CyberAlerts

CVE-2025-27200

Description: Animate versions 24.0.7, 23.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS: HIGH (7.8)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE

April 8th, 2025 (14 days ago)

CVE-2025-27199

Animate | Heap-based Buffer Overflow (CWE-122)

Description: Animate versions 24.0.7, 23.0.10 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS: HIGH (7.8)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE

April 8th, 2025 (14 days ago)

Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824)

🚨 Marked as known exploited on April 10th, 2025 (12 days ago).

Description: 11Critical110Important0Moderate0LowMicrosoft addresses 121 CVEs including one zero-day which was exploited in the wild.Microsoft patched 121 CVEs in its April 2025 Patch Tuesday release, with 11 rated critical and 110 rated as important.This month’s update includes patches for:ASP.NET CoreActive Directory Domain ServicesAzure LocalAzure Local ClusterAzure Portal Windows Admin CenterDynamics Business CentralMicrosoft AutoUpdate (MAU)Microsoft Edge (Chromium-based)Microsoft Edge for iOSMicrosoft OfficeMicrosoft Office ExcelMicrosoft Office OneNoteMicrosoft Office SharePointMicrosoft Office WordMicrosoft Streaming ServiceMicrosoft Virtual Hard DriveOpenSSH for WindowsOutlook for AndroidPower AutomateRPC Endpoint Mapper ServiceRemote Desktop ClientRemote Desktop Gateway ServiceSystem CenterVisual StudioVisual Studio CodeVisual Studio Tools for Applications and SQL Server Management StudioWindows Active Directory Certificate ServicesWindows BitLockerWindows Bluetooth ServiceWindows Common Log File System DriverWindows Cryptographic ServicesWindows DWM Core LibraryWindows Defender Application Control (WDAC)Windows Digital MediaWindows HTTP.sysWindows HelloWindows Hyper-VWindows InstallerWindows KerberosWindows KernelWindows Kernel MemoryWindows Kernel-Mode DriversWindows LDAP - Lightweight Directory Access ProtocolWindows Local Security Authority (LSA)Windows Local Session Manager (LSM)Windows Mark of the Web (MOTW)Windows MediaWindows Mobile BroadbandWindows NTFSWindows Power D...

CVSS: HIGH (7.8)

EPSS Score: 4.33%

Source: Tenable Blog

April 8th, 2025 (14 days ago)

CVE-2025-32117

WordPress Widgetize Pages Light plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light allows Reflected XSS. This issue affects Widgetize Pages Light: from n/a through 3.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE

April 8th, 2025 (14 days ago)

CVE-2025-29824

Windows Common Log File System Driver Elevation of Privilege Vulnerability

🚨 Marked as known exploited on April 8th, 2025 (14 days ago).

Description: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVSS: HIGH (7.8)

EPSS Score: 4.33%

SSVC Exploitation: active

Source: CVE

April 8th, 2025 (14 days ago)

CVE-2025-29823

Microsoft Excel Remote Code Execution Vulnerability

Description: Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: HIGH (7.8)

EPSS Score: 0.06%

Source: CVE

April 8th, 2025 (14 days ago)

CVE-2025-29822

Microsoft OneNote Security Feature Bypass Vulnerability

Description: Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.

CVSS: HIGH (7.8)

EPSS Score: 0.48%

Source: CVE

April 8th, 2025 (14 days ago)

CVE-2025-29820

Microsoft Word Remote Code Execution Vulnerability

Description: Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVSS: HIGH (7.8)

EPSS Score: 0.06%

Source: CVE

April 8th, 2025 (14 days ago)

CVE-2025-29816

Microsoft Word Security Feature Bypass Vulnerability

Description: Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.

CVSS: HIGH (7.5)

EPSS Score: 0.02%

Source: CVE

April 8th, 2025 (14 days ago)

CVE-2025-29812

DirectX Graphics Kernel Elevation of Privilege Vulnerability

Description: Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.

CVSS: HIGH (7.8)

EPSS Score: 0.09%

Source: CVE

April 8th, 2025 (14 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-27200	Animate \| Use After Free (CWE-416) Description: Animate versions 24.0.7, 23.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVSS: HIGH (7.8) EPSS Score: 0.03% SSVC Exploitation: none Source: CVE April 8th, 2025 (14 days ago)
CVE-2025-27199	Animate \| Heap-based Buffer Overflow (CWE-122) Description: Animate versions 24.0.7, 23.0.10 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVSS: HIGH (7.8) EPSS Score: 0.03% SSVC Exploitation: none Source: CVE April 8th, 2025 (14 days ago)
	Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824) 🚨 Marked as known exploited on April 10th, 2025 (12 days ago). Description: 11Critical110Important0Moderate0LowMicrosoft addresses 121 CVEs including one zero-day which was exploited in the wild.Microsoft patched 121 CVEs in its April 2025 Patch Tuesday release, with 11 rated critical and 110 rated as important.This month’s update includes patches for:ASP.NET CoreActive Directory Domain ServicesAzure LocalAzure Local ClusterAzure Portal Windows Admin CenterDynamics Business CentralMicrosoft AutoUpdate (MAU)Microsoft Edge (Chromium-based)Microsoft Edge for iOSMicrosoft OfficeMicrosoft Office ExcelMicrosoft Office OneNoteMicrosoft Office SharePointMicrosoft Office WordMicrosoft Streaming ServiceMicrosoft Virtual Hard DriveOpenSSH for WindowsOutlook for AndroidPower AutomateRPC Endpoint Mapper ServiceRemote Desktop ClientRemote Desktop Gateway ServiceSystem CenterVisual StudioVisual Studio CodeVisual Studio Tools for Applications and SQL Server Management StudioWindows Active Directory Certificate ServicesWindows BitLockerWindows Bluetooth ServiceWindows Common Log File System DriverWindows Cryptographic ServicesWindows DWM Core LibraryWindows Defender Application Control (WDAC)Windows Digital MediaWindows HTTP.sysWindows HelloWindows Hyper-VWindows InstallerWindows KerberosWindows KernelWindows Kernel MemoryWindows Kernel-Mode DriversWindows LDAP - Lightweight Directory Access ProtocolWindows Local Security Authority (LSA)Windows Local Session Manager (LSM)Windows Mark of the Web (MOTW)Windows MediaWindows Mobile BroadbandWindows NTFSWindows Power D... CVSS: HIGH (7.8) EPSS Score: 4.33% Source: Tenable Blog April 8th, 2025 (14 days ago)
CVE-2025-32117	WordPress Widgetize Pages Light plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light allows Reflected XSS. This issue affects Widgetize Pages Light: from n/a through 3.0. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE April 8th, 2025 (14 days ago)
CVE-2025-29824	Windows Common Log File System Driver Elevation of Privilege Vulnerability 🚨 Marked as known exploited on April 8th, 2025 (14 days ago). Description: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.8) EPSS Score: 4.33% SSVC Exploitation: active Source: CVE April 8th, 2025 (14 days ago)
CVE-2025-29823	Microsoft Excel Remote Code Execution Vulnerability Description: Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. CVSS: HIGH (7.8) EPSS Score: 0.06% Source: CVE April 8th, 2025 (14 days ago)
CVE-2025-29822	Microsoft OneNote Security Feature Bypass Vulnerability Description: Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally. CVSS: HIGH (7.8) EPSS Score: 0.48% Source: CVE April 8th, 2025 (14 days ago)
CVE-2025-29820	Microsoft Word Remote Code Execution Vulnerability Description: Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. CVSS: HIGH (7.8) EPSS Score: 0.06% Source: CVE April 8th, 2025 (14 days ago)
CVE-2025-29816	Microsoft Word Security Feature Bypass Vulnerability Description: Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network. CVSS: HIGH (7.5) EPSS Score: 0.02% Source: CVE April 8th, 2025 (14 days ago)
CVE-2025-29812	DirectX Graphics Kernel Elevation of Privilege Vulnerability Description: Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.8) EPSS Score: 0.09% Source: CVE April 8th, 2025 (14 days ago)