CVE-2025-24085 is a zero-day vulnerability in Apple’s “Core Media framework” which enables malicious applications to potentially gain elevated privileges on impacted devices. It falls under the “Memory Corruption vulnerability category”, posing significant security risks such as unauthorized access to sensitive data or potential device control.
OEM
Apple Inc
Severity
High
CVEs
CVE-2025-24085
Exploited in Wild
Yes
Patch/Remediation Available
Yes
Advisory Version
1.0
Vulnerability Name
CVE ID
Product Affected
Severity
Affected Version
Privilege escalation vulnerability
CVE-2025-24085
Apple
High
iPhone-XS and later, macOS Sequoia iPad-Pro (3rd generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), iPad mini (5th generation and later) Apple Watch: Series 6 and later Apple TV: All models
Technical Summary
CVE ID
System Affected
Vulnerability Details
Impact
CVE-2025-24085
iPhone, iPad, Mac, Apple Watch, Apple TV
CVE-2025-24085 is a memory management vulnerability in Apple’s Core Media framework, responsible for processing audio and video content. The vulnerability stems from improper handling of media data, allowing attackers to execute arbitrary code with elevated privileges. It can be remotely exploited through malicious media files, creating significant security risks.
Arbitrary Code Execution, Privilege Escalation, Sensitive Data Exposure, Remote Exploitation via Media Files
Remediation:
Update: Ensure the latest patches are applied to affected Apple devices as listed below
Affected Version(s)
Fixes and Releases
iOS 17.2 and later
iOS 18.3
iPadOS 17.2 and later
iPadOS 18.3
macOS Sequoia (all previous versions)
macOS Sequoia 15.3
watchOS 10.3 and later
watchOS 11.3
tvOS 17.2 and later
tvOS 18.3
visionOS 1.3 and later
visionOS 2.3
Apple has fixed this vulnerability in these software versions. Update devices immediately to mitigate the risk of exploitation.
General Recommendations:
Untrusted Media: Avoid opening suspicious media files, emails, or links from unknown sources, as the vulnerability can be exploited remotely via malicious media.
Automatic Updates: Enable automatic updates on all Apple devices to ensure timely installation of future security patches.
A critical vulnerability in the ComboBlocks WordPress plugin (formerly Post Grid and Gutenberg Blocks) exposes over 40,000 websites to potential complete takeover by unauthenticated attackers. This vulnerability exists due to improper handling of user meta during the registration process, enabling privilege escalation. It affects versions 2.2.85 to 2.3.3 and has been addressed in version 2.3.4.
OEM
WordPress
Severity
Critical
Date of Announcement
2025-01-17
CVSS score
9.8
CVE
CVE-2024-9636
Exploited in Wild
No
Patch/Remediation Available
Yes
Advisory Version
1.0
Overview
ComboBlocks, a plugin designed to enhance website design and functionality, was found to have a critical security flaw (CVE-2024-9636) that could allow unauthenticated attackers to register as administrators, granting them full control over the affected websites.
The vulnerability stems from improper restriction of user meta updates during profile registration. This flaw allows unauthenticated attackers to register as administrators, granting them full control over the website.
Complete website takeover and malware injection.
Remediations
Update Plugin: Immediately update the ComboBlocks plugin to version 2.3.4 or later.
Review Administrative Accounts:
Audit all user accounts with administrative privileges.
Revoke any unauthorized access.
Enhance Security Posture:
Enable multi-factor authentication (MFA) for all admin accounts.
Restrict user permissions based on the principle of least privilege.
Use a web application firewall (WAF) to filter and block malicious traffic.
Monitor and Log Activity:
Activate detailed logging for user registration and privilege changes.
Configure alerts for unusual activity, such as mass registrations or privilege escalations.
Implement Preventative Measures:
Regularly update all plugins and themes.
Backup the WordPress site frequently to ensure quick recovery in case of any compromise.
GitLab releases fixes for vulnerabilities in patch releases. There are two types of patch releases: scheduled releases, and ad-hoc critical patches for high-severity vulnerabilities.
The vulnerabilities could potentially impact unauthorized access, data manipulation, and service disruption. These have been disclosed through GitLab’s HackerOne bug bounty program. Latest Versions 17.7.1, 17.6.3, and 17.5.5 are now available for immediate download and upgrade to address these issues.
Vulnerability Name
CVE ID
Product Affected
Severity
Import Functionality Vulnerabilities
CVE-2024-6385
GitLab CE/EE
Critical
Import Functionality Vulnerabilities
CVE-2024-5655
GitLab CE/EE
High
Import Functionality Vulnerabilities
CVE-2024-6678
GitLab CE/EE
High
Import Functionality Vulnerabilities
CVE-2024-8970
GitLab CE/EE
High
Access Token Exposure in Logs
CVE-2025-0194
GitLab CE/EE
Medium
Cyclic Reference of Epics Leading to DoS
CVE-2024-6324
GitLab CE/EE
Medium
Unauthorized Manipulation of Issue Status
CVE-2024-12431
GitLab CE/EE
Medium
Instance SAML Bypass
CVE-2024-13041
GitLab CE/EE
Medium
Technical Summary
This update addresses several significant vulnerabilities identified in GitLab CE/EE:
CVE ID
System Affected
Vulnerability Details
Impact
CVE-2024-6385
GitLab CE/EE
Vulnerability in import functionality allowing potential exploitation
Allows attackers to exploit the system.
CVE-2024-5655
CVE-2024-6678
CVE-2024-8970
CVE-2025-0194
GitLab CE/EE
Possible exposure of access tokens in logs under certain conditions.
Potential unauthorized access to sensitive resources.
CVE-2024-6324
GitLab CE/EE
Cyclic references between epics could lead to resource exhaustion, causing a Denial of Service (DoS).
Service disruption due to resource exhaustion.
CVE-2024-12431
GitLab CE/EE
Unauthorized users could manipulate issue statuses in public projects, potentially disrupting workflows.
Workflow disruption and compromised data integrity.
CVE-2024-13041
GitLab CE/EE
Flaw in instance SAML configuration allowing bypass of external provider settings.
Unauthorized access to internal projects or groups.
Key Changes to Import Functionality:
Post-import mapping: This new feature allows administrators to assign imported contributions and memberships to users after the import process is complete, enhancing control and security.
Email-independent mapping: The updated mapping process no longer relies on email addresses, providing greater flexibility and security when importing from instances with different email domains.
User control: Users on the destination instance now have the power to accept or reject assigned contributions, adding another layer of security and preventing unauthorized access.
Remediation:
Upgrade GitLab Instances: All users are strongly advised to upgrade to versions 17.7.1, 17.6.3, or 17.5.5 immediately to mitigate these vulnerabilities.
Disable Importers Temporarily: Until upgrades are complete, disable importers to avoid exploitation. If import functionality is essential, enable it only during the import process and disable it afterward.
Adopt Updated Features: Leverage the new post-import mapping, email-independent mapping, and user control enhancements for increased security.
Conclusion:
The vulnerabilities addressed in this patch release highlight the importance of timely updates and proactive security measures. GitLab’s redesign of its import functionality and the prompt patch release demonstrate a commitment to user security. Upgrading to the latest patched versions and adhering to the recommended actions is critical to maintaining a secure environment.
NVIDIA has issued a security advisory addressing a critical vulnerability (CVE-2024-0138) discovered in its Base Command Manager software. This flaw, located within the CMDaemon component, poses significant risks, including the potential for remote code execution, denial of service, privilege escalation, information disclosure, and data tampering.
What does the Vulnerability mean
The source of the vulnerability was from insecure temporary file handling, which could lead to a denial of service (DoS) condition on affected systems.
NVIDIA has released patches to address the issue and prevent potential exploitation. This critical flaw can be exploited remotely without any prerequisites, such as user interaction or special privileges, making it highly dangerous.
Vulnerability Name
CVE ID
Product Affected
Impact
Fixed Version
Insecure Temporary File Vulnerability
CVE-2024-0139
NVIDIA Base Command Manager, Bright Cluster Manager
Medium
Base Command Manager: 10.24.09a; Bright Cluster Manager: 9.0-22, 9.1-19, 9.2-17
Technical Summary
NVIDIA confirmed earlier versions, including 10.24.07 and earlier, are not impacted by this vulnerability.
To mitigate the issue, NVIDIA recommends updating the CMDaemon component on all head nodes and software images.
Remediation:
1. Base Command Manager
Update to version 10.24.09a to address the vulnerability.
2. Bright Cluster Manager
Depending on your version, update to one of the following:
9.0-22
9.1-19
9.2-17
3. CMdaemon Update
Ensure the most recent version of CMdaemon is installed on the head nodes and in all software images.
4. Node Update .
After applying the update, systems should be rebooted or resynchronized with the updated software image to ensure the fix is fully implemented. These measures are essential to eliminate the root cause that created vulnerability and protect systems from potential exploitation.
The vulnerability stems from insecure handling of temporary files in both Base Command Manager and Bright Cluster Manager. Exploiting this flaw could disrupt system availability, potentially causing a denial of service.
Recent Comments