CVE Trends

CVE-2025-27607 is a vulnerability in the 'python-json-logger' library, a popular Python tool used for creating JSON logs. Between December 30, 2024 and March 4, 2025, the library was susceptible to remote code execution (RCE) due to a missing optional dependency, 'msgspec-python313-pre'. This dependency was not available on the Python Package Index (PyPI), allowing a malicious actor to upload a counterfeit package with the same name. If a user installed 'python-json-logger' with optional dependencies in a Python 3.13.x environment, the malicious package could be installed automatically, potentially giving the attacker RCE capabilities. The vulnerability has been addressed in version 3.3.0 of 'python-json-logger'. Users are urged to update to this or a later version to mitigate the risk.

CVE-2025-21293 is an elevation of privilege vulnerability in Microsoft Active Directory Domain Services. It allows attackers to gain elevated privileges on a system where they already have user-level access. The vulnerability stems from overly permissive access control lists (ACLs) associated with certain registry keys. Specifically, the "Network Configuration Operators" group has the "CreateSubKey" permission on sensitive registry keys. Exploitation of this vulnerability involves manipulating these registry keys, particularly those related to performance counters, to escalate privileges. This vulnerability was discovered by BirkeP while investigating the "Network Configuration Operators" group and its permissions within the registry. The researcher collaborated with Clément Labro, who developed a method to weaponize performance counters for exploitation.

CVE-2024-53104 is a privilege escalation vulnerability found in the Android kernel's USB Video Class (UVC) driver. This driver is primarily used for handling USB cameras and similar video sources. The vulnerability arises from improper parsing of specifically crafted video frames, leading to a memory corruption issue. This could allow an attacker to write to memory locations they shouldn't have access to. Exploitation of this vulnerability could allow for local privilege escalation, potentially enabling a malicious app or specially crafted hardware to gain control of a vulnerable Android device. Google has acknowledged that there are indications of limited, targeted exploitation of this vulnerability. A patch for this vulnerability was incorporated into the open-source kernel at the end of 2024 and is included in the February 2025 Android security update.

CVE-2025-21333 is an elevation of privilege vulnerability found in Windows Hyper-V's NT Kernel Integration VSP (Virtual Switch Port). Successful exploitation allows a low-privileged user on a guest system to execute code on the host system with elevated privileges. Microsoft has confirmed active exploitation of this vulnerability. This vulnerability is one of three related Hyper-V flaws patched by Microsoft in February 2025, the others being CVE-2025-21334 and CVE-2025-21335. These vulnerabilities have a CVSS 3.1 base score of 7.8, indicating a high severity.

CVE-2024-50394 is an improper certificate validation vulnerability that affects QNAP's Helpdesk application. Successful exploitation could allow remote attackers to compromise the security of the system. QNAP has addressed this vulnerability in Helpdesk version 3.3.3 and later. Versions of the Helpdesk app prior to 3.3.3 are vulnerable. Users are strongly encouraged to update their Helpdesk application to the latest version to mitigate the risk associated with this vulnerability.

CVE-2025-27840 is a vulnerability found in Espressif ESP32 chips. These chips permit 29 undocumented HCI commands, including a command (0xFC02) that allows writing to memory. This vulnerability was first publicly disclosed on March 8, 2025. Additional information regarding this vulnerability can be found on sites such as the National Vulnerability Database (NVD) and GitHub's Advisory Database.

CVE-2024-4577 is a vulnerability that enables remote code execution in PHP installations on Windows servers. It specifically affects systems running PHP in CGI mode or those exposing the PHP binary. Exploitation involves leveraging the Windows "Best-Fit" encoding feature, typically by inserting a "soft hyphen" character within a URL. This allows attackers to bypass PHP sanitization measures and execute arbitrary code via the `php.exe` executable. While initially believed to have a broader impact, further research revealed that successful exploitation primarily hinges on the system's locale being configured for Chinese (simplified or traditional) or Japanese. Other similar locales might also be susceptible. The vulnerability affects PHP versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8. Proof-of-concept exploits were observed shortly after the vulnerability's disclosure, highlighting its potential for misuse.

CVE-2025-1316 is a command injection vulnerability found in Edimax IC-7100 IP cameras. It stems from improper neutralization of special elements within requests, allowing attackers to execute arbitrary code remotely. Exploitation involves crafting specific requests to gain control of the device. While authentication is typically required, attackers exploit the prevalence of default or weak credentials on internet-exposed cameras. Successful exploitation enables attackers to execute shell scripts, often downloading malware like Mirai. The vulnerability affects all versions of the IC-7100 and was reported to the vendor in October 2024. However, as of March 2025, no patch is available, and the vendor has been unresponsive to disclosure attempts, citing the product's end-of-life status. Multiple Mirai-based botnets are actively exploiting this vulnerability.

CVE-2025-0337 is an authorization bypass vulnerability found in ServiceNow's Now Platform. Exploitation allows authenticated users to access data within the platform that they would not normally be authorized to view. This vulnerability affects the Washington release of the Now Platform and was identified by Justin Hocquel. Patches addressing this vulnerability have been released and are available for hosted and self-hosted customers, as well as partners. These include Washington DC Patch 9, Xanadu Patch 4, and the Yokohama General Availability (Patch 1) release. Users are strongly encouraged to update their systems to mitigate the risk of exploitation.

CVE-2024-27398 refers to a use-after-free vulnerability found within the Linux kernel's Bluetooth subsystem. The vulnerability arises from a race condition during the disconnection of a SCO (Synchronous Connection-Oriented) link. Specifically, a timeout worker is scheduled to monitor the disconnection process. However, the socket associated with the SCO connection might be deallocated before the timeout worker completes its task. This leads to a situation where the worker attempts to access the already freed memory, resulting in a use-after-free error. This vulnerability can be triggered when a SCO connection is established and subsequently released. A cleanup thread deallocates the socket, while a separate worker thread, responsible for managing timeouts, might attempt to access the same memory region. This race condition allows for a use-after-free scenario, potentially leading to system instability or crashes. The issue was addressed by correcting the handling of SCO socket timeouts to prevent the worker thread from accessing deallocated memory.