3 min
Emergent Threat Response
Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP
Rapid7 is warning customers of two notable vulnerabilities affecting Next.js (CVE-2025-29927) and file transfer software CrushFTP (no CVE).
2 min
Emergent Threat Response
Critical Veeam Backup & Replication CVE-2025-23120
Update Friday, March 28, 2025: Security researchers at CODE WHITE GmbH have
noted on social media that it is possible to bypass the patch
[https://infosec.exchange/@codewhitesec/114241026482611250] for CVE-2025-23120.
Rapid7 has not directly confirmed the patch bypass, but we are relatively
confident in the validity of the finding. Customers should ensure Veeam Backup &
Replication is not internet-facing as an urgent priority.
On Wednesday, March 19, 2025, backup and recovery software provider
3 min
Emergent Threat Response
Apache Tomcat CVE-2025-24813: What You Need to Know
Here at Rapid7, our usual bar for calling a vulnerability an emergent threat is
either known exploitation at scale, or likelihood of exploitation at scale.
Apache Tomcat CVE-2025-24813
[https://attackerkb.com/topics/4GajxQH17l/cve-2025-24813] fulfills neither of
these criteria, despite a variety of news headlines alleging broad exploitation
in the wild. Tomcat is widely deployed and has seen a number of severe
vulnerabilities over the years that have had specific configuration dependencies
for s
9 min
Vulnerability Management
Patch Tuesday - March 2025
Seven zero-days. Win32 EoP. Multiple filesystem driver attacks. MMC security feature bypass. Access (again). WSL magic email RCE. Malicious RDP server.
2 min
Emergent Threat Response
Multiple Zero-Day Vulnerabilities in Broadcom VMware ESXi and Other Products
On Tuesday, March 4, 2025, Broadcom published a critical security advisory (VMSA-2025-0004) on 3 new zero-day vulnerabilities affecting multiple VMware products, including ESXi, Workstation, and Fusion.
8 min
Patch Tuesday
Patch Tuesday - February 2025
Four zero-days: AFD EoP, Storage EoP, NTLMv2 disclosure, Surface container escape. Critical RCEs in LDAP, DHCP client, Excel.
4 min
Emergent Threat Response
Fortinet Firewalls Hit with New Zero-Day Attack, Older Data Leak
Rapid7 is responding to two separate events affecting Fortinet firewall customers: Zero-day exploitation of CVE-2024-55591 in FortiOS, and a large-scale data leak of older FortiGate firewall IPs, passwords, and configs.
14 min
Patch Tuesday
Patch Tuesday - January 2025
Eight 0-days. Access: triple zero-day RCE; Hyper-V NT Kernel Integration VSP: triple zero-day EoP; Windows Themes: zero-day NTLM disclosure; Windows Installer: zero-day EoP; PGM: critical RCE; OLE: critical RCE.
2 min
Emergent Threat Response
CVE-2025-0282: Ivanti Connect Secure Zero-Day Exploited in the Wild
Two stack-based buffer overflow issues were disclosed in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA. CVE-2025-0282, the more severe of the two issues, has been exploited in the wild against Ivanti Connect Secure devices.
8 min
Labs
2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends
In this blog, the global experts across our Rapid7 Labs and Managed Services teams share real-time vulnerability insights and threat intelligence so that our customers can anticipate and prevent breaches, pinpoint critical threats, and confidently take command of their attack surface.
8 min
Patch Tuesday
Patch Tuesday - December 2024
1 zero-day. CLFS EoP. 16 critical RCEs. Hyper-V container escape. Multiple Remote Desktop Services RCE.
6 min
Emergent Threat Response
Widespread Exploitation of Cleo File Transfer Software (CVE-2024-55956)
On Monday, December 9, multiple security firms began privately circulating
reports of in-the-wild exploitation targeting Cleo file transfer software. Late
the evening of December 9, security firm Huntress published a blog
[https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild]
on active exploitation of three different Cleo products (docs
[https://cleo-infoeng.s3.us-east-2.amazonaws.com/PDF/Harmony/5.8/Harmony_58_UserGuide_053123.pdf]
):
*
3 min
Vulnerability Disclosure
Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)
Rapid7 is disclosing multiple vulnerabilities in Wowza Streaming Engine below v4.9.1. These vulnerabilities are tracked as CVE-2024-52052, CVE-2024-52053, CVE-2024-52054, CVE-2024-52055, and CVE-2024-52056. They are patched as of Wowza Streaming Engine v4.9.1.
3 min
Emergent Threat Response
Zero-Day Exploitation Targeting Palo Alto Networks Firewall Management Interfaces
Palo Alto Networks has indicated they are observing threat activity exploiting a zero-day unauthenticated remote command execution vulnerability in their firewall management interfaces.
12 min
Vulnerability Management
Patch Tuesday - November 2024
4 zero-days. AD CS ESC15 aka EKUwu. NTLMv2 disclosure. Exchange sender spoofing. Task scheduler EoP. .NET & Kerberos critical RCEs. Welcome Server 2025.
