CVE Trends

CVE-2025-2783 is a vulnerability in Google Chrome specifically affecting Windows users. It is described as an "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo is a collection of runtime libraries that facilitates inter-process communication (IPC). This vulnerability allowed attackers to bypass Chrome's sandbox protection. The vulnerability was exploited in the wild as part of a targeted attack dubbed "Operation ForumTroll," which targeted media outlets, educational institutions, and government organizations in Russia. The attack involved phishing emails with malicious links that, when clicked in Chrome, led to immediate infection. The exploit was designed to work with another exploit that enabled remote code execution, although the second exploit was not obtained by researchers. Google has addressed this vulnerability in Chrome version 134.0.6998.177/.178 for Windows.

CVE-2025-31324 is a vulnerability affecting SAP NetWeaver Visual Composer Metadata Uploader. The core issue is a missing authorization check, which allows unauthenticated attackers to upload potentially malicious executable binaries to the system. This vulnerability can be exploited by crafting malicious POST requests to deliver webshells, enabling attackers to execute system commands, upload unauthorized files, seize control of compromised systems, execute remote code, and potentially steal sensitive data.

CVE-2024-27876 is a race condition vulnerability that affects multiple Apple operating systems. It resides in the Archive Handler component of visionOS, but also impacts macOS Ventura, iOS, iPadOS, macOS Sonoma, and macOS Sequoia. The vulnerability occurs when unpacking a maliciously crafted archive, potentially allowing an attacker to write arbitrary files. This issue was resolved through improved locking mechanisms in the patched versions of the operating systems.

CVE-2025-31650 is an improper input validation vulnerability in Apache Tomcat. The vulnerability arises from incorrect error handling of invalid HTTP priority headers, leading to incomplete cleanup of failed requests and a memory leak. By sending a large number of requests with malformed HTTP priority headers, an attacker can trigger an OutOfMemoryException, resulting in a denial-of-service (DoS) condition. This affects Apache Tomcat versions 9.0.76 through 9.0.102, 10.1.10 through 10.1.39, and 11.0.0-M2 through 11.0.5. Users are advised to upgrade to versions 9.0.104, 10.1.40, or 11.0.6 to mitigate the risk.

CVE-2025-29824 is a use-after-free vulnerability in the Windows Common Log File System (CLFS) driver. Successful exploitation of this vulnerability allows an attacker to elevate their privileges to SYSTEM, meaning they can gain complete control over the affected system. This vulnerability has been exploited in the wild as a zero-day, meaning attackers were actively using it before a patch was available. It has been associated with ransomware attacks, where attackers use the elevated privileges to deploy ransomware. The vulnerability was addressed in Microsoft's April 2025 Patch Tuesday update.

CVE-2025-21756 affects the Linux kernel's vsock (Virtual Socket) implementation. Disclosed on February 26, 2025, it is a use-after-free vulnerability that occurs during socket destruction and transport reassignment processes within the vsock subsystem. The vulnerability stems from improper handling of socket bindings during transport reassignment. The `vsock_remove_bound` function can be called without verifying if the socket was bound, potentially leading to a use-after-free condition when `vsock_bind` assumes the socket is in an unbound list. A patch has been implemented to preserve socket bindings until socket destruction, resolving the issue.

CVE-2025-24091 is a vulnerability in iOS that leverages the "Darwin notification" system. This vulnerability allows any application, even those with sandbox restrictions, to trigger an unrecoverable "restore in progress" state on the device with a single line of code. The issue stems from the lack of sender verification or privilege gating in the Darwin notifications API, which enables a third-party app to send critical system-level notifications. A proof-of-concept app called "EvilNotify" demonstrated the vulnerability by using the `notify_post("com.apple.MobileSync.BackupAgent.RestoreStarted")` function call. This tricks the system into thinking a device restore is underway, freezing user interactions and requiring a device restart. Furthermore, embedding this exploit in a widget extension can cause a persistent loop, effectively "soft-bricking" the phone until a full device erase and restore from backup is performed. The vulnerability is addressed in iOS/iPadOS 18.3.

CVE-2025-42599 is a stack-based buffer overflow vulnerability found in Active! mail 6 BuildInfo version 6.60.05008561 and earlier. This vulnerability can be exploited by a remote, unauthenticated attacker sending a specially crafted request. Successful exploitation could lead to arbitrary code execution or a denial-of-service (DoS) condition.

CVE-2025-3928 is an unspecified vulnerability in the Commvault Web Server. It allows a remote, authenticated attacker to create and execute webshells on the affected server. The vulnerability can be exploited by any authenticated remote user, without requiring administrative privileges. CISA has added CVE-2025-3928 to its Known Exploited Vulnerabilities (KEV) catalog and recommends applying available vendor mitigations. Patches are available for Windows and Linux platforms in versions 11.36.46, 11.32.89, 11.28.141, and 11.20.217.

CVE-2025-1976 is a code injection vulnerability affecting Broadcom Brocade Fabric OS. It exists in versions 9.1.0 through 9.1.1d6. The vulnerability allows a local user with administrative privileges to execute arbitrary code with full root privileges due to a flaw in IP Address validation. This vulnerability is actively being exploited. To mitigate the risk, it is recommended to update to Brocade Fabric OS version 9.1.1d7, which contains a security update to address the flaw.