Exploitable Command Injection in F5 BIG-IP (CVE-2025-20029)
F5 BIG-IP
Continue ReadingMajorana1 is Microsoft’s first quantum processor
Continue ReadingAn authentication bypass vulnerability (CVE-2025-0108) in Palo Alto Networks PAN-OS allows unauthenticated attackers with network access to bypass authentication on the management web interface.
Summary
OEM | Palo Alto |
Severity | High |
Date of Announcement | 2025-02-19 |
CVEs | CVE-2025-0108 |
CVSS Score | 8.8 |
Exploited in Wild | Yes |
Patch/Remediation Available | Yes |
Advisory Version | 1.0 |
Overview
‘Palo Alto Networks says threat actors used a publicly available PoC exploit in attack attempts against firewall customers with PAN-OS management interfaces exposed to the internet’.
This poses a significant risk, particularly when the interface is exposed to the internet or untrusted networks. CISA has added it to its Known Exploited Vulnerabilities catalog due to active exploitation.
Vulnerability Name | CVE ID | Product Affected | Severity | Affected Version |
Authentication Bypass Vulnerability | CVE-2025-0108 | Pan OS | High | PAN-OS 10.1: 10.1.0 through 10.1.14 PAN-OS 10.2: 10.2.0 through 10.2.13 PAN-OS 11.1: 11.1.0* through 11.1.6 PAN-OS 11.2: 11.2.0 through 11.2.4 |
Technical Summary
This authentication bypass flaw enables attackers to invoke specific PHP scripts without proper authorization, potentially compromising the integrity and confidentiality of the system. Attackers are chaining it with CVE-2024-9474 and CVE-2025-0111 to target unpatched instances. The risk is highest when the management interface is exposed directly to the internet, potentially enabling unauthorized access and manipulation of system configurations.
Vulnerability Name | Details | Severity | Impact |
Authentication Bypass Vulnerability | This is an authentication bypass in PAN-OS allowing unauthenticated attackers to invoke PHP scripts on the management interface, compromising system integrity. The vulnerability is critical when exposed to the internet and can be exploited by chaining CVE-2024-9474 and CVE-2025-0111. | High | Root access of the affected system, unauthorized file exfiltration. |
Recommendations
Here are the details of the required upgrades:
Version | Updated Version |
PAN-OS 11.2 | Upgrade to 11.2.4-h4 or later |
PAN-OS 11.1 | Upgrade to 11.1.6-h1 or later |
PAN-OS 10.2 | Upgrade to 10.2.13-h3 or later |
PAN-OS 10.1 | Upgrade to 10.1.14-h9 or later |
General Recommendations
Conclusion
The active exploitation of these vulnerabilities highlights the critical need for timely patch management and robust access controls. Given the increasing attack surface and publicly available proof-of-concept exploits, organizations should prioritize remediation to prevent potential breaches. Palo Alto Networks urges customers to secure their firewalls immediately to mitigate this growing threat.
The vulnerability is therefore of high severity on the CVSS and users were warned that while the PHP scripts that can be invoked, do not themselves enable remote code execution.
References:
SOC & CTI Compliment each other in threat Hunting
Continue ReadingCan Gen AI Transform Organizations Cyber Posture
Continue ReadingSummary
A critical authentication bypass vulnerability [CWE-288] has been identified in FortiOS and FortiProxy, tracked as CVE-2025-24472 . This is affecting their affecting FortiOS and FortiProxy products and being exploited in the wild.
OEM | Fortinet |
Severity | Critical |
CVSS | 9.6 |
CVEs | CVE-2025-24472 |
Exploited in Wild | Yes |
Patch/Remediation Available | Yes |
Advisory Version | 1.0 |
Overview
This flaw, with the CVSSv3 score of 9.6, could allow a remote attacker to obtain super-admin privileges by sending specially crafted requests to the Node.js WebSocket module.
Vulnerability Name | CVE ID | Product Affected | Severity | Affected Version |
Authentication Bypass Vulnerability | CVE-2025-24472 | FortiOS FortiProxy | Critical | FortiOS v7.0 – v7.0.16 FortiProxy v7.0 – v7.0.19 FortiProxy v7.2 – v7.2.12 |
Technical Summary
CVE ID | Vulnerability Details | Impact |
CVE-2025-24472 | An authentication bypass using an alternate path (CWE-288) vulnerability in FortiOS and FortiProxy , present in certain versions, could enable a remote attacker to obtain super-admin privileges by sending requests to the Node.js websocket module or by crafting CSF proxy requests. | Execute unauthorized code or commands |
Recommendations:
Version | Fixes and Releases |
FortiOS 7.0 – 7.0.16 | Upgrade to 7.0.17 or latest version |
FortiProxy 7.0 – 7.0.19 | Upgrade to 7.0.20 or latest version |
FortiProxy 7.2 – 7.2.12 | Upgrade to 7.2.13 or latest version |
Workarounds:
Below are some workarounds provided by the Fortinet team.
According to Fortinet, attackers exploit the two vulnerabilities to generate random admin or local users on affected devices, adding them to new and existing SSL VPN user groups. They have also been seen modifying firewall policies and other configurations and accessing SSLVPN instances with previously established rogue accounts “to gain a tunnel to the internal network.network.”
References:
OEM | Apple |
Severity | High |
CVSS | Not Assigned |
CVEs | CVE-2025-24200 |
Exploited in Wild | No |
Patch/Remediation Available | Yes |
Advisory Version | 1.0 |
Overview
Apple has issued emergency security patches to mitigate a zero-day vulnerability, CVE-2025-24200, which has been actively exploited in sophisticated attacks targeting specific individuals. The flaw allows attackers to bypass USB Restricted Mode on a locked device, potentially exposing sensitive data. Initially identified by The Citizen Lab, this vulnerability is believed to have been leveraged in real-world scenarios against high-profile targets. Apple has responded by enhancing state management in iOS 18.3.1 and iPadOS 18.3.1 to prevent exploitation.
Vulnerability Name | CVE ID | Product Affected | Severity |
USB Restricted Mode Bypass Vulnerability | CVE-2025-24200 | Apple | High |
Technical Summary
The vulnerability, tracked as CVE-2025-24200, affects USB Restricted Mode, a security feature introduced in 2018 to prevent data transfer over USB when a device remains locked for seven days. A flaw in the Accessibility framework allows an attacker with physical access to disable USB Restricted Mode, bypassing this protection and potentially accessing sensitive data.
Apple has mentioned “This issue has been exploited in extremely sophisticated attacks against specific individuals.” The vulnerability was discovered by Bill Marczak, a senior researcher at The Citizen Lab.
CVE ID | System Affected | Vulnerability Details | Impact |
CVE-2025-24200 | iPhone XS and later iPad Pro (13-inch) iPad Pro 12.9-inch (3rd generation and later) iPad Pro 11-inch (1st generation and later) iPad Air (3rd generation and later) iPad (7th generation and later) iPad mini (5th generation and later) | A flaw in the Accessibility framework allows a physical attacker to disable USB Restricted Mode, bypassing protections designed to prevent unauthorized data transfer. | Unauthorized access to sensitive data |
Remediation:
Conclusion
The CVE-2025-24200 vulnerability poses a serious risk to device security, particularly for individuals targeted in sophisticated cyberattacks. While the exploitation has been limited to specific individuals, all users of affected devices should install the latest updates immediately to mitigate potential risks. Apple remains committed to user security by addressing vulnerabilities promptly and ensuring continuous protection against emerging threats.
References:
A high severity vulnerability in 7-Zip is exploiting in the wild. This vulnerability, identified as a Mark-of-the-Web (MoTW) bypass, allows attackers to craft a double archive file that, when extracted, bypasses MoTW protections.
OEM | 7Zip |
Severity | High |
CVSS | 7.0 |
CVEs | CVE-2025-0411 |
Exploited in Wild | Yes |
Patch/Remediation Available | Yes |
Advisory Version | 1.0 |
Overview
The vulnerability enables threat actors to create archives containing malicious scripts or executables, which, due to the flaw, will not receive the usual MoTW protection.
This exposes Windows users to potential attacks and has recently been added to the CISA Known Exploited Vulnerabilities Catalog. Furthermore, a Proof of Concept (PoC) for this vulnerability has been publicly released, increasing the risk of exploitation.
7-Zip vulnerability allows attackers to bypass the Mark of the Web (MotW) Windows security feature and was exploited by Russian hackers as a zero-day since September 2024.
Vulnerability Name | CVE ID | Product Affected | Severity |
MOTW Bypass vulnerability | CVE-2025-0411 | 7zip | High |
Technical Summary
This vulnerability bypasses the Mark-of-the-Web (MoTW) feature, a security measure in Windows operating systems that flags files originating from the internet as potentially untrusted. MoTW is typically applied to files like downloaded documents, images, or executable files, which prompts a warning when opened. However, this vulnerability occurs when 7-Zip fails to properly propagate MoTW protections to files inside double-encapsulated archives.
An attacker can craft an archive containing another archive (a “double archive”), and 7-Zip did not properly propagate MoTW protections to the content to the inner archive.
This flaw allows any malicious content in the inner archive to be executed without triggering any security warnings. Consequently, this exposes Windows users to the risk of remote code execution and other malicious activities.
CVE ID | System Affected | Vulnerability Details | Impact |
CVE-2025-0411 | 7Zip Prior to v24.09 | This flaw allows attackers to execute arbitrary code through double-encapsulated archives that bypass MoTW protections. | Arbitrary remote code injection, potential system compromise |
Remediation:
Update 7zip to v24.09 or the latest version. Installing the latest version will ensure that vulnerability is addressed, protecting systems from potential exploitation.
Generic Recommendations
Conclusion
The MoTW bypass vulnerability in 7-Zip represents a serious security concern for Windows users, as it allows attackers to circumvent protective measures and execute malicious code. Updating to the latest version of 7-Zip is the recommended action to ensure systems are protected against this vulnerability.
References:
#CyberSecurity #7Zip #SecurityAdvisory #VulnerabilityManagement #CISO #CXO #PatchManagement #Intrucept
A critical remote code execution (RCE) vulnerability, CVE-2024-21413, affecting Microsoft Outlook has been actively exploited.
CISA has directed U.S. federal agencies to secure their systems against ongoing cyberattacks targeting this vulnerability, tracked as CVE-2024–21413. The flaw was originally discovered by Check Point vulnerability researcher Haifei Li and is a result of improper input validation when processing emails containing malicious links.
OEM | Microsoft |
Severity | Critical |
CVSS | 9.8 |
CVEs | CVE-2024-21413 |
Exploited in Wild | Yes |
Patch/Remediation Available | Yes |
Advisory Version | 1.0 |
Overview
The flaw allows attackers to bypass security protections, leading to NTLM credential theft and arbitrary code execution. The vulnerability is critical, and Microsoft has released patches to mitigate the risk.
Vulnerability Name | CVE ID | Product Affected | Severity |
Remote Code Execution Vulnerability | CVE-2024-21413 | Microsoft | Critical |
Technical Summary
The CVE-2024-21413 vulnerability arises due to improper input validation in Microsoft Outlook when handling emails containing malicious links. Exploitation of this flaw enables attackers to bypass Protected View, a security feature designed to prevent execution of harmful content embedded in Office files.
By manipulating URLs with the file:// protocol and inserting an exclamation mark followed by arbitrary text, attackers can evade Outlook’s built-in security measures, tricking users into opening malicious Office files in editing mode instead of read-only mode. The Preview Pane also serves as an attack vector, enabling zero-click exploitation. Here is the POC also available for this vulnerabilty.
CVE ID | System Affected | Vulnerability Details | Impact |
CVE-2024-21413 | Microsoft Office LTSC 2021, Microsoft 365 Apps, Microsoft Outlook 2016, Microsoft Office 2019 | Exploits improper input validation to bypass Outlook security protections using manipulated hyperlinks. | NTLM credential theft, remote code execution, potential full system compromise |
Remediation:
General Remediation:
Conclusion:
The exploitation of CVE-2024-21413 underscores the ongoing threat posed by improperly validated inputs in widely used enterprise software. With this vulnerability being actively exploited and the POC publicly available, organizations must prioritize patching, strengthen monitoring, and follow best security practices to minimize risks. CISA has included CVE-2024-21413 in its Known Exploited Vulnerabilities (KEV) catalog, emphasizing the need for immediate action.
References:
Recently the undersea Fibre optic cable between Latvia and Sweden was damaged and reports said it was result of external influence which prompted NATO to deploy patrol ships to the area and triggering a sabotage investigation by Swedish authorities. Also the cargo ship Vezhen was seized as part of the probe by Sweden’s Security Service.
The incident took place on Jan. 26 and was one of several in recent months, triggered a hunt for vessels suspected of involvement.
The prosecutor said the Vezhen’s anchor severed the cable but that the incident was related to a combination of bad weather, equipment deficiencies and poor seamanship. Images shared by Swedish media showed that the ship appeared to have a damaged anchor.
The cable belongs to Latvia’s state broadcaster, LVRTC, which said in a statement there had been “disruptions in data transmission services”, but that end users would be mostly unaffected.
A second vessel, the Silver Dania, a Norwegian cargo ship with an all-Russian crew, was seized in Norway at the request of Latvian authorities but was cleared of wrongdoing and released. Baltic Sea region is on high alert after a string of power cable, telecom link, and gas pipeline outages since Russia invaded Ukraine in 2022.
We cannot deny the scope of Hybrid attack in the Baltic region that targeted critical undersea infrastructure (CUI), particularly fiber-optic cables, in the Baltic and Arctic regions since 2021. Mostly the prime suspect was Russia, but in this case the Vezhen ship was suspected to have incurred an accident and not sabotage, a Swedish prosecutor said on Monday, adding that the Maltese-flagged vessel had been released.
Ship downtime a major issue the marine industry faces
What is ship downtime and how does it affect?
Any breakdown in service during operation or runtime amounts to downtime in maritime industry.
Sometimes downtimes are unpredictable and unplanned which makes it harder as it incurs expenses to deal with. Repairs, emergency parts, and dry-docking fees can add up fast.
Importance of Data analytics:
This is where predictive maintenance and data analytics come into picture making it possible to provide an overview on what is pending task regarding maintenance of ship or other issues that needs immediate inspection. This can also be cyber security related issue or hybrid attacks targeting critical undersea infrastructure (CUI), particularly fiber-optic cables, have surged in the Baltic and Arctic regions.
The Baltic sea ship broke down due to combination of bad weather and and deficiencies in equipment and seamanship contributed to the cable break,” as per reports by investigators
Whether it’s an engine breakdown, a port delay, or a sudden maintenance issue, every hour of downtime costs money. And there are times when this hurts the most because you don’t see it coming and affecting profitability, delivery and supply chain disruptions.
Crew Issues – Fatigue-related mistakes or medical emergencies that delay voyages.
Mechanical Failures – Think engine breakdowns, generator issues, and propulsion failures.
Electrical Problems – A failed control system or communication outage.
Other problems falls under planned downtime
Rise of Hybrid Attack on undersea cables in Baltic Sea and artic region
Since 2021 Russian hybrid attacks targeting critical undersea infrastructure (CUI), particularly fiber-optic cables, have surged in the Baltic and Arctic regions since 2021 causing disruptions threatening essential communication channels, exposing vulnerabilities of Northern Europe’s infrastructure.
More incidents were noticed in 2023 and 2024 involving Chinese vessels damaging Baltic subsea cables raise concerns over possible Russian-Chinese hybrid warfare collaboration despite no direct evidence confirming this, complicating Western deterrence efforts. (https://jamestown.org/program/hybrid-attacks-rise-on-undersea-cables-in-baltic-and-arctic-regions/)
Financial Implications
Any disruption of events that causes downtime in shipping such as piracy, bad weather and accidents blocking major shipping lanes causes major financial losses on global economy. Attacks such as cyber-attacks are growing with each passing day and quite predominant on risk landscape like the maritime industry, forcing organizations account of in its operations and work on legacy technologies replacing them with advanced technology systems to counter any attacks or sabotage or foul play.
Companies that have proven their ability to manage these risks and remain agile for recovery are more likely to secure favorable finance options.
Innovations in Maritime industry
Maritime transport is seen key player in global trade and the intricacies of networks of shipping
routes, ports, forced globalization to strengthened their operation strategies for the world economy to grow surpassing numerous challenges. Innovations is high on demand for safety systems form part of the ongoing development where digital based systems are part of ships in current scenario. E.g. the Intelligent awareness (IA) systems will be nex- gen of digital technologies to provide safety net for smooth operation of ships on transit that include utilizing sensors, high-resolution displays, and intelligent software.
Maritime chokepoints are critical points in shipping routes.as they facilitate substantial trade volumes and connect the world. Due to disruptions and very limited routes that are valid for ship passages there are negative impacts on supply chains, leading to systemic consequences, affecting food security, energy supply and whole of the global economy.
Sources: https://www.reuters.com/world/europe/baltic-undersea-cable-damaged-by-external-influence-sunday-latvian-broadcaster-2025-01-26/
www.shipuniverse.com