The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned users about two high-severity vulnerabilities impacting Broadcom Brocade Fabric OS and Commvault Web server. CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, urging users to patch them before May 19, 2025.
Author: Diksha Ojha
SAP NetWeaver Zero-day Remote Code Execution Vulnerability (CVE-2025-31324)
SAP released an out-of-band emergency update to address a remote code execution zero-day vulnerability impacting NetWeaver. Tracked as CVE-2025-31324, the vulnerability has a critical severity rating with a CVSS score of 10. Threat actors are exploiting the vulnerability to hijack servers. CISA added CVE-2025-31324 to its Known Exploited Vulnerabilities Catalog, urging users to patch it … Continue reading “SAP NetWeaver Zero-day Remote Code Execution Vulnerability (CVE-2025-31324)”
Commvault Command Center Remote Code Execution Vulnerability (CVE-2025-34028)
A security researcher at watchTowr Labs discovered a critical vulnerability in Commvault Command Center that may allow an attacker to execute arbitrary code without authentication. Tracked as CVE-2025-34028, the vulnerability has a CVSS score of 9.0.
Erlang/OTP SSH Server Remote Code Execution Vulnerability (CVE-2025-32433)
Security researchers at Ruhr University Bochum discovered a security vulnerability in the Erlang/Open Telecom Platform (OTP) SSH implementation. Tracked as CVE-2025-32433, the vulnerability has a critical severity rating with a CVSS score of 10. Successful exploitation of the vulnerability may allow an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code … Continue reading “Erlang/OTP SSH Server Remote Code Execution Vulnerability (CVE-2025-32433)”
Apple Releases Fixes for iOS Zero-day Vulnerabilities (CVE-2025-31200 & CVE-2025-31201)
Apple and Google Threat Analysis Group discovered two security vulnerabilities impacting iOS devices. Tracked as CVE-2025-31200 and CVE-2025-31201, the vulnerabilities could allow an attacker to execute code. The Apple security advisory states that they are aware of a report that the vulnerabilities may have been exploited in an extremely sophisticated attack against specific targeted individuals on … Continue reading “Apple Releases Fixes for iOS Zero-day Vulnerabilities (CVE-2025-31200 & CVE-2025-31201)”
Oracle Critical Patch Update, April 2025 Security Update Review
Oracle released its first quarterly edition of this year’s Critical Patch Update. The update received patches for 378 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products. In this quarterly Oracle Critical Patch Update, Oracle … Continue reading “Oracle Critical Patch Update, April 2025 Security Update Review”
Microsoft Patch Tuesday, April 2025 Security Update Review
Microsoft’s April 2025 Patch Tuesday has arrived, delivering critical security updates and fixes across the various products, features, and roles. Here’s a quick breakdown of what you need to know. In this month’s Patch Tuesday, April 2025 edition, Microsoft addressed 134 vulnerabilities, including 11 critical and 110 important severity vulnerabilities. In this month’s updates, Microsoft … Continue reading “Microsoft Patch Tuesday, April 2025 Security Update Review”
Ivanti Addresses Zero-day Vulnerability in Connect Secure, Policy Secure, and ZTA Gateways (CVE-2025-22457)
Ivanti released a security advisory to address a security flaw impacting Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways. Tracked as CVE-2025-22457, the vulnerability has a critical severity rating with a CVSS score of 9.0. Successful exploitation of the buffer overflow vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, leading to critical … Continue reading “Ivanti Addresses Zero-day Vulnerability in Connect Secure, Policy Secure, and ZTA Gateways (CVE-2025-22457)”
CrushFTP Authentication Bypass Vulnerability Exploited in Attacks (CVE-2025-31161)
Threat actors target an authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. Tracked as CVE-2025-31161, the vulnerability has a critical severity rating with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow unauthenticated attackers to bypass authentication and gain unauthorized access. CISA added … Continue reading “CrushFTP Authentication Bypass Vulnerability Exploited in Attacks (CVE-2025-31161)”
Apple Backports Fixes for Three Zero-day Vulnerabilities (CVE-2025-24200, CVE-2025-24201, & CVE-2025-24085)
Apple released backported fixes to address three zero-day vulnerabilities exploited in targeted attacks against older iOS, iPadOS, and macOS versions. Tracked as CVE-2025-24200, CVE-2025-24201, & CVE-2025-24085, the vulnerabilities were initially patched in March. Apple mentioned in the advisory that they are aware of a report that the vulnerabilities may have been actively exploited against versions … Continue reading “Apple Backports Fixes for Three Zero-day Vulnerabilities (CVE-2025-24200, CVE-2025-24201, & CVE-2025-24085)”
