CVE Trends

CVE-2025-31161 is a critical authentication bypass vulnerability found in CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0. It stems from a flaw in the AWS4-HMAC authorization method within the HTTP component, allowing remote attackers to gain unauthorized access to systems running unpatched versions of the software via unauthenticated HTTP requests. The vulnerability allows attackers to impersonate any known or guessable user, including the "crushadmin" account, by sending a manipulated Authorization header. The server initially verifies user existence without requiring a password, enabling session authentication through HMAC verification before a subsequent user verification check. This bypass can lead to a full compromise of the system by obtaining an administrative account.

CVE-2024-48887 is an unverified password change vulnerability affecting the FortiSwitch GUI. It allows a remote, unauthenticated attacker to modify administrator passwords by sending a specially crafted request. The vulnerability exists in FortiSwitch versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.10, and 6.4.0 through 6.4.14. Fortinet has released updates to address this issue, and users are advised to upgrade to the respective fixed versions. As a workaround, disabling HTTP/HTTPS access from administrative interfaces and configuring trusted hosts can mitigate the risk.

CVE-2024-53197 is a privilege escalation vulnerability found in the USB sub-component of the Linux kernel. It stems from improper handling of the `bNumConfigurations` value in the ALSA USB audio subsystem, which can lead to out-of-bounds memory accesses. This vulnerability could allow an attacker with physical access to the system, through a malicious USB device, to manipulate system memory, potentially escalating privileges or executing arbitrary code. It has been identified as being exploited in targeted attacks, including being part of an exploit chain used to compromise an Android phone in December 2024.

CVE-2025-21293 is an elevation of privilege vulnerability in Microsoft Active Directory Domain Services. It allows attackers to gain elevated privileges on a system where they already have user-level access. The vulnerability stems from overly permissive access control lists (ACLs) associated with certain registry keys. Specifically, the "Network Configuration Operators" group has the "CreateSubKey" permission on sensitive registry keys. Exploitation of this vulnerability involves manipulating these registry keys, particularly those related to performance counters, to escalate privileges. This vulnerability was discovered by BirkeP while investigating the "Network Configuration Operators" group and its permissions within the registry. The researcher collaborated with Clément Labro, who developed a method to weaponize performance counters for exploitation.

CVE-2025-29824 is a use-after-free vulnerability in the Windows Common Log File System (CLFS) driver. Successful exploitation of this vulnerability allows an attacker to elevate their privileges to SYSTEM, meaning they can gain complete control over the affected system. This vulnerability has been exploited in the wild as a zero-day, meaning attackers were actively using it before a patch was available. It has been associated with ransomware attacks, where attackers use the elevated privileges to deploy ransomware. The vulnerability was addressed in Microsoft's April 2025 Patch Tuesday update.

CVE-2025-24446 is an Improper Input Validation vulnerability affecting Adobe ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier. Successful exploitation could lead to arbitrary code execution within the context of the current user. User interaction is required to exploit this vulnerability, as a victim must open a malicious file. The vulnerability exists due to improper input validation, potentially allowing attackers to execute arbitrary code on vulnerable ColdFusion instances. Adobe has released security updates for ColdFusion versions 2025, 2023, and 2021 to address this and other vulnerabilities. It is recommended to update to the latest version of ColdFusion to mitigate the risk.

CVE-2025-30281 is an Improper Access Control vulnerability affecting Adobe ColdFusion versions 2023.12, 2021.18, 2025.0, and earlier. It allows an attacker to read arbitrary files from the file system, potentially accessing or modifying sensitive data without proper authorization. Exploitation of this vulnerability does not require any user interaction. The vulnerability stems from the product not restricting or incorrectly restricting access to a resource from an unauthorized actor. An attacker with high privileges can exploit this vulnerability to compromise the confidentiality and integrity of the system. It is recommended to upgrade to the latest version of Adobe ColdFusion beyond the affected versions and implement strict access controls.

CVE-2025-24447 is a deserialization of untrusted data vulnerability affecting Adobe ColdFusion versions 2023.12, 2021.18, 2025.0, and earlier. This vulnerability could lead to arbitrary code execution within the context of the current user. Exploitation of CVE-2025-24447 requires user interaction, specifically a victim opening a malicious file. Adobe has released security updates to address this vulnerability in ColdFusion versions 2025, 2023, and 2021.

CVE-2025-2945 is a Remote Code Execution (RCE) vulnerability affecting pgAdmin 4 versions prior to 9.2, specifically impacting the Query Tool and Cloud Deployment modules. The vulnerability stems from the insecure handling of user-supplied parameters in two POST endpoints: `/sqleditor/query_tool/download` and `/cloud/deploy`. In these endpoints, the `query_commited` and `high_availability` parameters are passed directly to Python's `eval()` function without proper sanitization. This allows attackers to inject and execute arbitrary code on the server, potentially leading to complete system compromise.

CVE-2025-31115 affects XZ Utils versions 5.3.3alpha to 5.8.0. It is a heap use-after-free bug found in the multithreaded decoder within the liblzma library. This vulnerability can be triggered by invalid input, potentially leading to a crash due to memory corruption. Specifically, the vulnerability occurs in the `lzma_stream_decoder_mt` function. Exploitation could result in "heap use after free and writing to an address based on the null pointer plus an offset," which may allow attackers to corrupt memory and potentially execute arbitrary code. A fix is available in XZ Utils version 5.8.1.