SAP zero-day vulnerability under widespread active exploitation https://cyberscoop.com/sap-netweaver-zero-day-exploit-cve-2025-31324/

@campuscodi I have heard that CVE-2025-31324 is in fact under active exploitation. I haven't heard confirmation that the exploitation observed by ReliaQuest in that article is it, but at this point, it doesn't ( or at least shouldn't ) matter to defenders.

Tracked as CVE-2025-31324 (CVSS score of 10/10), the security defect is described as the lack of proper authorization (missing authorization check) in the Visual Composer Metadata Uploader component of SAP NetWeaver. https://www.securityweek.com/sap-zero-day-possibly-exploited-by-initial-access-broker/

SAP NetWeaver is under attack—an unauthenticated file upload flaw is letting hackers run code remotely. With systems already being breached, is your enterprise ready to patch this ticking time bomb?

https://thedefendopsdiaries.com/addressing-cve-2025-31324-a-critical-sap-netweaver-vulnerability/

#sapnetweaver
#cve202531324
#cybersecurity
#vulnerabilitymanagement
#remotecodeexecution

Who wants to skip courses in Moodle?

https://access.redhat.com/security/cve/CVE-2025-3634

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes.

"Zu viel Interesse an Moodle-Kursen" ist eher kein so gängiges Sicherheitsproblem an Unis, oder? https://access.redhat.com/security/cve/CVE-2025-3634 #Moodle #CVE

For those playing along at home, here are the currently listed Cisco system vulnerable to the Erlang / OTP perfect 10 CVE-2025-32433:

• ConfD, ConfD Basic
• Network Services Orchestrator (NSO)
• Smart PHY
• ASR 5000 Series Software (StarOS) and Ultra Packet Core
• iNode Manager ( No fix planned. )
• Ultra Cloud Core - Access and Mobility Management Function
• Ultra Cloud Core - Redundancy Configuration Manager
• Ultra Cloud Core - Session Management Function
• Ultra Cloud Core - Subscriber Microservices Infrastructure
• Enterprise NFV Infrastructure Software (NFVIS)
• Small Business RV Series Routers RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, RV345P ( No fix planned. )

The products still being evaluated, hopefully to be complete by EoD today ( my hope, nothing hinting to that from Cisco ):

• Wide Area Application Services (WAAS) Software
• Virtualized Infrastructure Manager
• Catalyst Center, formerly DNA Center
• Ultra Cloud Core - Policy Control Function

Cisco updated the list again. Here are the currently listed Cisco system vulnerable to the Erlang / OTP perfect 10 CVE-2025-32433 ( additions in bold:

• ConfD, ConfD Basic
• Network Services Orchestrator (NSO)
• Smart PHY
• Ultra Services Platform
• ASR 5000 Series Software (StarOS) and Ultra Packet Core
• Cloud Native Broadband Network Gateway
• iNode Manager ( No fix planned. )
• Ultra Cloud Core - Access and Mobility Management Function
• Ultra Cloud Core - Policy Control Function
• Ultra Cloud Core - Redundancy Configuration Manager
• Ultra Cloud Core - Session Management Function
• Ultra Cloud Core - Subscriber Microservices Infrastructure
• Enterprise NFV Infrastructure Software (NFVIS)
• Small Business RV Series Routers RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, RV345P ( No fix planned. )

The products still being evaluated, hopefully to be complete by EoD today ( my hope, nothing hinting to that from Cisco ):

• Wide Area Application Services (WAAS) Software

Cisco is investigating the impact of the Erlang/OTP remote code execution vulnerability CVE-2025-32433 on its products. https://www.securityweek.com/cisco-confirms-some-products-impacted-by-critical-erlang-otp-flaw/

Embargo lifted. We automatically identified issues affecting Viasat satellite modems that could be exploited for RCE.

https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6198

Who doesn't like RCE in Viastat modems? Well here's two of them. Happy Friday.

https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6198

sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Red

The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem.

https://nvd.nist.gov/vuln/detail/CVE-2024-6198

https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6199

sev:HIGH 7.7 - CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:M/U:Red

An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem are not vulnerable.

https://nvd.nist.gov/vuln/detail/CVE-2024-6199

Was ein #Microsoft #Windows Ordner für die #Cybersecurity leistet - oder eben auch nicht: Seit dem letzten Patch gibt es für Windows User auf der OS-Partition den neuen Ordner "#inetpub" - der essenzieller Bestandteil des Securityfixes ist und deshalb keinesfalls gelöscht werden sollte.
Wenn es also ausreichend ist, einen Ordner zu löschen oder zu manipulieren, um Cybersecurity Updates zu torpedieren, dürfte dies ein interessanter neuer Angriffsvektor sein.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204 #cybersecurity

New version of #Endurain v0.10.1 released with dependencies bump to fix CVE-2025-43859 on python library h11. Grab it now https://github.com/joaovitoriasilva/endurain/releases/tag/v0.10.1

Time to upgrade! Spring Boot addresses CVE-2025-22235.

The fix is available in 3.3.11 and 3.4.5 that we've just released.

Tanzu Spring customers can also upgrade to Spring Boot 2.7.25, 3.1.16, or 3.2.14.

https://spring.io/security/cve-2025-22235

#spring

Looks like there's a CVE for yesterday's ScreenConnect vuln now.

https://nvd.nist.gov/vuln/detail/CVE-2025-3935

Hacker News: DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks https://thehackernews.com/2025/04/dslogdrat-malware-deployed-via-ivanti.html #news #IT

I thought quantum was supposed to save security or something?

https://www.quantum.com/en/service-support/security-bulletins/stornext-gui-multiple-security-vulnerabilities-stornext-gui-multiple-security-vulnerabilities/

sev:CRIT 9.9 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE) via upload of a file. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage.

https://nvd.nist.gov/vuln/detail/CVE-2025-46616