CVE Trends

CVE-2025-24200 is an authorization issue in Apple's iOS and iPadOS, fixed with improved state management. This vulnerability could allow a physical attacker to disable USB Restricted Mode on a locked device. USB Restricted Mode, introduced in iOS 11.4.1, prevents USB accessories from connecting to an iOS device after it has been locked for a certain period. Disabling this feature could allow unauthorized access to the device's data. The vulnerability affects iPhone XS and later, iPad Pro (13-inch), iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later). Apple acknowledges that this vulnerability may have been actively exploited in highly targeted attacks, describing them as "extremely sophisticated" and directed at specific individuals. Patches for CVE-2025-24200 were released by Apple on February 9, 2025, and are included in iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5. The vulnerability was reported by Bill Marczak of the Citizen Lab at the University of Toronto's Munk School.

CVE-2023-31122 is an out-of-bounds read vulnerability found in the `mod_macro` module of the Apache HTTP Server. This vulnerability affects Apache HTTP Server versions 2.4.57 and earlier. When processing a long macro, the module fails to add a null byte terminator. This oversight leads to an out-of-bounds read. Exploiting this vulnerability may cause a server crash. While the provided sources mention the potential for remote code execution, directory traversal, and command injection, other sources primarily describe the impact as a denial-of-service vulnerability due to the server crash. Upgrading to Apache HTTP Server version 2.4.58 or later mitigates this vulnerability.

CVE-2023-43622 is a denial-of-service (DoS) vulnerability affecting Apache HTTP Server versions 2.4.55 through 2.4.57. It involves an attacker establishing an HTTP/2 connection with an initial window size set to zero. This manipulation can cause the server to indefinitely block handling of the connection, effectively tying up resources. The vulnerability resembles the "slow loris" attack pattern, which aims to exhaust server resources and disrupt service. This vulnerability was addressed in Apache HTTP Server version 2.4.58. Upgrading to this or a later version is recommended to mitigate the risk associated with CVE-2023-43622.

CVE-2025-25064 is an SQL injection vulnerability found in the ZimbraSync Service SOAP endpoint of Zimbra Collaboration. This vulnerability arises from insufficient sanitization of a user-supplied parameter. An attacker who has authenticated to the system can manipulate this parameter to inject arbitrary SQL queries. This manipulation could allow the attacker to retrieve email metadata. Zimbra Collaboration versions 10.0.x before 10.0.12 and 10.1.x before 10.1.4 are affected. Zimbra has addressed this vulnerability and released patches. Users of affected versions are strongly encouraged to update their installations to version 10.0.12 or 10.1.4, respectively, to mitigate the risk. This information is current as of February 10, 2025.

CVE-2024-12754 is a vulnerability found in the AnyDesk remote administration software. It allows local attackers to escalate their privileges on affected Windows systems. The vulnerability exists due to how the AnyDesk service manages background images during remote sessions. More specifically, the service copies the user's background image to the `C:\Windows\Temp` directory with `NT AUTHORITY\SYSTEM` privileges, which can be exploited by an attacker. By manipulating this process, for example, by using a junction, an attacker who can run low-privileged code on the system can potentially read arbitrary files. This could lead to the disclosure of sensitive information, such as stored credentials, which could be used for further compromise. The vulnerability has been patched in AnyDesk version 9.0.1.