Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-21418 |
Description: 3Critical52Important0Moderate0LowMicrosoft addresses 55 CVEs with three rated critical and four zero-day vulnerabilities, including two that were exploited in the wild.Microsoft patched 55 CVEs in its February 2025 Patch Tuesday release, with three rated critical and 52 rated as important. Our counts omitted one vulnerability reported by HackerOne.This month’s update includes patches for:Active Directory Domain ServicesAzure Active DirectoryAzure FirmwareAzure Network WatcherMicrosoft AutoUpdate (MAU)Microsoft Digest AuthenticationMicrosoft High Performance Compute Pack (HPC) Linux Node AgentMicrosoft OfficeMicrosoft Office ExcelMicrosoft Office SharePointMicrosoft PC ManagerMicrosoft Streaming ServiceMicrosoft SurfaceMicrosoft WindowsOutlook for AndroidVisual StudioVisual Studio CodeWindows Ancillary Function Driver for WinSockWindows CoreMessagingWindows DHCP ClientWindows DHCP ServerWindows DWM Core LibraryWindows Disk Cleanup ToolWindows InstallerWindows Internet Connection Sharing (ICS)Windows KerberosWindows KernelWindows LDAP - Lightweight Directory Access ProtocolWindows Message QueuingWindows NTLMWindows Remote Desktop ServicesWindows Resilient File System (ReFS) Deduplication ServiceWindows Routing and Remote Access Service (RRAS)Windows Setup Files CleanupWindows StorageWindows Telephony ServerWindows Telephony ServiceWindows Update StackWindows Win32 Kernel SubsystemRemote code execution (RCE) vulnerabilities accounted for 38.2% of the vulnerabilities patched t...
CVSS: HIGH (7.8) EPSS Score: 0.05%
February 11th, 2025 (2 months ago)
|
|
CVE-2025-21391 |
Description: Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable.
CVSS: HIGH (7.1) EPSS Score: 0.09%
February 11th, 2025 (2 months ago)
|
|
CVE-2025-21418 |
Description: Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
CVSS: HIGH (7.8) EPSS Score: 0.05%
February 11th, 2025 (2 months ago)
|
|
Description: The Sandworm Russian military cyber-espionage group is targeting Windows users in Ukraine with trojanized Microsoft Key Management Service (KMS) activators and fake Windows updates. [...]
February 11th, 2025 (2 months ago)
|
|
|
Description: Researchers find that the more people use AI at their job, the less critical thinking they use.
February 10th, 2025 (2 months ago)
|
|
|
Description: Microsoft announced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and increased payouts for moderate severity vulnerabilities. [...]
February 10th, 2025 (2 months ago)
|
|
|
Description: Developers are pulling in publicly available ASP.NET keys into their environments, without realizing that cyberattackers can use them for clandestine code injection.
February 7th, 2025 (2 months ago)
|
|
CVE-2025-0994 |
Description:
CISA is collaborating with private industry partners to respond to reports of exploitation of a vulnerability (CVE-2025-0994) discovered by Trimble impacting its Cityworks Server AMS (Asset Management System). Trimble has released security updates and an advisory addressing a recently discovered a deserialization vulnerability enabling an external actor to potentially conduct remote code execution (RCE) against a customer’s Microsoft Internet Information Services (IIS) web server.
CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CISA strongly encourages users and administrators to search for indicators of compromise (IOCs) and apply the necessary updates and workarounds.
Review the following article for more information:
Trimble Advisory and IOCs for Vulnerability Affecting Cityworks Deployments
The Symantec Threat Hunter team, part of Broadcom, contributed to this guidance.
CVSS: HIGH (8.6) EPSS Score: 1.32%
February 7th, 2025 (2 months ago)
|
|
|
Description: Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. [...]
February 7th, 2025 (2 months ago)
|
|
CVE-2025-0994 |
Description: Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server.
CVSS: HIGH (8.6) EPSS Score: 1.32%
February 7th, 2025 (2 months ago)
|