FlagThis

A critical vulnerability, tracked as CVE-2025-23006, has been discovered in SonicWall’s SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). This flaw, classified under CWE-502 (Deserialization of Untrusted Data), carries a severity score of 9.8 (Critical), indicating its potential for a devastating impact. SonicWall has confirmed active exploitation of this vulnerability by malicious actors, allowing them to execute arbitrary OS commands on affected appliances. The vulnerability stems from the improper handling of data during deserialization processes. This flaw can be exploited by attackers to inject malicious code into the targeted appliances, ultimately leading to complete system compromise. SonicWall has issued an urgent security advisory and released a patch for this vulnerability. The company strongly urges users to update their SMA1000 appliances immediately.

A critical vulnerability, CVE-2024-50050, exists in Meta’s Llama framework, a widely used tool for building generative AI applications. This flaw stems from unsafe deserialization of Python objects via the pickle module, allowing remote attackers to execute arbitrary code on affected servers. This vulnerability highlights the risk of insecure deserialization in AI systems.

A critical remote code execution vulnerability (CVE-2024-9042) in Kubernetes allows attackers to execute commands with SYSTEM privileges on all Windows nodes in a cluster. This vulnerability, specifically in the new beta logging feature ‘Log Query’, is easily exploitable, resulting in full system compromise. This highlights the danger of introducing new features without thorough security testing, impacting organizations that rely on Kubernetes. Immediate patching is vital to prevent potential unauthorized access and lateral movement within the Kubernetes environment.

Critical flaws in Planet Technology’s WGS-804HPT industrial switches have been discovered, enabling pre-authentication remote code execution. The vulnerabilities can be chained to achieve remote code execution, potentially allowing attackers to gain control over the network. These switches are widely used in building and home automation systems. The vulnerabilities are a major security issue due to their widespread use and the potential impact on critical infrastructure.

A critical vulnerability (CVE-2025-0282) has been identified in Ivanti Connect Secure, allowing remote unauthenticated attackers to execute arbitrary code. This is due to a stack-based buffer overflow vulnerability in versions before 22.7R2.5. Proof of concept exploit code has been released.

A critical command injection vulnerability, CVE-2024-50603, in the Aviatrix Network Controller allows unauthenticated remote attackers to execute arbitrary code. This vulnerability, with a CVSS score of 10.0, stems from improper input handling within the Aviatrix Controller’s API. Exploitation could lead to full system compromise, data theft, and network breaches. There are hundreds of publicly exposed Aviatrix Controllers accessible via the Shodan search engine.

Multiple vulnerabilities have been discovered in rsync, a widely used file transfer program. Six vulnerabilities have been identified, including a critical remote code execution (RCE) vulnerability (CVE-2024-12084) that allows attackers with anonymous read access to an rsync server to execute arbitrary code on the machine. Other vulnerabilities include information leaks and symlink issues. Users are advised to upgrade to rsync version 3.4.0, released on January 14th, to patch these issues and ensure system security. This highlights the importance of timely patching and update process for critical network utilities.

Multiple critical vulnerabilities have been discovered in SimpleHelp remote support software. These flaws include unauthorized file access, privilege escalation, and remote code execution. These vulnerabilities are trivial to exploit, making them a serious risk for both SimpleHelp servers and the client machines that the software is used to manage. Patches are available, and users are advised to upgrade immediately.

A critical zero-day vulnerability, tracked as CVE-2025-0282, has been discovered in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. This stack-based buffer overflow allows unauthenticated remote attackers to achieve remote code execution. This is in addition to CVE-2025-0283 which is another stack-based buffer overflow, which requires a local authenticated attacker. This vulnerability is currently being actively exploited in the wild. Organizations are advised to apply the available patches immediately and perform factory resets to ensure complete removal of any potential malware. Ivanti has a long history of being targeted.

A critical remote code execution (RCE) vulnerability, tracked as CVE-2024-49112, has been identified in Windows LDAP. A Proof of Concept (PoC) exploit has been released demonstrating how an attacker can send a malicious LDAP request to unpatched Domain Controllers, leading to memory corruption and remote code execution without any user interaction. This vulnerability poses a significant threat to Windows environments. This is a zero click RCE vulnerability.

A critical command injection vulnerability, identified as CVE-2024-56334, has been discovered in the Node.js ‘systeminformation’ package. This vulnerability allows attackers to execute arbitrary commands, potentially leading to remote code execution and privilege escalation. The flaw affects versions up to and including 5.23.6, requiring immediate updates to mitigate the risk. This vulnerability impacts a very large number of systems, so immediate action is highly recommended.

Sophos has released updates for its Firewall product to address three critical vulnerabilities that could lead to Remote Code Execution (RCE) and privilege escalation. These flaws, identified as CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729, require immediate patching to prevent potential exploitation. There is currently no evidence that the shortcomings have been exploited in the wild.

BeyondTrust has experienced a security incident where hackers breached their Remote Support SaaS instances by exploiting an API key, allowing for account password resets. Two critical vulnerabilities were discovered and patched, namely command injection (CVE-2024-12356) and escalation of privilege (CVE-2024-12686). This incident highlights the risks associated with API key compromise and the importance of proper security measures for SaaS platforms and privileged access management solutions.