CVE Trends

CVE-2025-29824 is a use-after-free vulnerability in the Windows Common Log File System (CLFS) driver. Successful exploitation of this vulnerability allows an attacker to elevate their privileges to SYSTEM, meaning they can gain complete control over the affected system. This vulnerability has been exploited in the wild as a zero-day, meaning attackers were actively using it before a patch was available. It has been associated with ransomware attacks, where attackers use the elevated privileges to deploy ransomware. The vulnerability was addressed in Microsoft's April 2025 Patch Tuesday update.

CVE-2025-21293 is an elevation of privilege vulnerability in Microsoft Active Directory Domain Services. It allows attackers to gain elevated privileges on a system where they already have user-level access. The vulnerability stems from overly permissive access control lists (ACLs) associated with certain registry keys. Specifically, the "Network Configuration Operators" group has the "CreateSubKey" permission on sensitive registry keys. Exploitation of this vulnerability involves manipulating these registry keys, particularly those related to performance counters, to escalate privileges. This vulnerability was discovered by BirkeP while investigating the "Network Configuration Operators" group and its permissions within the registry. The researcher collaborated with Clément Labro, who developed a method to weaponize performance counters for exploitation.

CVE-2025-22457 is a stack-based buffer overflow vulnerability affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways. It allows a remote, unauthenticated attacker to execute arbitrary code on the target device. The vulnerability is triggered by network access to the impacted appliances. Exploitation of CVE-2025-22457 has been observed in the wild, with attackers using a shell script dropper to inject the BRUSHFIRE passive backdoor into a running web process.

CVE-2024-0132 is a Time-of-Check Time-of-Use (TOCTOU) vulnerability found in NVIDIA Container Toolkit versions 1.16.1 and earlier. It exists when the toolkit is used with its default configuration. The vulnerability allows a specially crafted container image to gain unauthorized access to the host file system. This vulnerability does not impact use cases where the Container Device Interface (CDI) is used. Successful exploitation of CVE-2024-0132 can lead to several consequences, including code execution, denial of service, privilege escalation, information disclosure, and data tampering. While NVIDIA released a patch in September 2024, it was later found to be incomplete, leaving systems potentially vulnerable to container escape attacks and a related performance flaw affecting Docker on Linux.

CVE-2025-3248 is a code injection vulnerability that affects Langflow versions prior to 1.3.0. It exists in the `/api/v1/validate/code` endpoint, where a remote, unauthenticated attacker can send crafted HTTP requests to execute arbitrary code on the server. This vulnerability allows attackers to gain control of vulnerable Langflow servers without needing authentication. To remediate this vulnerability, users are advised to upgrade to Langflow version 1.3.0 or restrict network access to the application.

CVE-2024-48887 is an unverified password change vulnerability affecting the FortiSwitch GUI. It allows a remote, unauthenticated attacker to modify administrator passwords by sending a specially crafted request. The vulnerability exists in FortiSwitch versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.10, and 6.4.0 through 6.4.14. Fortinet has released updates to address this issue, and users are advised to upgrade to the respective fixed versions. As a workaround, disabling HTTP/HTTPS access from administrative interfaces and configuring trusted hosts can mitigate the risk.

CVE-2025-24446 is an Improper Input Validation vulnerability affecting Adobe ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier. Successful exploitation could lead to arbitrary code execution within the context of the current user. User interaction is required to exploit this vulnerability, as a victim must open a malicious file. The vulnerability exists due to improper input validation, potentially allowing attackers to execute arbitrary code on vulnerable ColdFusion instances. Adobe has released security updates for ColdFusion versions 2025, 2023, and 2021 to address this and other vulnerabilities. It is recommended to update to the latest version of ColdFusion to mitigate the risk.

CVE-2025-30281 is an Improper Access Control vulnerability affecting Adobe ColdFusion versions 2023.12, 2021.18, 2025.0, and earlier. It allows an attacker to read arbitrary files from the file system, potentially accessing or modifying sensitive data without proper authorization. Exploitation of this vulnerability does not require any user interaction. The vulnerability stems from the product not restricting or incorrectly restricting access to a resource from an unauthorized actor. An attacker with high privileges can exploit this vulnerability to compromise the confidentiality and integrity of the system. It is recommended to upgrade to the latest version of Adobe ColdFusion beyond the affected versions and implement strict access controls.

CVE-2025-24447 is a deserialization of untrusted data vulnerability affecting Adobe ColdFusion versions 2023.12, 2021.18, 2025.0, and earlier. This vulnerability could lead to arbitrary code execution within the context of the current user. Exploitation of CVE-2025-24447 requires user interaction, specifically a victim opening a malicious file. Adobe has released security updates to address this vulnerability in ColdFusion versions 2025, 2023, and 2021.

CVE-2024-11859 is a DLL Search Order Hijacking vulnerability. It potentially allows an attacker with administrator privileges to load a malicious dynamic-link library (DLL) and execute its code within the context of a vulnerable application. Specifically, this vulnerability has been found to affect ESET security products. By exploiting this flaw, attackers can plant a malicious DLL that is then executed by the ESET antivirus scanner, allowing unauthorized code to run silently, bypassing standard system warnings and activity logs.