Here are the CVE updates for the week of February 10th through the 16th.
CRITICAL SEVERITY VULNERABILITIES
Authentication Bypass Vulnerability in Logsign Unified SecOps Platform | CVE-2025-1044
Description: A critical authentication bypass vulnerability has been identified in the Logsign Unified SecOps Platform. This flaw allows remote attackers to bypass authentication mechanisms and gain unauthorized access to the system. The vulnerability exists due to improper implementation of the authentication algorithm in the web service, which listens on TCP port 443 by default. Exploitation does not require authentication, making this issue particularly severe.
Potential Impacts:
- Unauthorized System Access: Attackers can gain full control over the affected platform.
- Data Breach: Sensitive logs, security configurations, and operational data may be exposed.
- Lateral Movement: Attackers can use the compromised system to launch further attacks.
- Service Disruption: Attackers may disable security monitoring or alter system settings.
Mitigation Recommendations:
- Apply Security Patches: Update to the latest patched version provided by Logsign.
- Restrict Network Access: Limit exposure of the web service on TCP port 443 to trusted sources.
- Implement Additional Authentication: Use multi-factor authentication (MFA) and access control lists.
- Monitor and Audit Logs: Regularly review authentication logs for suspicious activity.
HIGH SEVERITY VULNERABILITIES
Zyxel DSL CPE OS Command Injection Vulnerability | CVE-2024-40891 (CISA KEV): A post-authentication command injection vulnerability has been discovered in the legacy Zyxel VMG4325-B10A DSL CPE router, specifically in firmware version 1.00(AAFR.4)C0_20170615. This vulnerability allows an authenticated attacker to execute arbitrary operating system (OS) commands on the affected device via Telnet. Since this model is unsupported, no official security patches are available.
Zyxel DSL CPE OS Command Injection Vulnerability | CVE-2024-40890 (CISA KEV): A post-authentication command injection vulnerability has been identified in multiple Zyxel DSL CPE devices. This vulnerability exists in the CGI program, where improper input validation allows an authenticated attacker to execute arbitrary operating system (OS) commands by sending a crafted HTTP request. Exploiting this flaw could enable attackers to gain unauthorized control over affected devices, potentially leading to data exfiltration, service disruption, or further network compromise.
Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability: | CVE-2025-21418 (CISA KEV): A heap-based buffer overflow vulnerability has been identified in the Microsoft Windows Ancillary Function Driver for WinSock. This vulnerability allows a local attacker to escalate privileges by exploiting improper memory handling. Successful exploitation could grant an attacker SYSTEM privileges, potentially leading to complete control over the affected system.
Microsoft Windows Storage Link Following Vulnerability: | CVE-2025-21391 (CISA KEV): A link following vulnerability has been identified in Microsoft Windows Storage. This flaw allows an attacker to manipulate symbolic links or junctions to escalate privileges. Successful exploitation could enable an attacker to delete critical data, potentially rendering services unavailable.
SimpleHelp Path Traversal Vulnerability: | CVE-2024-57727 (CISA KEV): A path traversal vulnerability exists in SimpleHelp remote support software, allowing unauthenticated attackers to access and download sensitive files from the server by sending specially crafted HTTP requests. Exploiting this flaw could expose configuration files and hashed user passwords, potentially leading to unauthorized system access.
DLL Hijacking Vulnerability in AMD Ryzen™ Master Utility: | CVE-2024-21966: A DLL hijacking vulnerability has been identified in the AMD Ryzen™ Master Utility. This flaw allows an attacker to place a malicious DLL in a directory where the application searches for dependencies. If successfully exploited, the attacker could escalate privileges and execute arbitrary code with elevated permissions.
MEDIUM SEVERITY VULNERABILITIES
Apple iOS and iPadOS Incorrect Authorization Vulnerability | CVE-2025-24200 (CISA KEV): A vulnerability in Apple iOS and iPadOS allows a physical attacker to bypass USB Restricted Mode on a locked device due to incorrect authorization handling. Exploiting this flaw could enable unauthorized access to the device’s USB functions, potentially leading to data exfiltration or further exploitation.
Mitel SIP Phones Argument Injection Vulnerability | CVE-2024-41710 (CISA KEV): Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. An attacker with network access could exploit this vulnerability to inject malicious commands, potentially leading to unauthorized control over the affected device.
Authentication Bypass Vulnerability in Palo Alto Networks PAN-OS | CVE-2025-0108: An authentication bypass vulnerability has been identified in Palo Alto Networks PAN-OS software, allowing an unauthenticated attacker with network access to the management web interface to bypass authentication and invoke certain PHP scripts. Although this does not enable remote code execution, it can compromise the integrity and confidentiality of PAN-OS.
Denial of Service Vulnerability in GitLab CE/EE | CVE-2024-12379: A denial of service (DoS) vulnerability has been identified in GitLab CE/EE, affecting versions from 14.1 up to 17.6.4, 17.7 up to 17.7.3, and 17.8 up to 17.8.1. This vulnerability allows an attacker to disrupt the availability of GitLab by exploiting unbounded symbol creation via the scopes parameter in a Personal Access Token.
Network Isolation Bypass in Palo Alto Networks Cortex XDR Broker VM | CVE-2025-0113: A vulnerability in the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers to gain unauthorized access to Docker containers from the host network. This flaw may enable attackers to access sensitive data, including files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server.