DoS

Security Advisory

Multiple High-Severity Vulnerabilities Patched in Zoom  

Summary 

Multiple high-severity vulnerabilities have been identified in Zoom applications, including Zoom Workplace, Rooms Controller, Rooms Client, and Meeting SDK, causing exposure of Sensitive Data.

The most critical flaws, patched in Zoom’s March 11, 2025, security bulletin, include CVE-2025-27440 (heap-based buffer overflow), CVE-2025-27439 (buffer underflow), CVE-2025-0151 (use-after-free) CVE-2025-0150 (incorrect behavior order in iOS Workplace Apps).

All rated high severity with CVSS scores ranging from 7.1 to 8.5. 

OEM Zoom 
Severity High 
CVSS 8.5  
CVEs CVE-2025-27440, CVE-2025-27439, CVE-2025-0151,  CVE-2025-0150, CVE-2025-0149 
Publicly POC Available No 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

These vulnerabilities could allow attackers to escalate privileges, execute arbitrary code, or cause denial-of-service (DoS) attacks. Zoom has released patches addressing these issues in version 6.3.0. 

Vulnerability Name CVE ID Product Affected Severity CVSS Score 
Heap-Based Buffer Overflow Vulnerability  CVE-2025-27440  ZOOM High 8.5 
Buffer Underflow Vulnerability  CVE-2025-27439  ZOOM High 8.5 
Use-After-Free Vulnerability CVE-2025-0151 ZOOM High  8.5 
Incorrect Behavior Order Vulnerability CVE-2025-0150 ZOOM High 7.1 
Insufficient Data Verification Vulnerability  CVE-2025-0149 ZOOM Medium 6.5 

Technical Summary 

These vulnerabilities could be exploited to gain unauthorized access, execute arbitrary code, or disrupt services through privilege escalation and memory corruption techniques. Exploitation requires authentication and network access, posing a risk to enterprise users. 

CVE ID System Affected Vulnerability Details Impact 
 CVE-2025-27440  Zoom Workplace Apps ( Windows, macOS, and Linux, as well as mobile apps for iOS and Android.)  Heap-based buffer overflow, allowing attackers to inject malicious code   Privilege Escalation 
 CVE-2025-27439  Zoom Workplace Apps Buffer underflow, leading to unexpected crashes or data leakage   Denial of Service, Data Exposure 
CVE-2025-0151    Zoom Workplace Apps  Use-after-free issue leading to memory corruption and arbitrary code execution   Privilege Escalation 
CVE-2025-0150  Zoom Workplace Apps (iOS) Incorrect behavior order allowing unauthorized access to authentication tokens   Information Disclosure 
CVE-2025-0149 Zoom Workplace Apps  Insufficient verification of data authenticity, allowing malformed network packets to bypass security checks Denial of Service 

Remediation

  • Apply Patches Promptly: Ensure all Zoom applications are updated to version 6.3.0 or later, which includes fixes for 12 vulnerabilities disclosed in March 2025 alone.

Conclusion: 

The recent vulnerabilities in Zoom highlight the ongoing challenges in securing widely used communication platforms. While Zoom has acted swiftly in providing patches, the recurrence of memory corruption and input validation flaws suggests architectural challenges.

Organizations should maintain a proactive security stance, ensuring timely updates and implementing stringent controls to safeguard sensitive data. 

Organizations must treat Zoom not as a neutral utility but as a high-risk vector requiring stringent controls.

References

Security Advisory

Ivanti Connect Secure VPN Actively Being Exploited in the Wild 

Ivanti announced two critical vulnerabilities impacting its Connect Secure (ICS) VPN appliances: CVE-2025-0282 and CVE-2025-0283. Notably, CVE-2025-0282 has been actively exploited in the wild since mid-December 2024.

As per Ivanti threat actors have attempted to bypass detection by the ICT, Ivanti has provided examples demonstrating the differences between successful scans and unsuccessful ones on compromised devices to help users identify potential compromises.

Summary 

OEM Ivanti  
Severity Critical 
CVSS 9.0 
CVEs CVE-2025-0282, CVE-2025-0283  
Exploited in Wild  Yes 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

This stack-based buffer overflow flaw allows unauthenticated attackers to execute arbitrary code on affected devices. Another  Vulnerability, CVE-2025-0283, could allow a local authenticated attacker to escalate privileges. Ivanti has released patches for Connect Secure and recommends immediate updates to mitigate the risk. 

Vulnerability Name CVE ID Product Affected Severity Affected Version 
Stack-Based Buffer Overflow Vulnerability  CVE-2025-0282 Ivanti Critical 22.7R2 through 22.7R2.4  22.7R1 through 22.7R1.2  22.7R2 through 22.7R2.3  
Stack-Based Buffer Overflow Vulnerability CVE-2025-0283  Ivanti High 22.7R2.4 and prior 9.1R18.9 and prior  22.7R1.2 and prior 22.7R2.3 and prior  

Technical Summary 

CVE ID System Affected Vulnerability Details Impact 
CVE-2025-0282  Ivanti Connect Secure, Ivanti Policy Secure, Ivanti Neurons for ZTA gateways  A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.  RCE, System compromise, Data theft, Network breaches, and Service disruptions.  
CVE-2025-0283  Ivanti Connect Secure, Ivanti Policy Secure, Ivanti Neurons for ZTA gateways  A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges Allow Local Authenticated Attackers to Escalate Privileges. 

Remediation

  • Ensure that the appropriate patches or updates are applied to the relevant Ivanti 
  • Organizations using ICS appliances are strongly advised to apply these patches and follow Ivanti’s Security Advisory to safeguard their systems.

versions as listed below: 

Affected Version(s) Fixes and Releases 
22.7R2 through 22.7R2.4  22.7R2.5  
22.7R2.4 and prior,  9.1R18.9 and prior  22.7R2.5  
22.7R2 through 22.7R2.3  22.7R2.5, Patch planned availability Jan. 21  
22.7R2.3 and prior  22.7R2.5, Patch planned availability Jan. 21  
22.7R1 through 22.7R1.2  Patch planned availability Jan. 21  
22.7R1.2 and prior  Patch planned availability Jan. 21  
  • Ivanti Connect Secure: Upgrade to version 22.7R2.5, perform a clean ICT scan, and factory reset appliances before putting them into production for added security. 
  • Ivanti Connect Secure (Compromise Detected): Perform a factory reset and upgrade to version 22.7R2.5 to remove malware and ensure continued monitoring with security tools. 
  • Ivanti Policy Secure: Ensure the appliance is not exposed to the internet, as the risk of exploitation is lower, and expect a fix on January 21, 2025. 
  • Ivanti Neurons for ZTA Gateways: Ensure ZTA gateways are connected to a controller for protection, with a fix available on January 21, 2025. 

General Recommendation 

  • Regularly update software and systems to address known vulnerabilities. 
  • Implement continuous monitoring to identify any unauthorized access or suspicious activities. 
  • Use strong authentication and access controls to minimize unauthorized access and reduce attack surfaces. 
  • Create and Maintain an incident response plan to quickly mitigate the impact of any security breach. 

References: 

Security Advisory

Denial of Service Vulnerability in DNS Security Feature of Palo Alto Networks PAN-OS 

Summary 

OEM Palo Alto 
Severity High 
CVSS 8.7 
CVEs CVE-2024-3393 
Exploited in Wild  No 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

A Denial-of-Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.  

Vulnerability Name CVE ID Product Affected Severity Affected Version 
(DoS) in DNS Security Using a Specially Crafted Packet CVE-2024-3393   Palo Alto High PAN-OS 11.2 – < 11.2.3* PAN-OS 11.1 – < 11.1.5* PAN-OS 10.2 – >= 10.2.8*, <10.2.14* PAN-OS 10.1 – >= 10.1.14*, <10.1.15* 

Technical Summary 

CVE ID System Affected Vulnerability Details Impact 
CVE-2024-3393   Palo Alto PAN-OS CVE-2024-3393 is a high-severity DoS vulnerability in Palo Alto Networks PAN-OS exists in the DNS Security feature, where malformed DNS packets are improperly parsed and logged. If exploited, this vulnerability enables an unauthenticated attacker to remotely trigger a firewall reboot. Repeated exploitation attempts can cause the firewall to enter maintenance mode. CISA added it to the KEV catalog, with patching required by January 20, 2025.     Dos – Denial-of-Service 

Remediation

  • Update: Ensure that the appropriate patches or updates are applied to the relevant PAN-OS versions as listed below 
PAN-OS Version Fixes and Releases 
PAN-OS 11.1 11.1.2-h16, 11.1.3-h13, 11.1.4-h7, 11.1.5 
PAN-OS 10.2 10.2.8-h19, 10.2.9-h19, 10.2.10-h12, 10.2.11-h10, 10.2.12-h4, 10.2.13-h2, 10.2.14 
PAN-OS 10.1 10.1.14-h8, 10.1.15 
PAN-OS 10.2.9-h19 Only applicable to Prisma Access 
PAN-OS 10.2.10-h12 Only applicable to Prisma Access 
PAN-OS 11.0 No fix (reached end-of-life status on November 17, 2024) 

Recommendations: 

  • Avoid Using EOL Versions: 
  • PAN-OS 11.0 is end-of-life (EOL) as of November 17, 2024. Ensure that you are not using this version and upgrade to be supported versions. 
  • Monitoring & Incident Response: 
  • Regularly monitor firewall logs for unusual behavior, especially DoS triggers. 
  • For Prisma Access Users (Workaround): 
  • Disable DNS Security logging across all NGFWs if patching cannot be applied immediately. This can be done by opening a support case with Palo Alto Networks. 

References: 

Scroll to top