Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
Erlang/OTP SSH CVE-2025-32433: Unauthenticated RCE Scoring 10.0
A maximum-severity vulnerability in Erlang/OTP's SSH server allowed unauthenticated remote code execution. Any system running Erlang's built-in SSH daemon was at risk, including telecom infrastructure.
Windows NTLM Hash Disclosure CVE-2025-24054: The Protocol That Won't Die
CVE-2025-24054 leaks NTLM hashes through .library-ms files with minimal user interaction. Microsoft patched it in April 2025, but exploitation started almost immediately.
CrushFTP CVE-2025-31161: Authentication Bypass Exploited in the Wild
A critical authentication bypass in CrushFTP allowed unauthenticated access to file transfer servers. Exploitation was observed within days of disclosure, targeting multiple industries.
Ivanti Connect Secure CVE-2025-22457: Another Critical Zero-Day, Same Product
A stack-based buffer overflow in Ivanti Connect Secure was exploited by Chinese threat actors just months after the previous zero-day in the same product. The vulnerability was initially misclassified as low-risk.
Chrome Zero-Day CVE-2025-2783: Sandbox Escape Used in Espionage Campaign
Kaspersky discovered a Chrome zero-day being exploited in a targeted espionage campaign dubbed Operation ForumTroll. The flaw broke Chrome's sandbox with no user interaction beyond clicking a link.
Next.js Middleware Authorization Bypass: CVE-2025-29927
A critical flaw in Next.js allowed attackers to bypass middleware-based authorization by setting a single HTTP header. Applications relying on middleware for auth checks were completely exposed.
Paragon Partition Manager BYOVD: CVE-2025-0289 Kernel-Level Exploitation
Five vulnerabilities in Paragon Partition Manager's kernel driver were exploited in BYOVD attacks, allowing attackers to gain SYSTEM privileges on Windows systems. Microsoft added the driver to its blocklist.
Juniper Router CVE-2025-21589: Authentication Bypass That Puts Network Perimeters at Risk
A critical authentication bypass in Juniper's Session Smart Router lets remote attackers hijack admin sessions. Here's what happened, why it matters, and what to do.
Microsoft Power Pages CVE-2025-24989: Privilege Escalation in Low-Code Platforms
Microsoft patched an actively exploited privilege escalation vulnerability in Power Pages, its low-code web platform. The flaw allowed unauthorized users to gain elevated access within affected sites.
Palo Alto PAN-OS Authentication Bypass: CVE-2025-0108
A path traversal flaw in Palo Alto Networks PAN-OS management web interface allowed unauthenticated access to sensitive REST API endpoints. Exploitation began within days of disclosure.
Zyxel Router Command Injection: CVE-2024-40891 Exploited in the Wild
Threat actors began mass-exploiting a Telnet-based command injection flaw in Zyxel CPE routers, with over 1,500 devices compromised in botnet campaigns. Zyxel initially refused to patch.
SonicWall SMA 1000 Zero-Day: CVE-2025-23006 Pre-Auth RCE
SonicWall disclosed CVE-2025-23006, a critical deserialization vulnerability in its SMA 1000 series gateways that was actively exploited as a zero-day before patches were available.