Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Written by: John Wolfram, Michael Edie, Jacob Thompson, Matt Lin, Josh Murchie
On Thursday, April 3, 2025, Ivanti disclosed a critical security vulnerability, CVE-2025-22457, impacting Ivanti Connect Secure (“ICS”) VPN appliances version 22.7R2.5 and earlier. CVE-2025-22457 is a buffer overflow vulnerability, and successful exploitation would result in remote code execution. Mandiant and Ivanti have identified evidence of active exploitation in the wild against ICS 9.X (end of life) and 22.7R2.5 and earlier versions. Ivanti and Mandiant encourage all customers to upgrade as soon as possible.
The earliest evidence of observed CVE-2025-22457 exploitation occurred in mid-March 2025. Following successful exploitation, we observed the deployment of two newly identified malware families, the TRAILBLAZE in-memory only dropper and the BRUSHFIRE passive backdoor. Additionally, deployment of the previously reported SPAWN ecosystem of malware attributed to UNC5221 was also observed. UNC5221 is a suspected China-nexus espionage actor that we previously observed conducting zero-day exploitation of edge devices dating back to 2023.
A patch for CVE-2025-22457 was released in ICS 22.7R2.6 on February 11, 2025. The vulnerability is a buffer overflow with a limited character space, and therefore it was initially believed to be a low-risk denial-of-service vulnerability. We assess it is likely the threat actor studied the patch for the vulnerability in ICS 22.7R2.6 and uncovered through a ...
EPSS Score: 10.25%
April 3rd, 2025 (2 months ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
April 2nd, 2025 (2 months ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. [...]
April 1st, 2025 (2 months ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems.
The vulnerabilities in question are listed below -
CVE-2025-24085 (CVSS score: 7.3) - A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate
April 1st, 2025 (2 months ago)
|
CVE-2024-20439 |
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CVSS: CRITICAL (9.8) EPSS Score: 89.45%
March 31st, 2025 (2 months ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day.
The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape.
"Following the recent Chrome sandbox escape (
EPSS Score: 0.08%
March 28th, 2025 (2 months ago)
|
|
CVE-2024-20439 |
🚨 Marked as known exploited on March 21st, 2025 (3 months ago).
Description: A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.
This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to log in to the affected system. A successful exploit could allow the attacker to log in to the affected system with administrative privileges over the API of the Cisco Smart Licensing Utility application.
CVSS: CRITICAL (9.8) EPSS Score: 89.45% SSVC Exploitation: active
March 28th, 2025 (2 months ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Impact
A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild.
Patches
Fixed in Synapse v1.127.1.
Workarounds
Closed federation environments of trusted servers or non-federating installations are not affected.
For more information
If you have any questions or comments about this advisory, please email us at security at element.io.
References
https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6
https://nvd.nist.gov/vuln/detail/CVE-2025-30355
https://github.com/element-hq/synapse/commit/2277df2a1eb685f85040ef98fa21d41aa4cdd389
https://github.com/element-hq/synapse/releases/tag/v1.127.1
https://github.com/advisories/GHSA-v56r-hwv5-mxg6
CVSS: HIGH (7.1) EPSS Score: 0.94%
March 27th, 2025 (2 months ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Mozilla has patched a critical sandbox escape vulnerability in Firefox that shares key traits with a zero-day actively exploited in Google Chrome as part of an ongoing espionage campaign. The vulnerability, tracked as CVE-2025-2857, affects Firefox on Windows and has been fixed in versions 136.0.4, ESR 128.8.1, and ESR 115.21.1. The flaw was discovered by …
The post Firefox Says It’s Vulnerable to Chrome’s Zero-Day Used in Espionage Attacks appeared first on CyberInsider.
EPSS Score: 0.08%
March 27th, 2025 (2 months ago)
|
|
CVE-2025-30355 |
🚨 Marked as known exploited on March 27th, 2025 (2 months ago).
Description: Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.
CVSS: HIGH (7.1) EPSS Score: 0.94% SSVC Exploitation: none
March 27th, 2025 (2 months ago)
|