CVE Trends

CVE-2025-27840 is a vulnerability found in Espressif ESP32 chips. These chips permit 29 undocumented HCI commands, including a command (0xFC02) that allows writing to memory. This vulnerability was first publicly disclosed on March 8, 2025. Additional information regarding this vulnerability can be found on sites such as the National Vulnerability Database (NVD) and GitHub's Advisory Database.

CVE-2025-24054 is a vulnerability in Windows NTLM that involves external control of the file name or path, potentially allowing an unauthorized attacker to perform spoofing over a network. The vulnerability can be exploited using a maliciously crafted .library-ms file. Active exploitation of CVE-2025-24054 has been observed in the wild since March 19, 2025. Attackers can potentially leak NTLM hashes or user passwords, compromising systems. Exploitation can be triggered with minimal user interaction, such as right-clicking, dragging and dropping, or simply navigating to a folder containing the malicious file.

CVE-2025-24859 is a session management vulnerability affecting Apache Roller versions up to and including 6.1.4. When a user's password is changed, either by the user or an administrator, existing active sessions are not properly invalidated. This allows an attacker who has gained access through a valid session to maintain unauthorized access even after the password has been changed. The vulnerability stems from a failure to properly manage and invalidate active sessions upon password changes or user deactivation. Apache Roller version 6.1.5 addresses this issue by implementing centralized session management, which ensures that all active sessions are terminated when a password is changed or a user is disabled.

CVE-2025-21299 is a security feature bypass vulnerability affecting Windows Kerberos. The vulnerability stems from an error in how the system handles maliciously crafted requests. Successful exploitation of this vulnerability could allow an attacker to bypass security features. It affects multiple versions of Windows, including Windows 10, Windows Server 2019, Windows Server 2022, and others.

CVE-2025-29809 is a security vulnerability affecting Windows Kerberos. It stems from the insecure storage of sensitive information, which could allow an authorized attacker to bypass security features locally. Successful exploitation of this vulnerability could allow a local attacker to leak Kerberos credentials. If Virtualization-Based Security (VBS) is in use, redeployment with an updated policy may be necessary after patching.

CVE-2025-32433 is a vulnerability found in the Erlang/OTP SSH server. It stems from a flaw in the SSH protocol message handling, which allows an attacker with network access to execute arbitrary code on the server without authentication. Specifically, the vulnerability enables a malicious actor to send connection protocol messages before authentication takes place. Successful exploitation could lead to full compromise of the host, unauthorized access, manipulation of sensitive data, or denial-of-service attacks.

CVE-2025-29471 is a stored Cross-Site Scripting (XSS) vulnerability found in Nagios Log Server version 2024R1.3.1. It exists in the web interface and allows a low-privilege user to inject a malicious JavaScript payload into their profile's email field. When an administrator views the audit logs, the injected script executes, potentially leading to privilege escalation through unauthorized admin account creation. In certain configurations, this vulnerability can be chained to achieve remote code execution (RCE). Public exploits are reportedly available.

CVE-2025-24076 is a vulnerability in the Windows Cross Device Service related to improper access control. It allows an authorized attacker with local access to elevate their privileges on the system. The vulnerability can be exploited using a technique called DLL hijacking. A low-privileged user can modify a DLL file that is loaded by a COM server running with elevated privileges, potentially leading to the execution of arbitrary code with system-level permissions.

CVE-2025-24994 is a vulnerability found in the Windows Cross Device Service. It stems from improper access control, which could allow an attacker with authorization to elevate their privileges on a local system. The vulnerability was published on March 11, 2025. Microsoft is listed as the assigning CNA (CVE Numbering Authority).

CVE-2024-50264 is a vulnerability in the Linux kernel, specifically within the vsock/virtio subsystem. It arises from a dangling pointer issue during loopback communication. A dangling pointer can be created in `vsk->trans`, potentially leading to a Use-After-Free condition. The vulnerability occurs because the `vsk->trans` pointer is not properly initialized. The fix involves initializing `vsk->trans` to NULL, which prevents the use of the dangling pointer and resolves the Use-After-Free condition.