Beazley Security Labs

Advisories

Critical Vulnerability Microsoft Remote Desktop Gateway (CVE-2025-21297)

On January 12th, 2025, Microsoft published an advisory regarding a critical vulnerability in their Remote Desktop Services product. The vulnerability is due to a race condition that can lead to memory corruption. If successfully exploited, an attacker can achieve remote code execution (RCE) on a victim server.

May 21, 2025 - 3 Min Read

Critical Vulnerabilities in SAP NetWeaver Visual Composer (CVE-2025-31324, CVE-2025-42999)

On April 24, 2025, software company SAP published an advisory regarding a critical vulnerability embedded within a component of their NetWeaver product (CVE-2025-31324). On May 15, 2025, CISA added a related, critical SAP NetWeaver deserialization vulnerability (CVE-2025-42999) to its KEV list.

May 20, 2025 - 4 Min Read

Critical Vulnerabilities in multiple Fortinet devices under Active Exploitation (CVE-2025-32756)

On May 13th, Fortinet published an advisory regarding a critical buffer overflow vulnerability identified as CVE-2025-32756 affecting FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera devices. If exploited successfully, the vulnerability could allow unauthenticated attackers to execute arbitrary code or commands via malicious HTTP cookies.

May 15, 2025 - 6 Min Read

Critical Vulnerability Updates in SonicWall (CVE-2023-44221, CVE-2024-38475)

On May 1st, watchTowr Labs published an article detailing new information on two previously reported critical vulnerabilities in SonicWall SMA: CVE-2024-38475 and CVE-2023-44221. These vulnerabilities are an arbitrary file read and a command injection, and successful combined exploitation of them would grant a threat actor remote code execution (RCE) on a target device. Both vulnerabilities were added to the CISA KEV on the same day, and Beazley Security is aware of active “In the Wild” exploitation of these vulnerabilities.

May 1, 2025 - 10 Min Read

Gladinet CentreStack Deserialization Vulnerability (CVE-2025-30406)

On or about April 3rd, 2025 a critical deserialization vulnerability in Gladinet’s CentreStack and Triofox platforms was publicly released as CVE-2025-30406. The vulnerability arises from the use of hardcoded machineKey values in both their underlying Internet Information Services (IIS) configuration files.

Apr 17, 2025 - 4 Min Read

Critical Vulnerability in CrushFTP (CVE-2025-31161)

On March 21st, CrushFTP released an announcement that their file transfer software suite was affected by a critical HTTP authentication bypass vulnerability that could result in unauthorized access to sensitive data hosted on CrushFTP servers. The vulnerability was later identified as CVE-2025-31161 and affects CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0.

Apr 17, 2025 - 4 Min Read

Critical Vulnerability in Ivanti VPN Products (CVE-2025-22457)

On April 3rd, Ivanti released an advisory for a critical vulnerability in their VPN and network access control products Connect Secure, Policy Secure, and ZTA Gateways. Successfully exploiting the vulnerability would enable an unauthenticated threat actor to achieve remote code execution (RCE) on a target device. This family of products are, by design, deployed on customer networks as internet facing, so this vulnerability can provide threat actors initial access to organization networks.

Apr 4, 2025 - 3 Min Read

Oracle Cloud Infrastructure Client Data Leaked to Cybercrime Forum

On March 20th, a user on BreachForums claimed to have compromised Oracle Cloud Infrastructure (OCI). The breach reportedly affected servers responsible for authenticating users to Oracle Cloud services. The individual provided sample data to support their claim and offered to sell access to “about 6 million” credentials and authentication materials for 100,000 Monero (XMR), a cryptocurrency considered more difficult to trace than bitcoin. The threat actor is offering to remove any compromised accounts from the data dump for an unspecified payment and to trade breach information for 0-day exploits. This post was updated on March 26th, 2025 with additional information.

Mar 24, 2025 - 12 Min Read

Critical Vulnerability in Veeam Backup and Replication (CVE-2025-23120)

On March 19th, backup solution vendor Veeam published an advisory detailing a critical vulnerability in their Backup and Replication product. This product is used as a data backup and restoration solution, and the vulnerability is due to a deserialization bug that would allow an authenticated attacker to achieve remote code execution (RCE) on a targeted device. Ransomware threat actors often target Veeam to steal and destroy backups, and they could opportunistically leverage this vulnerability to enhance the impact and destruction of victim files.

Mar 21, 2025 - 3 Min Read

Uptick in Fake Captcha Campaigns Tricking Users to Deliver Malware

Beazley Security has identified multiple cybercriminal campaigns leveraging deceptive advertisements and fake CAPTCHA pages to distribute malware.

Mar 17, 2025 - 3 Min Read