Snapshot
Jan. 25, 2025 - Jan. 31, 2025
CISA Known Exploited Vulnerabilities |
||||
|---|---|---|---|---|
| CVE | Summary | Severity | Vendor | Date Added |
| CVE-2025-24085 | Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges. | HIGH | Apple | Jan. 29, 2025 |
Newswires |
||||
|
Critical Authentication Bypass Vulnerability in SonicOS: Proof-of-Concept Revealed
SonicWall recently revealed a grave authentication bypass vulnerability in its SonicOS operating system, which powers many of its SSLVPN-enabled appliances. |
Jan. 31, 2025 |
|||
|
Voyager PHP Package Vulnerabilities Open Path to One-Click RCE Exploits
Voyager, a renowned open-source PHP package designed to manage Laravel applications, has been found to contain multiple vulnerabilities, according to researchers at SonarSource. |
Jan. 30, 2025 |
|||
|
New Aquabotv3 Botnet Malware Exploits Mitel Command Injection Vulnerability
Akamai's Security Intelligence and Response Team (SIRT) has identified a new variant of the Mirai-based botnet malware Aquabot, known as Aquabotv3, which is exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones. |
Jan. 30, 2025 |
|||
|
CISA Adds Apple's Flaw to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a flaw in multiple Apple products, tracked as CVE-2025-24085, to its Known Exploited Vulnerabilities (KEV) catalog. |
Jan. 29, 2025 |
|||
|
Mirai Botnet Variant 'Aquabot' Targets Mitel Devices, Offers DDoS-as-a-Service
The latest variant of the notorious Mirai botnet, known as Aquabot, is actively exploiting a known vulnerability, CVE-2024-41710, in Mitel SIP phones. |
Jan. 29, 2025 |
|||
|
Critical Remote Code Execution Vulnerability Detected in Cacti Open-Source Framework
Cacti, an open-source platform widely used for operational monitoring and fault management, has been found to contain a critical vulnerability. |
Jan. 29, 2025 |
|||
|
Critical Zero-Day Vulnerability in Zyxel CPE Series Devices Actively Exploited
GreyNoise researchers have detected active attempts to exploit a critical zero-day vulnerability, designated as CVE-2024-40891, in Zyxel CPE Series devices. |
Jan. 29, 2025 |
|||
|
Hackers Exploit SimpleHelp RMM Software Vulnerabilities to Infiltrate Networks
It is suspected that hackers are exploiting vulnerabilities in the SimpleHelp Remote Monitoring and Management (RMM) software to gain initial access to target networks. |
Jan. 28, 2025 |
|||
|
Fortinet Patches Zero-Day Vulnerability Allowing Super-Admin Access
Fortinet has addressed a critical zero-day vulnerability that was being actively exploited in its FortiOS and FortiProxy products. |
Jan. 28, 2025 |
|||
|
Apple Patches First Actively Exploited Zero-Day Vulnerability of the Year
Apple has issued security updates to address the first zero-day vulnerability of the year, known as CVE-2025-24085, which has been actively exploited in attacks against iPhone users. |
Jan. 27, 2025 |
|||
|
Multiple Vulnerabilities in Git Could Lead to Credential Compromise
RyotaK, a security researcher from GMO Flatt Security Inc, uncovered several vulnerabilities in Git's credential retrieval protocol, which could have allowed threat actors to access user credentials. |
Jan. 27, 2025 |
|||
|
Critical Security Flaw Identified in Meta's Llama Framework, Exposing AI Systems to Potential Remote Code Execution
A critical security flaw, designated as CVE-2024-50050, has been uncovered in Meta's Llama large language model (LLM) framework. |
Jan. 26, 2025 |
|||
|
Cisco Issues Warning Over ClamAV Bug with PoC Exploit
Cisco has rolled out security patches to fix a denial-of-service (DoS) vulnerability in ClamAV, identified as CVE-2025-20128. |
Jan. 26, 2025 |
|||
Vulnerabilities In The News |
||||
| CVE | Summary | Severity | Vendor | Risk Context |
| CVE-2024-57726 (4) | SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API... | CRITICAL | Simple-Help | Risk Context N/A |
| CVE-2025-23006 (3) | Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Co... | CRITICAL | Sonicwall |
CISA Known Exploited Actively Exploited Remote Code Execution |
| CVE-2024-55591 (3) | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7... | CRITICAL | Fortinet |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2024-40891 (6) | **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the management commands of the legacy ... | HIGH | Risk Context N/A | |
| CVE-2024-40890 (6) | **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE ... | HIGH | Risk Context N/A | |
| CVE-2025-22217 (4) | Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. | HIGH | Risk Context N/A | |
| CVE-2025-24085 (9) | A use after free issue was addressed with improved memory management. | HIGH | Apple |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2024-57727 (4) | SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable una... | HIGH | Simple-Help |
Public Exploits Available |
| CVE-2024-57728 (4) | SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system... | HIGH | Simple-Help | Risk Context N/A |
| CVE-2024-41710 (6) | A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, throu... | MEDIUM |
Actively Exploited Remote Code Execution |
|
CISA Known Exploited Vulnerabilities
CISA added one vulnerability to the known exploited vulnerabilities list.
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2024-57726 |
|
CRITICAL CVSS 9.90 EPSS Score 0.05 EPSS Percentile 21.57 |
|
Risk Context N/A |
|
Published: Jan. 15, 2025 |
|
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role. |
|
Vendor Impacted: Simple-Help |
|
Product Impacted: Simplehelp |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2025-23006 |
|
CRITICAL CVSS 9.80 EPSS Score 1.37 EPSS Percentile 86.18 |
|
CISA Known Exploited Actively Exploited Remote Code Execution |
|
Published: Jan. 23, 2025 |
|
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. |
|
Vendor Impacted: Sonicwall |
|
Products Impacted: Sma7200, Sma6200, Sma6210, Sra Ex6000, Sra Ex6000 Firmware, Sra Ex7000 Firmware, Sra Ex9000 Firmware, Sma8200v, Sma7200 Firmware, Sra Ex7000, Sma1000 Appliances, Sma6210 Firmware, Sra Ex9000, Sma7210 Firmware, Sma6200 Firmware, Sma7210 |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2024-55591 |
|
CRITICAL CVSS 9.80 EPSS Score 2.63 EPSS Percentile 90.23 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: Jan. 14, 2025 |
|
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. |
|
Vendor Impacted: Fortinet |
|
Products Impacted: Fortiproxy, Fortios, Fortios And Fortiproxy |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2024-40891 |
|
HIGH CVSS 8.80 EPSS Score 0.05 EPSS Percentile 23.20 |
|
Risk Context N/A |
|
Published: Feb. 4, 2025 |
|
**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-40890 |
|
HIGH CVSS 8.80 EPSS Score 0.05 EPSS Percentile 23.20 |
|
Risk Context N/A |
|
Published: Feb. 4, 2025 |
|
**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2025-22217 |
|
HIGH CVSS 8.60 EPSS Score 0.04 EPSS Percentile 11.48 |
|
Risk Context N/A |
|
Published: Jan. 28, 2025 |
|
Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. A malicious user with network access may be able to use specially crafted SQL queries to gain database access. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2025-24085 |
|
HIGH CVSS 7.80 EPSS Score 0.21 EPSS Percentile 58.90 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: Jan. 27, 2025 |
|
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2. |
|
Vendor Impacted: Apple |
|
Products Impacted: Iphone Os, Watchos, Tvos, Ipados, Multiple Products, Macos, Visionos |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-57727 |
|
HIGH CVSS 7.50 EPSS Score 0.47 EPSS Percentile 75.53 |
|
Public Exploits Available |
|
Published: Jan. 15, 2025 |
|
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords. |
|
Vendor Impacted: Simple-Help |
|
Product Impacted: Simplehelp |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-57728 |
|
HIGH CVSS 7.20 EPSS Score 0.05 EPSS Percentile 21.29 |
|
Risk Context N/A |
|
Published: Jan. 15, 2025 |
|
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user. |
|
Vendor Impacted: Simple-Help |
|
Product Impacted: Simplehelp |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-41710 |
|
MEDIUM CVSS 6.80 EPSS Score 0.04 EPSS Percentile 17.83 |
|
Actively Exploited Remote Code Execution |
|
Published: Aug. 12, 2024 |
|
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.
