Report Name: pt_trend_cve_combined2025
Generated: 2025-07-17 13:18:30

Product Name	Prevalence	U	C	H	M	L	A	Comment
Apache HTTP Server	0.9	1					1	Apache HTTP Server is a free and open-source web server that delivers web content through the internet
Windows NTLM	0.9	1					1	A suite of security protocols to authenticate users' identity and protect the integrity and confidentiality of their activity
Windows SMB Client	0.9		1				1	Windows component
Microsoft DWM Core Library	0.8	1					1	Windows component
Microsoft Management Console	0.8	1					1	Microsoft Management Console (MMC) is a component of Microsoft Windows that provides system administrators and advanced users an interface for configuring and monitoring the system
Microsoft Windows File Explorer	0.8	1					1	Windows component
Windows Ancillary Function Driver for WinSock	0.8	1					1	Windows component
Windows Cloud Files Mini Filter Driver	0.8		1				1	Windows component
Windows Common Log File System Driver	0.8	3					3	Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs
Windows Fast FAT File System Driver	0.8	1					1	Windows component
Windows Hyper-V NT Kernel Integration VSP	0.8	3					3	Windows component
Windows Lightweight Directory Access Protocol (LDAP)	0.8		1				1	Windows component
Windows NTFS	0.8	1					1	The default file system of the Windows NT family
Windows OLE	0.8		1				1	Windows component
Windows Process Activation	0.8		1				1	Windows component
Windows Storage	0.8		1				1	Windows component
Windows Win32 Kernel Subsystem	0.8		1				1	Windows component
Apache Tomcat	0.7	1					1	Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
ESXi	0.7	1	2				3	VMware ESXi (formerly ESX) is an enterprise-class, type-1 hypervisor developed by VMware for deploying and serving virtual computers
Kubernetes	0.7		1				1	Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
MDaemon Email Server	0.6	1					1	MDaemon Email Server is an email server application with groupware functions for Microsoft Windows. MDaemon supports multiple client-side protocols, including IMAP, POP3, SMTP/MSA, webmail, CalDAV, CardDAV, and optionally ActiveSync for mobile clients and Outlook, and its Connector for Outlook add-on.
Roundcube	0.6	1					1	Roundcube is a web-based IMAP email client
7-Zip	0.5	1		1			2	7-Zip is a free and open-source file archiver, a utility used to place groups of files within compressed containers known as "archives"
FortiOS	0.5	1					1	FortiOS is Fortinet's operating system used in their hardware, such as the Fortigate firewall and switches
Internet Shortcut Files	0.5	1					1	Internet Shortcut Files
Microsoft Configuration Manager	0.5	1					1	Microsoft Configuration Manager
PAN-OS	0.5	1					1	PAN-OS is the software that runs all Palo Alto Networks next-generation firewalls
CommuniGate Pro	0.4		1				1	CommuniGate Pro is a highly scalable carrier grade unified communications server, as well as a development platform
Erlang/OTP	0.4	1					1	Erlang/OTP is a set of libraries for the Erlang programming language
Zimbra Collaboration	0.3	1					1	Zimbra Collaboration is a collaborative software suite that includes an email server and a web client

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0	10	4	1			15
Authentication Bypass	0.98	2					2
Security Feature Bypass	0.9	1					1
Elevation of Privilege	0.85	8	5				13
Information Disclosure	0.83		1				1
Cross Site Scripting	0.8	2					2
Memory Corruption	0.5		1				1
Spoofing	0.4	2					2

Source	U	C	H	M	L	A

Urgent (25)

1. Remote Code Execution - Apache HTTP Server (CVE-2024-38475) - Urgent [971]

Description: Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.

2. Remote Code Execution - Apache Tomcat (CVE-2025-24813) - Urgent [950]

Description: Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.

3. Remote Code Execution - Roundcube (CVE-2025-49113) - Urgent [933]

Description: Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

4. Remote Code Execution - Windows Fast FAT File System Driver (CVE-2025-24985) - Urgent [919]

Description: Windows Fast FAT File System Driver Remote Code Execution Vulnerability

5. Elevation of Privilege - Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333) - Urgent [916]

Description: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

6. Remote Code Execution - Microsoft Configuration Manager (CVE-2024-43468) - Urgent [916]

Description: Microsoft Configuration Manager Remote Code Execution Vulnerability

7. Authentication Bypass - FortiOS (CVE-2024-55591) - Urgent [913]

Description: An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

8. Elevation of Privilege - Microsoft DWM Core Library (CVE-2025-30400) - Urgent [904]

Description: Microsoft DWM Core Library Elevation of Privilege Vulnerability

9. Elevation of Privilege - Windows Common Log File System Driver (CVE-2025-29824) - Urgent [904]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability

10. Authentication Bypass - PAN-OS (CVE-2025-0108) - Urgent [901]

Description: An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

11. Security Feature Bypass - Microsoft Management Console (CVE-2025-26633) - Urgent [901]

Description: Microsoft Management Console Security Feature Bypass Vulnerability

12. Remote Code Execution - Erlang/OTP (CVE-2025-32433) - Urgent [899]

Description: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

13. Remote Code Execution - Internet Shortcut Files (CVE-2025-33053) - Urgent [892]

Description: Internet Shortcut Files Remote Code Execution Vulnerability

14. Remote Code Execution - 7-Zip (CVE-2025-0411) - Urgent [880]

Description: 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.

15. Cross Site Scripting - MDaemon Email Server (CVE-2024-11182) - Urgent [850]

Description: An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window.

16. Spoofing - Windows NTLM (CVE-2025-24054) - Urgent [840]

Description: NTLM Hash Disclosure Spoofing Vulnerability

17. Remote Code Execution - Windows NTFS (CVE-2025-24993) - Urgent [829]

Description: Windows NTFS Remote Code Execution Vulnerability

18. Remote Code Execution - ESXi (CVE-2025-22224) - Urgent [825]

Description: VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

19. Spoofing - Microsoft Windows File Explorer (CVE-2025-24071) - Urgent [823]

Description: Microsoft Windows File Explorer Spoofing Vulnerability

20. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2025-21418) - Urgent [802]

Description: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

21. Elevation of Privilege - Windows Common Log File System Driver (CVE-2025-32701) - Urgent [802]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability

22. Elevation of Privilege - Windows Common Log File System Driver (CVE-2025-32706) - Urgent [802]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability

23. Elevation of Privilege - Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21334) - Urgent [802]

Description: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

24. Elevation of Privilege - Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21335) - Urgent [802]

Description: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

25. Cross Site Scripting - Zimbra Collaboration (CVE-2024-27443) - Urgent [800]

Description: An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this via an email message containing a crafted calendar header with an embedded XSS payload. When a victim views this message in the Zimbra webmail classic interface, the payload is executed in the context of the victim's session, potentially leading to execution of arbitrary JavaScript code.

Critical (11)

26. Elevation of Privilege - Windows Storage (CVE-2025-21391) - Critical [791]

Description: Windows Storage Elevation of Privilege Vulnerability

27. Elevation of Privilege - Windows Win32 Kernel Subsystem (CVE-2025-24983) - Critical [779]

Description: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

28. Information Disclosure - ESXi (CVE-2025-22226) - Critical [758]

Description: VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

29. Remote Code Execution - Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112) - Critical [752]

Description: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

30. Remote Code Execution - Windows OLE (CVE-2025-21298) - Critical [752]

Description: Windows OLE Remote Code Execution Vulnerability

31. Remote Code Execution - Kubernetes (CVE-2025-1974) - Critical [735]

Description: A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

32. Memory Corruption - ESXi (CVE-2025-22225) - Critical [723]

Description: VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

33. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2024-30085) - Critical [701]

Description: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

34. Remote Code Execution - CommuniGate Pro (BDU:2025-01331) - Critical [679]

Description: The CommuniGate Pro mail server is vulnerable to a stack-based buffer overflow. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code.

35. Elevation of Privilege - Windows SMB Client (CVE-2025-33073) - Critical [670]

Description: Windows SMB Client Elevation of Privilege Vulnerability

36. Elevation of Privilege - Windows Process Activation (CVE-2025-21204) - Critical [666]

Description: Windows Process Activation Elevation of Privilege Vulnerability

High (1)

37. Remote Code Execution - 7-Zip (BDU:2025-01793) - High [535]

Description: The vulnerability in the Mark-of-the-Web protection mechanism of the 7-Zip archiver is related to the violation of the data protection mechanism. Exploitation of the vulnerability may allow an attacker to execute arbitrary code when a user unpacks an archive containing a specially crafted file.

Medium (0)

Low (0)

Exploitation in the wild detected (30)

Remote Code Execution (11)

• Apache HTTP Server (CVE-2024-38475)
• Apache Tomcat (CVE-2025-24813)
• Roundcube (CVE-2025-49113)
• Windows Fast FAT File System Driver (CVE-2025-24985)
• Microsoft Configuration Manager (CVE-2024-43468)
• Erlang/OTP (CVE-2025-32433)
• Internet Shortcut Files (CVE-2025-33053)
• 7-Zip (CVE-2025-0411)
• Windows NTFS (CVE-2025-24993)
• ESXi (CVE-2025-22224)
• CommuniGate Pro (BDU:2025-01331)

Elevation of Privilege (10)

• Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
• Microsoft DWM Core Library (CVE-2025-30400)
• Windows Common Log File System Driver (CVE-2025-29824, CVE-2025-32701, CVE-2025-32706)
• Windows Ancillary Function Driver for WinSock (CVE-2025-21418)
• Windows Storage (CVE-2025-21391)
• Windows Win32 Kernel Subsystem (CVE-2025-24983)

Authentication Bypass (2)

• FortiOS (CVE-2024-55591)
• PAN-OS (CVE-2025-0108)

Security Feature Bypass (1)

• Microsoft Management Console (CVE-2025-26633)

Cross Site Scripting (2)

• MDaemon Email Server (CVE-2024-11182)
• Zimbra Collaboration (CVE-2024-27443)

Spoofing (2)

• Windows NTLM (CVE-2025-24054)
• Microsoft Windows File Explorer (CVE-2025-24071)

Information Disclosure (1)

• ESXi (CVE-2025-22226)

Memory Corruption (1)

• ESXi (CVE-2025-22225)

Public exploit exists, but exploitation in the wild is NOT detected (7)

Remote Code Execution (4)

• Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112)
• Windows OLE (CVE-2025-21298)
• Kubernetes (CVE-2025-1974)
• 7-Zip (BDU:2025-01793)

Elevation of Privilege (3)

• Windows Cloud Files Mini Filter Driver (CVE-2024-30085)
• Windows SMB Client (CVE-2025-33073)
• Windows Process Activation (CVE-2025-21204)

Other Vulnerabilities (0)