Category Archives: Projects

June Microsoft Patch Tuesday

June Microsoft Patch Tuesday. A total of 81 vulnerabilities, roughly the same as in May. Among them, 15 vulnerabilities were added between the May and June MSPT. There are 3 vulnerabilities with signs of exploitation in the wild:

RCE – WEBDAV (CVE-2025-33053). The vulnerability is related to Internet Explorer mode in Microsoft Edge and other applications. Exploited via malicious URL click.
SFB – Chromium (CVE-2025-4664)
Memory Corruption – Chromium (CVE-2025-5419)

There’s a PoC for one of the vulnerabilities on GitHub, but I doubt it actually works:

EoP – Microsoft Edge (CVE-2025-47181)

Other notable ones include:

RCE – Microsoft Office (CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, CVE-2025-47953), KPSSVC (CVE-2025-33071), SharePoint (CVE-2025-47172), Outlook (CVE-2025-47171)
EoP – SMB Client (CVE-2025-33073), CLFS (CVE-2025-32713), Netlogon (CVE-2025-33070)

Full Vulristics report

На русском

Vulnerabilities of Western logistics

Leave a reply

Vulnerabilities of Western logistics. On May 21, Western intelligence agencies released joint advisory AA25-141A about attacks targeting infrastructure of Western logistics and tech companies. Alongside the usual Five Eyes, intelligence services from Germany, Czech Republic, Poland, Denmark, Estonia, France, and the Netherlands also contributed.

The document mentions the exploitation of vulnerabilities:

Remote Code Execution – WinRAR (CVE-2023-38831)
Elevation of Privilege – Microsoft Outlook (CVE-2023-23397)
Remote Code Execution – Roundcube (CVE-2020-12641)
Code Injection – Roundcube (CVE-2021-44026)
Cross Site Scripting – Roundcube (CVE-2020-35730)

Patches, exploits, and signs of in-the-wild exploitation have been available for years for these vulnerabilities.

Vulristics Report

На русском

May

Leave a reply

May Linux Patch Wednesday. This time: 1091 vulnerabilities. Of those, 716 are in the Linux Kernel. 5 vulnerabilities are exploited in the wild:

RCE – PHP CSS Parser (CVE-2020-13756). In AttackerKB, an exploit exists.
DoS – Apache ActiveMQ (CVE-2025-27533). In AttackerKB, an exploit exists.
SFB – Chromium (CVE-2025-4664). In CISA KEV.
PathTrav – buildkit (CVE-2024-23652) and MemCor – buildkit (CVE-2024-23651). In BDU FSTEC.

For 52 () more, there are signs of existing public exploits. Two trending vulnerabilities I’ve mentioned before::

RCE – Kubernetes “IngressNightmare” (CVE-2025-1974 and 4 others)
RCE – Erlang/OTP (CVE-2025-32433)

Exploits for these are also notable:

EoP – Linux Kernel (CVE-2023-53033)
XSS – Horde IMP (CVE-2025-30349)
PathTrav – tar-fs (CVE-2024-12905)
SFB – kitty (CVE-2025-43929)
DoS – libxml2 (CVE-2025-32414)

Full Vulristics report

На русском

I’m done preparing the slides for my talk about Vulristics at PHDays

Leave a reply

I’m done preparing the slides for my talk about Vulristics at PHDays. I’ll be speaking on the last day of the festival – Saturday, May 24, at 16:00 in Popov Hall 25. If you’re there at that time, I’d be glad to see you. If not – join online!

I’ll have an hour to dive into Vulristics, vulnerability analysis & prioritization. I’ll walk through the Vulristics report structure, typical tasks (like analyzing Microsoft Patch Tuesday, Linux Patch Wednesday, individual trending CVEs, and vulnerability sets), how the work with data sources is organized, the challenges of accurately detecting vulnerability types and vulnerable products. Finally, I’ll discuss Vulristics integration into pipelines. Feel free to use the code – Vulristics is MIT-licensed.

Talk on the PHDays website – you can download the .ics calendar file there
May 24, 2025, 16:00 (MSK)
Luzhniki, Popov Hall 25

На русском

May Microsoft Patch Tuesday

Leave a reply

May Microsoft Patch Tuesday. A total of 93 vulnerabilities – about 1.5 times fewer than in April. Of these, 22 were added between the April and May MSPT. There are 5 vulnerabilities show signs of in-the-wild exploitation:

EoP – Microsoft DWM Core Library (CVE-2025-30400)
EoP – Windows CLFS Driver (CVE-2025-32701, CVE-2025-32706)
EoP – Windows Ancillary Function Driver for WinSock (CVE-2025-32709)
Memory Corruption – Scripting Engine (CVE-2025-30397). RCE when clicking a malicious link. Exploitation requires the “Allow sites to be reloaded in Internet Explorer” option.

There are currently no vulnerabilities with public exploits.

Notable among the rest:

RCE – Remote Desktop Client (CVE-2025-29966, CVE-2025-29967), Office (CVE-2025-30377, CVE-2025-30386), Graphics Component (CVE-2025-30388), Visual Studio (CVE-2025-32702)
EoP – Kernel Streaming (CVE-2025-24063), CLFS Driver (CVE-2025-30385)

Full Vulristics report

На русском

April Linux Patch Wednesday

Leave a reply

April Linux Patch Wednesday. Total vulnerabilities: 251. 164 in the Linux Kernel. No vulnerabilities show signs of being exploited in the wild. There are 7 vulnerabilities that appear to have publicly available exploits.

For 2 vulnerabilities, exploit code with detailed explanation is available on GitHub. Both were first patched in RedOS packages:

SQL injection – Exim (CVE-2025-26794)
Code Injection – MariaDB (CVE-2023-39593)

For the Memory Corruption – Mozilla Firefox (CVE-2025-3028), the NVD states the exploit code is in Mozilla’s bug tracker, but access is restricted.

BDU FSTEC reports public exploits for 4 vulnerabilities:

Information Disclosure – GLPI (CVE-2025-21626)
Security Feature Bypass – GLPI (CVE-2025-23024)
Denial of Service / Remote Code Execution – Perl (CVE-2024-56406)
Memory Corruption – Libsoup (CVE-2025-32050)

Full Vulristics report

На русском

April Microsoft Patch Tuesday

Leave a reply

April Microsoft Patch Tuesday. A total of 153 vulnerabilities, 2 times more than in March. Of these, 32 were added between the March and April MSPTs. Three vulnerabilities show signs of exploitation in the wild:

EoP – Windows Common Log File System Driver (CVE-2025-29824). An attacker can gain SYSTEM privileges. No technical details yet.
SFB – Microsoft Edge (CVE-2025-2783). Sandbox escape with an existing PoC exploit.
RCE – Microsoft Edge (CVE-2025-24201). Originally reported as a WebKit vuln on Apple OSes.

Microsoft also patched vulnerabilities in Kubernetes with known exploits (CVE-2025-1974, CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-24513)

Other notable ones:

RCE – LDAP (CVE-2025-26670, CVE-2025-26663), TCP/IP (CVE-2025-26686), Microsoft Office (CVE-2025-29794, CVE-2025-29793), RDS (CVE-2025-27480, CVE-2025-27482), Hyper-V (CVE-2025-27491)
SFB – Kerberos (CVE-2025-29809)

Full Vulristics report

На русском

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Category Archives: Projects

June Microsoft Patch Tuesday

Vulnerabilities of Western logistics

May

I’m done preparing the slides for my talk about Vulristics at PHDays

May Microsoft Patch Tuesday

April Linux Patch Wednesday

April Microsoft Patch Tuesday