Safeguard
Topic

Vulnerability Analysis

In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.

568 articles

Vulnerability Analysis

Erlang/OTP SSH CVE-2025-32433: Unauthenticated RCE Scoring 10.0

A maximum-severity vulnerability in Erlang/OTP's SSH server allowed unauthenticated remote code execution. Any system running Erlang's built-in SSH daemon was at risk, including telecom infrastructure.

Apr 16, 20255 min read
Vulnerability Analysis

Windows NTLM Hash Disclosure CVE-2025-24054: The Protocol That Won't Die

CVE-2025-24054 leaks NTLM hashes through .library-ms files with minimal user interaction. Microsoft patched it in April 2025, but exploitation started almost immediately.

Apr 15, 20256 min read
Vulnerability Analysis

CrushFTP CVE-2025-31161: Authentication Bypass Exploited in the Wild

A critical authentication bypass in CrushFTP allowed unauthenticated access to file transfer servers. Exploitation was observed within days of disclosure, targeting multiple industries.

Apr 7, 20255 min read
Vulnerability Analysis

Ivanti Connect Secure CVE-2025-22457: Another Critical Zero-Day, Same Product

A stack-based buffer overflow in Ivanti Connect Secure was exploited by Chinese threat actors just months after the previous zero-day in the same product. The vulnerability was initially misclassified as low-risk.

Apr 3, 20255 min read
Vulnerability Analysis

Chrome Zero-Day CVE-2025-2783: Sandbox Escape Used in Espionage Campaign

Kaspersky discovered a Chrome zero-day being exploited in a targeted espionage campaign dubbed Operation ForumTroll. The flaw broke Chrome's sandbox with no user interaction beyond clicking a link.

Mar 25, 20255 min read
Vulnerability Analysis

Next.js Middleware Authorization Bypass: CVE-2025-29927

A critical flaw in Next.js allowed attackers to bypass middleware-based authorization by setting a single HTTP header. Applications relying on middleware for auth checks were completely exposed.

Mar 21, 20255 min read
Vulnerability Analysis

Paragon Partition Manager BYOVD: CVE-2025-0289 Kernel-Level Exploitation

Five vulnerabilities in Paragon Partition Manager's kernel driver were exploited in BYOVD attacks, allowing attackers to gain SYSTEM privileges on Windows systems. Microsoft added the driver to its blocklist.

Mar 1, 20256 min read
Vulnerability Analysis

Juniper Router CVE-2025-21589: Authentication Bypass That Puts Network Perimeters at Risk

A critical authentication bypass in Juniper's Session Smart Router lets remote attackers hijack admin sessions. Here's what happened, why it matters, and what to do.

Feb 20, 20255 min read
Vulnerability Analysis

Microsoft Power Pages CVE-2025-24989: Privilege Escalation in Low-Code Platforms

Microsoft patched an actively exploited privilege escalation vulnerability in Power Pages, its low-code web platform. The flaw allowed unauthorized users to gain elevated access within affected sites.

Feb 19, 20256 min read
Vulnerability Analysis

Palo Alto PAN-OS Authentication Bypass: CVE-2025-0108

A path traversal flaw in Palo Alto Networks PAN-OS management web interface allowed unauthenticated access to sensitive REST API endpoints. Exploitation began within days of disclosure.

Feb 12, 20255 min read
Vulnerability Analysis

Zyxel Router Command Injection: CVE-2024-40891 Exploited in the Wild

Threat actors began mass-exploiting a Telnet-based command injection flaw in Zyxel CPE routers, with over 1,500 devices compromised in botnet campaigns. Zyxel initially refused to patch.

Feb 4, 20255 min read
Vulnerability Analysis

SonicWall SMA 1000 Zero-Day: CVE-2025-23006 Pre-Auth RCE

SonicWall disclosed CVE-2025-23006, a critical deserialization vulnerability in its SMA 1000 series gateways that was actively exploited as a zero-day before patches were available.

Jan 22, 20255 min read
Vulnerability Analysis (Page 42) — Supply Chain Security Blog | Safeguard