February “In the Trend of VM” (#24): vulnerabilities in Microsoft products. A traditional monthly roundup of trending vulnerabilities. This time, compact and all-Microsoft.
🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)
In total, two vulnerabilities:
🔻 RCE – Microsoft Office (CVE-2026-21509)
🔻 InfDisc – Desktop Window Manager (CVE-2026-20805)
January “In the Trend of VM” (#23): vulnerabilities in Windows, React and MongoDB. Traditional monthly roundup of trending vulnerabilities. Launching the 2026 season. 🙂
🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)
In total, three vulnerabilities:
🔻 EoP – Windows Cloud Files Mini Filter Driver (CVE-2025-62221)
🔻 RCE – React Server Components “React2Shell” (CVE-2025-55182)
🔻 InfDisc – MongoDB “MongoBleed” (CVE-2025-14847)
December “In the Trend of VM” (#22): vulnerabilities in Windows, the expr-eval library, Control Web Panel, and Django. A traditional monthly roundup of trending vulnerabilities – this time, a fairly compact one. 💽
🗞 Post on Habr (rus)
🗞 Post on SecurityLab (rus)
🗒 Digest on the PT website (rus)
Four vulnerabilities in total:
🔻 EoP – Windows Kernel (CVE-2025-62215)
🔻 RCE – expr-eval (CVE-2025-12735)
🔻 RCE – Control Web Panel (CVE-2025-48703)
🔻 SQLi – Django (CVE-2025-64459)
November “In the Trend of VM” (#21): vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux. The usual monthly roundup. After several months, here’s a big one. 🔥
🗞 Post on Habr (rus)
🗞 Post on SecurityLab (rus)
🗒 Digest on the PT website (rus)
A total of nine vulnerabilities:
🔻 RCE – Windows Server Update Services (WSUS) (CVE-2025-59287)
🔻 RCE – Microsoft SharePoint “ToolShell” (CVE-2025-49704)
🔻 RCE – Windows LNK File (CVE-2025-9491)
🔻 EoP – Windows Remote Access Connection Manager (CVE-2025-59230)
🔻 EoP – Windows Agere Modem Driver (CVE-2025-24990)
🔻 RCE – Redis “RediShell” (CVE-2025-49844)
🔻 RCE – XWiki Platform (CVE-2025-24893)
🔻 XSS – Zimbra Collaboration (CVE-2025-27915)
🔻 EoP – Linux Kernel (CVE-2025-38001)
October “In the Trend of VM” (#20): vulnerabilities in Cisco ASA/FTD and sudo. A traditional monthly roundup. This time, once again, no Microsoft vulnerabilities. 😲
🗞 Post on Habr (rus)
🗞 Post on SecurityLab (rus)
🗒 Digest on the PT website (rus)
Only three identifiers in total:
🔻 Remote Code Execution – Cisco ASA/FTD (CVE-2025-20333, CVE-2025-20362). This vulnerability chain has been exploited in attacks since May 2025, but there are no public exploits yet.
🔻 Elevation of Privilege – Sudo (CVE-2025-32463). There are signs of in-the-wild exploitation and many public exploits are available.
September “In the Trend of VM” (#19): vulnerabilities in the WinRAR and 7-Zip archivers, SAP NetWeaver, and TrueConf Server. A traditional monthly roundup – for the first time with NO Microsoft vulnerabilities! 😲🙂
🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)
A total of eight trending vulnerability IDs in four products:
🔻 Remote Code Execution – WinRAR (CVE-2025-6218, CVE-2025-8088). An exploitable RCE during archive extraction.
🔻 Remote Code Execution – SAP NetWeaver (CVE-2025-31324, CVE-2025-42999). An exploitable RCE in a component of a popular ERP system.
🔻 Remote Code Execution – 7-Zip (CVE-2025-55188). Mostly a Linux RCE during archive extraction – a public exploit is available.
🔻 Remote Code Execution – TrueConf Server (BDU:2025-10116, BDU:2025-10115, BDU:2025-10114). Critical flaws in Russian videoconferencing system.
Statistics on 2024 trending vulnerabilities were featured in the OIC-CERT annual report. 🎉
🔹 The Organisation of Islamic Cooperation (OIC) is the largest and most influential official intergovernmental Muslim international organization. It currently unites 57 countries with a population of about 2 billion people. Russia is also a member of the OIC as an observer.
🔹 OIC-CERT is a computer incident response team and a subsidiary of the OIC. It brings together national CERTs from 27 countries, as well as 8 commercial organizations, including Positive Technologies.
➡️ The statistics on 2024 trending vulnerabilities that I prepared were published in the section highlighting Positive Technologies’ results (report size: 67.49 MB, p.229).
I’m glad my work contributed to promoting PT ESC and Positive Technologies among national CERTs and key decision-makers! 😉
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.