SAP released an out-of-band emergency update to address a remote code execution zero-day vulnerability impacting NetWeaver. Tracked as CVE-2025-31324, the vulnerability has a critical severity rating with a CVSS score of 10. Threat actors are exploiting the vulnerability to hijack servers.
Tag: Remote Code Execution Vulnerability
Commvault Command Center Remote Code Execution Vulnerability (CVE-2025-34028)
A security researcher at watchTowr Labs discovered a critical vulnerability in Commvault Command Center that may allow an attacker to execute arbitrary code without authentication. Tracked as CVE-2025-34028, the vulnerability has a CVSS score of 9.0.
Erlang/OTP SSH Server Remote Code Execution Vulnerability (CVE-2025-32433)
Security researchers at Ruhr University Bochum discovered a security vulnerability in the Erlang/Open Telecom Platform (OTP) SSH implementation. Tracked as CVE-2025-32433, the vulnerability has a critical severity rating with a CVSS score of 10. Successful exploitation of the vulnerability may allow an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code … Continue reading “Erlang/OTP SSH Server Remote Code Execution Vulnerability (CVE-2025-32433)”
Apple Releases Fixes for iOS Zero-day Vulnerabilities (CVE-2025-31200 & CVE-2025-31201)
Apple and Google Threat Analysis Group discovered two security vulnerabilities impacting iOS devices. Tracked as CVE-2025-31200 and CVE-2025-31201, the vulnerabilities could allow an attacker to execute code. The Apple security advisory states that they are aware of a report that the vulnerabilities may have been exploited in an extremely sophisticated attack against specific targeted individuals on … Continue reading “Apple Releases Fixes for iOS Zero-day Vulnerabilities (CVE-2025-31200 & CVE-2025-31201)”
Ivanti Addresses Zero-day Vulnerability in Connect Secure, Policy Secure, and ZTA Gateways (CVE-2025-22457)
Ivanti released a security advisory to address a security flaw impacting Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways. Tracked as CVE-2025-22457, the vulnerability has a critical severity rating with a CVSS score of 9.0. Successful exploitation of the buffer overflow vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, leading to critical … Continue reading “Ivanti Addresses Zero-day Vulnerability in Connect Secure, Policy Secure, and ZTA Gateways (CVE-2025-22457)”
Ingress NGINX Controller Multiple Critical Vulnerabilities (IngressNightmare)
Five critical security vulnerabilities impacting the Ingress NGINX Controller for Kubernetes were discovered. The vulnerabilities may allow an unauthorized attacker to execute arbitrary code within the Ingress NGINX Controller’s pod. The vulnerabilities are collectively called IngressNightmare. The CVEs are: CVE-2025-24513 CVE-2025-24514: auth-url Annotation Injection Vulnerability CVE-2025-1097: auth-tls-match-cn Annotation Injection Vulnerability CVE-2025-1098: mirror UID Injection Vulnerability … Continue reading “Ingress NGINX Controller Multiple Critical Vulnerabilities (IngressNightmare)”
Veeam Backup and Replication Remote Code Execution Vulnerability (CVE-2025-23120)
Veeam addressed a vulnerability impacting its Backup & Replication. Tacked as CVE-2025-23120, the vulnerability has a critical severity rating with a CVSS score of 9.9. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code, leading to critical data loss and possible system compromise. Piotr Bazydlo of watchTowr discovered and reported the … Continue reading “Veeam Backup and Replication Remote Code Execution Vulnerability (CVE-2025-23120)”
Apache Tomcat Remote Code Execution Vulnerability Exploited in the Wild (CVE-2025-24813)
Attackers started exploitation of Apache Tomcat vulnerability just 30 hours after its proof of concept was made public. Tracked as CVE-2025-24813, the vulnerability may allow an unauthorized attacker to view sensitive files or inject arbitrary content into those files utilizing a PUT request. The vulnerability originates from the use of a partial PUT used, a … Continue reading “Apache Tomcat Remote Code Execution Vulnerability Exploited in the Wild (CVE-2025-24813)”
Apache Patches Critical Remote Code Execution Vulnerability in Tomcat Server (CVE-2024-56337)
Apache released a security advisory to address a critical vulnerability in the Tomcat server. Tracked as CVE-2024-56337, the vulnerability may allow an attacker to perform remote code execution on vulnerable servers.
CISA Added Cleo Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2024-50623 & CVE-2024-55956)
Cybersecurity & Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities Catalog with two vulnerabilities in Cleo Harmony, VLTrader, and LexiCom. Tracked as CVE-2024-50623 & CVE-2024-55956, successful exploitation of the vulnerability may lead to remote code execution. CISA urged users to patch the vulnerabilities before January 3, 2025 (CVE-2024-50623) and January 7, 2025 (CVE-2024-55956). Cleo … Continue reading “CISA Added Cleo Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2024-50623 & CVE-2024-55956)”
