CVE Trends

CVE-2025-0411 is a vulnerability found in the 7-Zip file archiver that allows attackers to bypass the Mark-of-the-Web (MOTW) security feature in Windows. This vulnerability enables attackers to create specially crafted archives. When these archives are extracted using a vulnerable version of 7-Zip, the extracted files do not inherit the MOTW attribute, which normally marks files downloaded from the internet as potentially unsafe. This bypass allows malicious code within the extracted files to execute without triggering the usual security warnings associated with MOTW. Exploiting this vulnerability requires user interaction: a user must either open a malicious file or visit a webpage that triggers the download and extraction of a malicious archive. The vulnerability was addressed in 7-Zip version 24.09, released on November 29, 2024. A proof-of-concept exploit has been publicly released as of January 27, 2025.

CVE-2025-21298 is a critical vulnerability in Windows Object Linking and Embedding (OLE) that can lead to remote code execution. This flaw allows attackers to execute code on a victim's machine remotely, without requiring any interaction from the victim (zero-click). Exploitation can be achieved by sending a specially crafted email, often containing a malicious Rich Text Format (RTF) document, to a user of Microsoft Outlook. Simply opening or previewing the email can trigger the vulnerability. The technical root cause lies within the `ole32.dll` file, specifically in the `UtOlePresStmToContentsStm` function. A double-free error in this function, which handles embedded OLE objects within RTF files, allows for memory manipulation, enabling the execution of malicious code. Proof-of-concept exploits demonstrating memory corruption have been publicly released. This vulnerability has a CVSS score of 9.8, highlighting its severity.

CVE-2024-53104 is a privilege escalation vulnerability found in the Android kernel's USB Video Class (UVC) driver. This driver is primarily used for handling USB cameras and similar video sources. The vulnerability arises from improper parsing of specifically crafted video frames, leading to a memory corruption issue. This could allow an attacker to write to memory locations they shouldn't have access to. Exploitation of this vulnerability could allow for local privilege escalation, potentially enabling a malicious app or specially crafted hardware to gain control of a vulnerable Android device. Google has acknowledged that there are indications of limited, targeted exploitation of this vulnerability. A patch for this vulnerability was incorporated into the open-source kernel at the end of 2024 and is included in the February 2025 Android security update.

CVE-2025-21415 is an authentication bypass vulnerability due to spoofing, affecting Microsoft's Azure AI Face Service. An attacker who already has authorization could exploit this flaw to gain elevated privileges on the network. Microsoft has acknowledged the existence of proof-of-concept exploit code for this vulnerability. While the specific details of the vulnerability have not been publicly disclosed, it involves a discrepancy in how the Azure AI Face service analyzes and processes images. Microsoft has addressed the vulnerability without requiring any action from customers. The fix was deployed, and the vulnerability mitigated by February 4, 2025.

CVE-2025-21293 is an elevation of privilege vulnerability in Microsoft Active Directory Domain Services. It allows attackers to gain elevated privileges on a system where they already have user-level access. The vulnerability stems from overly permissive access control lists (ACLs) associated with certain registry keys. Specifically, the "Network Configuration Operators" group has the "CreateSubKey" permission on sensitive registry keys. Exploitation of this vulnerability involves manipulating these registry keys, particularly those related to performance counters, to escalate privileges. This vulnerability was discovered by BirkeP while investigating the "Network Configuration Operators" group and its permissions within the registry. The researcher collaborated with Clément Labro, who developed a method to weaponize performance counters for exploitation.

CVE-2025-24085 is a use-after-free vulnerability found in Apple's CoreMedia framework, a key component responsible for processing audio and video data across various Apple operating systems (iOS, macOS, tvOS). This flaw allows malicious applications already present on a device to escalate their privileges, potentially granting them unauthorized access to system resources. Exploitation is reportedly easy and can be initiated remotely. This vulnerability has been actively exploited in attacks targeting iOS versions prior to 17.2. Apple has addressed this issue with improved memory management in security updates released for affected operating systems. While the specific details of the exploit remain undisclosed, it's crucial for users to update their devices to mitigate the risk associated with this vulnerability.