Microsoft May 2025 Patch Tuesday Released; Fixed 83 Vulnerabilities, Including 5 Zero-Days
May 2025 Patch Tuesday by Microsoft
Continue ReadingVulnerabilityManagement
High-Severity Linux Kernel Flaw Exposes Systems to Root-Level Attacks
Security advisory: Linux Kernel Flaw raised from vulnerability related to improper memory handling when the splice() function is called. Specifically, the kTLS code fails to correctly update the internal accounting of the plaintext scatter-gather buffer, leading to an out-of-bounds memory write flaw.
| OEM | Linux |
| Severity | High |
| CVSS Score | 7.8 |
| CVEs | CVE-2025-21756 |
| POC Available | Yes |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
A high-severity vulnerability (CVE-2025-21756) has been discovered in the Linux kernel’s Virtual Socket (vsock) implementation, allowing local privilege escalation to root via a use-after-free (UAF) condition caused by incorrect reference counting during socket binding operations.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| Use-After-Free vulnerability | CVE-2025-21756 | Linux kernel | High | 7.8 |
Technical Summary
The kTLS subsystem in the Linux Kernel enables direct TLS encryption and authentication functions within the kernel, supporting secure communication for protocols like HTTPS, email, and other internet-connected applications.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-21756 | Linux kernel (pre-6.6.79, 6.12.16, 6.13.4, and 6.14-rc1) | Improper handling of reference counts in vsock_remove_sock() leads to premature freeing of vsock objects. Attackers can exploit the Use-After- Free (UAF) by reclaiming free memory using crafted pipe buffers and leveraging unprotected tools like vsock_diag_dump() to leak kernel pointers. | Local privilege escalation to root and potential full system compromise. |
CVE-2025-21756 is a use-after-free vulnerability in the Linux kernel’s vsock subsystem. It arises due to incorrect reference counter management during transport reassignment of sockets, leading to memory corruption and potential privilege escalation.
Affected systems are particularly exposed in virtualized environments where vsock is actively used.
Remediation:
- Update Linux Kernel: Users should update their systems immediately with the latest kernel versions
- Restrict Local Access: Until patches are applied, limit vsock use in shared environments and restrict local access where feasible.
- Monitor for Exploitation Attempts: Watch for anomalies related to the vsock subsystem, including unexpected kernel panics or vsock socket activity.
- Review Security Module Configurations: While AppArmor and similar LSMs offer partial protection, ensure they are enabled and correctly configured.
Conclusion:
CVE-2025-21756 poses a significant threat to Linux systems, particularly in cloud and virtualized environments. Its discovery and detailed analysis by Michael Hoefler revealed not only a critical vulnerability but also advanced exploitation techniques capable of bypassing protections like AppArmor and KASLR.
Given the existence of public proof-of-concept code and reliable attack paths, organizations must prioritize patching and mitigation to avoid root-level compromise.
References:
Critical Session Management Vulnerability in Apache Roller
Summary Security Advisory
Apache Roller, a widely used Java-based blogging platform, enabling users to create, manage, and publish blog content. It supports features like user authentication, content management, and customizable themes.
| OEM | Apache |
| Severity | Critical |
| CVSS Score | 10.0 |
| CVEs | CVE-2025-24859 |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
A critical security vulnerability (CVE-2025-24859) has been discovered in Apache Roller (versions 1.0.0 to 6.1.4), where old sessions are not invalidated after a password change, allowing attackers to maintain unauthorized access if they have stolen a session token. This flaw poses a significant risk of session hijacking and unauthorized access, and users are advised to upgrade to version 6.1.5 to mitigate the issue.
| Vulnerability Name | CVE ID | Product Affected | Severity |
| Insufficient Session Expiration on Password Change | CVE-2025-24859 | Apache Roller | Critical |
Technical Summary
The vulnerability centers on insufficient session expiration.
When a user or administrator changes a password, Apache Roller versions before 6.1.5 do not properly invalidate existing sessions.
As a result, any session tokens before the password change remain valid.
This means that if an attacker has already compromised a user’s credentials and established a session, they can continue to access the application even after the password is updated, effectively bypassing a key security control.
This can be a big security threat, particularly in systems used by many users or administrators, where it’s important to keep sessions secure.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-24859 | Apache Roller 1.0.0 – 6.1.4 | Sessions are not invalidated after password change, allowing persistent access through old sessions if compromised. | Unauthorized Access / Session Hijacking |
Remediation:
- Apply Patches Promptly: Upgrade immediately to Apache Roller version 6.1.5, which implements proper centralized session invalidation.
Conclusion:
CVE-2025-24859 represents a critical access control threat to Apache Roller implementations.
Although no active exploitation has been observed still now, it’s easy for attackers to misuse sessions if they gain access. Its important for organizations using Apache Roller to quickly update to version 6.1.5 to fix this problem.
This is a critical step in maintaining the security of blog sites and protecting user data.
CVE-2025-24859 highlights the importance of robust session management in web applications.
References:
3 Zero-Day Vulnerabilities backported & fixed in Apple Devices
Summary
3 Zero-Day Vulnerabilities backported & fixed in Apple Devices
Apple backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems.
| OEM | Apple |
| Severity | High |
| CVSS Score | 8.8 |
| CVEs | CVE-2025-24201, CVE-2025-24085, and CVE-2025-24200. |
| No. of Vulnerabilities Patched | 03 |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
Apple has released an urgent security advisory concerning three zero-day vulnerabilities currently being actively exploited: CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085. These vulnerabilities affect a range of Apple devices, such as iPhones, iPads, Macs, and other platforms. Users are strongly urged to update to the latest patched versions to reduce security risks.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| WebKit Out-of-Bounds Write Vulnerability | CVE-2025-24201 | iOS, macOS, visionOS, Safari | High | 8.8 |
| Use-After-Free Vulnerability | CVE-2025-24085 | iOS, iPasOS, macOS, watchOS, tvOS | High | 7.8 |
| Incorrect Authorization Vulnerability | CVE-2025-24200 | iOS, iPadOS | Medium | 6.1 |
Technical Summary
Apple’s latest security update patches three Zero-Day vulnerabilities that hackers were actively exploiting. These vulnerabilities could allow attackers to bypass security protections, making devices more vulnerable. One of the vulnerabilities enables remote code execution, letting attackers run malicious programs. Another flaw allows privilege escalation, giving attackers higher-level access to system functions.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-24201 | iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, visionOS 2.3.2, Safari 18.3 | Out-of-bounds write issue allowing malicious websites to escape the Web Content sandbox | Remote Code Execution |
| CVE-2025-24085 | iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, visionOS 2.3 | Use-after-free vulnerability in CoreMedia allowing privilege escalation via malicious apps. | Privilege escalation via CoreMedia |
| CVE-2025-24200 | iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5 (iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch, etc.) | Authorization bypass vulnerability allowing attackers to disable USB Restricted Mode on locked devices. | Security Bypass USB Restricted Mode |
Remediation:
Apply Patches Promptly: Apple has released security updates to address these vulnerabilities. Users should update their devices immediately to mitigate risks
- iPhones and iPads: Update to iOS 18.3/iPadOS 18.3 or later.
- Macs: Install macOS Sequoia 15.3 or later.
- Apple Watch: Upgrade to watchOS 11.3.
- Apple TV: Apply tvOS 18.3 updates.
- Vision Pro: Install visionOS 2.3 updates.
General Recommendations:
- Prioritize Zero-Day Fixes: Focus on patching actively exploited vulnerabilities, especially those affecting USB Restricted Mode, WebKit, and CoreMedia.
- Enable Lockdown Mode: On supported devices, Lockdown Mode can provide additional security against targeted attacks.
- Be Cautious with USB Devices: Avoid connecting untrusted accessories to Apple devices to mitigate USB-based attack vectors.
- Stay Alert for Malicious Websites: Since WebKit vulnerabilities are actively exploited, avoid suspicious links and untrusted web content.
- Monitor for Exploitation: Continuously monitor systems for any signs of exploitation or suspicious activity.
Conclusion:
The discovery and active exploitation of these zero-day vulnerabilities underscore the increasing sophistication of cyberattacks targeting Apple’s ecosystem.
While Apple has responded swiftly with patches, users must remain vigilant by keeping their devices updated and adhering to cybersecurity best practices, such as avoiding untrusted applications and enabling Lockdown Mode where applicable.
Apple fixed all the vulnerability with improved state management.
References:
Windows Zero-Day Exploit NTLM Hash Disclosure via Malicious Files
Summary
| OEM | Microsoft |
| Severity | High |
| CVEs | Not Yet Assigned |
| Exploited in Wild | No |
| Patch/Remediation Available | No |
| Advisory Version | 1.0 |
| Vulnerability | Zero-Day |
Overview
A newly discovered NTLM vulnerability in Windows, allows attackers to obtain login credentials when a user view a malicious file in Windows Explorer. This issue affects all Windows versions, from Windows 7 and Server 2008 R2 to the most recent Windows 11 v24H2 and Server 2025.
Attackers can exploit this flaw by using shared network folders, USB drives, or previously downloaded malicious files, making credential theft easy and difficult to detect.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fix |
| NTLM Hash Disclosure Vulnerability | Not Yet Assigned | Windows OS and Windows Server | High | Unofficial micropatch available via 0patch |
Technical Summary
This vulnerability enables attackers to steal NTLM authentication credentials simply by having users view a malicious file in Windows Explorer. Unlike previous NTLM relay attack techniques that required users to execute files, this exploit works just by rendering the malicious file’s metadata in the Windows Explorer preview pane. Attackers can leverage this method in various ways:
- Hosting a shared network folder containing the malicious file.
- Distributing infected USB drives that trigger the attack when inserted.
- Tricking users into downloading the malicious file from a compromised or attacker-controlled website.
Once the credentials are captured, attackers can use NTLM relay attacks to gain unauthorized access to internal systems, escalate privileges, and move laterally across the network.
| CVE ID | System Affected | Vulnerability Technical Details | Impact |
| Not Assigned Yet | Windows 7 – Windows 11 v24H2, Server 2008 R2 – Server 2025 | Attackers can capture NTLM credentials when users view malicious files in Windows Explorer. Exploitation methods include shared folders, USB drives, or downloads. | Credential theft, network compromise, and potential lateral movement. |
Recommendations
- Microsoft Patch Awaited: The vulnerability has been reported to Microsoft, and an official security update is expected in the near future.
- Unofficial Micropatch Available: Security researchers at 0patch have released an unofficial micropatch that mitigates this issue. The micropatch is available for all affected Windows versions and will remain free until an official fix is provided by Microsoft.
Steps to Apply 0patch Micropatch:
- Create a free account on 0patch Central.
- Install and register the 0patch Agent on affected systems.
- The micropatch is applied automatically without requiring a system reboot.
Security Best Practices
- Disable NTLM authentication where possible.
- Implement SMB signing to prevent relay attacks.
- Restrict access to public-facing servers like Exchange to limit credential relaying risks.
- Educate users to avoid interacting with unknown or suspicious files in shared folders and USB drives.
Conclusion
Although not classified as critical, this NTLM credential theft vulnerability is extremely harmful due to its ease of exploitation. Attackers can exploit NTLM hashes in relay attacks to compromise internal network resources.
Security researchers confirm that comparable flaws have been actively exploited in real-world assaults. Until an official Microsoft patch is available, organizations should prioritize applying the 0patch micropatch and following NTLM security best practices to reduce potential risks.
References:
Critical NGINX Ingress Vulnerabilities Expose Kubernetes Clusters to Compromise
Security Advisory
Summary:
The Kubernetes Ingress NGINX Admission Controller has detected 5 significant security vulnerabilities affecting all versions of the ingress-nginx controller prior to v1.12.1 and v1.11.5. Here are the cve ids CVE-2025-1974, CVE-2025-1098, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.
| Maintainer | Kubernetes ingress community |
| Severity | Critical |
| CVSS Score | 9.8 |
| No. of Vulnerabilities Patched | 05 |
| Actively Exploited | No |
| Exploited in Wild | No |
| Patch Available | Yes |
| Advisory Version | 1.0 |
Overview
Admission Controllers frequently don’t require authentication and essentially function as web servers, introducing an additional internal network-accessible endpoint in the cluster. This architecture allows attackers to access them directly from any pod in the network, significantly increasing the attack surface.
The most critical of these, CVE-2025-1974, allows attackers on the pod network to remotely execute code and gain full control of the cluster without authentication.
Although there has not been any active exploitation in the wild, this vulnerability poses a serious risk as it could enable attackers to take complete control of a cluster.
The issue was publicly disclosed on March 24, 2025, and security patches have been released.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| Admission Controller Remote Code Execution (RCE) Vulnerability | CVE-2025-1974 | Ingress NGINX Admission Controller | Critical | 9.8 |
| Configuration Injection via Unsanitized auth-tls-match-cn annotation | CVE-2025-1097 | High | 8.8 | |
| Configuration Injection via Unsanitized Mirror Annotations | CVE-2025-1098 | High | 8.8 | |
| Unsanitized auth-URL Injection Vulnerability | CVE-2025-24514 | High | 8.8 | |
| Auth Secret File Path Traversal Vulnerability | CVE-2025-24513 | Medium | 4.8 |
Technical Summary
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-1974 | Ingress NGINX Controller v1.12.0 & v1.11.4 and below versions | The Validating Admission Controller does not properly check incoming annotations, allowing attackers on the Pod network to inject configurations and potentially execute arbitrary code across the entire cluster. | Full Kubernetes cluster compromise |
| CVE-2025-1097 | Improper validation of the auth-tls-match-cn annotation allows malicious annotation values to override controller configurations. | Remote code execution | |
| CVE-2025-1098 | Unsafe input handling in mirror annotations could result in unauthorized configuration manipulation. | Config injection, security bypass | |
| CVE-2025-24514 | Unsanitized input from auth-URL annotations can allow malicious URLs to modify ingress-controller behavior. | Remote code execution | |
| CVE-2025-24513 | A path traversal issue in handling auth secret files could let attackers access sensitive information. | Information disclosure |
Remediation:
- Apply Patches Promptly: Immediately upgrade to ingress-nginx v1.12.1, v1.11.5 or latest versions to mitigate the vulnerabilities.
- Temporarily Disable the Validating Admission Controller: It is mandatory to upgrade. If upgrading is not immediately possible, you can temporarily disable the Validating Admission Controller.
General Recommendations:
- Set strict RBAC rules to control who can change ingress and webhook settings.
- Disable dynamic admission controllers if they aren’t needed.
- Monitor cluster audit logs for unusual ingress creation activities and suspicious annotations.
- Conduct security reviews and scans for clusters that have not recently been updated.
- Regularly check ingredients for weak or unsafe configurations.
Conclusion:
The Kubernetes ingress-nginx vulnerabilities disclosed in March 2025 are among the most severe to date, with CVE-2025-1974 posing a real threat of full cluster compromise. All organizations running affected versions must apply patches or mitigation steps immediately.
The vulnerabilities found are affecting the admission controller component of Ingress NGINX Controller for Kubernetes and highlight the importance of strict configuration validation and access control in Kubernetes environments.
Security researchers from Wiz found that 43% of cloud environments are vulnerable to these vulnerabilities. They uncovered over 6,500 clusters, including Fortune 500 companies, that publicly expose vulnerable Kubernetes ingress controllers’ admission controllers to the public internet—putting them at immediate critical risk.
References:
Apache NiFi Security Flaw Exposes MongoDB Credentials
Security Advisory
A security vulnerability, CVE-2025-27017, has been identified in Apache NiFi.
These events retain usernames/passwords used for MongoDB authentication, violating credential isolation principles.
| OEM | Apache |
| Severity | Medium |
| CVSS | 6.9 |
| CVEs | CVE-2025-27017 |
| Exploited in Wild | No |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview
A widely used data flow automation tool which allows unauthorized access to MongoDB credentials stored in provenance events. The Versions are affected from v1.13.0 to v2.2.0. In v2.3.0 the issue has been addressed.
| Vulnerability Name | CVE ID | Product Affected | Severity |
| Apache NiFi Credential Exposure | CVE-2025-27017 | Apache NiFi | Medium |
Technical Summary
The vulnerability stems from Apache NiFi’s inclusion of MongoDB usernames and passwords in provenance event records.
Any authorized user with read access to these records can extract credentials information, leading to potential unauthorized access to MongoDB databases.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-27017 | Apache NiFi 1.13.0 – 2.2.0 | MongoDB credentials are stored in provenance events, allowing unauthorized extraction by users with read access. | Unauthorized access to MongoDB databases, potential data breaches. |
Remediation:
- Upgrade to Apache NiFi 2.3.0: The latest version removes credentials from provenance events, mitigating the vulnerability.
General Recommendations:
- Restrict access to provenance data: Ensure only authorized personnel can view provenance records.
- Rotate MongoDB credentials: If affected versions were in use, change database credentials to prevent unauthorized access.
- Conduct security audits: Regularly review system logs and access controls to identify any unauthorized access attempts.
Conclusion:
This vulnerability poses a risk to organizations using Apache NiFi for data processing workflows involving MongoDB. Immediate action is recommended to upgrade to version 2.3.0 or later, restrict access to provenance data, and rotate credentials to mitigate any potential exposure. Organizations should implement stringent security measures to protect against similar vulnerabilities in the future.
This security flaw is particularly concerning because provenance events play a crucial role in auditing and monitoring data flows within NiFi. If left unpatched, this vulnerability could result in data breaches, unauthorized modifications, or even complete database compromise.
References:
High-Severity RCE Vulnerability in WinDbg (CVE-2025-24043)
Security Advisory
A high-severity remote code execution (RCE) vulnerability exists in Microsoft’s WinDbg debugging tool and related .NET diagnostic packages.
The vulnerability poses severe supply chain risks, as WinDbg is widely embedded in CI/CD pipelines and enterprise developer toolchains.
Compromised debugging sessions could lead to lateral movement across networks, credential theft, persistent backdoor injections, and disruption of crash dump analysis workflows.
Microsoft confirmed no viable workarounds other than immediate patching, as the lack of certificate pinning in the affected packages worsens the risk, enabling attackers to leverage forged or stolen Microsoft Authenticode certificates.
| OEM | Microsoft |
| Severity | HIGH |
| CVSS | 7.5 |
| CVEs | CVE-2025-24043 |
| Publicly POC Available | No |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview
This issue is caused by insufficient validation of cryptographic signatures in the SOS debugging extension, potentially allowing attackers with network access to execute arbitrary code. Microsoft has released patches to address the vulnerability.
| Vulnerability Name | CVE ID | Product Affected | Severity |
| Remote Code Execution Vulnerability | CVE-2025-24043 | Microsoft Windows | High |
Technical Summary
The vulnerability arises from the SOS debugging extension’s failure to properly validate cryptographic signatures during debugging operations.
This enables attackers with authenticated network access to inject malicious debugging components, leading to arbitrary code execution with SYSTEM privileges. The attack vector leverages NuGet package integrations in Visual Studio and .NET CLI environments, increasing the risk of supply chain compromises.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-24043 | WinDbg and associated .NET diagnostic packages | Flaw in cryptographic signature validation in the SOS debugging extension allows tampered components to be loaded. | Arbitrary code execution |
Remediation:
- Update Affected Packages: Ensure that all instances of affected NuGet packages are updated to the latest patched versions. Refer to the table below for the affected and patched versions.
- Upgrade WinDbg: Make sure that WinDbg is updated to the most recent release available.
- Audit Dependencies: Review all .NET Core project dependencies to identify and replace vulnerable packages.
- Monitor Network Activity: Implement monitoring for any suspicious network activity related to windbg.exe.
- Enforce Security Policies: Apply security policies, such as Windows Defender Application Control, to prevent the execution of unsigned debugging components.
The table below outlines the affected and patched versions of the relevant packages:
| Package Name | Affected Version | Patched Version |
| dotnet-sos | < 9.0.607501 | 9.0.607501 |
| dotnet-dump | < 9.0.557512 | 9.0.607501 |
| dotnet-debugger-extensions | 9.0.557512 | 9.0.607601 |
Conclusion:
CVE-2025-24043 highlights the need to secure developer toolchains, as debugging environments are becoming more targeted in cyberattacks. Organizations using .NET diagnostics should quickly apply patches and implement strict security measures to reduce the risk of exploitation. With no effective workarounds available, postponing remediation heightens the chances of an attack. Prompt action is essential to safeguard critical development and production environments.
The security impact extends beyond developers, as the exploitation of debugging tools could facilitate attacks on production infrastructure.
Additional security measures include certificate transparency logging for NuGet packages and enforcing Windows Defender Application Control (WDAC) policies to restrict unsigned debugger extensions. While no active exploits have been reported, the patching window is critical, and organizations using .NET diagnostics must act immediately before threat actors weaponize the vulnerability.
References:
- https://securityonline.info/windbg-remote-code-execution-vulnerability-cve-2025-24043-exposes-critical-security-risk/
PoC Released for High-Severity Linux Kernel UVC Driver Vulnerability
| OEM | Linux |
| Severity | HIGH |
| CVSS | 7.8 |
| CVEs | CVE-2024-53104 |
| Actively Exploited | Yes |
| Publicly POC Available | Yes |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview
CVE-2024-53104 is a high-severity out-of-bounds write vulnerability in the Linux kernel’s USB Video Class (UVC) driver, leading to privilege escalation. The issue affects Linux kernel versions 2.6.26 and later. The vulnerability has gained renewed attention as a proof-of-concept (PoC) exploit has now been publicly released, increasing the risk of exploitation. A patch has been released to address this vulnerability, but unpatched systems remain at high risk.
| Vulnerability Name | CVE ID | Product Affected | Severity |
| out-of-bounds write vulnerability | CVE-2024-53104 | Linux Kernel | High |
Technical Summary
The vulnerability exists in the uvc_parse_format function of the UVC driver (uvc_driver.c). It arises due to improper parsing of UVC_VS_UNDEFINED frames, leading to incorrect buffer allocation and out-of-bounds writes.
An attacker could exploit this flaw by inserting a malicious USB device or manipulating video streams, potentially leading to memory corruption, privilege escalation, or arbitrary code execution.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2024-53104 | Linux Kernel (2.6.26 and later) | Incorrect parsing of UVC_VS_UNDEFINED frames in uvc_parse_format, leading to miscalculated buffer sizes and memory corruption. | Privilege escalation, system instability, arbitrary code execution |
Remediation:
- Apply Security Patches: Ensure that the latest security patches provided by the Linux distribution maintainers are promptly applied to mitigate vulnerability.
Recommendations
- Implement USB Device Control Policies: Organizations should establish and enforce USB device control policies to prevent unauthorized usage and ensure only approved devices can be connected.
- Deploy Log Monitoring and Analysis Tools: Implement security monitoring tools to continuously monitor logs for potential security incidents, such as exploitation attempts or suspicious activity.
Conclusion:
CVE-2024-53104 is a major vulnerability that poses a substantial risk to Linux systems since it allows for privilege escalation and arbitrary code execution. Users and administrators are strongly urged to apply the latest security patches to mitigate the risk of exploitation. Additionally, implementing a multi-layered security approach can further enhance system protection.
The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) list, emphasizing the need for immediate remediation.
CISA has ordered federal agencies to secure their systems within three weeks against a high-severity Linux kernel flaw actively exploited in attacks.
References:
- https://cybersecuritynews.com/poc-exploit-linux-kernel-write-vulnerability/
- https://hackyboiz.github.io/2025/03/08/j0ker/2025-03-08/
- https://lore.kernel.org/linux-cve-announce/2024120232-CVE-2024-53104-d781@gregkh/T/
Critical WordPress Security Flaw in Everest Forms Plugin
UAE Cyber Security Council has observed a critical vulnerability in Everest Forms WordPress
plugin
- ‹ Previous
- 1
- 2
- 3
- Next ›