Weekly Cybersecurity Vulnerability Report: Authentication Bypasses, Remote Code Execution to Memory Corruption

Cybersecurity Cyber Notes
, ,
1

This detailed report outlines five critical cybersecurity vulnerabilities identified and actively exploited during the week of April 22-26, 2025. Each vulnerability poses significant risks to enterprise environments, including unauthorized access, privilege escalation, remote code execution, and sensitive data exposure. Prompt remediation actions are essential to mitigate potential breaches and system compromise.

Weekly Cybersecurity Vulnerability Report
Weekly Cybersecurity Vulnerability Report1536×1024 81.2 KB

1. CVE-2025-31324 – SAP NetWeaver Visual Composer Remote Code Execution

  • Severity: Critical (CVSS 10.0)
  • Affected Product: SAP NetWeaver Visual Composer
  • Impact: This vulnerability allows unauthenticated remote attackers to upload malicious binaries to the server. Successful exploitation can lead to arbitrary code execution, enabling full takeover of the affected system.
  • Exploitation Details: Attackers have been observed using tools such as Brute Ratel to deploy webshells on compromised servers, facilitating lateral movement and persistent access.
  • Mitigation Actions: SAP recommends applying a temporary workaround while awaiting the full security patch expected by April 30, 2025. Organizations should monitor for unusual file uploads and enhance endpoint detection capabilities.
  • Reference: Cybersecurity Dive

2. CVE-2025-31161 – CrushFTP Authentication Bypass

  • Severity: High
  • Affected Product: CrushFTP server versions prior to the patched release
  • Impact: The flaw enables unauthenticated attackers to impersonate administrative users, granting them the ability to manipulate server settings, access sensitive files, and further compromise backend systems.
  • Exploitation Details: The vulnerability is being actively exploited in the wild, with reports indicating attackers gaining full administrative privileges without authentication.
  • Mitigation Actions: Organizations should immediately deploy the security patches issued by CrushFTP and review administrative access logs for suspicious activities.
  • Reference: CISA

3. CVE-2025-31200 – Apple CoreAudio Memory Corruption

  • Severity: High
  • Affected Platforms: iOS, iPadOS, macOS
  • Impact: A memory corruption issue in the CoreAudio framework could allow attackers to craft malicious audio files that trigger arbitrary code execution when processed by the system.
  • Exploitation Details: Exploitation has been confirmed in the wild, primarily targeting high-profile individuals and entities through spear-phishing campaigns containing malicious media files.
  • Mitigation Actions: Immediate system updates are critical. Users and administrators should ensure all Apple devices are updated to the latest security releases and avoid opening untrusted audio files.
  • Reference: CISA

4. CVE-2025-29824 – Microsoft Windows CLFS Driver Use-After-Free

  • Severity: High
  • Affected Systems: Microsoft Windows
  • Impact: A use-after-free vulnerability within the Common Log File System (CLFS) driver could allow attackers with local access to escalate privileges to SYSTEM level, the highest privilege level in Windows.
  • Exploitation Details: This vulnerability is being actively exploited by threat actors to gain persistence and execute payloads with elevated privileges.
  • Mitigation Actions: Organizations should urgently deploy Microsoft’s April 2025 security updates. Monitoring for abnormal privilege escalation activities and endpoint hardening are also advised.
  • Reference: CISA

5. CVE-2025-24054 – Windows NTLM Hash Disclosure via Spoofing

  • Severity: High
  • Affected Systems: Microsoft Windows environments using NTLM authentication
  • Impact: Attackers can spoof file paths over the network, leading to unintended NTLM authentication attempts and subsequent hash disclosures, which can be used for relay attacks or offline password cracking.
  • Exploitation Details: This vulnerability is being exploited to conduct credential theft campaigns across enterprise networks, notably targeting weak network configurations.
  • Mitigation Actions: Apply Microsoft’s latest security patches, enforce SMB signing, restrict NTLM usage, and deploy robust monitoring for anomalous authentication attempts.
  • Reference: CISA

Recommendations:

  • Patch Management: Expedite the deployment of vendor patches and updates across all vulnerable systems.
  • Vulnerability Scanning: Conduct comprehensive scanning to detect the presence of these vulnerabilities within your infrastructure.
  • Threat Monitoring: Increase surveillance for indicators of compromise (IoCs) associated with these vulnerabilities.
  • User Awareness: Educate users about the risks of opening unsolicited or suspicious files and links.
  • Incident Response Planning: Ensure incident response teams are prepared to handle potential breaches stemming from these vulnerabilities.
  • Network Segmentation: Enforce strong network segmentation to limit lateral movement in case of compromise.

By:
Cybersecurity Team, Complaint Hub