CVE-2025-24085 is a zero-day vulnerability in Apple’s “Core Media framework” which enables malicious applications to potentially gain elevated privileges on impacted devices. It falls under the “Memory Corruption vulnerability category”, posing significant security risks such as unauthorized access to sensitive data or potential device control.
OEM
Apple Inc
Severity
High
CVEs
CVE-2025-24085
Exploited in Wild
Yes
Patch/Remediation Available
Yes
Advisory Version
1.0
Vulnerability Name
CVE ID
Product Affected
Severity
Affected Version
Privilege escalation vulnerability
CVE-2025-24085
Apple
High
iPhone-XS and later, macOS Sequoia iPad-Pro (3rd generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), iPad mini (5th generation and later) Apple Watch: Series 6 and later Apple TV: All models
Technical Summary
CVE ID
System Affected
Vulnerability Details
Impact
CVE-2025-24085
iPhone, iPad, Mac, Apple Watch, Apple TV
CVE-2025-24085 is a memory management vulnerability in Apple’s Core Media framework, responsible for processing audio and video content. The vulnerability stems from improper handling of media data, allowing attackers to execute arbitrary code with elevated privileges. It can be remotely exploited through malicious media files, creating significant security risks.
Arbitrary Code Execution, Privilege Escalation, Sensitive Data Exposure, Remote Exploitation via Media Files
Remediation:
Update: Ensure the latest patches are applied to affected Apple devices as listed below
Affected Version(s)
Fixes and Releases
iOS 17.2 and later
iOS 18.3
iPadOS 17.2 and later
iPadOS 18.3
macOS Sequoia (all previous versions)
macOS Sequoia 15.3
watchOS 10.3 and later
watchOS 11.3
tvOS 17.2 and later
tvOS 18.3
visionOS 1.3 and later
visionOS 2.3
Apple has fixed this vulnerability in these software versions. Update devices immediately to mitigate the risk of exploitation.
General Recommendations:
Untrusted Media: Avoid opening suspicious media files, emails, or links from unknown sources, as the vulnerability can be exploited remotely via malicious media.
Automatic Updates: Enable automatic updates on all Apple devices to ensure timely installation of future security patches.
Cisco has warned about a new privilege escalation vulnerability in its Meeting Management tool that could allow a remote attacker to gain administrator privileges on exposed instances.
The vulnerability, CVE-2025-20156 was disclosed by Cisco on January 22 and is awaiting further analysis by the US National Vulnerability Database (NVD)
OEM
Cisco
Severity
Critical
CVSS
9.9
CVEs
CVE-2025-20156
Exploited in Wild
No
Patch/Remediation Available
Yes
Advisory Version
1.0
Overview
A critical vulnerability (CVE-2025-20156) in Cisco Meeting Management could allow attackers to gain unauthorized administrative access. This issue affects versions prior to 3.9.1 and has been classified as critical. Cisco strongly recommends updating to the latest fixed version to address this risk.
Vulnerability Name
CVE ID
Product Affected
Severity
Privilege Escalation Vulnerability
CVE-2025-20156
Cisco
Critical
Technical Summary
A critical security vulnerability has been identified in Cisco Meeting Management. This flaw resides in the REST API and stems from improper enforcement of authorization protocols for REST API users. Remote, authenticated attackers with low-level privileges can exploit this issue by sending specially crafted API requests to specific endpoints. A successful exploit could allow attackers to escalate their privileges to administrator level and gain control over edge nodes managed by Cisco Meeting Management.
CVE ID
System Affected
Vulnerability Details
Impact
CVE-2025-20156
Cisco Meeting Management prior to version 3.9.1
Insufficient authorization checks in the REST API allow attackers to send crafted API requests to escalate privileges.
Attackers can gain full administrative control and disrupt business operations.
Remediation:
Update to the Latest Version:
Upgrade Cisco Meeting Management to version 3.9.1or later.
Regular Security Practices:
Monitor Cisco’s security advisories.
Regularly update systems to address emerging threats.
Conclusion:
CVE-2025-20156 poses a critical risk to Cisco Meeting Management users. Exploiting this flaw could disrupt operations by granting attacker’s administrative control. Immediate updates are crucial to mitigate the risk and protect affected systems.
A critical vulnerability in the ComboBlocks WordPress plugin (formerly Post Grid and Gutenberg Blocks) exposes over 40,000 websites to potential complete takeover by unauthenticated attackers. This vulnerability exists due to improper handling of user meta during the registration process, enabling privilege escalation. It affects versions 2.2.85 to 2.3.3 and has been addressed in version 2.3.4.
OEM
WordPress
Severity
Critical
Date of Announcement
2025-01-17
CVSS score
9.8
CVE
CVE-2024-9636
Exploited in Wild
No
Patch/Remediation Available
Yes
Advisory Version
1.0
Overview
ComboBlocks, a plugin designed to enhance website design and functionality, was found to have a critical security flaw (CVE-2024-9636) that could allow unauthenticated attackers to register as administrators, granting them full control over the affected websites.
The vulnerability stems from improper restriction of user meta updates during profile registration. This flaw allows unauthenticated attackers to register as administrators, granting them full control over the website.
Complete website takeover and malware injection.
Remediations
Update Plugin: Immediately update the ComboBlocks plugin to version 2.3.4 or later.
Review Administrative Accounts:
Audit all user accounts with administrative privileges.
Revoke any unauthorized access.
Enhance Security Posture:
Enable multi-factor authentication (MFA) for all admin accounts.
Restrict user permissions based on the principle of least privilege.
Use a web application firewall (WAF) to filter and block malicious traffic.
Monitor and Log Activity:
Activate detailed logging for user registration and privilege changes.
Configure alerts for unusual activity, such as mass registrations or privilege escalations.
Implement Preventative Measures:
Regularly update all plugins and themes.
Backup the WordPress site frequently to ensure quick recovery in case of any compromise.
SonicWall has released an Critical advisory urging administrators to address a critical vulnerability in its SSL-VPN product.
The flaw, identified as CVE-2024-53704, poses a significant security risk, allowing attackers to exploit the system remotely. Administrators are strongly encouraged to update their systems immediately to mitigate potential threats. SonicWall has released an Critical advisory urging administrators to address a critical vulnerability in its SSL-VPN product.
Key Details:
The vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected systems.
It impacts SonicWall’s SSL-VPN products, widely used for secure remote access.
Exploitation of this bug could lead to severe consequences, including unauthorized access to sensitive data, network infiltration, and system compromise.
Summary
OEM
SonicWall
Severity
High
CVSS
8.2
CVEs
CVE-2024-53704
Exploited in Wild
No
Patch/Remediation Available
Yes
Advisory Version
1.0
Overview
The security flaw, tracked as CVE-2024-53704, presents a serious risk, enabling remote exploitation by attackers. Administrators are highly advised to apply the necessary patches without delay to protect against potential threats.
Vulnerability Name
CVE ID
Product Affected
Severity
Affected Version
Improper Authentication
CVE-2024-53704
SonicWall
High
7.1.x (7.1.1-7058 and older), 7.1.2-7019 8.0.0-8035
A privilege escalation vulnerability
CVE-2024-53706
SonicWall
High
7.1.x (7.1.1-7058 and older), 7.1.2-7019
A weakness in the SSLVPN authentication token generator
CVE-2024-40762
SonicWall
High
7.1.x (7.1.1-7058 and older), 7.1.2-7019
A server-side request forgery (SSRF) vulnerability
CVE-2024-53705
SonicWall
Medium
6.5.4.15-117n and older 7.0.x (7.0.1-5161 and older)
Technical Summary
CVE ID
System Affected
Vulnerability Details
Impact
CVE-2024-53704
Gen7 Firewalls, Gen7 NSv, TZ80
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
Bypass authentication
CVE-2024-53706
Gen7 Cloud Platform NSv
A vulnerability in the Gen7 SonicOS Cloud platform NSv (AWS and Azure editions only), allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution.
Allow attackers to gain root privileges and potentially execute code.
CVE-2024-40762
Gen7 Firewalls, Gen7 NSv, TZ80
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.
Weak PRNG in authentication tokens can lead to authentication bypass in SSLVPN.
CVE-2024-53705
Gen6 Hardware Firewalls, Gen7 Firewalls, Gen7 NSv
A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall.
Allow attackers to establish TCP connections to arbitrary IP addresses and ports
Remediation:
Update: Impacted users are recommended to upgrade to the following versions to address the security risk:
Firewalls Versions
Fixes and Releases
Gen 6 / 6.5 hardware firewalls
SonicOS 6.5.5.1-6n or newer
Gen 6 / 6.5 NSv firewalls
SonicOS 6.5.4.v-21s-RC2457 or newer
Gen 7 firewalls
SonicOS 7.0.1-5165 or newer; 7.1.3-7015 and higher
TZ80: SonicOS
SonicOS 8.0.0-8037 or newer
Recommendations:
Patch Without Delay: Install the latest firmware update from SonicWall to resolve this vulnerability. Detailed instructions are available in SonicWall’s official advisory.
Monitor Network Activity: Regularly monitor network traffic for signs of suspicious or unauthorized access.
Limit Access: Restrict VPN access to trusted users and enforce Multi-Factor Authentication (MFA) for all accounts.
Stay Updated: Subscribe to SonicWall’s security alerts and updates to stay informed about upcoming vulnerabilities.
GitLab releases fixes for vulnerabilities in patch releases. There are two types of patch releases: scheduled releases, and ad-hoc critical patches for high-severity vulnerabilities.
The vulnerabilities could potentially impact unauthorized access, data manipulation, and service disruption. These have been disclosed through GitLab’s HackerOne bug bounty program. Latest Versions 17.7.1, 17.6.3, and 17.5.5 are now available for immediate download and upgrade to address these issues.
Vulnerability Name
CVE ID
Product Affected
Severity
Import Functionality Vulnerabilities
CVE-2024-6385
GitLab CE/EE
Critical
Import Functionality Vulnerabilities
CVE-2024-5655
GitLab CE/EE
High
Import Functionality Vulnerabilities
CVE-2024-6678
GitLab CE/EE
High
Import Functionality Vulnerabilities
CVE-2024-8970
GitLab CE/EE
High
Access Token Exposure in Logs
CVE-2025-0194
GitLab CE/EE
Medium
Cyclic Reference of Epics Leading to DoS
CVE-2024-6324
GitLab CE/EE
Medium
Unauthorized Manipulation of Issue Status
CVE-2024-12431
GitLab CE/EE
Medium
Instance SAML Bypass
CVE-2024-13041
GitLab CE/EE
Medium
Technical Summary
This update addresses several significant vulnerabilities identified in GitLab CE/EE:
CVE ID
System Affected
Vulnerability Details
Impact
CVE-2024-6385
GitLab CE/EE
Vulnerability in import functionality allowing potential exploitation
Allows attackers to exploit the system.
CVE-2024-5655
CVE-2024-6678
CVE-2024-8970
CVE-2025-0194
GitLab CE/EE
Possible exposure of access tokens in logs under certain conditions.
Potential unauthorized access to sensitive resources.
CVE-2024-6324
GitLab CE/EE
Cyclic references between epics could lead to resource exhaustion, causing a Denial of Service (DoS).
Service disruption due to resource exhaustion.
CVE-2024-12431
GitLab CE/EE
Unauthorized users could manipulate issue statuses in public projects, potentially disrupting workflows.
Workflow disruption and compromised data integrity.
CVE-2024-13041
GitLab CE/EE
Flaw in instance SAML configuration allowing bypass of external provider settings.
Unauthorized access to internal projects or groups.
Key Changes to Import Functionality:
Post-import mapping: This new feature allows administrators to assign imported contributions and memberships to users after the import process is complete, enhancing control and security.
Email-independent mapping: The updated mapping process no longer relies on email addresses, providing greater flexibility and security when importing from instances with different email domains.
User control: Users on the destination instance now have the power to accept or reject assigned contributions, adding another layer of security and preventing unauthorized access.
Remediation:
Upgrade GitLab Instances: All users are strongly advised to upgrade to versions 17.7.1, 17.6.3, or 17.5.5 immediately to mitigate these vulnerabilities.
Disable Importers Temporarily: Until upgrades are complete, disable importers to avoid exploitation. If import functionality is essential, enable it only during the import process and disable it afterward.
Adopt Updated Features: Leverage the new post-import mapping, email-independent mapping, and user control enhancements for increased security.
Conclusion:
The vulnerabilities addressed in this patch release highlight the importance of timely updates and proactive security measures. GitLab’s redesign of its import functionality and the prompt patch release demonstrate a commitment to user security. Upgrading to the latest patched versions and adhering to the recommended actions is critical to maintaining a secure environment.
Cybersecurity researchers reported a critical Windows privilege escalation vulnerability, identified as CVE-2024-43641 affecting Microsoft Windows. This flaw, which affects various editions of Windows Server 2025, Windows 10, and Windows 11, has been assigned a CVSS v3.1 score of 7.8, indicating high severity.
Summary
OEM
Microsoft
Severity
High
CVSS
7.8
CVEs
CVE-2024-43641
Exploited in Wild
No
Patch/Remediation Available
Yes
Advisory Version
1.0
Overview
A significant Windows Registry Elevation of Privilege vulnerability, identified as CVE-2024-43641, affects multiple editions of Windows. A recently released Proof-of-Concept (PoC) exploit demonstrates how attackers can exploit this flaw to gain elevated privileges.
Vulnerability Name
CVE ID
Product Affected
Severity
Windows Registry Elevation of Privilege Vulnerability
CVE-2024-43641
Windows
High
Technical Summary
The vulnerability, CVE-2024-43641, exploits a design flaw in Windows registry hive memory management, specifically during a double-fetch process under memory pressure. This flaw allows malicious SMB servers to respond with differing data for consecutive read requests, breaking kernel assumptions and enabling privilege escalation to SYSTEM level. Key technical details are as follows:
CVE ID
System Affected
Vulnerability Details
Impact
CVE-2024-43641
Windows 10, Windows 11, Windows Server 2008–2025
The vulnerability involves improper handling of registry hive memory management under memory pressure. A malicious SMB server can respond with differing data to consecutive read requests, breaking kernel assumptions. Exploitation leverages a “False File Immutability” (FFI) condition.
Allows attackers to escalate privileges, execute arbitrary code, and compromise system integrity.
Remediation:
Apply Patches: Users and system administrators are strongly advised to promptly apply the latest security updates.
Monitor Activity:
Monitor logs for suspicious activity related to registry operations.
The cybersecurity community is actively monitoring the situation for any indications of active exploitation in the wild.
Conclusion:
CVE-2024-43641 is a high-severity vulnerability with a publicly available PoC exploit. It is crucial to apply security patches immediately and follow best practices to mitigate the risk of exploitation. Organizations must stay alert and monitor ongoing developments to ensure complete protection against this emerging threat.
A Critical flaw in the WordPress Hunk Companion plugin has been actively exploited to enable unauthorized installation and activation of plugins. This vulnerability stems from insufficient authorization checks on a REST API endpoint. Exploited sites may see attackers silently install malicious or outdated plugins, leading to severe security risks, including remote code execution (RCE), unauthorized access, and website compromise.
Vulnerability Name
CVE ID
Product Affected
Severity
CVSS Score
Hunk Companion Plugin Vulnerability
CVE-2024-11972
Hunk Companion Plugin for WordPress
Critical
9.8
Technical Summary
CVE ID
System Affected
Vulnerability Details
Impact
CVE-2024-11972
Hunk Companion plugin versions prior to 1.8.4
This vulnerability is caused by improper validation mechanisms in the file hunk-companion/import/app/app.php, a script responsible for handling plugin import and installation processes. At its core, the bug permits unauthenticated requests to bypass critical permission checks intended to ensure that only authorized users can install plugins.
This vulnerability potentially leads to remote code execution, unauthorized access, and full website compromise.
Remediations
“Hunk Companion” WordPress plugin, should update to version 9.0 or later.
General Recommendations
Regularly inspect your WordPress site for unknown plugins or modifications.
Reducing the risk of delayed patching can be achieved by enabling automatic updates for all plugins
Review server and WordPress logs for unauthorized login attempts to detect possible compromise.
Keep all plugins, themes, and WordPress core updated. Use strong, unique passwords and enable two-factor authentication for admin accounts.
