CVE Trends

CVE-2025-23209 is a code injection vulnerability found in Craft CMS versions 4 and 5. Exploitation of this vulnerability allows for remote code execution on affected systems. This vulnerability is only exploitable if an attacker has already compromised the user's security key. The vulnerability arises from inadequate control over code generation, which creates an opportunity for code injection attacks. Patches for this vulnerability are available in Craft CMS versions 5.5.8 and 4.13.8.

CVE-2025-0110 is a command injection vulnerability found in the Palo Alto Networks PAN-OS OpenConfig plugin. This vulnerability allows an authenticated administrator, who can make gNMI requests to the PAN-OS management web interface, to execute arbitrary commands, bypassing system restrictions. These commands run with the privileges of the "__openconfig" user, who has Device Administrator rights on the firewall. Exploitation of this vulnerability requires administrator privileges and the OpenConfig plugin to be enabled. The vulnerability exists in versions of the OpenConfig plugin prior to 2.1.2. Upgrading to version 2.1.2 or later is the recommended mitigation. Additionally, restricting access to the management web interface to trusted internal IP addresses is a crucial security measure to reduce the risk of exploitation.

CVE-2024-56326 is a template injection vulnerability found in the Jinja templating engine before version 3.1.5. The vulnerability stems from an oversight in Jinja's sandboxed environment, specifically in how it handles calls to Python's `str.format` function. This flaw allows attackers who can control template content to bypass the sandbox and execute arbitrary Python code. Exploitation of this vulnerability requires an attacker to have control over the content of a Jinja template. By manipulating the template content to include specific calls to the `str.format` method, the attacker can escape the sandboxed environment and execute unintended Python code on the server.

CVE-2024-13159 is a credential coercion vulnerability found in Ivanti Endpoint Manager (EPM). It exists within the `GetHashForWildcardRecursive()` method of the `VulCore` class, located in the `WSVulnerabilityCore.dll` file. This method improperly validates user-supplied input, specifically the "wildcard" parameter. This oversight allows attackers to manipulate the wildcard parameter to construct a remote UNC path. Consequently, the EPM server is tricked into reading files from an attacker-specified directory. This vulnerability, along with three others (CVE-2024-10811, CVE-2024-13160, and CVE-2024-13161), can be exploited by unauthenticated attackers to potentially compromise the EPM server. Proof-of-concept exploit code has been publicly released, increasing the risk of attacks. These vulnerabilities were patched by Ivanti in January 2025. Users of affected EPM versions are strongly encouraged to apply the necessary updates.

CVE-2024-12284 is a vulnerability found in NetScaler Console (formerly NetScaler ADM) and NetScaler Console Agent. It stems from insufficient privilege management, allowing authenticated attackers to execute commands without proper authorization. The vulnerability only affects authenticated users who already possess access to the NetScaler Console. Exploiting this vulnerability allows malicious actors to execute unauthorized commands. Cloud Software Group, having released builds to address this issue on February 18, 2025, recommends using external authentication for NetScaler Console as a security best practice. Upgrading to the latest builds is recommended for users of on-premises NetScaler Console and NetScaler Console Agent. Users of the Citrix-managed NetScaler Console Service do not need to take any action.

CVE-2025-0108 is an authentication bypass vulnerability found in the web management interface of Palo Alto Networks' PAN-OS firewall software. This vulnerability allows unauthenticated network access to bypass authentication and execute certain PHP scripts on affected devices. While this flaw doesn't directly permit remote code execution, it can compromise the integrity and confidentiality of the PAN-OS system. This vulnerability has been actively exploited in the wild.

CVE-2025-21355 is a vulnerability found in Microsoft Bing. Due to missing authentication for a critical function, unauthorized attackers could execute code remotely over a network. This vulnerability has been categorized as CWE-306, Missing Authentication for Critical Function. Microsoft has addressed this vulnerability. Further details and potential remediation steps can be found on the Microsoft Security Response Center (MSRC) website. As of today, February 20, 2025, this information is current, but the situation may evolve.

CVE-2025-24989 is an improper access control vulnerability in Microsoft Power Pages, a low-code platform used to create and manage business websites. Exploitation of this flaw allows unauthorized actors to escalate privileges on the network and bypass user registration controls, potentially granting them access they shouldn't have. Microsoft has addressed this vulnerability at the service level and notified affected customers. Those who haven't received a notification are not considered affected. Microsoft has provided instructions to affected customers on how to check their sites for signs of compromise and steps to take for remediation. This vulnerability has been actively exploited in the wild.

CVE-2025-21420 is an elevation of privilege vulnerability that exists in the Windows Disk Cleanup tool. Successful exploitation could allow an attacker to elevate their privileges to SYSTEM level. As of February 18, 2025, the CVSS v3 score is 7.8, considered High. Microsoft has addressed this vulnerability. It is recommended to apply the necessary security updates to mitigate the risk.

CVE-2025-27090 pertains to a stored cross-site scripting (XSS) vulnerability found in the Drivr Lite – Google Drive Plugin, impacting versions up to and including 1.0. This vulnerability stems from improper neutralization of user input during web page generation. An attacker could exploit this vulnerability by injecting malicious scripts into the plugin, which would then be stored and executed when other users access the affected pages. This vulnerability allows arbitrary JavaScript code execution in the context of other users interacting with the plugin. Successful exploitation could lead to various attacks, such as session hijacking, cookie theft, or redirection to malicious websites.