VULNERA Pulse

Microsoft — Windows

CVE-2025-24985 / Added: March 11, 2025

HIGH CVSS 7.80

Microsoft Windows Fast FAT File System Driver contains an integer overflow or wraparound vulnerability that allows an unauthorized attacker to execute code with a physical attack.

Headlines

• March 11, 2025 - Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws

Back to top ↑

Microsoft — Windows

CVE-2025-24993 / Added: March 11, 2025

HIGH CVSS 7.80

Microsoft Windows New Technology File System (NTFS) contains a heap-based buffer overflow vulnerability that could allow an authorized attacker to execute code locally.

Headlines

• March 11, 2025 - Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws

Back to top ↑

Microsoft — Windows

CVE-2025-26633 / Added: March 11, 2025

HIGH CVSS 7.00

Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to execute code over a network.

Headlines

• March 11, 2025 - Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws

Back to top ↑

Microsoft — Windows

CVE-2025-24983 / Added: March 11, 2025

HIGH CVSS 7.00

Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.

Headlines

• March 11, 2025 - Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws

Back to top ↑

Microsoft — Windows

CVE-2025-24991 / Added: March 11, 2025

MEDIUM CVSS 5.50

Microsoft Windows New Technology File System (NTFS) contains an out-of-bounds read vulnerability that could allow for information disclosure.

Headlines

• March 11, 2025 - Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws

Back to top ↑

Microsoft — Windows

CVE-2025-24984 / Added: March 11, 2025

MEDIUM CVSS 4.60

Microsoft Windows New Technology File System (NTFS) contains an insertion of sensitive Information into log file vulnerability that allows an authorized attacker to disclose information locally. An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.

Headlines

• March 11, 2025 - Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws

Back to top ↑

Advantive — VeraCore

CVE-2024-57968 / Added: March 10, 2025

CRITICAL CVSS 9.90 EPSS Score 0.23 EPSS Percentile 61.92

Advantive VeraCore contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx.

Headlines

• March 11, 2025 - CISA Urges All Organizations to Patch Exploited Critical Ivanti Flaws
• Feb. 10, 2025 - XE Shifts From Card Skimming to Supply Chain Attacks
• Feb. 10, 2025 - XE Group shifts from credit card skimming to exploiting zero-days
• Feb. 10, 2025 - ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]
• Feb. 10, 2025 - XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells
• Feb. 6, 2025 - XE Group Exploits Zero-Day Vulnerabilities in VeraCore - CVE-2024-57968 & CVE-2025-25181
• Feb. 5, 2025 - Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968)

Back to top ↑

Ivanti — Endpoint Manager (EPM)

CVE-2024-13160 / Added: March 10, 2025

CRITICAL CVSS 9.80 EPSS Score 4.19 EPSS Percentile 92.31

Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.

Headlines

• March 11, 2025 - CISA tags critical Ivanti EPM flaws as actively exploited in attacks
• March 11, 2025 - CISA Urges All Organizations to Patch Exploited Critical Ivanti Flaws
• Feb. 24, 2025 - PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)
• Feb. 21, 2025 - Ivanti endpoint manager can become endpoint ravager
• Jan. 20, 2025 - ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]

Back to top ↑

Ivanti — Endpoint Manager (EPM)

CVE-2024-13161 / Added: March 10, 2025

CRITICAL CVSS 9.80 EPSS Score 4.19 EPSS Percentile 92.31

Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.

Headlines

• March 11, 2025 - CISA tags critical Ivanti EPM flaws as actively exploited in attacks
• March 11, 2025 - CISA Urges All Organizations to Patch Exploited Critical Ivanti Flaws
• Feb. 24, 2025 - PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)
• Feb. 21, 2025 - Ivanti endpoint manager can become endpoint ravager
• Jan. 20, 2025 - ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]

Back to top ↑

Ivanti — Endpoint Manager (EPM)

CVE-2024-13159 / Added: March 10, 2025

CRITICAL CVSS 9.80 EPSS Score 1.85 EPSS Percentile 88.36

Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.

Headlines

• March 11, 2025 - CISA tags critical Ivanti EPM flaws as actively exploited in attacks
• March 11, 2025 - CISA Urges All Organizations to Patch Exploited Critical Ivanti Flaws
• March 2, 2025 - Week in review: Botnet hits M365 accounts, PoC for Ivanti Endpoint Manager vulnerabilities released
• Feb. 25, 2025 - PoC Released: CVE-2024-13159 (CVSS 9.8) in Ivanti EPM Poses Severe Security Threat
• Feb. 24, 2025 - PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)
• Feb. 21, 2025 - Ivanti endpoint manager can become endpoint ravager
• Jan. 20, 2025 - ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]

Back to top ↑

Advantive — VeraCore

CVE-2025-25181 / Added: March 10, 2025

MEDIUM CVSS 5.80 EPSS Score 0.23 EPSS Percentile 61.92

Advantive VeraCore contains a SQL injection vulnerability in timeoutWarning.asp that allows a remote attacker to execute arbitrary SQL commands via the PmSess1 parameter.

Headlines

• March 11, 2025 - CISA Urges All Organizations to Patch Exploited Critical Ivanti Flaws
• Feb. 10, 2025 - XE Shifts From Card Skimming to Supply Chain Attacks
• Feb. 10, 2025 - XE Group shifts from credit card skimming to exploiting zero-days
• Feb. 10, 2025 - ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]
• Feb. 10, 2025 - XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells
• Feb. 6, 2025 - XE Group Exploits Zero-Day Vulnerabilities in VeraCore - CVE-2024-57968 & CVE-2025-25181
• Feb. 5, 2025 - Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968)

Back to top ↑

CVE-2024-4577

CRITICAL CVSS 9.80 EPSS Score 95.18 EPSS Percentile 99.52

CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available

Published: June 9, 2024

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

Vendors Impacted: Php, Fedoraproject, Php Group

Products Impacted: Php, Fedora

Quotes

• While initial reports focused on attacks in Japan, GreyNoise data confirms that exploitation is far more widespread [..] More than 43% of IPs targeting CVE-2024-4577 in the past 30 days are from Germany and China
• Threat actors continued the speedy-time-from-disclosure-to-exploitation trend and were quick to leverage this new vulnerability — we observed exploit attempts targeting this PHP flaw on our honeypot network within 24 hours of its disclosure

Headlines

• March 11, 2025 - Critical PHP RCE vulnerability mass exploited in new attacks
• March 11, 2025 - CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
• March 10, 2025 - Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577
• March 10, 2025 - Stealthy Attacks Exploiting PHP-CGI Vulnerability Target Japanese Organizations

CVE-2024-13161

CRITICAL CVSS 9.80 EPSS Score 4.19 EPSS Percentile 92.31

CISA Known Exploited

Published: Jan. 14, 2025

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

Vendor Impacted: Ivanti

Product Impacted: Endpoint Manager (Epm)

Quotes

• These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise

Headlines

• March 11, 2025 - CISA tags critical Ivanti EPM flaws as actively exploited in attacks
• March 11, 2025 - CISA Urges All Organizations to Patch Exploited Critical Ivanti Flaws

CVE-2024-13160

CRITICAL CVSS 9.80 EPSS Score 4.19 EPSS Percentile 92.31

CISA Known Exploited

Published: Jan. 14, 2025

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

Vendor Impacted: Ivanti

Product Impacted: Endpoint Manager (Epm)

Quotes

• These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise

Headlines

• March 11, 2025 - CISA tags critical Ivanti EPM flaws as actively exploited in attacks
• March 11, 2025 - CISA Urges All Organizations to Patch Exploited Critical Ivanti Flaws

CVE-2024-13159

CRITICAL CVSS 9.80 EPSS Score 1.85 EPSS Percentile 88.36

CISA Known Exploited Remote Code Execution Public Exploits Available

Published: Jan. 14, 2025

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

Vendor Impacted: Ivanti

Product Impacted: Endpoint Manager (Epm)

Quotes

• These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise

Headlines

• March 11, 2025 - CISA tags critical Ivanti EPM flaws as actively exploited in attacks
• March 11, 2025 - CISA Urges All Organizations to Patch Exploited Critical Ivanti Flaws

CVE-2012-1823

CRITICAL CVSS 9.80 EPSS Score 95.69 EPSS Percentile 99.59

CISA Known Exploited Public Exploits Available

Published: May 11, 2012

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

Vendors Impacted: Apple, Hp, Suse, Redhat, Php, Fedoraproject, Debian, Opensuse

Products Impacted: Enterprise Linux Eus, Opensuse, Storage For Public Cloud, Enterprise Linux Workstation, Storage, Php, Mac Os X, Linux Enterprise Software Development Kit, Enterprise Linux Server Aus, Hp-Ux, Debian Linux, Gluster Storage Server For On-Premise, Fedora, Linux Enterprise Server, Enterprise Linux Desktop, Enterprise Linux Server, Application Stack

Quotes

• Threat actors continued the speedy-time-from-disclosure-to-exploitation trend and were quick to leverage this new vulnerability — we observed exploit attempts targeting this PHP flaw on our honeypot network within 24 hours of its disclosure

Headlines

• March 10, 2025 - Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

CVE-2017-11882

HIGH CVSS 7.80 EPSS Score 97.42 EPSS Percentile 99.97

CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available

Published: Nov. 15, 2017

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.

Vendor Impacted: Microsoft

Product Impacted: Office

Quotes

• The attacker sends spear-phishing emails with a DOCX file attached
• It is worth noting that SideWinder constantly works to improve its toolsets, stay ahead of security software detections, extend persistence on compromised networks, and hide its presence on infected systems
• Once their tools are identified, they respond by generating a new and modified version of the malware, often in under five hours. If behavioral detections occur, SideWinder tries to change the techniques used to maintain persistence and load components. Additionally, they change the names and paths of their malicious files

Headlines

• March 11, 2025 - SideWinder APT targets maritime and nuclear sectors with enhanced toolset
• March 11, 2025 - SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa
• March 10, 2025 - Sidewinder shifts to targeting of nuclear, maritime orgs
• March 10, 2025 - SideWinder APT attacks in H2 2024

CVE-2025-27840

MEDIUM CVSS 6.80 EPSS Score 0.05 EPSS Percentile 19.93

Public Exploits Available

Published: March 8, 2025

Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).

Quotes

• Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices
• Hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls

Headlines

• March 10, 2025 - Attackers can use undocumented commands to hijack Chinese-made Bluetooth chips
• March 8, 2025 - Undocumented commands found in Bluetooth chip used by a billion devices

CVE-2024-43451

MEDIUM CVSS 6.50 EPSS Score 0.94 EPSS Percentile 83.25

CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available

Published: Nov. 12, 2024

NTLM Hash Disclosure Spoofing Vulnerability

Vendor Impacted: Microsoft

Products Impacted: Windows 10 1607, Windows 10 22h2, Windows 11 22h2, Windows Server 2019, Windows 11 24h2, Windows 10 1507, Windows Server 2022, Windows 10 21h2, Windows, Windows Server 2025, Windows Server 2008, Windows Server 2012, Windows 10 1809, Windows Server 2022 23h2, Windows 11 23h2, Windows Server 2016

Quotes

• The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates
• Blind Eagle remains one of the most active and dangerous threat actors in Latin America, with a particular focus on Colombia’s public and private sectors

Headlines

• March 11, 2025 - Blind Eagle Targets Colombian Government with Malicious .url Files
• March 11, 2025 - Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks

CVE-2024-12297

CVSS Not Assigned EPSS Score 0.04 EPSS Percentile 11.88

Remote Code Execution

Published: Jan. 15, 2025

Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.

Quotes

• Multiple Moxa PT switches are vulnerable to an authentication bypass because of flaws in their authorization mechanism

Headlines

• March 11, 2025 - Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches
• March 10, 2025 - Critical Vulnerability in Moxa PT Switches Allows Unauthorized Access