Go hack some more Ivanti shit. Someone else already has been.

https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US

sev:CRIT 9.0 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

https://nvd.nist.gov/vuln/detail/CVE-2025-22457

Edit to add:

We are aware of a limited number of customers whose Ivanti Connect Secure (22.7R2.5 or earlier) and End-of-Support Pulse Connect Secure 9.1x appliances have been exploited at the time of disclosure. Pulse Connect Secure 9.1x reached End-of-Support on December 31, 2024, and no longer receive code support or changes.

#ivanti #groundhogDay

🚨CVE-2025-22457: April Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-22457)

CVSS: 9.0

https://darkwebinformer.com/cve-2025-22457-april-security-advisory-ivanti-connect-secure-policy-secure-zta-gateways-cve-2025-22457/

ah tiens, ce serait donc celle-là la mystérieuse vulnérabilité en exploitation observée par les honeypots ? 👀

⚠️ Vulnérabilité critique chez Ivanti Connect Secure (CVE-2025-22457)

Mandiant signale qu’une faille critique affectant certaines versions des VPN Ivanti est activement exploitée depuis mars 2025. Des acteurs liés à la Chine (UNC5221) ont déployé plusieurs malwares furtifs, comme TRAILBLAZE (dropper en mémoire) et BRUSHFIRE (porte dérobée passive), via cette faille.

➡️ Un patch est dispo depuis février, mais la menace a été sous-estimée au départ.
➡️ Si vous utilisez Ivanti ICS, mettez à jour rapidement vers la version 22.7R2.6 ou ultérieure.

(Utilisez les outils d'intégrité d'Ivanti pour détecter toute activité anormale.)

"Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)"👇
https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/?hl=en

#CyberVeille
#Ivanti #Mandiant #CVE_2025_22457 #infosec

@christopherkunz is CVE-2025-22457 from Ivanty https://securityonline.info/cve-2025-22457-unc5221-exploits-ivanti-zero-day-flaw-to-deploy-trailblaze-and-brushfire-malware/ already on your list (not that they hadn't been on it already)?

Discover how Kubewarden can protect you from the critical #IngressNightmare vulnerability (CVE-2025-1974): https://www.kubewarden.io/blog/2025/04/ingress-nginx-cve-2025-1974/

Ingress-nginx CVE-2025-1974 - how Kubewarden can help you

https://www.kubewarden.io/blog/2025/04/ingress-nginx-cve-2025-1974/

Enables unauthenticated access to unpatched devices!

CrushFTP CVE-2025-2825 flaw actively exploited in the wild https://securityaffairs.com/176097/hacking/crushftp-cve-2025-2825-flaw-actively-exploited.html

#Security #Cybersecurity

⚠️ CrushFTP Vulnerability Highlights Why Disclosure Discipline Matters

CVE-2025-2825, a critical auth bypass (CVSS 9.8) in CrushFTP, is now being actively exploited—with over 1,500 vulnerable servers online. But worse than the bug is the chaotic public drama around disclosure:
・Initial private alerts went out March 21 with minimal detail
・VulnCheck published a PoC, assigned its own CVE
・CrushFTP’s CEO accused vendors of harming customers
・Disputes led to confusion, CVE duplication, and rapid exploit weaponization

This is a case study in how poor coordination and ego can turn a patchable flaw into a public incident.

Security leaders: keep disclosure timelines tight, consistent, and put protection ahead of pride.

#CyberSecurity #DisclosureBestPractices #VulnerabilityManagement #CrushFTP #CVEs #IncidentResponse #PatchManagement

👉 https://www.darkreading.com/vulnerabilities-threats/disclosure-drama-clouds-crushftp-vulnerability-exploitation

There are more CVEs for libsoup but because I'm 12, here's one specifically because I like the function name.

https://access.redhat.com/security/cve/CVE-2025-32052

A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.

No soup for you? More like too much soup for you. HAHA. Get it? Because it's... Never mind. I'll get more coffee.

https://gitlab.gnome.org/GNOME/libsoup/-/issues/422

sev:HIGH 7.0 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

https://nvd.nist.gov/vuln/detail/CVE-2025-2784

. @Dio9sys I suppose there may be others who care about Tenda vulns so here you go.

sev:HIGH 8.7 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

https://nvd.nist.gov/vuln/detail/CVE-2025-3161

LPE in OpenVPN-GUI on Windows.

https://community.openvpn.net/openvpn/wiki/CVE-2024-4877

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges

https://nvd.nist.gov/vuln/detail/CVE-2024-4877

This is kind of a fun command injection vuln in jupyterlab-git.

https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-cj5w-8mjf-r5f8

sev:HIGH 7.4 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $(). These directory names are allowed in macOS and a majority of Linux distributions. If a user starts jupyter-lab in a parent directory of this inappropriately-named Git repository, opens it, and clicks "Git > Open Git Repository in Terminal" from the menu bar, then the injected command is run in the user's shell without the user's permission. This issue is occurring because when that menu entry is clicked, jupyterlab-git opens the terminal and runs cd through the shell to set the current directory. Doing so runs any command substitution strings present in the directory name, which leads to the command injection issue described here. A previous patch provided an incomplete fix. This vulnerability is fixed in 0.51.1.

https://nvd.nist.gov/vuln/detail/CVE-2025-30370

Tracked as CVE-2025-24813.

U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog https://securityaffairs.com/176129/security/u-s-cisa-adds-apache-tomcat-flaw-known-exploited-vulnerabilities-catalog.html

#Security