Vulnerability management – Noise

Patch Tuesday – November 2025

Adam Barnett — Tue, 11 Nov 2025 20:58:18 +0000

Microsoft is publishing 66 new vulnerabilities today, which is far fewer than we’ve come to expect in recent months. There’s a lone exploited-in-the-wild zero-day vulnerability, which Microsoft assesses as critical severity, although there’s apparently...

Patch Tuesday – June 2025

Adam Barnett — Tue, 10 Jun 2025 20:08:55 +0000

WebDAV & SMB client zero-days. KDC Proxy Service & Office critical RCEs.

Patch Tuesday – May 2025

Adam Barnett — Tue, 13 May 2025 20:58:33 +0000

Seven zero-days: Window Scripting Engine, 2x CLFS, DWM, Visual Studio, AFD for Winsock, Defender for Identity.

Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)

Ryan Emmons — Wed, 07 May 2025 20:18:06 +0000

Rapid7 is disclosing three new vulnerabilities in SonicWall SMA 100 series appliances (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821). An attacker with access to an SMA SSLVPN user account can chain these vulnerabilities for root-level code execution.

Exploring an Untethered, Unified Approach to CTEM

Joel Alcon — Wed, 07 May 2025 13:00:00 +0000

Unlike traditional standalone VM, CASM, EASM, SIEM, or EDR tools that rely on proprietary agents, Exposure Command from Rapid7 brings it all together into one platform.

Three Takeaways from the Gartner® Report: How to Grow Vulnerability Management Into Exposure Management

Rapid7 — Wed, 30 Apr 2025 13:00:00 +0000

Latest research from Gartner, How to Grow Vulnerability Management Into Exposure Management, highlights the need for security teams to move beyond simply tracking vulnerabilities and embrace a more comprehensive approach to exposure management.

Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324

Caitlin Condon — Mon, 28 Apr 2025 11:57:12 +0000

A critical SAP NetWeaver zero-day vulnerability (CVE-2025-31324) that allows for full SAP server compromise is being actively exploited in the wild.

Following the News: MITRE’s Common Vulnerabilities and Exposures (CVE) Funding

Rapid7 — Wed, 16 Apr 2025 14:56:15 +0000

Rapid7 continues to monitor both public and private discussions closely in its capacity as a CVE Numbering Authority (CNA) and as a longtime leader and participant in the CVE ecosystem.

Patch Tuesday – April 2025

Adam Barnett — Tue, 08 Apr 2025 20:30:03 +0000

CLFS zero-day. LDAP critical RCEs. RDS critical RCEs. Hyper-V critical RCE.

Ivanti Connect Secure CVE-2025-22457 exploited in the wild

Ryan Emmons — Thu, 03 Apr 2025 18:50:02 +0000

On April 3, 2025, Ivanti disclosed CVE-2025-22457, a critical a stack-based buffer overflow vulnerability that allows for remote code execution on affected devices.

Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP

Calum Hutton — Tue, 25 Mar 2025 15:12:56 +0000

Rapid7 is warning customers of two notable vulnerabilities affecting Next.js (CVE-2025-29927) and file transfer software CrushFTP (no CVE).

Critical Veeam Backup & Replication CVE-2025-23120

Rapid7 — Wed, 19 Mar 2025 19:51:26 +0000

On Wednesday, March 19, 2025, backup and recovery software provider Veeam published a security advisory for a critical remote code execution vulnerability tracked as CVE-2025-23120. The vulnerability affects Backup & Replication systems that are domain joined. Veeam explicitly mentions that domain-joined backup servers are against security and compliance best practices,

Apache Tomcat CVE-2025-24813: What You Need to Know

Caitlin Condon — Wed, 19 Mar 2025 17:40:52 +0000

Here at Rapid7, our usual bar for calling a vulnerability an emergent threat is either known exploitation at scale, or likelihood of exploitation at scale. Apache Tomcat CVE-2025-24813 fulfills neither of these criteria, despite a variety of news headlines alleging broad exploitation in the wild. Tomcat is widely deployed and

Patch Tuesday – March 2025

Adam Barnett — Tue, 11 Mar 2025 20:16:15 +0000

Seven zero-days. Win32 EoP. Multiple filesystem driver attacks. MMC security feature bypass. Access (again). WSL magic email RCE. Malicious RDP server.

Multiple zero-day vulnerabilities in Broadcom VMware ESXi and other products

Stephen Fewer — Tue, 04 Mar 2025 17:00:13 +0000

On Tuesday, March 4, 2025, Broadcom published a critical security advisory (VMSA-2025-0004) on 3 new zero-day vulnerabilities affecting multiple VMware products, including ESXi, Workstation, and Fusion.

Patch Tuesday – February 2025

Adam Barnett — Tue, 11 Feb 2025 21:30:07 +0000

Four zero-days: AFD EoP, Storage EoP, NTLMv2 disclosure, Surface container escape. Critical RCEs in LDAP, DHCP client, Excel.

Fortinet firewalls hit with new zero-day attack, older data leak

Caitlin Condon — Thu, 16 Jan 2025 15:57:23 +0000

Rapid7 is responding to two separate events affecting Fortinet firewall customers: Zero-day exploitation of CVE-2024-55591 in FortiOS, and a large-scale data leak of older FortiGate firewall IPs, passwords, and configs.

Patch Tuesday – January 2025

Adam Barnett — Tue, 14 Jan 2025 22:12:23 +0000

Eight 0-days. Access: triple zero-day RCE; Hyper-V NT Kernel Integration VSP: triple zero-day EoP; Windows Themes: zero-day NTLM disclosure; Windows Installer: zero-day EoP; PGM: critical RCE; OLE: critical RCE.

CVE-2025-0282: Ivanti Connect Secure zero-day exploited in the wild

Caitlin Condon — Wed, 08 Jan 2025 18:13:13 +0000

Two stack-based buffer overflow issues were disclosed in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA. CVE-2025-0282, the more severe of the two issues, has been exploited in the wild against Ivanti Connect Secure devices.

Patch Tuesday – December 2024

Adam Barnett — Tue, 10 Dec 2024 22:15:31 +0000

1 zero-day. CLFS EoP. 16 critical RCEs. Hyper-V container escape. Multiple Remote Desktop Services RCE.