CVE Trends

CVE-2024-12511 is a vulnerability related to improper privilege management in certain Xerox printer models. By accessing the user address book configuration, an attacker can modify the IP address of the SMB or FTP server. This modification redirects file scan operations to a server controlled by the attacker, potentially leading to the capture of SMB or FTP credentials. This attack requires that the scanning functionality is enabled on the printer and that the attacker has access to the printer's address book settings. It's important to note that this vulnerability leverages the trust placed in the printer's address book settings to redirect credentials to a malicious server.

CVE-2024-12510 describes a vulnerability where, if Lightweight Directory Access Protocol (LDAP) settings are accessed by an attacker, authentication could be redirected to a server controlled by the attacker. This redirection could potentially expose user credentials, allowing the attacker to intercept and compromise them. This vulnerability requires the attacker to have administrative access to the LDAP settings. Successful exploitation could lead to unauthorized access to systems and data, possibly enabling further compromise of the network. As of February 18, 2025, there is no evidence of a public exploit or known instances of this vulnerability being exploited.

CVE-2025-1094 is an SQL injection vulnerability found in PostgreSQL's interactive tool, `psql`, and the `libpq` functions. The vulnerability allows attackers to inject malicious SQL code due to improper handling of escaped characters, specifically invalid UTF-8 characters within the PostgreSQL string escaping routines. This can lead to arbitrary code execution by leveraging `psql`'s ability to run meta-commands, potentially granting attackers control over the underlying operating system. This vulnerability affects PostgreSQL versions prior to 17.3, 16.7, 15.11, 14.16, and 13.19. It was discovered by Rapid7 during their research into CVE-2024-12356, a remote code execution vulnerability in BeyondTrust products. Exploitation of CVE-2024-12356 reportedly required the exploitation of CVE-2025-1094. PostgreSQL users are advised to update to the latest versions to mitigate this vulnerability. The functions affected in the `libpq` library include `PQescapeLiteral()`, `PQescapeIdentifier()`, `PQescapeString()`, and `PQescapeStringConn()`.

The web-based configuration panel for Hirsch Enterphone MESH (formerly Identiv and Viscount) versions through 2024 has a vulnerability due to default credentials. The username "freedom" with the password "viscount" can be used to access the administrative interface via `mesh.webadmin.MESHAdminServlet`. The system doesn't prompt administrators to change these credentials upon initial setup, and the process to change them is complex. This vulnerability potentially allows unauthorized access to building management systems. This vulnerability has been identified as CVE-2025-26793 and assigned the GitHub ID GHSA-x8v9-7r66-c92w. It affects numerous apartment buildings in Canada and the US. Exploiting this vulnerability could lead to unauthorized access and potential exposure of residents' personally identifiable information (PII). It's important to note that this information is current as of February 16, 2025, and the situation may evolve.

CVE-2025-26465 is a vulnerability in the OpenSSH client that can allow a man-in-the-middle (MitM) attack when the `VerifyHostKeyDNS` option is enabled. This option allows the client to verify the server's identity against DNS records. Due to a logic error in how the server's identity is verified when memory allocation errors occur, an attacker can potentially bypass these checks and impersonate the intended server. This could lead to the theft of sensitive information, such as credentials. While the `VerifyHostKeyDNS` option is currently disabled by default, it was previously enabled by default in certain environments like FreeBSD between September 2013 and March 2023. Administrators are encouraged to review their configurations to ensure this option is not enabled unless specifically required. The vulnerability has existed since late 2014 and highlights the importance of regularly reviewing and updating security configurations.

CVE-2025-24200 is an authorization issue in Apple's iOS and iPadOS, fixed with improved state management. This vulnerability could allow a physical attacker to disable USB Restricted Mode on a locked device. USB Restricted Mode, introduced in iOS 11.4.1, prevents USB accessories from connecting to an iOS device after it has been locked for a certain period. Disabling this feature could allow unauthorized access to the device's data. The vulnerability affects iPhone XS and later, iPad Pro (13-inch), iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later). Apple acknowledges that this vulnerability may have been actively exploited in highly targeted attacks, describing them as "extremely sophisticated" and directed at specific individuals. Patches for CVE-2025-24200 were released by Apple on February 9, 2025, and are included in iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5. The vulnerability was reported by Bill Marczak of the Citizen Lab at the University of Toronto's Munk School.

CVE-2023-7028 is an account takeover vulnerability affecting GitLab Community Edition (CE) and Enterprise Edition (EE). It allows attackers to reset a user's password by exploiting a flaw in the password reset email process. By providing two email addresses during the reset request, the attacker can have the reset code sent to both their own email and the target's email address, thus gaining control of the account. Users with two-factor authentication enabled and those using LDAP logins are not susceptible to this vulnerability. This vulnerability has been actively exploited, prompting the Cybersecurity and Infrastructure Security Agency (CISA) to add it to its Known Exploited Vulnerabilities Catalog in May 2024. It was assigned a maximum CVSS score of 10, indicating its critical nature.

CVE-2025-0108 is an authentication bypass vulnerability in the management web interface of Palo Alto Networks' PAN-OS software. An unauthenticated, remote attacker with network access to the management interface can bypass authentication and execute certain PHP scripts. Exploiting this vulnerability does not allow for remote code execution, but it could compromise the integrity and confidentiality of the PAN-OS system. The vulnerability affects PAN-OS versions 10.1 (before 10.1.14-h9), 10.2 (before 10.2.13-h3), 11.1 (before 11.1.6-h1), and 11.2 (before 11.2.4-h4). Cloud NGFW and Prisma Access are not affected. Palo Alto Networks has addressed this vulnerability with security updates and advises users to update their systems to the latest PAN-OS versions. As a best practice, it is also recommended to restrict access to the management web interface to trusted internal IP addresses only.

CVE-2025-21420 is an elevation of privilege vulnerability that exists in the Windows Disk Cleanup tool. Successful exploitation could allow an attacker to elevate their privileges to SYSTEM level. As of February 18, 2025, the CVSS v3 score is 7.8, considered High. Microsoft has addressed this vulnerability. It is recommended to apply the necessary security updates to mitigate the risk.