FlagThis

Microsoft has publicly released a proof-of-concept (PoC) exploit for CVE-2025-21293, a critical privilege escalation vulnerability in Active Directory Domain Services (AD DS). This vulnerability, patched in January 2025, allows attackers to gain system-level privileges, potentially leading to significant security breaches. The public availability of the exploit increases the risk of widespread exploitation. The vulnerability allows an attacker to gain admin level privileges in AD.

A high-severity privilege escalation vulnerability, CVE-2025-0065, has been identified in TeamViewer’s Windows client and host applications. This flaw allows attackers to elevate their privileges on the system by exploiting improper neutralization of argument delimiters in the TeamViewer_service.exe component, which could lead to complete control over the affected systems. Patches have been released to address this flaw, which has a CVSS score of 7.8.

Cisco has patched a critical vulnerability in its ClamAV software. The vulnerability, identified as CVE-2025-20128, is a denial of service bug that allows attackers to shut down ClamAV scanning, thus compromising security workflows. Additionally, a privilege escalation flaw in Cisco Meeting Management REST API has been discovered, and a ‘tmiss’ meeting management flaw was also fixed. These vulnerabilities highlight the importance of keeping security software up-to-date.