CyberSecurity news

FlagThis - #vulnerability

Bill Mann@CyberInsider - 11d

OpenSSH Vulnerabilities Expose to MitM and DoS Attacks - Qualys Threat Research Unit disclosed two OpenSSH vulnerabilities: CVE-2025-26465 (MitM attack) and CVE-2025-26466 (DoS attack), impacting client and server components.
The Qualys Threat Research Unit (TRU) has revealed two significant vulnerabilities in OpenSSH, impacting both client and server components. The first, CVE-2025-26465, is a machine-in-the-middle (MitM) attack that targets OpenSSH clients when the VerifyHostKeyDNS option is enabled. The second, CVE-2025-26466, involves a pre-authentication denial-of-service (DoS) attack affecting both client and server systems by exhausting resources. These vulnerabilities expose systems to potential interception of communications and resource exhaustion, potentially crippling SSH servers.

The MitM vulnerability, CVE-2025-26465, allows attackers to impersonate a server, bypassing client identity checks even if VerifyHostKeyDNS is set to "yes" or "ask". This flaw was introduced in December 2014 and affects OpenSSH versions 6.8p1 through 9.9p1. The DoS vulnerability, CVE-2025-26466, enables attackers to consume excessive memory and CPU resources, impacting versions 9.5p1 through 9.9p1. While mitigations exist, such as LoginGraceTime and MaxStartups, immediate patching is strongly advised. OpenSSH version 9.9p2 addresses these vulnerabilities, urging administrators to upgrade affected systems promptly.

Recommended read:
References :
  • CyberInsider: OpenSSH Vulnerabilities Exposed Millions to Multi-Year Risks
  • buherator's timeline: Qualys Security Advisory CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enab...
  • Open Source Security: Qualys Security Advisory discussing MitM and DoS attacks against OpenSSH clients and servers.
  • securityonline.info: Securityonline.info article on OpenSSH flaws CVE-2025-26465 and CVE-2025-26466 exposing clients and servers to attacks.
  • www.openwall.com: Qualys Security Advisory CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enab...
  • cyberinsider.com: The Qualys Threat Research Unit (TRU) has disclosed two critical vulnerabilities in OpenSSH affecting both client and server components.
  • securityonline.info: OpenSSH Flaws CVE-2025-26465 & CVE-2025-26466 Expose Clients and Servers to Attacks
  • blog.qualys.com: Qualys TRU Discovers Two Vulnerabilities in OpenSSH (CVE-2025-26465, CVE-2025-26466)
  • hackread.com: Critical OpenSSH Vulnerabilities Expose Users to MITM and DoS Attacks
  • Ubuntu security notices: USN-7270-2: OpenSSH vulnerability
  • The Hacker News: Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions.
  • www.csoonline.com: OpenSSH fixes flaws that enable man-in-the-middle, DoS attacks
  • securityaffairs.com: OpenSSH bugs allows Man-in-the-Middle and DoS Attacks
  • www.scworld.com: OpenSSH flaws could enable man-in-the-middle attacks, denial of service Two vulnerabilities in OpenSSH could enable man-in-the-middle (MitM) attacks or denial of service (DoS), the Qualys Threat Research Unit (TRU) revealed Tuesday.
  • KubikPixel: OpenSSH flaws could enable man-in-the-middle attacks, denial of service Two vulnerabilities in OpenSSH could enable man-in-the-middle (MitM) attacks or denial of service (DoS), the Qualys Threat Research Unit (TRU) revealed Tuesday. â˜�ï¸
  • AAKL: Infosec Exchange Post: Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 More: The Register: FreSSH bugs undiscovered for years threaten OpenSSH security
  • socradar.io: Security Flaws in OpenSSH and Juniper Networks Demand Action (CVE-2025-26465, CVE-2025-26466, and CVE-2025-21589)
  • Information Security Buzz: Qualys Identifies Critical Vulnerabilities that Enable DDoS, MITM Attacks
  • www.theregister.com: FreSSH bugs undiscovered for years threaten OpenSSH security
  • socprime.com: Socprime discusses CVE-2025-26465 & CVE-2025-26466 Vulnerabilities.
  • Full Disclosure: Qualys Security Advisory CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client CVE-2025-26466: DoS attack against OpenSSH's client and server
  • www.scworld.com: The security flaws, tracked as CVE-2025-26465 and CVE-2025-26466, can be used by an attacker to conduct an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled.
  • SOC Prime Blog: CVE-2025-26465 & CVE-2025-26466 Vulnerabilities Expose Systems to Man-in-the-Middle and DoS Attacks
  • Security Risk Advisors: OpenSSH Vulnerabilities Enable MITM Attacks and Denial-of-Service (CVE-2025-26465 & CVE-2025-26466)
@csoonline.com - 15d

Critical PostgreSQL SQL Injection Flaw Exploited in Attacks - A high-severity SQL injection vulnerability (CVE-2025-1094) in PostgreSQL's psql tool was exploited with a BeyondTrust zero-day to execute arbitrary SQL commands and potentially OS commands.
A high-severity SQL injection vulnerability, identified as CVE-2025-1094, has been discovered in PostgreSQL's psql interactive tool. Rapid7 researchers found that threat actors exploited this zero-day flaw in conjunction with a BeyondTrust vulnerability (CVE-2024-12356) during targeted attacks in December 2024. Specifically, attackers who exploited a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL.

This vulnerability enables attackers to execute arbitrary SQL commands, potentially leading to OS command execution. The flaw stems from how PostgreSQL handles invalid UTF-8 characters, which allows attackers to inject malicious code via a shortcut command "\!". Rapid7 discovered that successful exploitation of the BeyondTrust vulnerability required exploiting CVE-2025-1094 to achieve remote code execution. Patches have been released for PostgreSQL versions 13 through 17 to address this issue, and users are advised to upgrade their database servers immediately.

Recommended read:
References :
  • The Register - Security: High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.…
  • Caitlin Condon: CVE-2025-1094 is a SQL injection flaw in PostgreSQL's psql interactive tool that was discovered while analyzing BeyondTrust RS CVE-2024-12356. The bug is interesting — 🧵on its relation to BeyondTrust exploitation
  • securityaffairs.com: Threat actors are exploiting a zero-day SQL injection vulnerability in PostgreSQL, according to researchers from cybersecurity firm Rapid7.
  • The Hacker News: Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7.
  • www.csoonline.com: PostgreSQL patches SQLi vulnerability likely exploited in BeyondTrust attacks
  • infosec.exchange: New vuln disclosure c/o : CVE-2025-1094 is a SQL injection flaw in PostgreSQL's psql interactive tool that was discovered while analyzing BeyondTrust RS CVE-2024-12356. The bug is interesting on its relation to BeyondTrust exploitation
  • MSSP feed for Latest: New PostgreSQL Zero-Day Potentially Leveraged in BeyondTrust Attacks
  • www.scworld.com: New PostgreSQL zero-day potentially leveraged in BeyondTrust attacks
  • Talkback Resources: Rapid7 discovered a zero-day vulnerability in PostgreSQL's psql terminal (CVE-2025-1094) enabling SQL injection, exploited in attacks on BeyondTrust Remote Support systems, compromising US Treasury Department machines.
  • Caitlin Condon: CVE-2025-1094 affects all supported versions of PostgreSQL
  • Open Source Security: Hi, As announced on February 13 in: This vulnerability is related to BeyondTrust CVE-2024-12356: In Caitlin Condon's words in the thread above: The referenced Rapid7 blog post:
  • www.postgresql.org: PostgreSQL security announcement about CVE-2025-1094.
  • Open Source Security: Re: CVE-2025-1094: PostgreSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection
  • securityonline.info: Metasploit-Ready: CVE-2025-1094 SQLi in PostgreSQL Exposes Systems to Remote Attacks
  • securityonline.info: Metasploit-Ready: CVE-2025-1094 SQLi in PostgreSQL Exposes Systems to Remote Attacks
  • Caitlin Condon: Infosec.exchange post linking to various resources related to CVE-2025-1094 in PostgreSQL.
  • www.postgresql.org: PostgreSQL announcement about PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 releases fixing CVE-2025-1094
@gbhackers.com - 17d

SonicWall Firewall Bug Allows VPN Hijacking - A high-severity authentication bypass vulnerability, CVE-2024-53704, affects SonicWall firewalls, allowing attackers to hijack active SSL VPN sessions and gain unauthorized network access.
SonicWall firewalls are facing a critical threat due to a high-severity authentication bypass vulnerability, identified as CVE-2024-53704. This flaw allows attackers to hijack active SSL VPN sessions, potentially granting them unauthorized access to networks. Bishop Fox researchers discovered nearly 4,500 internet-exposed SonicWall firewalls at risk, highlighting the widespread nature of the vulnerability. The affected SonicOS versions include 7.1.x, 7.1.2-7019, and 8.0.0-8035, which are used in various Gen firewalls.

A proof-of-concept exploit has been released for CVE-2024-53704, increasing the urgency for organizations to apply the necessary patches. The exploit involves sending a specially crafted session cookie to the SSL VPN endpoint, bypassing authentication mechanisms, including multi-factor authentication. By exploiting this vulnerability, attackers can access sensitive internal resources, Virtual Office bookmarks, and VPN client configurations, establishing new VPN tunnels into private networks. SonicWall has urged organizations to immediately apply patches to mitigate the vulnerability.

Recommended read:
References :
  • gbhackers.com: SonicWall firewalls running specific versions of SonicOS are vulnerable to a critical authentication bypass flaw, tracked as CVE-2024-53704, which allows attackers to hijack active SSL VPN sessions. This vulnerability has been classified as high-risk, with a CVSS score of 8.2.
  • MSSP feed for Latest: Nearly 4,500 internet-exposed SonicWall firewalls were discovered by Bishop Fox researchers to be at risk of having their VPN sessions taken over in attacks exploiting a recently patched high-severity authentication bypass flaw within the SonicOS SSLVPN application, tracked as CVE-2024-53704, according to BleepingComputer.
  • cyberpress.org: A critical security flaw, CVE-2024-53704, has been identified in SonicWall’s SonicOS SSLVPN application, enabling remote attackers to bypass authentication and hijack active SSL VPN sessions.
  • securityaffairs.com: Detailed findings and mitigation strategies related to the SonicWall firewall bug.
  • Cyber Security News: SonicWall Firewalls Exploit Let Attackers Remotely Hack Networks Via SSL VPN Sessions Hijack
  • gbhackers.com: SonicWall Firewalls Exploit Hijack SSL VPN Sessions to Gain Networks Access
  • www.bleepingcomputer.com: SonicWall firewall exploit lets hackers hijack VPN sessions, patch now
  • arcticwolf.com: Arctic Wolf Observes Authentication Bypass Exploitation Attempts Targeting SonicWall Firewalls (CVE-2024-53704)
  • Arctic Wolf: Arctic Wolf Observes Authentication Bypass Exploitation Attempts Targeting SonicWall Firewalls (CVE-2024-53704)
  • arcticwolf.com: On February 10, 2025, Bishop Fox published technical details and proof-of-concept (PoC) exploit code for CVE-2024-53704, a high-severity authentication bypass vulnerability caused by a flaw in the SSLVPN authentication mechanism in SonicOS, the operating system used by SonicWall firewalls. Shortly after the PoC was made public, Arctic Wolf began observing exploitation attempts of this vulnerability
  • Arctic Wolf: Arctic Wolf Observes Authentication Bypass Exploitation Attempts Targeting SonicWall Firewalls (CVE-2024-53704)
  • The Register - Security: SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN
  • bishopfox.com: https://bishopfox.com/blog/sonicwall-cve-2024-53704-ssl-vpn-session-hijacking
  • Christoffer S.: Arctic Wolf: Published a blog about observing active exploitation of SonicWALL vulnerability, which Bishop Fox published a PoC for on Feb 10. Unfortunately NO indicators or otherwise actionable intelligence provided beyond active exploitation.
  • BleepingComputer: Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code.
  • heise online English: Patch Sonicwall now! Attackers bypass authentication of firewalls Attacks are currently taking place on Sonicwall firewalls. Security updates are available for download.
  • www.bleepingcomputer.com: BleepingComputer reports on attackers exploiting a SonicWall firewall vulnerability after the release of PoC exploit code.
  • Anonymous ???????? :af:: Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code.
  • www.heise.de: Heise Online article urging users to patch their SonicWall devices.
  • www.bleepingcomputer.com: Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code.
  • securityonline.info: SonicWall Firewalls Under Attack: CVE-2024-53704 Exploited in the Wild, PoC Released
@The GreyNoise Blog - 14d

Palo Alto Networks PAN-OS Authentication Bypass Actively Exploited - Palo Alto Networks has addressed an authentication bypass vulnerability (CVE-2025-0108) in PAN-OS allowing attackers to access the management web interface, execute PHP scripts, and obtain sensitive information; active exploitation is observed, patch now.
References: The GreyNoise Blog , GreyNoise , veriti.ai ...
Active exploitation of a high-severity authentication bypass vulnerability, CVE-2025-0108, affecting Palo Alto Networks PAN-OS is being observed. GreyNoise has confirmed live attacks on PAN-OS firewalls. This flaw allows unauthenticated attackers to access the management web interface and execute specific PHP scripts, potentially leading to unauthorized access. Organizations relying on PAN-OS firewalls should assume that unpatched devices are being targeted.

To mitigate this threat, defenders should apply security patches for PAN-OS as soon as possible and restrict access to firewall management interfaces, ensuring they are not publicly exposed. It is recommended to monitor active exploitation trends and leverage real-time threat intelligence to stay ahead of exploitation attempts. Researchers have noted that the vulnerability is trivial to exploit, increasing the potential for widespread abuse.

Recommended read:
References :
  • The GreyNoise Blog: GreyNoise Observes Active Exploitation of PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108)
  • GreyNoise: 🚨 CVE-2025-0108 is being actively exploited! 🚨 GreyNoise sees live attacks on PAN-OS firewalls.
  • Blog: New Palo Alto vulnerability with active exploit attempts discovered
  • veriti.ai: CVE-2025-0108: Active Exploits Targeting Palo Alto PAN-OS – What You Need to Know
  • securityaffairs.com: Threat actors are exploiting a recently disclosed vulnerability, tracked as CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls.
  • Glenn ?: & - it took no time for the POC of CVE-2025-0108 (PAN-OS Authentication Bypass) to start being fired off across the internet. We're back-processing some data now to pick up some prior exploitation as well.
  • socradar.io: Palo Alto Firewall Vulnerability (CVE-2025-0108) Under Attack – Are You at Risk?
  • VERITI: CVE-2025-0108: Active Exploits Targeting Palo Alto PAN-OS – What You Need to Know
  • securityadvisories.paloaltonetworks.com: Authentication Bypass in PAN-OS Management Web Interface Allows Unauthorized Access
  • BleepingComputer: Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication.
  • The Hacker News: CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List
  • www.csoonline.com: Hackers gain root access to Palo Alto firewalls through chained bugs
  • securityaffairs.com: U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog
  • securebulletin.com: Critical Palo Alto Firewall flaw under active attack: Patch NOW!
  • aboutdfir.com: Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks.
  • Secure Bulletin: Critical Palo Alto Firewall flaw under active attack: Patch NOW!
  • techcrunch.com: Palo Alto Networks warns that hackers are exploiting another vulnerability in its firewall software to break into unpatched customer networks
Divya@gbhackers.com - 4d

Critical RCE Vulnerability Found in MITRE Caldera - A critical Remote Code Execution vulnerability (CVE-2025-27364) has been discovered in MITRE Caldera, allowing remote attackers to execute arbitrary code via crafted web requests, affecting versions through 4.2.0 and 5.0.0 before commit 35bc06e, requiring patching.
A critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-27364, has been discovered in MITRE Caldera, a widely used adversarial emulation framework. This flaw allows attackers to remotely execute arbitrary code on affected Caldera servers. The vulnerability stems from Caldera's dynamic agent compilation functionality, which can be manipulated through crafted web requests. This poses a significant security risk, especially given Caldera's use in penetration testing and security automation, potentially granting attackers full control over compromised systems.

Versions of MITRE Caldera through 4.2.0 and 5.0.0 before commit 35bc06e are vulnerable and require immediate patching. The unauthenticated API endpoint in Caldera’s agent compilation process can be exploited by injecting arbitrary commands during compilation, specifically by abusing the `-extldflags` linker flag in GCC. This allows attackers to deploy rogue Sandcat or Manx agents, which can then execute commands on the compromised system leading to data exfiltration and further attacks on connected assets. Proof-of-Concept exploit details are publicly available.

Recommended read:
References :
  • community.emergingthreats.net: MITRE Caldera Remote Code Execution (CVE-2025-27364)
  • gbhackers.com: Critical RCE Vulnerability in MITRE Caldera – Proof of Concept Released
  • socradar.io: Security Alert: Critical Flaws in MITRE Caldera and Parallels Desktop (CVE-2025-27364, CVE-2024-34331)
  • The Register - Security: MITRE Caldera security suite scores perfect 10 for insecurity
  • cR0w :cascadia:: A perfect 10 in MITRE Caldera? Nice. 🥳 In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera's Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.
  • Talkback Resources: CVE-2025-27364 (CVSS 10): Remote Code Execution Flaw Found in MITRE Caldera, PoC Releases
  • SOC Prime Blog: CVE-2025–27364 in MITRE Caldera: Exploitation of a New Max-Severity RCE Vulnerability via Linker Flag Manipulation Can Lead to Full System Compromise
  • thecyberexpress.com: MITRE Caldera Hit by Critical RCE Flaw (CVE-2025-27364) – Here’s What You Need to Know
  • Help Net Security: MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364)
Ameer Owda@socradar.io - 22d

Cisco ISE Critical Flaws Allow Remote Execution - Cisco addressed two critical remote code execution flaws in its Identity Services Engine (ISE) that could allow a remote attacker with read-only administrative privileges to execute arbitrary commands on affected devices.
Cisco has released patches to address two critical remote code execution vulnerabilities in its Identity Services Engine (ISE). The flaws, tracked as CVE-2025-20124 (CVSS score 9.9) and CVE-2025-20125 (CVSS score 9.1), could allow a remote attacker with read-only administrative privileges to execute arbitrary commands on affected devices. The vulnerabilities could prevent privilege escalation and system configuration changes.

The first vulnerability, CVE-2025-20124, is due to insecure deserialization of user-supplied Java byte streams, allowing attackers to execute arbitrary commands and elevate privileges by sending a crafted serialized Java object to an affected API. The second, CVE-2025-20125, is an authorization bypass issue that could allow attackers to obtain sensitive information, modify system configurations, and restart the node by sending a crafted HTTP request to a specific API. Cisco warns that there are no workarounds, advising customers to migrate to a fixed software release as soon as possible.

Recommended read:
References :
  • securityaffairs.com: Cisco addressed critical flaws in Identity Services Engine, preventing privilege escalation and system configuration changes.
  • securityonline.info: CVE-2025-20124 (CVSS 9.9) & CVE-2025-20125 (CVSS 9.1): Cisco Patches Critical Flaws in Identity Services Engine
  • ciso2ciso.com: Cisco addressed two critical flaws in its Identity Services Engine (ISE) – Source: securityaffairs.com
  • ciso2ciso.com: Cisco addressed two critical flaws in its Identity Services Engine (ISE) – Source: securityaffairs.com
  • securityonline.info: Cisco has issued a security advisory addressing two critical vulnerabilities in its Identity Services Engine (ISE), a network
  • : Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities – Source:sec.cloudapps.cisco.com #'Cyber
  • BleepingComputer: Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root.
  • socradar.io: Critical Cisco ISE Vulnerabilities Patched: CVE-2025-20124 & CVE-2025-20125
  • The Hacker News: Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
  • www.csoonline.com: Cisco’s ISE bugs could allow root-level command execution
  • www.bleepingcomputer.com: Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root.
  • ciso2ciso.com: Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc – Source:thehackernews.com
  • ciso2ciso.com: Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc – Source:thehackernews.com
  • ciso2ciso.com: Cisco’s ISE bugs could allow root-level command execution – Source: www.csoonline.com
@www.bleepingcomputer.com - 21d

Active Exploitation of Cityworks RCE Vulnerability - Attackers are exploiting a deserialization vulnerability (CVE-2025-0994) in Trimble’s Cityworks Server AMS, enabling remote code execution on Microsoft IIS web servers, with CISA urging organizations to apply updates and search for IOCs.
Attackers are actively exploiting a deserialization vulnerability, identified as CVE-2025-0994, in Trimble’s Cityworks Server AMS. This flaw allows for remote code execution on Microsoft IIS web servers. The exploitation involves hackers deploying Cobalt Strike beacons for initial network access after gaining the ability to remotely execute commands. Cityworks is primarily used by local governments, utilities, and public works organizations for asset and work order management.

CISA has added the Cityworks vulnerability to its Known Exploited Vulnerabilities catalog, urging organizations to apply necessary updates and search for indicators of compromise. Furthermore, Microsoft has warned of code injection attacks using publicly disclosed ASP.NET machine keys, which can lead to the delivery of the Godzilla post-exploitation framework. It is advised to not copy keys from publicly available resources, as this poses a higher risk than stolen keys because they are available in multiple code repositories.

Recommended read:
References :
  • : CISA puts out a standalone security alert about Trimble Cityworks Server Asset Management System (AMS).
  • securityaffairs.com: U.S. CISA adds Trimble Cityworks flaw to its Known Exploited Vulnerabilities catalog
  • securityonline.info: CVE-2025-0994: Critical Vulnerability in Trimble Cityworks Exploited in the Wild
  • securityonline.info: CVE-2025-0994: Critical Vulnerability in Trimble Cityworks Exploited in the Wild
  • Anonymous ???????? :af:: Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access.
  • www.bleepingcomputer.com: Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access.
  • BleepingComputer: Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access.
  • bsky.app: Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access.
  • Anonymous ???????? :af:: Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access.
  • therecord.media: Hackers exploiting bug in popular Trimble Cityworks tool used by local gov’ts
@www.netscaler.com - 9d

Citrix Releases Security Fix for NetScaler Vulnerability - CVE-2024-12284 affects NetScaler Console and Agent; an authenticated attacker could exploit this improper privilege management vulnerability to execute commands without authorization, requiring an upgrade to the latest non-vulnerable builds.
Citrix has released a security fix for a high-severity vulnerability, CVE-2024-12284, impacting NetScaler Console and NetScaler Agent. The vulnerability, which stems from improper privilege management, could allow authenticated attackers to execute commands without authorization. The CVSS v4 score for this flaw is 8.8 out of 10.0. Users are urged to update their NetScaler Console and Agent installations immediately to mitigate the risk of unauthorized command execution.

Cloud Software Group strongly recommends that customers running affected versions of on-premises NetScaler Console and NetScaler Agent upgrade to the patched versions. There are no workarounds available; upgrading is the only solution. The affected versions are NetScaler Console and Agent 14.1 before 14.1-38.53 and 13.1 before 13.1-56.18. The remediated versions are NetScaler Console and Agent 14.1-38.53 and later releases, and 13.1-56.18 and later releases of 13.1. Customers using Citrix-managed NetScaler Console Service do not need to take any action.

Recommended read:
References :
  • thecyberexpress.com: CVE-2024-12284: NetScaler Users Urged to Update Against Critical Flaw
  • securityonline.info: CVE-2024-12284 in NetScaler Console Exposes Systems to Unauthorized Command Execution
  • The Hacker News: Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability
  • securityaffairs.com: Citrix addressed NetScaler console privilege escalation flaw
  • Talkback Resources: Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability [app] [cloud]
  • securityonline.info: Cloud Software Group has released a security bulletin addressing a high-severity vulnerability in its NetScaler Console and NetScaler
  • www.heise.de: Citrix Netscaler enables the extension of rights Citrix Netscaler Agent and Netscaler Console allow attackers to extend their rights. Secure Access Client for Mac also has a vulnerability.
  • Talkback Resources: Citrix addressed NetScaler console privilege escalation flaw [app]
@Talkback Resources - 11d

Critical Authentication Bypass Flaw in Juniper Routers - A critical authentication bypass vulnerability (CVE-2025-21589) affects Juniper Networks' Session Smart Router, allowing attackers to gain administrative control; updated software versions are available to mitigate the issue.
Juniper Networks has addressed a critical authentication bypass vulnerability, identified as CVE-2025-21589, affecting its Session Smart Router, Session Smart Conductor, and WAN Assurance Managed Router products. The vulnerability allows a network-based attacker to bypass authentication and gain administrative control over affected devices. The severity of the flaw is highlighted by its critical CVSS score of 9.8.

Juniper has released updated software versions to mitigate this issue, including SSR-5.6.17, SSR-6.1.12-lts, SSR-6.2.8-lts, and SSR-6.3.3-r2, advising users to upgrade their affected systems promptly. For conductor-managed deployments, upgrading only the Conductor nodes is sufficient, while WAN Assurance users connected to the Mist Cloud have already received automatic patches. It was found through internal security testing.

Recommended read:
References :
  • securityaffairs.com: Juniper Networks fixed a critical flaw in Session Smart Routers
  • Talkback Resources: Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication [exp] [net]
  • securityonline.info: CVE-2025-21589 (CVSS 9.8): Critical Authentication Bypass Flaw in Juniper Session Smart Routers
  • securityonline.info: CVE-2025-21589 (CVSS 9.8): Critical Authentication Bypass Flaw in Juniper Session Smart Routers
  • The Hacker News: Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication
  • www.bleepingcomputer.com: Juniper Patches Critical Auth Bypass in Session Smart Routers
  • www.heise.de: Juniper Session Smart Router: Security leak enables takeover
  • Vulnerability-Lookup: Vulnerability ncsc-2025-0062 has received a comment on Vulnerability-Lookup: 2025-02: Out-of-Cycle Security Bulletin: Session Smart Router, Session Smart Conductor, WAN Assurance Router: API Authentication Bypass Vulnerability (CVE-2025-21589)
  • BleepingComputer: Infosec Exchange Post: Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices.
  • socradar.io: Security Flaws in OpenSSH and Juniper Networks Demand Action (CVE-2025-26465, CVE-2025-26466, and CVE-2025-21589)
  • Talkback Resources: CVE-2025-21589 (CVSS 9.8): Critical Authentication Bypass Flaw in Juniper Session Smart Routers [app] [net]
  • BleepingComputer: ​Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices.
  • Anonymous ???????? :af:: Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices.
  • cyble.com: Major Security Flaw in Juniper Networks Routers: How to Protect Your Systems
info@thehackernews.com (The Hacker News)@The Hacker News - 17d

Ivanti Patches Critical RCE Flaws in Connect Secure - Ivanti has released security updates for Connect Secure, Policy Secure, and Secure Access Client to address multiple vulnerabilities, including critical remote code execution flaws.
Ivanti has released critical security updates for Connect Secure (ICS), Policy Secure (IPS), and Secure Access Client (ISAC) to address multiple vulnerabilities. These include three critical severity problems that could allow remote code execution (RCE), posing a significant risk. The updates aim to patch flaws such as external control of a file name (CVE-2024-38657) and a stack-based buffer overflow (CVE-2025-22467), which can be exploited by authenticated attackers to execute arbitrary code and compromise system integrity.

The specific vulnerabilities addressed include CVE-2024-38657, which allows remote authenticated attackers with admin privileges to write arbitrary files, and CVE-2025-22467, a stack-based buffer overflow that enables remote code execution. Also patched is CVE-2024-10644 which is a code injection vulnerability, and CVE-2024-47908, an operating system command injection flaw in the admin web console of Ivanti CSA. Users are urged to update to the latest versions, Ivanti Connect Secure 22.7R2.6, Ivanti Policy Secure 22.7R1.3, and Ivanti CSA 5.0.5, as soon as possible to mitigate potential exploitation. While Ivanti is not aware of active exploitation, it's imperative to apply the patches due to the history of Ivanti appliances being weaponized.

Recommended read:
References :
  • Vulnerability-Lookup: Security advisory for Ivanti Connect Secure, Policy Secure, and Secure Access Client (multiple CVEs).
  • securityonline.info: Ivanti has disclosed multiple vulnerabilities affecting its Connect Secure, Policy Secure, and Secure Access Client products, with some The post appeared first on .
  • The Hacker News: Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now
  • BleepingComputer: Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems.
  • securityonline.info: CVE-2025-22467 (CVSS 9.9): Ivanti Connect Secure Vulnerability Allows Remote Code Execution
  • www.bleepingcomputer.com: Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems.
  • vulnerability.circl.lu: February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs), has been published on Vulnerability-Lookup
  • research.kudelskisecurity.com: Ivanti ICS, IPS, ISAC, CSA: Multiple Vulnerabilities Disclosed and Patched
  • bsky.app: Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems.
  • socradar.io: Ivanti Security Update Addresses Severe Vulnerabilities in ICS, IPS, and ISAC (CVE-2025-22467, CVE-2024-38657, CVE-2024-10644)
  • research.kudelskisecurity.com: Ivanti ICS, IPS, ISAC, CSA: Multiple Vulnerabilities Disclosed and Patched
  • BleepingComputer: Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems
@www.bleepingcomputer.com - 21d

SimpleHelp RMM Exploits Lead to Ransomware Deployment - Threat actors are exploiting SimpleHelp RMM software vulnerabilities to gain initial access, establish persistent remote access, and potentially deploy ransomware, with observed TTPs similar to the Akira Ransomware group.
Hackers are actively exploiting vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software to compromise systems and potentially deploy ransomware. Cybersecurity firm Field Effect has confirmed these exploits and released a report detailing the post-exploitation activity. The vulnerabilities, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, allow attackers to create administrator accounts and drop backdoors, laying the groundwork for further malicious activities.

Field Effect identified a breach where threat actors exploited these vulnerabilities in the SimpleHelp RMM client to infiltrate a targeted network. Following initial access, attackers execute discovery commands to gather system and network data. They then establish persistence by creating new administrator accounts and deploying the Sliver malware, a post-exploitation framework gaining popularity as a Cobalt Strike alternative. Once deployed, Sliver waits for further commands, enabling attackers to compromise the domain controller and potentially distribute malicious software.

Recommended read:
References :
  • Security Risk Advisors: Threat Actors Exploit SimpleHelp RMM Vulnerabilities to Deploy Ransomware
  • The Hacker News: The Hacker News - Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware
  • www.bleepingcomputer.com: Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundwork for ransomware attacks.
  • Blog: Threat actors exploiting #SimpleHelp RMM #vulnerabilities to deploy #ransomware The post appeared first on .
  • www.scworld.com: Sliver malware spread via SimpleHelp RMM exploits
  • fieldeffect.com: Threat actors exploiting #SimpleHelp RMM #vulnerabilities to deploy #ransomware
  • gbhackers.com: Hackers Exploiting SimpleHelp Vulnerabilities to Deploy Malware on Systems
  • gbhackers.com: Hackers Exploiting SimpleHelp Vulnerabilities to Deploy Malware on Systems
info@thehackernews.com (The Hacker News)@The Hacker News - 16d

NVIDIA Container Toolkit Vulnerability Enables Host Compromise - A critical vulnerability in the NVIDIA Container Toolkit allows attackers to break out of container isolation and gain complete access to the underlying host; update to version 1.17.4 immediately.
A critical security vulnerability, CVE-2024-0132 (CVSS score: 9.0), has been identified in the NVIDIA Container Toolkit, potentially allowing attackers to completely compromise the host system. Researchers at Wiz have uncovered a new exploit, CVE-2025-23359 (CVSS score: 8.3), that bypasses the original patch for CVE-2024-0132. This vulnerability allows malicious actors to escape the container's isolation, gaining full access to the underlying host, posing a significant risk to sensitive data and infrastructure.

Security researchers Shir Tamari, Ronen Shustin, and Andres Riancho found that file paths used during mount operations could be manipulated using a symbolic link, making it possible to mount from outside the container into a path within "/usr/lib64." This allows an attacker to mount the host's root file system into a container, granting unrestricted access to all files and enabling the launch of privileged containers and achieve full host compromise via the runtime Unix socket. It is strongly recommended that users immediately update to NVIDIA Container Toolkit version 1.17.4 and NVIDIA GPU Operator version 24.9.2, which addresses both vulnerabilities, and to not disable the "--no-cntlibs" flag in production environments.

Recommended read:
References :
  • The Hacker News: Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability
  • Wiz Blog | RSS feed: Critical NVIDIA container vulnerability (CVE-2024-0132) allows full host compromise. Update to NVIDIA Container Toolkit 1.17.4 immediately and restrict access to privileged runtime sockets. The post appeared first on .
  • BleepingComputer: Information about an NVIDIA vulnerability and its bypass.
  • Open Source Security: CVE-2025-23359: Nvidia-container-toolkit: GPU Container Escape (CVE-2024-0132 fix bypass)
  • Security Risk Advisors: NVIDIA Container Toolkit Vulnerability Enables Full Host Compromise (CVE-2024-0132 & CVE-2025-23359)
@securityonline.info - 18d

Progress Software Patches High-Severity LoadMaster Flaws - Multiple high-severity vulnerabilities in Progress Software's LoadMaster software could allow attackers to execute arbitrary system commands through improper input validation; patches are available and should be applied immediately.
Progress Software has released patches to address multiple high-severity vulnerabilities in its LoadMaster software. These flaws could allow remote, authenticated attackers to execute arbitrary system commands on affected systems. The vulnerabilities stem from improper input validation, where attackers who gain access to the management interface can inject malicious commands via crafted HTTP requests.

The affected software includes LoadMaster versions from 7.2.48.12 and prior, 7.2.49.0 to 7.2.54.12 (inclusive), and 7.2.55.0 to 7.2.60.1 (inclusive), as well as Multi-Tenant LoadMaster version 7.1.35.12 and prior. Progress Software has implemented input sanitization to mitigate these vulnerabilities, preventing arbitrary system commands from being executed. Users are advised to update to the latest patched versions to ensure the security of their systems.

Recommended read:
References :
  • community.progress.com: Progress security advisory "05" February 2024: (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection Remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate could issue a carefully crafted HTTP request that allows arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed.   We have not received any reports that these vulnerabilities have been exploited and we are not aware of any direct impact on customers.
  • securityaffairs.com: Progress Software fixed multiple high-severity LoadMaster flaws - SecurityAffairs
  • securityonline.info: Progress LoadMaster Security Update: Multiple Vulnerabilities Addressed - SecurityOnline
  • The Hacker News: Progress Software Patches High-Severity LoadMaster Flaws Affecting Multiple Versions - The Hacker News
  • securityonline.info: Security Online Article about Progress LoadMaster Security Update
  • : Progress security advisory "05" February 2024: (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
@arcticwolf.com - 16d

Microsoft February 2025 Patch Tuesday Addresses Multiple Vulnerabilities - Microsoft released its February 2025 security update, addressing 63 vulnerabilities, two of which were actively exploited in the wild.
References: Arctic Wolf , isc.sans.edu ,
Microsoft has released its February 2025 security update, addressing a total of 63 newly disclosed vulnerabilities. This update, released on February 11th, includes patches for various Microsoft products. Arctic Wolf has highlighted three vulnerabilities in this security bulletin that affect Microsoft Windows and are classified as critical or have been exploited in the wild.

Among the vulnerabilities addressed, two are actively being exploited, including CVE-2025-21418, a Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability, and CVE-2025-21391, a Windows Storage Elevation of Privilege Vulnerability. Users are strongly advised to apply these updates promptly to mitigate the risk posed by these threats. This month, Microsoft has released patches addressing a total of 141 vulnerabilities.

Recommended read:
References :
  • Arctic Wolf: Microsoft Patch Tuesday: February 2025
  • isc.sans.edu: Microsoft February 2025 Patch Tuesday, (Tue, Feb 11th)
  • Tenable Blog: Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)
@gbhackers.com - 7d

Ivanti EPM Vulnerabilities Exploited - PoC exploit code is now available for critical information disclosure vulnerabilities in Ivanti EPM, allowing remote attackers to leak sensitive information.
References: arcticwolf.com , bsky.app , gbhackers.com ...
Proof-of-concept exploit code has been released for critical vulnerabilities affecting Ivanti Endpoint Manager (EPM). Disclosed in January, these vulnerabilities allow remote, unauthenticated attackers to potentially compromise systems through credential coercion. Security firm Horizon3.ai published the exploit code and technical details on February 19, 2025, escalating the risk for organizations utilizing the Ivanti EPM platform. The vulnerabilities stem from improper validation of user input, allowing attackers to manipulate file paths and force the EPM server to authenticate to malicious SMB shares.

These vulnerabilities, identified as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159, affect the WSVulnerabilityCore.dll component of Ivanti EPM. An attacker can coerce the Ivanti EPM machine account credential to be used in relay attacks, potentially leading to a full domain compromise. The exploit chain involves credential harvesting and relay attacks.

Recommended read:
References :
  • arcticwolf.com: On 19 February 2025, Horizon3.ai published proof-of-concept (PoC) exploit code and technical details for critical Ivanti Endpoint Manager (EPM) vulnerabilities disclosed in January.
  • bsky.app: Horizon3 has published a write-up and POCs for four credential coercion vulnerabilities the company found and Ivanti patched in January. Bugs can be used by "an unauthenticated attacker to coerce the Ivanti EPM machine account credential to be used in relay attacks"
  • gbhackers.com: PoC Exploit Released for Ivanti EPM Vulnerabilities
  • gbhackers.com: GB Hackers Post on POC exploit for Ivanti vulnerabilities.
@Full Disclosure - 19d

Apple Patches Actively Exploited Zero-Day Vulnerability - Apple released security updates (iOS 18.3.1 and iPadOS 18.3.1) to address a vulnerability that could allow a physical attack to disable USB Restricted Mode on a locked device.
Apple has released security updates, iOS 18.3.1 and iPadOS 18.3.1, to address a vulnerability in USB Restricted Mode. The company warns that this flaw "may have been exploited in an extremely sophisticated attack against specific targeted individuals." This unusually strong language from Apple suggests the seriousness of the threat, as they typically use more reserved terms when describing exploited vulnerabilities. Security researcher Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School reported the flaw.

The vulnerability, identified as CVE-2025-24200, allows a physical attack to disable USB Restricted Mode on a locked device. USB Restricted Mode is a security feature introduced in iOS 11.4.1 that prevents USB accessories from accessing a device's data if it hasn't been unlocked for an hour. The new updates patch this flaw, preventing attackers from turning off the security feature. Users are advised to update their devices to iOS 18.3.1, iPadOS 18.3.1 or iPadOS 17.7.5 to mitigate the risk.

Recommended read:
References :
@ciso2ciso.com - 8d

Atlassian Patches Critical Vulnerabilities in Multiple Products - Atlassian releases security patches for 12 critical vulnerabilities affecting Bamboo, Bitbucket, Confluence, Crowd, and Jira, including a remote code execution flaw in Confluence.
Atlassian has released security patches to address 12 critical and high-severity vulnerabilities affecting multiple products, including Bamboo, Bitbucket, Confluence, Crowd, and Jira. The patches address five critical-severity issues in Confluence Data Center and Server and Crowd Data Center and Server that were discovered in third-party dependencies used within the two products.

Updates released for Confluence Data Center and Server address two critical flaws in Apache Tomcat, tracked as CVE-2024-50379 and CVE-2024-56337 (CVSS score of 9.8). These issues could be exploited by unauthenticated attackers to achieve remote code execution. Atlassian urges customers to update their installations as soon as possible.

Recommended read:
References :
  • securityaffairs.com: Australian software firm Atlassian patched 12 critical and high-severity flaws in Bamboo, Bitbucket, Confluence, Crowd, and Jira.
  • ciso2ciso.com: Atlassian Patches Critical Vulnerabilities in Confluence, Crowd – Source: www.securityweek.com
  • heise online English: Security updates Atlassian: Attacks on Bamboo Data Center and Server possible Attackers can attack Atlassian's Bitbucket Data Center and Server with malicious code, among other things.
@gbhackers.com - 16d

SonicWall Firewall Authentication Bypass Exploited - SonicWall firewall vulnerability (CVE-2024-53704) is actively exploited, allowing attackers to bypass authentication; users are urged to apply security updates immediately.
A critical authentication bypass vulnerability, identified as CVE-2024-53704, in SonicWall firewalls is under active exploitation. Security firms are warning that attackers are now targeting this flaw following the public release of proof-of-concept exploit code. The vulnerability allows attackers to bypass authentication, posing a significant risk to affected systems.

Security updates are available for download to address the issue, and users are strongly urged to patch their SonicWall firewalls immediately. Attacks are currently taking place, making prompt action essential to mitigate potential exploits. The vulnerability highlights the importance of keeping security infrastructure up-to-date to defend against emerging threats.

Recommended read:
References :
  • BleepingComputer: Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code.
  • Anonymous ???????? :af:: Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code.
  • heise online English: Patch Sonicwall now! Attackers bypass authentication of firewalls Attacks are currently taking place on Sonicwall firewalls. Security updates are available for download.
@jocert.ncsc.jo - 11d

Urgent Patch Required: High-Risk PHP Vulnerability CVE-2022-31631 - A critical security vulnerability (CVE-2022-31631) in PHP's PDO::quote() function with SQLite databases can lead to SQL injection attacks; users should update to patched versions immediately.
References: cyble.com , security.netapp.com ,
A critical security vulnerability, CVE-2022-31631, has been identified in PHP that could expose websites and applications to SQL injection attacks. The vulnerability resides in the PDO::quote() function when used with SQLite databases. This flaw stems from an integer overflow issue, potentially leading to improper string sanitization. Successful exploitation could allow attackers to inject malicious code, gain control of the database, steal sensitive data, or modify database content.

Users of PHP are urged to update to patched versions immediately. The vulnerability affects PHP versions 8.0.x before 8.0.27, 8.1.x before 8.1.15, and 8.2.x before 8.2.2. Fixed versions include PHP versions 8.0.27, 8.1.15, or 8.2.2 (or later). NetApp has issued an advisory, NTAP-20230223-0007, acknowledging the vulnerability in multiple NetApp products, stating successful exploitation could lead to Denial of Service (DoS).

Recommended read:
References :
  • cyble.com: CVE-2022-31631: High-Risk PHP Vulnerability Demands Immediate Patch
  • security.netapp.com: Security Advisory for CVE-2022-31631
  • cyble.com: CVE-2022-31631: High-Risk PHP Vulnerability Demands Immediate Patch

Blogs

Research Tools