Here are the CVE updates for the week of February 3rd through the 9th.
CRITICAL SEVERITY VULNERABILITIES
Paessler PRTG Network Monitor Local File Inclusion Vulnerability | CVE-2018-19410 (CISA KEV)
Description: A critical vulnerability exists in PRTG Network Monitor versions before 18.2.40.1683, allowing remote unauthenticated attackers to create users with read-write privileges, including administrator access. This flaw arises from improper validation of the ‘include’ directive in /public/login.htm, enabling a Local File Inclusion (LFI) attack. Attackers can exploit this issue by including /api/addusers in their crafted HTTP request and specifying the ‘id’ and ‘users’ parameters, effectively creating a new user with administrative privileges.
Potential Impacts:
- Unauthorized System Access: Attackers can gain full control over the monitoring system.
- Privilege Escalation: Attackers can grant themselves administrator rights.
- Data Manipulation: Malicious actors may modify or delete monitoring configurations.
- Service Disruption: Attackers may disable alerts or monitoring functions to conceal further attacks.
Mitigation Recommendations:
- Update PRTG Network Monitor: Upgrade to version 18.2.40.1683 or later, where this issue has been patched.
- Restrict Public Access: Limit external access to the PRTG web interface through firewall rules and network segmentation.
- Enable Strong Authentication: Require multi-factor authentication (MFA) for administrative access.
- Monitor and Audit Logs: Regularly inspect user creation logs for unauthorized additions.
- Harden Server Security: Apply web server security best practices, including disabling unnecessary API endpoints.
Man-in-the-Middle (MitM) Vulnerability in Veeam Updater | CVE-2025-23114
Description: A vulnerability has been discovered in the Veeam Updater component, which fails to properly validate TLS certificates. This flaw enables Man-in-the-Middle (MitM) attackers to intercept and manipulate update requests, allowing them to execute arbitrary code on the affected server.
Potential Impacts:
- Remote Code Execution (RCE): Attackers can inject and execute malicious code.
- Data Tampering: Intercepted updates may be modified, leading to system compromise.
- Credential Theft: Sensitive authentication details may be exposed.
Mitigation Recommendations:
- Apply Security Patches: Ensure Veeam is updated to the latest version with security fixes.
- Enforce Strict TLS Validation: Configure Veeam to verify TLS certificates properly.
- Use Secure Networks: Avoid performing updates over untrusted or public networks.
- Monitor for Anomalies: Regularly audit network traffic and system logs for unusual activity.
- Enable Multi-Factor Authentication (MFA): Adding an extra security layer can help mitigate unauthorized access.
Command Execution Vulnerability in Cisco ISE API | CVE-2025-20124
Description: A critical vulnerability has been identified in an API of Cisco Identity Services Engine (ISE) that could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device.
Potential Impacts:
- Remote Code Execution (RCE): Attackers can execute arbitrary commands with root privileges.
- Privilege Escalation: Attackers with read-only administrative credentials can escalate privileges.
- Authentication Disruptions: In single-node deployments, new devices may fail to authenticate during system reloads.
Mitigation Recommendations:
- Apply Security Updates: Cisco will likely release patches to address this vulnerability. Users should upgrade to the latest patched version of Cisco ISE.
- Restrict API Access: Limit access to Cisco ISE APIs only to trusted users and networks.
- Monitor System Logs: Regularly check for unusual API requests and unauthorized access attempts.
- Implement Network Segmentation: Isolate Cisco ISE deployments from untrusted networks to minimize exposure.
- Use Strong Authentication Controls: Enforce multi-factor authentication (MFA) and restrict administrative credentials to essential personnel only.
Sophos XG Firewall Buffer Overflow Vulnerability | CVE-2020-15069 (CISA KEV)
Description: A buffer overflow vulnerability has been identified in Sophos XG Firewall versions 17.x through v17.5 MR12. This flaw exists in the HTTP/S Bookmarks feature for clientless access, allowing attackers to exploit the overflow and execute arbitrary code remotely. If successfully exploited, this vulnerability could lead to full system compromise, service disruptions, or unauthorized access to sensitive network resources.
Potential Impacts:
- Remote Code Execution (RCE): Attackers can execute arbitrary commands on the firewall.
- System Compromise: Malicious actors may gain control over the affected device.
- Service Disruption: Successful exploitation may cause crashes or instability.
Mitigation Recommendations:
- Apply Hotfix HF062020.1 – Install the security patch released by Sophos.
- Upgrade to a Secure Version – Update the firewall to the latest available version.
- Disable Unused Features – Turn off clientless access if it is not required.
- Monitor Network Traffic – Regularly review logs for signs of exploitation.
CyberoamOS (CROS) SQL Injection Vulnerability | CVE-2020-29574 (CISA KEV)
Description: An SQL injection vulnerability has been identified in the WebAdmin interface of Cyberoam OS through 2020-12-04. This flaw allows unauthenticated remote attackers to send maliciously crafted SQL queries, leading to unauthorized access, data exfiltration, and potential system compromise. Attackers could manipulate database queries to retrieve sensitive information or escalate privileges within the system.
Potential Impacts:
- Unauthorized Database Access: Attackers can read, modify, or delete database records.
- Credential Theft: Sensitive user credentials may be extracted.
- Privilege Escalation: Attackers may gain admin-level control over the system.
- System Compromise: Exploiting this vulnerability could lead to full control over the affected Cyberoam OS.
Mitigation Recommendations:
- Apply Security Updates – Upgrade Cyberoam OS to the latest patched version.
- Restrict WebAdmin Access – Limit access to trusted IPs only.
- Enable Web Application Firewall (WAF) – Protect against SQL injection attacks.
- Monitor Logs and Alerts – Regularly check for unusual database queries.
Microsoft Outlook Improper Input Validation Vulnerability | CVE-2024-21413 (CISA KEV)
Description: A remote code execution (RCE) vulnerability has been discovered in Microsoft Outlook, caused by improper input validation. This flaw allows attackers to bypass Office Protected View, causing files to open directly in editing mode rather than protected mode. Exploiting this vulnerability could lead to the execution of malicious code, enabling attackers to gain control over affected systems.
Potential Impacts:
- Arbitrary Code Execution: Attackers can execute malicious code on the victim’s system.
- Security Bypass: Documents open in full editing mode, increasing the risk of exploitation.
- Data Theft: Sensitive files and credentials could be compromised.
- System Compromise: Attackers may gain unauthorized access to corporate or personal data.
Mitigation Recommendations:
- Apply Security Updates – Install the latest Microsoft Outlook patches to fix the vulnerability.
- Enable Protected View – Configure Outlook to open documents in Protected Mode by default.
- Restrict Macros and Active Content – Disable macros in untrusted documents to reduce the attack surface.
- Monitor Suspicious Emails – Avoid opening unexpected attachments from unknown senders.
HIGH SEVERITY VULNERABILITIES
Paessler PRTG Network Monitor OS Command Injection Vulnerability | CVE-2018-9276 (CISA KEV): A command injection vulnerability exists in PRTG Network Monitor versions before 18.2.39, allowing an attacker with administrative privileges to execute arbitrary OS commands on the server and connected devices. This flaw arises from improper input validation in the sensor and notification management functions, which process user-supplied parameters. By injecting malformed input, an attacker can escalate privileges, modify system configurations, or take full control of the monitoring infrastructure.
Microsoft .NET Framework Information Disclosure Vulnerability | CVE-2024-29059 (CISA KEV): A vulnerability in Microsoft .NET Framework allows an attacker to exploit an information disclosure issue that exposes the ObjRef URI. This exposure can enable a remote attacker to craft malicious requests that ultimately lead to remote code execution (RCE) on affected systems. The vulnerability arises due to improper handling of ObjRef serialization, which could allow an attacker to access sensitive object references and execute arbitrary code.
Apache OFBiz Forced Browsing Vulnerability | CVE-2024-45195 (CISA KEV): A Direct Request (“Forced Browsing”) vulnerability has been identified in Apache OFBiz versions prior to 18.12.16. This vulnerability allows an attacker to access restricted resources directly by manipulating URLs, bypassing authentication and authorization mechanisms. Exploiting this flaw could lead to unauthorized data exposure or modification, potentially compromising sensitive information.
Linux Kernel Out-of-Bounds Write Vulnerability | CVE-2024-53104 (CISA KEV): A critical vulnerability was identified in the Linux kernel’s uvcvideo driver, which affects the way Universal Video Class (UVC) frames are parsed. The issue arises when the driver fails to properly handle UVC_VS_UNDEFINED frame types, leading to out-of-bounds writes due to incorrect buffer size calculations in the uvc_parse_streaming function.
Dante Discovery Process Control Vulnerability | CVE-2022-23748 (CISA KEV): A DLL sideloading vulnerability has been identified in mDNSResponder.exe, where the executable improperly specifies how and from where it loads DLL files. This flaw allows attackers to inject and execute malicious DLLs by placing them in a directory where the executable expects to find legitimate ones. As a result, attackers can abuse the trusted executable to run arbitrary code, potentially bypassing security mechanisms.
7-Zip Mark of the Web Bypass Vulnerability | CVE-2025-0411 (CISA KEV): A Mark-of-the-Web (MotW) bypass vulnerability has been identified in 7-Zip, allowing remote attackers to bypass security warnings and execute arbitrary code. The issue occurs when 7-Zip fails to propagate the MotW flag to files extracted from a maliciously crafted archive. As a result, extracted files do not inherit security restrictions, making it easier for attackers to execute malicious payloads without user warnings.
Trimble Cityworks Deserialization Vulnerability | CVE-2025-0994 (CISA KEV): A deserialization vulnerability has been identified in Trimble Cityworks, affecting versions prior to 15.8.9 and Cityworks with Office Companion prior to 23.10. This flaw allows an authenticated attacker to exploit improper object deserialization, potentially leading to remote code execution (RCE) on a customer’s Microsoft Internet Information Services (IIS) web server. If successfully exploited, this vulnerability could enable an attacker to execute arbitrary code with the privileges of the IIS application pool, leading to full system compromise.
MEDIUM SEVERITY VULNERABILITIES
Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager | CVE-2024-53964: A stored Cross-Site Scripting (XSS) vulnerability has been identified in Adobe Experience Manager (AEM) versions 6.5.21 and earlier. This vulnerability allows low-privileged attackers to inject malicious JavaScript into form fields that are improperly sanitized. When a victim visits a page containing the injected script, the JavaScript is executed in their browser, potentially leading to data theft, session hijacking, or further exploitation.
Access Token Reuse Vulnerability in Dell Avamar | CVE-2025-21117: A security vulnerability has been identified in Dell Avamar, affecting versions 19.4 and later. This flaw exists in the Avamar User Interface (AUI) and allows a low-privileged local attacker to reuse access tokens, potentially leading to full user impersonation.