- VulnVerse
- Posts
- Security Week Review - VulnVerse #29
Security Week Review - VulnVerse #29
Marko Živanović
April 01, 2025
Welcome back to VulnVerse! This is our 29th weekly dispatch, packed with the latest vulnerabilities, exploits, and cyber threats. Let's get to it.
Content:
Vulnerabilities and Exploits 🔥
Cyble's sensors have detected exploitation attempts targeting vulnerabilities in Ivanti AVTECH IP cameras. Attackers are attempting to leverage these vulnerabilities to gain unauthorized access to the devices, which could lead to surveillance breaches or incorporation into botnets.
Security flaws have been discovered in the Ingress NGINX controller for Kubernetes, potentially allowing attackers to escalate privileges within clusters. These vulnerabilities could enable unauthorized access to sensitive data and services.
Broadcom has released a security advisory concerning VMware Tools for Windows, addressing an authentication bypass vulnerability identified as CVE-2025-22230. A malicious actor with non-administrative privileges on a Windows guest VM could exploit this flaw to perform high-privilege operations within the VM.
Trend Micro researchers have analyzed CVE-2025-26633, a vulnerability exploited by the "Water Gamayun" threat actor. The exploit involves manipulating MUIPath using a technique dubbed "MSC EvilTwin," allowing attackers to execute arbitrary code.
Rapid7 has identified a critical vulnerability in Next.js, tracked as CVE-2025-29927, which exposes applications to potential remote code execution.
0patch discusses a vulnerability where specially crafted SCF files can trigger automatic NTLM hash disclosure, potentially allowing attackers to capture and relay authentication credentials.
NetApp has released a security advisory addressing multiple vulnerabilities affecting its products, urging customers to review the advisory and apply recommended updates to maintain system integrity and security.
Security researchers have identified an authentication bypass vulnerability in CrushFTP servers, potentially allowing unauthorized access to sensitive data. Indicators of compromise include unusual login patterns and unexpected data transfers.
A critical vulnerability affecting multiple web browsers has been actively exploited in targeted attacks. Attackers leverage this flaw to execute arbitrary code, potentially leading to data breaches and system compromise.
A critical path equivalence vulnerability, CVE-2025-24813, has been identified in Apache Tomcat, allowing unauthenticated remote code execution under specific conditions. Active exploitation has been observed, posing significant risks to affected systems.
Magento sites are frequent targets for cyberattacks, making timely security patching critical. Sucuri provides a practical guide to understanding and applying Magento security updates, covering common vulnerabilities and best practices.
A newly discovered vulnerability in Exim Mail Server (CVE-2025-30232) allows remote code execution, posing a severe risk to millions of email servers worldwide.
Sensitive credentials leaked from GitHub’s CodeQL repositories have enabled a supply chain attack, exposing vulnerabilities across open-source projects. Praetorian investigates how the exposure occurred, the security implications for developers using CodeQL, and the broader risks of public secrets leaking into malicious hands.
Cybercriminals are leveraging trapped COM objects for stealthy lateral movement, enabling fileless attacks that bypass traditional security solutions. IBM details how attackers abuse these objects to persist within networks undetected, highlighting the need for advanced threat detection strategies.
Reply