Rapid7 is on a mission to drive the SecOps movement into the future, and we take that to heart with our holistic approach to security. Rapid7 has policies and procedures in place to keep our data, platform, and products secure, so that we can continue creating tools and services that keep our customers secure.
Rest assured: Rapid7’s approach to security is established on four core pillars essential to trust.
Availability
You have access to your data when you need it and our operational status is always up to date.
Have questions? We have answers.
Read What’s New on the Rapid7 Blog
Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP
Rapid7 is warning customers of two notable vulnerabilities affecting Next.js (CVE-2025-29927) and file transfer software CrushFTP (no CVE).
Critical Veeam Backup & Replication CVE-2025-23120
On Wednesday, March 19, 2025, backup and recovery software provider Veeam
published a security advisory [https://www.veeam.com/kb4724] for a critical
remote code execution vulnerability tracked as CVE-2025-23120
[https://attackerkb.com/topics/dHwvvN9gfv/cve-2025-23120]. The vulnerability
affects Backup & Replication systems that are domain joined. Veeam explicitly
mentions that domain-joined backup servers are against security and compliance
best practices, but in reality, we believe this is lik
Apache Tomcat CVE-2025-24813: What You Need to Know
Here at Rapid7, our usual bar for calling a vulnerability an emergent threat is
either known exploitation at scale, or likelihood of exploitation at scale.
Apache Tomcat CVE-2025-24813
[https://attackerkb.com/topics/4GajxQH17l/cve-2025-24813] fulfills neither of
these criteria, despite a variety of news headlines alleging broad exploitation
in the wild. Tomcat is widely deployed and has seen a number of severe
vulnerabilities over the years that have had specific configuration dependencies
for s
Rapid7は 11,000 社以上のお客様から信頼されています
