CVE Trends

CVE-2025-27090 pertains to a stored cross-site scripting (XSS) vulnerability found in the Drivr Lite – Google Drive Plugin, impacting versions up to and including 1.0. This vulnerability stems from improper neutralization of user input during web page generation. An attacker could exploit this vulnerability by injecting malicious scripts into the plugin, which would then be stored and executed when other users access the affected pages. This vulnerability allows arbitrary JavaScript code execution in the context of other users interacting with the plugin. Successful exploitation could lead to various attacks, such as session hijacking, cookie theft, or redirection to malicious websites.

CVE-2025-0108 is an authentication bypass vulnerability found in the web management interface of Palo Alto Networks' PAN-OS firewall software. This vulnerability allows unauthenticated network access to bypass authentication and execute certain PHP scripts on affected devices. While this flaw doesn't directly permit remote code execution, it can compromise the integrity and confidentiality of the PAN-OS system. This vulnerability has been actively exploited in the wild.

CVE-2024-53704 is an authentication bypass vulnerability found in the SSL VPN component of SonicWall firewalls running the SonicOS operating system. This flaw allows unauthorized remote attackers to bypass the authentication mechanism and gain access to the network. The vulnerability exists due to improper authentication within the SSLVPN component. Exploitation attempts targeting this vulnerability began shortly after the public release of proof-of-concept exploit code on February 10, 2025. Patches for CVE-2024-53704 have been available since January 7, 2024. Federal Civilian Executive Branch agencies are mandated to address this vulnerability by March 11, 2025.

CVE-2024-12284 is a vulnerability found in NetScaler Console (formerly NetScaler ADM) and NetScaler Console Agent. It stems from insufficient privilege management, allowing authenticated attackers to execute commands without proper authorization. The vulnerability only affects authenticated users who already possess access to the NetScaler Console. Exploiting this vulnerability allows malicious actors to execute unauthorized commands. Cloud Software Group, having released builds to address this issue on February 18, 2025, recommends using external authentication for NetScaler Console as a security best practice. Upgrading to the latest builds is recommended for users of on-premises NetScaler Console and NetScaler Console Agent. Users of the Citrix-managed NetScaler Console Service do not need to take any action.

CVE-2025-21355 is a vulnerability found in Microsoft Bing. Due to missing authentication for a critical function, unauthorized attackers could execute code remotely over a network. This vulnerability has been categorized as CWE-306, Missing Authentication for Critical Function. Microsoft has addressed this vulnerability. Further details and potential remediation steps can be found on the Microsoft Security Response Center (MSRC) website. As of today, February 20, 2025, this information is current, but the situation may evolve.

CVE-2024-13159 is a credential coercion vulnerability found in Ivanti Endpoint Manager (EPM). It exists within the `GetHashForWildcardRecursive()` method of the `VulCore` class, located in the `WSVulnerabilityCore.dll` file. This method improperly validates user-supplied input, specifically the "wildcard" parameter. This oversight allows attackers to manipulate the wildcard parameter to construct a remote UNC path. Consequently, the EPM server is tricked into reading files from an attacker-specified directory. This vulnerability, along with three others (CVE-2024-10811, CVE-2024-13160, and CVE-2024-13161), can be exploited by unauthenticated attackers to potentially compromise the EPM server. Proof-of-concept exploit code has been publicly released, increasing the risk of attacks. These vulnerabilities were patched by Ivanti in January 2025. Users of affected EPM versions are strongly encouraged to apply the necessary updates.

CVE-2025-26465 is a vulnerability in the OpenSSH client that can allow a man-in-the-middle (MitM) attack when the `VerifyHostKeyDNS` option is enabled. This option allows the client to verify the server's identity against DNS records. Due to a logic error in how the server's identity is verified when memory allocation errors occur, an attacker can potentially bypass these checks and impersonate the intended server. This could lead to the theft of sensitive information, such as credentials. While the `VerifyHostKeyDNS` option is currently disabled by default, it was previously enabled by default in certain environments like FreeBSD between September 2013 and March 2023. Administrators are encouraged to review their configurations to ensure this option is not enabled unless specifically required. The vulnerability has existed since late 2014 and highlights the importance of regularly reviewing and updating security configurations.

CVE-2024-12511 is a vulnerability related to improper privilege management in certain Xerox printer models. By accessing the user address book configuration, an attacker can modify the IP address of the SMB or FTP server. This modification redirects file scan operations to a server controlled by the attacker, potentially leading to the capture of SMB or FTP credentials. This attack requires that the scanning functionality is enabled on the printer and that the attacker has access to the printer's address book settings. It's important to note that this vulnerability leverages the trust placed in the printer's address book settings to redirect credentials to a malicious server.

CVE-2024-12510 describes a vulnerability where, if Lightweight Directory Access Protocol (LDAP) settings are accessed by an attacker, authentication could be redirected to a server controlled by the attacker. This redirection could potentially expose user credentials, allowing the attacker to intercept and compromise them. This vulnerability requires the attacker to have administrative access to the LDAP settings. Successful exploitation could lead to unauthorized access to systems and data, possibly enabling further compromise of the network. As of February 18, 2025, there is no evidence of a public exploit or known instances of this vulnerability being exploited.