Five critical security vulnerabilities impacting the Ingress NGINX Controller for Kubernetes were discovered. The vulnerabilities may allow an unauthorized attacker to execute arbitrary code within the Ingress NGINX Controller’s pod. The vulnerabilities are collectively called IngressNightmare. The CVEs are: CVE-2025-24513 CVE-2025-24514: auth-url Annotation Injection Vulnerability CVE-2025-1097: auth-tls-match-cn Annotation Injection Vulnerability CVE-2025-1098: mirror UID Injection Vulnerability … Continue reading “Ingress NGINX Controller Multiple Critical Vulnerabilities (IngressNightmare)”
Veeam Backup and Replication Remote Code Execution Vulnerability (CVE-2025-23120)
Veeam addressed a vulnerability impacting its Backup & Replication. Tacked as CVE-2025-23120, the vulnerability has a critical severity rating with a CVSS score of 9.9. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code, leading to critical data loss and possible system compromise. Piotr Bazydlo of watchTowr discovered and reported the … Continue reading “Veeam Backup and Replication Remote Code Execution Vulnerability (CVE-2025-23120)”
Apache Tomcat Remote Code Execution Vulnerability Exploited in the Wild (CVE-2025-24813)
Attackers started exploitation of Apache Tomcat vulnerability just 30 hours after its proof of concept was made public. Tracked as CVE-2025-24813, the vulnerability may allow an unauthorized attacker to view sensitive files or inject arbitrary content into those files utilizing a PUT request. The vulnerability originates from the use of a partial PUT used, a … Continue reading “Apache Tomcat Remote Code Execution Vulnerability Exploited in the Wild (CVE-2025-24813)”
GitLab Addressed Critical Authentication Bypass Vulnerabilities (CVE-2025-25291 & CVE-2025-25292)
GitLab recently released a security advisory to address nine vulnerabilities impacting various installations. Out of these nine vulnerabilities, GitLab has rated two as critical. Tracked as CVE-2025-25291 & CVE-2025-25292, the vulnerabilities may result in account takeover.
Apple Addressed WebKit Zero-day Vulnerability Impacting iOS Devices (CVE-2025-24201)
Apple released fixes for an actively exploited vulnerability in attacks against iOS devices. Tracked as CVE-2025-24201, the vulnerability also affects macOS Sequoia and Safari web browser. The out-of-bounds write flaw exists in the WebKit browser engine. An attacker may exploit the vulnerability by maliciously crafted web content to break out of the Web Content sandbox. … Continue reading “Apple Addressed WebKit Zero-day Vulnerability Impacting iOS Devices (CVE-2025-24201)”
Microsoft Patch Tuesday, March 2025 Security Update Review
March 2025 Patch Tuesday is here, and Microsoft has rolled out critical security updates that address multiple vulnerabilities across its product suite. Here’s a quick breakdown of what you need to know. Microsoft Patch’s Tuesday, March 2025 edition addressed 67 vulnerabilities, including six critical and 51 important severity vulnerabilities. In this month’s updates, Microsoft has … Continue reading “Microsoft Patch Tuesday, March 2025 Security Update Review”
Apache Camel Message Header Injection Vulnerability (CVE-2025-27636)
Apache released a security advisory to address a security vulnerability impacting Apache Camel. Tracked as CVE-2025-27636, the vulnerability allows attackers to inject headers, which can be exploited to invoke arbitrary methods from the Bean registry.
VMware ESXi, Workstation, and Fusion Vulnerabilities Added to CISA KEV (CVE-2025-22224, CVE-2025-22225, & CVE-2025-22226)
Broadcom released a security advisory to address three vulnerabilities impacting VMware ESXi, Workstation, and Fusion. Tracked as CVE-2025-22224, CVE-2025-22225, & CVE-2025-22226, the vulnerabilities are being exploited in the wild. Security researchers at Microsoft Threat Intelligence Center discovered and reported the vulnerabilities to Broadcom. CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, urging users … Continue reading “VMware ESXi, Workstation, and Fusion Vulnerabilities Added to CISA KEV (CVE-2025-22224, CVE-2025-22225, & CVE-2025-22226)”
CISA Added Cisco, Hitachi, Microsoft, and Progress WhatsUp Vulnerabilities to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns about the active exploitation of five vulnerabilities impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold. CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, urging users to patch the flaw before March 24, 2025.
Mattermost Releases Fixes for Critical Vulnerabilities (CVE-2025-25279, CVE-2025-20051, & CVE-2025-24490)
Mattermost has addressed three critical security vulnerabilities impacting its Boards plugin. The vulnerabilities are tracked as CVE-2025-20051, CVE-2025-24490, and CVE-2025-25279. Successful exploitation of the vulnerabilities may allow attackers to read arbitrary files on the system and execute SQL injection attacks.
