Tag Archives: Vulristics

May

May

May Linux Patch Wednesday. This time: 1091 vulnerabilities. Of those, 716 are in the Linux Kernel. 🤯 5 vulnerabilities are exploited in the wild:

🔻 RCE – PHP CSS Parser (CVE-2020-13756). In AttackerKB, an exploit exists.
🔻 DoS – Apache ActiveMQ (CVE-2025-27533). In AttackerKB, an exploit exists.
🔻 SFB – Chromium (CVE-2025-4664). In CISA KEV.
🔻 PathTrav – buildkit (CVE-2024-23652) and MemCor – buildkit (CVE-2024-23651). In BDU FSTEC.

For 52 (❗️) more, there are signs of existing public exploits. Two trending vulnerabilities I’ve mentioned before::

🔸 RCE – Kubernetes “IngressNightmare” (CVE-2025-1974 and 4 others)
🔸 RCE – Erlang/OTP (CVE-2025-32433)

Exploits for these are also notable:

🔸 EoP – Linux Kernel (CVE-2023-53033)
🔸 XSS – Horde IMP (CVE-2025-30349)
🔸 PathTrav – tar-fs (CVE-2024-12905)
🔸 SFB – kitty (CVE-2025-43929)
🔸 DoS – libxml2 (CVE-2025-32414)

🗒 Full Vulristics report

На русском

I’m done preparing the slides for my talk about Vulristics at PHDays

I'm done preparing the slides for my talk about Vulristics at PHDays

I’m done preparing the slides for my talk about Vulristics at PHDays. 😇 I’ll be speaking on the last day of the festival – Saturday, May 24, at 16:00 in Popov Hall 25. If you’re there at that time, I’d be glad to see you. If not – join online! 😉

I’ll have an hour to dive into Vulristics, vulnerability analysis & prioritization. 🤩 I’ll walk through the Vulristics report structure, typical tasks (like analyzing Microsoft Patch Tuesday, Linux Patch Wednesday, individual trending CVEs, and vulnerability sets), how the work with data sources is organized, the challenges of accurately detecting vulnerability types and vulnerable products. Finally, I’ll discuss Vulristics integration into pipelines. Feel free to use the code – Vulristics is MIT-licensed. 🆓

➡️ Talk on the PHDays website – you can download the .ics calendar file there 😉
⏰ May 24, 2025, 16:00 (MSK)
📍 Luzhniki, Popov Hall 25

На русском

May Microsoft Patch Tuesday

May Microsoft Patch Tuesday

May Microsoft Patch Tuesday. A total of 93 vulnerabilities – about 1.5 times fewer than in April. Of these, 22 were added between the April and May MSPT. There are 5 vulnerabilities show signs of in-the-wild exploitation:

🔻 EoP – Microsoft DWM Core Library (CVE-2025-30400)
🔻 EoP – Windows CLFS Driver (CVE-2025-32701, CVE-2025-32706)
🔻 EoP – Windows Ancillary Function Driver for WinSock (CVE-2025-32709)
🔻 Memory Corruption – Scripting Engine (CVE-2025-30397). RCE when clicking a malicious link. Exploitation requires the “Allow sites to be reloaded in Internet Explorer” option.

There are currently no vulnerabilities with public exploits.

Notable among the rest:

🔹 RCE – Remote Desktop Client (CVE-2025-29966, CVE-2025-29967), Office (CVE-2025-30377, CVE-2025-30386), Graphics Component (CVE-2025-30388), Visual Studio (CVE-2025-32702)
🔹 EoP – Kernel Streaming (CVE-2025-24063), CLFS Driver (CVE-2025-30385)

🗒 Full Vulristics report

На русском

April Linux Patch Wednesday

April Linux Patch Wednesday

April Linux Patch Wednesday. Total vulnerabilities: 251. 👌 164 in the Linux Kernel. No vulnerabilities show signs of being exploited in the wild. There are 7 vulnerabilities that appear to have publicly available exploits.

For 2 vulnerabilities, exploit code with detailed explanation is available on GitHub. Both were first patched in RedOS packages:

🔸 SQL injection – Exim (CVE-2025-26794)
🔸 Code Injection – MariaDB (CVE-2023-39593)

For the Memory Corruption – Mozilla Firefox (CVE-2025-3028), the NVD states the exploit code is in Mozilla’s bug tracker, but access is restricted. 🤷‍♂️

BDU FSTEC reports public exploits for 4 vulnerabilities:

🔸 Information Disclosure – GLPI (CVE-2025-21626)
🔸 Security Feature Bypass – GLPI (CVE-2025-23024)
🔸 Denial of Service / Remote Code Execution – Perl (CVE-2024-56406)
🔸 Memory Corruption – Libsoup (CVE-2025-32050)

🗒 Full Vulristics report

На русском

April Microsoft Patch Tuesday

April Microsoft Patch Tuesday

April Microsoft Patch Tuesday. A total of 153 vulnerabilities, 2 times more than in March. Of these, 32 were added between the March and April MSPTs. Three vulnerabilities show signs of exploitation in the wild:

🔻 EoP – Windows Common Log File System Driver (CVE-2025-29824). An attacker can gain SYSTEM privileges. No technical details yet.
🔻 SFB – Microsoft Edge (CVE-2025-2783). Sandbox escape with an existing PoC exploit.
🔻 RCE – Microsoft Edge (CVE-2025-24201). Originally reported as a WebKit vuln on Apple OSes. 🤷‍♂️

Microsoft also patched vulnerabilities in Kubernetes with known exploits (CVE-2025-1974, CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-24513)

Other notable ones:

🔹 RCE – LDAP (CVE-2025-26670, CVE-2025-26663), TCP/IP (CVE-2025-26686), Microsoft Office (CVE-2025-29794, CVE-2025-29793), RDS (CVE-2025-27480, CVE-2025-27482), Hyper-V (CVE-2025-27491)
🔹 SFB – Kerberos (CVE-2025-29809)

🗒 Full Vulristics report

На русском

March Linux Patch Wednesday

March Linux Patch Wednesday

March Linux Patch Wednesday. Total vulnerabilities: 1083. 😱 879 in the Linux Kernel. 🤦‍♂️ Two vulnerabilities show signs of exploitation in the wild:

🔻 Code Injection – GLPI (CVE-2022-35914). An old vulnerability from CISA KEV, but first patched on March 3 in RedOS Linux.
🔻 Memory Corruption – Safari (CVE-2025-24201). Fixed in WebKitGTK packages in Linux repositories.

There are 19 vulnerabilities with publicly available exploits. Notable ones:

🔸 Remote Code Execution – Apache Tomcat (CVE-2025-24813)
🔸 Command InjectionSPIP (CVE-2024-8517)
🔸 Memory CorruptionAssimp (CVE-2025-2152)
🔸 Memory Corruption – libxml2 (CVE-2025-27113)

The Elevation of Privilege vulnerability in the Linux Kernel (CVE-2022-49264) has no public exploit yet. However, it resembles well-known PwnKit (CVE-2021-4034).

🗒 Full Vulristics report

На русском

March Microsoft Patch Tuesday

March Microsoft Patch Tuesday

March Microsoft Patch Tuesday. 77 CVEs, 20 of which were added during the month. 7 vulnerabilities with signs of exploitation in the wild:

🔻 RCE – Windows Fast FAT File System Driver (CVE-2025-24985)
🔻 RCE – Windows NTFS (CVE-2025-24993)
🔻 SFB – Microsoft Management Console (CVE-2025-26633)
🔻 EoP – Windows Win32 Kernel Subsystem (CVE-2025-24983)
🔻 InfDisc – Windows NTFS (CVE-2025-24991, CVE-2025-24984)
🔻 AuthBypass – Power Pages (CVE-2025-24989) – in Microsoft web service, can be ignored

There are no vulnerabilities with public exploits, there are 2 more with private ones:

🔸 RCE – Bing (CVE-2025-21355) – in Microsoft web service, can be ignored
🔸 SFB – Windows Kernel (CVE-2025-21247)

Among the others:

🔹 RCE – Windows Remote Desktop Client (CVE-2025-26645) and Services (CVE-2025-24035, CVE-2025-24045), MS Office (CVE-2025-26630), WSL2 (CVE-2025-24084)
🔹 EoP – Windows Win32 Kernel Subsystem (CVE-2025-24044)

🗒 Full Vulristics report

На русском