Critical RCE in Ivanti Connect Secure Under Active Exploitation (CVE-2025-0282)
Ivanti has issued an urgent advisory for a critical heap overflow vulnerability (CVE-2025-0282) affecting Connect Secure and Policy Secure gateways. The flaw allows unauthenticated remote code execution (RCE) and is currently being exploited in the wild. Immediate patching is required to prevent full system compromise.
Critical Apache Struts RCE (CVE-2024-53677): Public PoCs Trigger Immediate Patching Mandate
A critical remote code execution vulnerability in Apache Struts (CVE-2024-53677) is currently under active threat after the release of public PoC scripts and Nuclei templates. The flaw allows attackers to bypass file upload restrictions to gain full system control. Immediate patching is required.
Critical Rsync Information Disclosure (CVE-2024-12086) Under Active Exploitation
A severe information disclosure vulnerability in rsync (CVE-2024-12086) is being targeted by attackers using weaponized Nuclei templates. The flaw allows for the leakage of sensitive memory contents from the rsync client, potentially exposing credentials and cryptographic keys.
Public Exploit Released for Critical Realtek IoT Command Injection (CVE-2024-50623)
A functional exploit for CVE-2024-50623, a critical command injection vulnerability in Realtek-based IoT firmware, has been published to public repositories within the last 24 hours. This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on a wide range of IoT devices, including routers and IP cameras. Organizations should immediately audit their hardware inventory for Realtek-based chips and restrict network access to management interfaces.
Critical GitLab Account Takeover Vulnerability (CVE-2024-11667) Targeted by Automated Exploits
A critical vulnerability in GitLab (CVE-2024-11667) allows for unauthorized account takeover through password reset token leakage. With the recent submission of a Metasploit module to automate exploitation, the risk to self-managed instances has escalated to critical status.
Critical Authorization Bypass in Microsoft Partner Center (CVE-2025-65041)
Microsoft has disclosed a critical improper authorization vulnerability in the Partner Center platform, tracked as CVE-2025-65041, which allows unauthenticated remote attackers to achieve full privilege escalation. This flaw poses a severe supply chain risk by potentially granting attackers control over partner accounts and downstream customer tenants. Organizations are advised to immediately audit administrative access logs and enforce strict least-privilege policies.
Critical Sandbox Breakout RCE in n8n (CVE-2025-68613)
A critical remote code execution (RCE) vulnerability, CVE-2025-68613, has been identified in n8n workflow automation software, allowing authenticated attackers to execute system commands. With public proof-of-concept exploits now available, attackers can bypass the execution sandbox via vulnerable API endpoints and workflow expressions. Organizations should immediately update n8n to version 1.122.0 or later to prevent full system compromise and data exfiltration.
WatchGuard Fireware RCE: Active Exploitation of CVE-2025-14733 in IKEv2 VPN
A critical out-of-bounds write vulnerability in the WatchGuard Fireware OS 'iked' process is currently being exploited in the wild. This flaw allows unauthenticated remote attackers to execute arbitrary code on Firebox devices specifically configured for IKEv2 VPN services. Immediate firmware updates are required to mitigate the risk of full device compromise and network intrusion.
Critical Unauthenticated RCE in HPE OneView (CVE-2025-37164) with Public PoC
A maximum-severity unauthenticated Remote Code Execution vulnerability (CVE-2025-37164) has been disclosed in HPE OneView, enabling full system compromise via a single HTTP request. While active exploitation is currently unconfirmed, a functional Proof-of-Concept (PoC) was released on December 19, drastically lowering the barrier for attackers. Immediate patching is mandatory to prevent unauthorized access to core IT infrastructure management systems.
Cisco Zero-Day: APT UAT-9686 Exploiting Secure Email Gateways for Root Access
A critical zero-day vulnerability (CVE-2025-20393) in Cisco AsyncOS for Secure Email Gateway is being actively exploited by the China-linked threat actor UAT-9686. This flaw allows attackers to execute arbitrary commands with root-level privileges, potentially compromising all sensitive email traffic. Organizations must apply emergency patches immediately and conduct forensic audits for signs of lateral movement.
CVE-2024-55591: FortiClientMac Insecure Credential Storage Vulnerability
A critical information disclosure vulnerability (CVE-2024-55591) has been identified in FortiClient for macOS. This flaw allows a local attacker to retrieve sensitive VPN credentials and session tokens due to insecure storage practices on the host system. With a public Proof of Concept (PoC) released on December 22, 2024, organizations using FortiClientMac should prioritize updating to patched versions to prevent unauthorized access to corporate networks via credential theft.
Zero-Day Alert: CVE-2024-44308 WebKit Use-After-Free Actively Exploited
CISA has reported continued active exploitation of CVE-2024-44308, a critical Use-After-Free vulnerability in Apple WebKit's JavaScriptCore component. Attackers are leveraging maliciously crafted web content to achieve arbitrary code execution on macOS and iOS devices. This flaw has been observed in targeted attacks, particularly against Intel-based Mac systems. Organizations are advised to update all Apple assets to the latest security releases immediately.
CVE-2024-12543: Critical Unauthenticated RCE in Themeisle Content Blocks Plugin
A critical PHP Object Injection vulnerability (CVE-2024-12543) in the Themeisle Content Blocks WordPress plugin allows unauthenticated attackers to execute arbitrary code. With a public PoC released on December 21, immediate patching is required to prevent full server takeover.
Active Exploitation of Android Framework EoP (CVE-2024-43093) Targets Sensitive Data
A critical logic error in the Android Framework (CVE-2024-43093) is being actively exploited to bypass file path filters. The vulnerability allows local attackers to gain unauthorized access to sensitive directories, including 'Android/data' and 'Android/obb', by exploiting incorrect Unicode normalization in the ExternalStorageProvider. CISA has added this to the KEV catalog following confirmed targeted exploitation. Immediate patching to the November 2024 security level is required to protect device integrity and user privacy.
Critical Stored XSS in GitLab CE/EE (CVE-2024-48357) Leading to Session Hijacking
A critical Stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2024-48357, has been discovered in GitLab Community Edition (CE) and Enterprise Edition (EE). Disclosed on December 19, 2024, this flaw allows attackers to inject malicious scripts into crafted content—such as Wiki pages, Issue descriptions, or Merge Requests. If a user (including administrators) views this content, the attacker can hijack their session, exfiltrate sensitive data, or perform actions with the victim's privileges. Public proof-of-concept (PoC) scripts emerged on December 21, 2024, significantly increasing the risk of exploitation. We strongly recommend upgrading to GitLab version 17.7.0 or the latest security patches immediately.
Urgent: Critical RCE in CyberPanel (CVE-2024-51567) Exploitation Surging via Middleware Bypass
A critical pre-authentication Remote Code Execution (RCE) vulnerability in CyberPanel (CVE-2024-51567) is under heavy active exploitation as of December 22, 2024. Attackers are utilizing updated scanning templates to bypass security middleware and execute arbitrary shell commands. Immediate upgrade to CyberPanel v2.3.7 or higher is required to mitigate total server takeover.