2025	1.0
Critical Firefox 0-Day Vulnerabilities Exploited at Pwn2Own 2025 – Immediate Update Required	High	CVE-2025-4918, CVE-2025-4919	20/05/2025	1.0
Zero-Day Threat in Chrome’s Loader Component (CVE-2025-4664) – CISA Flags Urgent Risk	Medium	CVE-2025-4664	14/05/2025	1.0
Critical Privilege Escalation Vulnerability in Motors WordPress Theme	Critical	CVE-2025-4322	21/05/2025	1.0
Cisco ISE and UIC Security Flaws Allow DoS and Privilege Escalation	High	CVE-2025-20152, CVE-2025-20113, CVE-2025-20114	22/05/2025	1.0
Linux Kernel Exploitation in ksmbd (CVE-2025-37899) Discovered with AI Assistance	High	CVE-2025-37899	23/05/2025	1.0
Remote Command Execution Risk in Legacy D-Link Routers Due to Hardcoded Telnet Credentials	Medium	CVE-2025-46176	27/05/2025	1.0
BadSuccessor Vulnerability in Windows Server 2025 Enables Domain Admin Privilege Escalation	Medium	N/A	28/05/2025	1.0
Google Chrome Patches Actively Exploited Zero-Day Vulnerability	High	CVE-2025-5419	03/06/2025	1.0
Critical Zero-Day Vulnerabilities in Qualcomm Adreno GPU Drivers Actively Exploited	High	CVE-2025-31324, CVE-2025-42999	04/06/2025	1.0
Critical Vulnerabilities Patched in IBM QRadar Suite and Cloud Pak for Security	Critical	CVE-2025-25022, CVE-2025-2502, CVE-2025-25020, CVE-2025-25019, CVE-2025-1334	04/06/2025	1.0
High Risk DoS Vulnerability in ModSecurity WAF	High	CVE-2025-20297	04/06/2025	1.0
Reflected XSS Vulnerability in Splunk Enterprise & Cloud Platform	Medium	CVE-2025-48866	05/06/2025	1.0
Critical Credential Reuse Vulnerability in Cisco ISE Cloud Deployments	Critical	CVE-2025-20286	06/06/2025	1.0
POC Released for Critical RCE Vulnerability in AWS Amplify Codegen-UI	Critical	CVE-2025-4318	09/06/2025	1.0
Critical 0-Day RCE Vulnerability in Fortinet Products (CVE-2025-32756) Actively Exploited	Critical	CVE-2025-32756	10/06/2025	1.0
Microsoft June 2025 Patch Tuesday – 67 Vulnerabilities Fixed Including 2 Zero-Days	High	N/A	12/06/2025	1.0
Apache Tomcat Vulnerabilities Expose Systems to DoS and Authentication Bypass	High	N/A	18/06/2025	1.0
Google Chrome Zero-Day CVE-2025-2783 Exploited in APT Group TaxOff Campaigns	High	CVE-2025-2783	18/06/2025	1.0
Veeam Backup Patched Critical Vulnerabilities Enabling RCE & Privilege Escalation	Critical	CVE-2025-23121, CVE-2025-24286, CVE-2025-24287	18/06/2025	1.0
Privilege Escalation Vulnerability in AI Engine WordPress Plugin, Allows Subscriber-Level Account Takeover	High	CVE-2025-5071	20/06/2025	1.0
Privilege Escalation in Notepad++ v8.8.1 Installer via Binary Planting with Public PoC Available	High	CVE-2025-49144	24/06/2025	1.0
Citrix NetScaler ADC/Gateway Vulnerability Exploited in the Wild (CVE-2025-6543)	Critical	CVE-2025-6543	26/06/2025	1.0
Critical Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC	Critical	CVE-2025-20281, CVE-2025-20282	27/06/2025	1.0
Google Chrome Zero-Day Vulnerability (CVE-2025-6554) Actively Exploited – Patch Now	Critical	CVE-2025-6554	01/07/2025	1.0
12-Year-Old Sudo Vulnerability and Chroot Flaw Enable Privilege Escalation	Critical	CVE-2025-32463, CVE-2025-32462	04/07/2025	1.0
Linux Local Privilege Escalation via udisksd and libblockdev (CVE-2025-6019) PoC released	High	CVE-2025-6019	07/07/2025	1.0
CitrixBleed 2: Critical CVE-2025-5777 Vulnerability Under Active Exploitation with Public PoC Available	Critical	CVE-2025-5777	09/07/2025	1.0
Grafana Fixes Critical Chromium Vulnerabilities, Including Active Zero-Day Exploit	High	CVE-2025-6554, CVE-2025-5959, CVE-2025-6191 CVE-2025-6192	09/07/2025	1.0
Microsoft Plug 140 Vulnerabilities in July Patch Tuesday; SQL Server Zero-Day Disclosed	High	N/A	09/07/2025	1.0
Critical Flaws Expose Schneider DCE to Remote Exploits – Patch Now	Critical	CVE-2025-50121, CVE-2025-50122, CVE-2025-50123, CVE-2025-50125	11/07/2025	1.0
Phishing for Gemini: Invisible Prompts Turn AI Summaries into Attack Vectors	High	N/A	14/07/2025	1.0
SEO Poisoning Campaign Targets IT Admins with Weaponized PuTTY and WinSCP	High	N/A	15/07/2025	1.0
Mercedes, VW, Skoda Cars at Risk from Critical PerfektBlue Bluetooth Vulnerabilities	High	CVE-2024-45431, CVE-2024-45432, CVE-2024-45433, CVE-2024-45434,	16/07/2025	1.0
Google Addresses Actively Exploited Zero-Day Vulnerability CVE-2025-6558 in Chrome	High	CVE-2025-6558	17/07/2025	1.0
CVE-2025-34067: Critical RCE in HikCentral Puts Global Surveillance at Risk, PoC Available	Critical	CVE-2025-34067	17/07/2025	1.0
Critical Zero-Day Vulnerabilities in VMware Exploited at Pwn2Own 2025 – Patch Immediately	Critical	CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239	18/07/2025	1.0
ToolShell Zero-Day Exploits in Microsoft SharePoint Enable Full Remote Takeover	Critical	CVE-2025-34067	18/07/2025	1.0
Critical Remote Code Execution in Nokia WaveSuite NOC	Critical	CVE-2025-24936, CVE-2025-24938	22/07/2025	1.0
Pre-Auth Remote Code Execution Flaws Patched in Sophos Firewall	Critical	CVE-2025-6704, CVE-2025-7624	23/07/2025	1.0
Patch Now! Critical Command Injection in GitHub Action tj-actions/branch-names Affects 5,000+ Repos	Critical	CVE-2025-54416	29/07/2025	1.0
Gemini CLI Vulnerability Enables Silent Execution of Malicious Commands on Developer Systems	Critical	N/A	01/08/2025	1.0
Patch Now! Claude Code Vulnerabilities Allow Unauthorized Command Execution, CVEs Affect AI Security Foundations	High	CVE-2025-54794, CVE-2025-54795	05/08/2025	1.0
Zero-Day Exploitation in SonicWall Targeted by Akira Ransomware	Critical	N/A	06/08/2025	1.0
WinRAR Zero-Day Path Traversal Flaw Actively Exploited to Code Execution	High	CVE-2025-8088	11/08/2025	1.0
7-Zip Security Flaw Allows Malicious File Writes and Potential Exploits	Low	CVE-2025-55188	12/08/2025	1.0
Microsoft Patches 119 Vulnerabilities in August Patch Tuesday; Kerberos Zero‑Day Publicly Disclosed	Critical	CVE-2025-53779	13/08/2025	1.0
Microsoft IIS Web Deploy RCE Vulnerability Allows Authenticated Remote Code Execution	High	CVE-2025-53772	18/08/2025	1.0
PostgreSQL High-Severity RCE Flaws in pg_dump Utilities Allow Remote Code Execution	High	CVE-2025-8715, CVE-2025-8714, CVE-2025-8713	19/08/2025	1.0
WhatsApp Privacy Advisory: Protect Your Conversations	High	N/A	20/08/2025	1.0
Apple Patches Zero-Day Vulnerability Exploited in Targeted Attacks (CVE-2025-43300)	High	CVE-2025-43300	22/08/2025	1.0
Docker Desktop Vulnerability Allows Full Host Compromise via Exposed API	Critical	CVE-2025-9074	24/08/2025	1.0
Multiple Critical Vulnerabilities in Citrix NetScaler ADC/Gateway, One Actively Exploited in Wild	Critical	CVE-2025-7775, CVE-2025-7776, CVE-2025-8424	28/08/2025	1.0
Critical Chrome Use-After-Free Vulnerability in ANGLE Graphics Library	High	CVE-2025-9478	29/08/2025	1.0
MediaTek Patches Critical Modem Vulnerabilities Affecting Millions of Devices	High	CVE-2025-20708, CVE-2025-20703, CVE-2025-20704, CVE-2025-20705, CVE-2025-20706, CVE-2025-20707	03/09/2025	1.0
Fake Government & Banking Apps Used to Spread Android Malware	High	NA	04/09/2025	1.0
Critical WhatsApp Zero-Day Vulnerability Allows Remote Code Execution	Medium	CVE-2025-55177	05/09/2025	1.0
Chrome Update Released, Fixes RCE and Multiple Vulnerabilities	High	CVE-2025-9864, CVE-2025-9865, CVE-2025-9866, CVE-2025-9867	05/09/2025	1.0
Patch Now: Critical Unauthorized Property Modification Vulnerability in Spring Cloud Gateway WebFlux	Critical	CVE-2025-41243	09/09/2025	1.0
Microsoft Releases September 2025 Security Updates: 86 Fixes, 2 Zero-Day Vulnerabilities	High	CVE-2025-55234, CVE-2024-21907	10/09/2025	1.0
Angular SSR Vulnerability Allows Cross-Request Data Exposure	High	CVE-2025-59052	12/09/2025	1.0
VoidProxy PhaaS Uses MFA Bypass, Hijacking Google and Microsoft Logins	High	NA	16/09/2025	1.0
Spring Security & Framework Authorization Bypass Vulnerabilities Patched	Medium	CVE-2025-41248, CVE-2025-41249	17/09/2025	1.0
Shai-Hulud NPM Supply Chain Attack Expands to 470+ Packages	High	NA	17/09/2025	1.0
Chrome Security Update Fixed Active Zero-Day Exploit & Multiple High-Severity Vulnerabilities	High	CVE-2025-10585, CVE-2025-10500, CVE-2025-10501, CVE-2025-10502	18/09/2025	1.0
Jenkins Security Patch Fixed HTTP/2 DoS and Permission Issues	High	CVE-2025-5115, CVE-2025-59474, CVE-2025-59475, CVE-2025-59476	18/09/2025	1.0
Zero-Click ShadowLeak Vulnerability in ChatGPT Agent Exposes Sensitive Data via Hidden Email Prompts	High	NA	19/09/2025	1.0

Defend Your Business Against The Latest Cyber Threats

Our experts are here to help you

INDIA OFFICE

Phone

+91 98454 47250

bq@intruceptlabs.com

Address

Bengaluru, India

AUSTRALIA OFFICE

Phone

+61 414 780 058

bq@intruceptlabs.com

Address

Epping, NSW, 2121, Australia

EUROPE OFFICE

Phone

+49 1521 024 7217

bq@intruceptlabs.com

Address

Buchheimer Weg 42, 51107 Köln, Germany

CANADA OFFICE

Phone

+1 41689 89927

bq@intruceptlabs.com

Address

5, Stauffer Road , Brantford , ON, N3V 0B1 , Canada

UAE OFFICE

Phone

+971 5825 74510

bq@intruceptlabs.com

Address

Intrucept Security Advisories

Defend Your Business Against The Latest Cyber Threats

+91 98454 47250

bq@intruceptlabs.com

Bengaluru, India

+61 414 780 058

bq@intruceptlabs.com

Epping, NSW, 2121, Australia

+49 1521 024 7217

bq@intruceptlabs.com

Buchheimer Weg 42, 51107 Köln, Germany

+1 41689 89927

bq@intruceptlabs.com

5, Stauffer Road , Brantford , ON, N3V 0B1 , Canada

+971 5825 74510

bq@intruceptlabs.com

Dubai Creek Harbor, UAE