CVE Trends

CVE-2025-31201 is a vulnerability in RPAC (Return Pointer Authentication Code), a security feature designed to prevent return-oriented programming attacks. The vulnerability allows an attacker with arbitrary read and write capabilities to bypass Pointer Authentication. Apple addressed this issue by removing the vulnerable code in tvOS 18.4.1, visionOS 2.4.1, iOS 18.4.1 and iPadOS 18.4.1, and macOS Sequoia 15.4.1. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

CVE-2025-42599 is a stack-based buffer overflow vulnerability found in Active! mail 6 BuildInfo version 6.60.05008561 and earlier. This vulnerability can be exploited by a remote, unauthenticated attacker sending a specially crafted request. Successful exploitation could lead to arbitrary code execution or a denial-of-service (DoS) condition.

CVE-2025-31200 is a memory corruption vulnerability that exists in Apple's CoreAudio framework. This vulnerability can be triggered when processing an audio stream within a maliciously crafted media file. Successful exploitation of this vulnerability could allow for arbitrary code execution on the affected device. Apple has addressed this issue with improved bounds checking in tvOS 18.4.1, visionOS 2.4.1, iOS and iPadOS 18.4.1, and macOS Sequoia 15.4.1. It was reported that this vulnerability may have been exploited in targeted attacks against specific individuals.

CVE-2025-24071 involves the exposure of sensitive information in Windows File Explorer, potentially allowing an attacker to perform spoofing over a network. This vulnerability arises from how Windows Explorer handles specially crafted .library-ms files within RAR/ZIP archives. When such an archive is extracted, Windows Explorer automatically parses the .library-ms file due to its indexing and preview mechanisms. If the .library-ms file contains a SimpleLocation tag pointing to an attacker-controlled SMB server, Windows Explorer attempts to resolve this path, triggering an NTLM authentication handshake and potentially sending the victim's NTLMv2 hash without explicit user interaction. This implicit trust and automatic processing of certain file types upon extraction can be exploited to leak credentials.

CVE-2025-32434 is a Remote Command Execution (RCE) vulnerability affecting PyTorch versions 2.5.1 and earlier. It exists in the `torch.load()` function when loading a model with the `weights_only=True` parameter. This parameter was previously believed to provide security, but researchers have demonstrated that attackers can still achieve RCE even when it is enabled. The vulnerability stems from the deserialization of untrusted data. By crafting a malicious model file, an attacker can exploit this flaw to execute arbitrary commands on the target machine. A patch is available in PyTorch version 2.6.0, and users of affected versions are advised to update immediately.

CVE-2025-24054 is a vulnerability in Windows NTLM that involves external control of the file name or path, potentially allowing an unauthorized attacker to perform spoofing over a network. The vulnerability can be exploited using a maliciously crafted .library-ms file. Active exploitation of CVE-2025-24054 has been observed in the wild since March 19, 2025. Attackers can potentially leak NTLM hashes or user passwords, compromising systems. Exploitation can be triggered with minimal user interaction, such as right-clicking, dragging and dropping, or simply navigating to a folder containing the malicious file.

CVE-2024-10095 is a code execution vulnerability affecting Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213). It stems from an insecure deserialization flaw within the PersistenceFramework. The vulnerability, classified as CWE-502 (Deserialization of Untrusted Data), allows attackers to potentially execute arbitrary code locally on a system. Exploitation is possible due to the improper handling of deserialization processes.

CVE-2025-0108 is an authentication bypass vulnerability found in the web management interface of Palo Alto Networks' PAN-OS firewall software. This vulnerability allows unauthenticated network access to bypass authentication and execute certain PHP scripts on affected devices. While this flaw doesn't directly permit remote code execution, it can compromise the integrity and confidentiality of the PAN-OS system. This vulnerability has been actively exploited in the wild.

CVE-2025-2492 is a vulnerability found in ASUS routers, specifically affecting those with the AiCloud feature enabled. It stems from improper authentication controls within the router's firmware. This flaw allows attackers to bypass security checks by sending crafted requests to the router. By doing so, they can potentially execute unauthorized functions remotely without requiring any authentication.