We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Infosec

Security Advisory

WordPress Ultimate CSV Importer Flaws Put 20,000+ Sites at Risk

Threat researchers discovered an arbitrary File Upload vulnerability and an Arbitrary File Deletion vulnerability within the WP Ultimate CSV Importer plugin. This is affecting versions 7.19 and earlier.

The vulnerabilities have been addressed in version 7.19.1 of the plugin.

Summary 

OEM WordPress 
Severity High 
CVSS Score 8.8 
CVEs CVE-2025-2008, CVE- 2025-2007 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

The security flaw WordPress plugin, Ultimate CSV Importer, affecting over 20,000 websites. The vulnerabilities, identified as CVE-2025-2008 and CVE-2025-2007, can lead to catastrophic consequences, including complete site compromise. 

Vulnerability Name CVE ID Product Affected Severity CVSS Score 
Arbitrary File Upload  CVE-2025-2008 WordPress  High  8.8 
Arbitrary File Deletion  CVE-2025-2007 WordPress  High  8.1 

Technical Summary 

A critical security vulnerability has been discovered in the WP Ultimate CSV Importer plugin (versions ≤ v7.19). This flaw allows attackers with only Subscriber level access to exploit the system in two dangerous ways: 

  1. Malicious File Upload: Attackers can upload malicious files, potentially enabling remote code execution and granting full control over the affected site. This allows for complete site compromise, including the ability to install backdoors or steal sensitive information. 
  1. Critical File Deletion: Attackers can delete crucial files, such as wp-config.php, which can reset the WordPress site and give attackers the ability to take full control over the site. 
CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-2008  WP Ultimate CSV Importer plugin (versions ≤ 7.19) A critical flaw in the WP Ultimate CSV Importer plugin (≤ v7.19) allows attackers with Subscriber access to upload malicious files due to improper file type validation.
This can lead to remote code execution (RCE) and full site takeover. 		  Remote code execution (RCE) 
 CVE-2025-2007 WP Ultimate CSV Importer plugin (versions ≤ 7.19) A serious flaw in the WP Ultimate CSV Importer plugin (≤ v7.19) allows attackers with Subscriber access to delete critical files, like wp-config.php, due to weak file path validation.
This can reset the site, letting attackers take control. 		 Arbitrary file deletion leading to site reset 

Remediation

Install version 7.19.1 or later to fix the security flaws. Keeping all plugins and WordPress updated helps prevent attacks. 

General Recommendations 

  • Update the Plugin – Install the latest version (7.19.1+) to fix security issues and keep your site safe. 
  • Limit User Access – Allow only trusted users to upload or delete files to prevent hackers from exploiting vulnerabilities. 
  • Use Security Plugins – Install tools to block threats, monitor activity, and protect your site. 
  • Backup Your Website – Regularly save backups so you can restore your site if it gets hacked or files are deleted. 

Conclusion: 

A major security issue in a popular WordPress plugin put over 20,000 websites at risk of being taken over by hackers.

Attackers could upload harmful files or delete important ones, making websites vulnerable. This incident shows why keeping plugins updated, limiting user access, and using security tools is crucial. Updating to version 7.19.1 is necessary to stay protected. 

References

Security Advisory

3 Zero-Day Vulnerabilities backported & fixed in Apple Devices

Summary 

3 Zero-Day Vulnerabilities backported & fixed in Apple Devices

Apple backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems.

OEM Apple 
Severity High 
CVSS Score 8.8 
CVEs CVE-2025-24201, CVE-2025-24085, and CVE-2025-24200. 
No. of Vulnerabilities Patched 03 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

Apple has released an urgent security advisory concerning three zero-day vulnerabilities currently being actively exploited: CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085. These vulnerabilities affect a range of Apple devices, such as iPhones, iPads, Macs, and other platforms. Users are strongly urged to update to the latest patched versions to reduce security risks. 

Vulnerability Name CVE ID Product Affected Severity CVSS Score 
WebKit Out-of-Bounds Write Vulnerability  CVE-2025-24201 iOS, macOS, visionOS, Safari  High  8.8 
Use-After-Free Vulnerability  CVE-2025-24085 iOS, iPasOS, macOS, watchOS, tvOS  High  7.8 
Incorrect Authorization Vulnerability  CVE-2025-24200  iOS, iPadOS  Medium  6.1 

Technical Summary 

Apple’s latest security update patches three Zero-Day vulnerabilities that hackers were actively exploiting. These vulnerabilities could allow attackers to bypass security protections, making devices more vulnerable. One of the vulnerabilities enables remote code execution, letting attackers run malicious programs. Another flaw allows privilege escalation, giving attackers higher-level access to system functions. 

CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-24201  iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, Safari 18.3  Out-of-bounds write issue allowing malicious websites to escape the Web Content sandbox   Remote Code Execution 
 CVE-2025-24085 iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, visionOS 2.3 Use-after-free vulnerability in CoreMedia allowing privilege escalation via malicious apps.  Privilege escalation via CoreMedia 
 CVE-2025-24200  iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5 (iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch, etc.) Authorization bypass vulnerability allowing attackers to disable USB Restricted Mode on locked devices.  Security Bypass USB Restricted Mode 

Remediation

Apply Patches Promptly: Apple has released security updates to address these vulnerabilities. Users should update their devices immediately to mitigate risks 

  • iPhones and iPads: Update to iOS 18.3/iPadOS 18.3 or later. 
  • Macs: Install macOS Sequoia 15.3 or later. 
  • Apple Watch: Upgrade to watchOS 11.3. 
  • Apple TV: Apply tvOS 18.3 updates. 
  • Vision Pro: Install visionOS 2.3 updates. 

General Recommendations: 

  • Prioritize Zero-Day Fixes: Focus on patching actively exploited vulnerabilities, especially those affecting USB Restricted Mode, WebKit, and CoreMedia.  
  • Enable Lockdown Mode: On supported devices, Lockdown Mode can provide additional security against targeted attacks.  
  • Be Cautious with USB Devices: Avoid connecting untrusted accessories to Apple devices to mitigate USB-based attack vectors. 
  • Stay Alert for Malicious Websites: Since WebKit vulnerabilities are actively exploited, avoid suspicious links and untrusted web content. 
  • Monitor for Exploitation: Continuously monitor systems for any signs of exploitation or suspicious activity. 

Conclusion: 

The discovery and active exploitation of these zero-day vulnerabilities underscore the increasing sophistication of cyberattacks targeting Apple’s ecosystem.

While Apple has responded swiftly with patches, users must remain vigilant by keeping their devices updated and adhering to cybersecurity best practices, such as avoiding untrusted applications and enabling Lockdown Mode where applicable. 

Apple fixed all the vulnerability with improved state management.

References


 

Security Advisory

Windows Zero-Day Exploit NTLM Hash Disclosure via Malicious Files

Summary

OEMMicrosoft
SeverityHigh
CVEsNot Yet Assigned
Exploited in WildNo
Patch/Remediation AvailableNo
Advisory Version1.0
Vulnerability Zero-Day

Overview

A newly discovered NTLM vulnerability in Windows, allows attackers to obtain login credentials when a user view a malicious file in Windows Explorer. This issue affects all Windows versions, from Windows 7 and Server 2008 R2 to the most recent Windows 11 v24H2 and Server 2025.

Attackers can exploit this flaw by using shared network folders, USB drives, or previously downloaded malicious files, making credential theft easy and difficult to detect.

Vulnerability NameCVE IDProduct AffectedSeverityFix
             NTLM Hash Disclosure Vulnerability      Not Yet Assigned    Windows OS and Windows Server         High  Unofficial micropatch available via 0patch

Technical Summary

This vulnerability enables attackers to steal NTLM authentication credentials simply by having users view a malicious file in Windows Explorer. Unlike previous NTLM relay attack techniques that required users to execute files, this exploit works just by rendering the malicious file’s metadata in the Windows Explorer preview pane. Attackers can leverage this method in various ways:

  • Hosting a shared network folder containing the malicious file.
  • Distributing infected USB drives that trigger the attack when inserted.
  • Tricking users into downloading the malicious file from a compromised or attacker-controlled website.

Once the credentials are captured, attackers can use NTLM relay attacks to gain unauthorized access to internal systems, escalate privileges, and move laterally across the network.

CVE IDSystem AffectedVulnerability Technical DetailsImpact
  Not Assigned Yet  Windows 7 – Windows 11 v24H2, Server 2008 R2 – Server 2025Attackers can capture NTLM credentials when users view malicious files in Windows Explorer. Exploitation methods include shared folders, USB drives, or downloads.Credential theft, network compromise, and potential lateral movement.  

Recommendations

  • Microsoft Patch Awaited: The vulnerability has been reported to Microsoft, and an official security update is expected in the near future.
  • Unofficial Micropatch Available: Security researchers at 0patch have released an unofficial micropatch that mitigates this issue. The micropatch is available for all affected Windows versions and will remain free until an official fix is provided by Microsoft.

Steps to Apply 0patch Micropatch:

  1. Create a free account on 0patch Central.
  2. Install and register the 0patch Agent on affected systems.
  3. The micropatch is applied automatically without requiring a system reboot.

Security Best Practices

  • Disable NTLM authentication where possible.
  • Implement SMB signing to prevent relay attacks.
  • Restrict access to public-facing servers like Exchange to limit credential relaying risks.
  • Educate users to avoid interacting with unknown or suspicious files in shared folders and USB drives.

Conclusion

Although not classified as critical, this NTLM credential theft vulnerability is extremely harmful due to its ease of exploitation. Attackers can exploit NTLM hashes in relay attacks to compromise internal network resources.

Security researchers confirm that comparable flaws have been actively exploited in real-world assaults. Until an official Microsoft patch is available, organizations should prioritize applying the 0patch micropatch and following NTLM security best practices to reduce potential risks.

References:

Security Advisory

Critical NGINX Ingress Vulnerabilities Expose Kubernetes Clusters to Compromise 

Security Advisory

Summary:

The Kubernetes Ingress NGINX Admission Controller has detected 5 significant security vulnerabilities affecting all versions of the ingress-nginx controller prior to v1.12.1 and v1.11.5. Here are the cve ids CVE-2025-1974, CVE-2025-1098, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.

Maintainer Kubernetes ingress community 
Severity Critical 
CVSS Score 9.8 
No. of Vulnerabilities Patched 05 
Actively Exploited No 
Exploited in Wild No 
Patch Available Yes 
Advisory Version 1.0 

Overview 

Admission Controllers frequently don’t require authentication and essentially function as web servers, introducing an additional internal network-accessible endpoint in the cluster. This architecture allows attackers to access them directly from any pod in the network, significantly increasing the attack surface.

The most critical of these, CVE-2025-1974, allows attackers on the pod network to remotely execute code and gain full control of the cluster without authentication. 

Although there has not been any active exploitation in the wild, this vulnerability poses a serious risk as it could enable attackers to take complete control of a cluster.

The issue was publicly disclosed on March 24, 2025, and security patches have been released. 

Vulnerability Name CVE ID Product Affected Severity CVSS Score 
Admission Controller Remote Code Execution (RCE) Vulnerability  CVE-2025-1974      Ingress NGINX Admission Controller   Critical 9.8 
Configuration Injection via Unsanitized auth-tls-match-cn annotation  CVE-2025-1097 High 8.8 
Configuration Injection via Unsanitized Mirror Annotations  CVE-2025-1098 High 8.8 
Unsanitized auth-URL Injection Vulnerability  CVE-2025-24514 High 8.8 
Auth Secret File Path Traversal Vulnerability  CVE-2025-24513 Medium 4.8 

Technical Summary 

CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-1974         Ingress NGINX Controller v1.12.0 & v1.11.4 and below versions The Validating Admission Controller does not properly check incoming annotations, allowing attackers on the Pod network to inject configurations and potentially execute arbitrary code across the entire cluster.   Full Kubernetes cluster compromise 
  CVE-2025-1097 Improper validation of the auth-tls-match-cn annotation allows malicious annotation values to override controller configurations.  Remote code execution 
  CVE-2025-1098 Unsafe input handling in mirror annotations could result in unauthorized configuration manipulation.  Config injection, security bypass 
  CVE-2025-24514 Unsanitized input from auth-URL annotations can allow malicious URLs to modify ingress-controller behavior.  Remote code execution 
  CVE-2025-24513 A path traversal issue in handling auth secret files could let attackers access sensitive information.   Information disclosure 

Remediation

  • Apply Patches Promptly: Immediately upgrade to ingress-nginx v1.12.1, v1.11.5 or latest versions to mitigate the vulnerabilities. 
  • Temporarily Disable the Validating Admission Controller: It is mandatory to upgrade. If upgrading is not immediately possible, you can temporarily disable the Validating Admission Controller. 

General Recommendations: 

  • Set strict RBAC rules to control who can change ingress and webhook settings. 
  • Disable dynamic admission controllers if they aren’t needed. 
  • Monitor cluster audit logs for unusual ingress creation activities and suspicious annotations. 
  • Conduct security reviews and scans for clusters that have not recently been updated. 
  • Regularly check ingredients for weak or unsafe configurations. 

Conclusion: 

The Kubernetes ingress-nginx vulnerabilities disclosed in March 2025 are among the most severe to date, with CVE-2025-1974 posing a real threat of full cluster compromise. All organizations running affected versions must apply patches or mitigation steps immediately.

The vulnerabilities found are affecting the admission controller component of Ingress NGINX Controller for Kubernetes and highlight the importance of strict configuration validation and access control in Kubernetes environments. 

Security researchers from Wiz found that 43% of cloud environments are vulnerable to these vulnerabilities. They uncovered over 6,500 clusters, including Fortune 500 companies, that publicly expose vulnerable Kubernetes ingress controllers’ admission controllers to the public internet—putting them at immediate critical risk. 

References

Security Advisory

Update Google Chrome to Fix Critical Remote Code Execution Vulnerability in Lens 

OEM Google Chrome 
Severity High 
CVSS 8.8 
CVEs CVE-2025-2476 
Exploited in Wild No 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

Google Chrome’s Lens component has been found to have a critical use-after-free vulnerability (CVE-2025-2476) that impacts Linux, Mac, and Windows. 

This vulnerability might compromise user systems by enabling remote attackers to run arbitrary code.  To lessen the danger, Google has issued security patches. 

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
 Use after free Vulnerability  CVE-2025-2476  Google Chrome  High  134.0.6998.117/.118 

Technical Summary 

The vulnerability exists due to a use-after-free (UAF) condition in Chrome’s Lens component. This occurs when a program continues to use memory after it has been freed, potentially leading to arbitrary code execution or system compromise. Attackers can exploit this flaw using specially crafted HTML pages that trigger heap corruption. 

CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-2476   Windows, Mac, Linux   Use-after-free vulnerability in Chrome’s Lens component, leading to heap corruption and potential arbitrary code execution.  Remote code execution 

Remediation

  1. Open Google Chrome. 
  1. Click the three-dot menu in the upper-right corner. 
  1. Navigate to Help > About Google Chrome. 
  1. Allow Chrome to automatically check for and install the latest update. 
  1. Restart the browser to complete the update process. 
  • The update will roll out over the coming days and weeks, However, due to the critical nature of this security issue, users should not rely on automatic updates and should manually confirm they are running the latest version. 

Google has restricted detailed vulnerability information until a majority of users have applied the fix to prevent potential exploitation. 

A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user.

Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts.

Threat Intelligence :

There are currently no reports of the vulnerability being exploited in the wild.

Conclusion: 

The possibility of remote code execution makes CVE-2025-2476 a serious security risk. It is highly recommended that users upgrade their Chrome browsers ASAP.

This vulnerability emphasizes how crucial it is to keep up with security patches on time and to be vigilant about new online threats. 

References: 

Image 

Security Advisory

WordPress Age Gate Plugin Critical Vulnerability (CVE-2025-2505) Affects Over 40,000 Websites 

The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the ‘lang’ parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those files.

OEM WordPress 
Severity Critical 
CVSS score 9.8 
CVEs CVE-2025-2505 
Exploited in Wild No 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

A critical vulnerability (CVE-2025-2505) in the Age Gate plugin for WordPress allows unauthenticated Local PHP File Inclusion (LFI), potentially enabling remote code execution. This flaw affects all versions up to 3.5.3 and has been patched in version 3.5.4. Over 40,000 websites are affected by this vulnerability. 

This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
 Improper Limitation of a Pathname to a Restricted Directory  CVE-2025-2505  Age Gate WordPress Plugin  Critical  v3.5.4  

Technical Summary 

The vulnerability exists due to improper limitation of pathname input, leading to an unauthenticated Local PHP File Inclusion (LFI) attack through the lang parameter. This flaw can be exploited by attackers to execute arbitrary PHP files, bypass access controls, and compromise server security. 

CVE ID System Affected Vulnerability Details Impact 
 CVE-2025-2505  WordPress websites using Age Gate Plugin (<=3.5.3)  Local PHP File Inclusion via ‘lang’ parameter allows execution of arbitrary PHP files.  Unauthorized code execution, data exfiltration, privilege escalation, potential full server compromise. 

Remediation

  • Update Age Gate plugin to version 3.5.4 or later as soon as possible. 

Conclusion: 

Attackers can potentially: – Include and execute arbitrary PHP files on the server – Bypass access controls – Obtain sensitive site data – Achieve remote code execution – Compromise the entire WordPress site’s integrity and availability

This vulnerability poses a severe risk to WordPress websites utilizing the Age Gate plugin. Prompt patching and proactive security measures are crucial to mitigating potential attacks.

Users are strongly advised to update to the latest version without delay to protect their websites from unauthorized code execution. 

CVE-2025-2505 affects all versions of the Age Gate plugin for WordPress up to and including version 3.5.3.

References: 

Security Advisory

New Exploit Allows Remote Code Execution in Apache Tomcat 

Patch Without Delay

OEM Apache 
Severity Critical 
CVSS 9.8 
CVEs CVE-2025-24813 
Exploited in Wild Yes 
POC Available Yes 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

The CVE-2025-24813 is recently identified Apache Tomcat vulnerability that is being actively exploited in the wild.  Under certain circumstances, this vulnerability permits information disclosure and remote code execution (RCE). 

A two-step exploit procedure can be used by attackers to take over compromised systems.  Patching became more urgent after a proof-of-concept (PoC) vulnerability was made public within 30 hours of disclosure. 

Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.

Vulnerability Name CVE ID Product Affected Severity 
 Remote Code Execution Vulnerability  CVE-2025-24813  Apache Tomcat  Critical 

Technical Summary 

The vulnerability arises from Tomcat’s handling of PUT and GET requests in environments where specific configurations are enabled. Exploitation requires: 

  • Writes enabled for the default servlet 
  • Partial PUT support enabled 
  • Security-sensitive files stored in a sub-directory of public uploads 
  • Attacker knowledge of the file names 
  • Use of file-based session persistence 

Successful exploitation allows attackers to upload malicious Java session files via a PUT request and trigger deserialization through a GET request, leading to RCE. A PoC exploit has been publicly released, making detection and mitigation critical. 

CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-24813  Apache Tomcat  11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34,  9.0.0.M1 to 9.0.98  Exploits PUT and GET request handling, allowing arbitrary file injection and execution.  Remote Code Execution, Information Disclosure. 

Remediation

  • Update the Apache Tomcat versions to the latest one v11.0.3, v10.1.35,  v9.0.99 to mitigate the vulnerability. 

General Recommendations: 

  • Disable partial PUT support: Prevent attackers from leveraging the exploit by disabling this feature if not required. 
  • Restrict access to sensitive files: Ensure security-sensitive files are not stored in publicly accessible directories. 
  • Implement authentication controls: Strengthen authentication and authorization for file upload operations. 
  • Enhance API security: Deploy real-time API security solutions to detect and block malicious PUT requests. 

Conclusion: 

CVE-2025-24813 represents a significant security risk, with active exploitation already observed. The availability of a public PoC exploit further increases the likelihood of widespread attacks. The ease of exploitation and the potential for severe consequences make it critical for affected organizations to apply the latest patches immediately. Additionally, security teams should enhance monitoring for suspicious PUT and GET request patterns to mitigate this attack technique. 

References: 

Security Advisory

Multiple High-Severity Vulnerabilities Patched in Zoom  

Summary 

Multiple high-severity vulnerabilities have been identified in Zoom applications, including Zoom Workplace, Rooms Controller, Rooms Client, and Meeting SDK, causing exposure of Sensitive Data.

The most critical flaws, patched in Zoom’s March 11, 2025, security bulletin, include CVE-2025-27440 (heap-based buffer overflow), CVE-2025-27439 (buffer underflow), CVE-2025-0151 (use-after-free) CVE-2025-0150 (incorrect behavior order in iOS Workplace Apps).

All rated high severity with CVSS scores ranging from 7.1 to 8.5. 

OEM Zoom 
Severity High 
CVSS 8.5  
CVEs CVE-2025-27440, CVE-2025-27439, CVE-2025-0151,  CVE-2025-0150, CVE-2025-0149 
Publicly POC Available No 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

These vulnerabilities could allow attackers to escalate privileges, execute arbitrary code, or cause denial-of-service (DoS) attacks. Zoom has released patches addressing these issues in version 6.3.0. 

Vulnerability Name CVE ID Product Affected Severity CVSS Score 
Heap-Based Buffer Overflow Vulnerability  CVE-2025-27440  ZOOM High 8.5 
Buffer Underflow Vulnerability  CVE-2025-27439  ZOOM High 8.5 
Use-After-Free Vulnerability CVE-2025-0151 ZOOM High  8.5 
Incorrect Behavior Order Vulnerability CVE-2025-0150 ZOOM High 7.1 
Insufficient Data Verification Vulnerability  CVE-2025-0149 ZOOM Medium 6.5 

Technical Summary 

These vulnerabilities could be exploited to gain unauthorized access, execute arbitrary code, or disrupt services through privilege escalation and memory corruption techniques. Exploitation requires authentication and network access, posing a risk to enterprise users. 

CVE ID System Affected Vulnerability Details Impact 
 CVE-2025-27440  Zoom Workplace Apps ( Windows, macOS, and Linux, as well as mobile apps for iOS and Android.)  Heap-based buffer overflow, allowing attackers to inject malicious code   Privilege Escalation 
 CVE-2025-27439  Zoom Workplace Apps Buffer underflow, leading to unexpected crashes or data leakage   Denial of Service, Data Exposure 
CVE-2025-0151    Zoom Workplace Apps  Use-after-free issue leading to memory corruption and arbitrary code execution   Privilege Escalation 
CVE-2025-0150  Zoom Workplace Apps (iOS) Incorrect behavior order allowing unauthorized access to authentication tokens   Information Disclosure 
CVE-2025-0149 Zoom Workplace Apps  Insufficient verification of data authenticity, allowing malformed network packets to bypass security checks Denial of Service 

Remediation

  • Apply Patches Promptly: Ensure all Zoom applications are updated to version 6.3.0 or later, which includes fixes for 12 vulnerabilities disclosed in March 2025 alone.

Conclusion: 

The recent vulnerabilities in Zoom highlight the ongoing challenges in securing widely used communication platforms. While Zoom has acted swiftly in providing patches, the recurrence of memory corruption and input validation flaws suggests architectural challenges.

Organizations should maintain a proactive security stance, ensuring timely updates and implementing stringent controls to safeguard sensitive data. 

Organizations must treat Zoom not as a neutral utility but as a high-risk vector requiring stringent controls.

References

Security Advisory

PoC Released for High-Severity Linux Kernel UVC Driver Vulnerability

OEMLinux
SeverityHIGH
CVSS7.8
CVEsCVE-2024-53104
Actively ExploitedYes
Publicly POC AvailableYes
Patch/Remediation AvailableYes
Advisory Version1.0

Overview

CVE-2024-53104 is a high-severity out-of-bounds write vulnerability in the Linux kernel’s USB Video Class (UVC) driver, leading to privilege escalation. The issue affects Linux kernel versions 2.6.26 and later. The vulnerability has gained renewed attention as a proof-of-concept (PoC) exploit has now been publicly released, increasing the risk of exploitation. A patch has been released to address this vulnerability, but unpatched systems remain at high risk.

Vulnerability NameCVE IDProduct AffectedSeverity
  out-of-bounds write vulnerability  CVE-2024-53104  Linux Kernel    High

Technical Summary

The vulnerability exists in the uvc_parse_format function of the UVC driver (uvc_driver.c). It arises due to improper parsing of UVC_VS_UNDEFINED frames, leading to incorrect buffer allocation and out-of-bounds writes.

An attacker could exploit this flaw by inserting a malicious USB device or manipulating video streams, potentially leading to memory corruption, privilege escalation, or arbitrary code execution.

CVE IDSystem AffectedVulnerability DetailsImpact
  CVE-2024-53104    Linux Kernel (2.6.26 and later)  Incorrect parsing of UVC_VS_UNDEFINED frames in uvc_parse_format, leading to miscalculated buffer sizes and memory corruption.    Privilege escalation, system instability, arbitrary code execution  

Remediation:

  • Apply Security Patches: Ensure that the latest security patches provided by the Linux distribution maintainers are promptly applied to mitigate vulnerability.

Recommendations

  • Implement USB Device Control Policies: Organizations should establish and enforce USB device control policies to prevent unauthorized usage and ensure only approved devices can be connected.
  • Deploy Log Monitoring and Analysis Tools: Implement security monitoring tools to continuously monitor logs for potential security incidents, such as exploitation attempts or suspicious activity.

Conclusion:

CVE-2024-53104 is a major vulnerability that poses a substantial risk to Linux systems since it allows for privilege escalation and arbitrary code execution. Users and administrators are strongly urged to apply the latest security patches to mitigate the risk of exploitation. Additionally, implementing a multi-layered security approach can further enhance system protection.

The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) list, emphasizing the need for immediate remediation.

CISA has ordered federal agencies to secure their systems within three weeks against a high-severity Linux kernel flaw actively exploited in attacks.

References:

Security Advisory

Critical Security Flaw in Kibana Requires Immediate Attention 

Kibana is a robust tool for data visualization and exploration that can be used to search, examine, and track data that is stored in Elasticsearch. A vital part of many organizations’ data analysis procedures, it offers real-time insights through interactive dashboards. 

Elastic released security updates to address a critical vulnerability, tracked as CVE-2025-25012 (CVSS score of 9.9), impacting the Kibana data visualization dashboard software for Elasticsearch.

OEM Elastic 
Severity Critical 
CVSS 9.9 
CVEs CVE-2025-25012 
Exploited in Wild No 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

A critical security vulnerability (CVE-2025-25012) has been identified in Kibana, affecting versions 8.15.0 to 8.17.2. The flaw allows attackers to execute arbitrary code, potentially compromising affected systems. Elastic has released a patch in Kibana version 8.17.3to address this issue, and users are strongly advised to update immediately. 

Vulnerability Name CVE ID Product Affected Severity 
 Arbitrary code execution Vulnerability  CVE-2025-25012  Elastic  Critical 

Technical Summary 

This vulnerability arises from improper handling of JavaScript object prototypes in Kibana’s file upload and HTTP request processing functionalities.

Attackers can exploit this flaw to inject malicious payloads, modify application behavior, and execute arbitrary code. The vulnerability is classified under CWE-1321 (Improper Control of Prototype-Based Attribute Modifications) and aligns with the MITRE ATT&CK framework under tactic T1059 (Command and Scripting Interpreter). 

Affected Versions and Exploitation Conditions: 

  • Kibana 8.15.0 – 8.17.0: Exploitable by users with the Viewer role. 
  • Kibana 8.17.1 – 8.17.2: Requires privileges fleet-all, integrations-all, and actions:execute-advanced-connectors. 
CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-25012   Kibana 8.15.0 – 8.17.2   Prototype pollution via crafted file uploads and HTTP requests, allowing manipulation of JavaScript object properties and security controls.  Remote Code Execution, Unauthorized Data Access, Lateral Movement  

Remediation

  • Upgrade: Elastic has released a security patch to address the issue. It is highly recommended to upgrade to Kibana 8.17.3 or a later version 
  • Temporary Mitigation: If upgrading is not feasible in the short term, apply the following measure to reduce risk: 
  • Disable the Integration Assistant feature by setting xpack.integration_assistant.enabled: false in kibana.yml. 

Conclusion: 

Organizations utilizing Kibana should take urgent action to patch CVE-2025-25012 by upgrading to version 8.17.3.

The vulnerability is highly severe, particularly for environments using Kibana for security monitoring, as attackers could exploit this flaw to disable alerts and manipulate detection pipelines. If patching is not immediately possible, temporary mitigations should be applied to reduce the risk of exploitation. Ensuring real-time vulnerability monitoring and implementing strict access controls are also recommended to safeguard against similar threats in the future. 

References: 

Image