Cyble's Weekly Vulnerability Insights (Jan 29–Feb 4, 2025) highlights critical security flaws added to the KEV Catalog, impacting systems like PRTG, .NET, and Zyxel.

Overview

Cyble Research & Intelligence Labs (CRIL) published their Weekly Vulnerability Insights Report to clients, covering key vulnerabilities reported from January 29 to February 4, 2025. The analysis highlights critical security flaws that have posed cyber threats to various IT infrastructures globally. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) added five vulnerabilities to the Known Exploited Vulnerability (KEV) catalog.

This report highlights vulnerabilities in several widely used software products and services, including Paessler PRTG Network Monitor, Microsoft .NET Framework, and Zyxel DSL devices. These vulnerabilities could impact a range of industries that rely on these systems to monitor, manage, and protect critical infrastructure.

Incorporation of Vulnerabilities into the KEV Catalog

CISA’s inclusion of vulnerabilities in the KEV catalog is an important step in highlighting serious risks associated with widely deployed software. During this period, CISA added five vulnerabilities, including two dating back to 2018, that have been actively exploited and affect major IT infrastructure tools like Paessler PRTG Network Monitor. These vulnerabilities were assessed for their active exploitation and listed accordingly to ensure better protection for organizations globally.

Among the newly added vulnerabilities, CVE-2018-19410 and CVE-2018-9276, both critical flaws in Paessler’s PRTG Network Monitor, received attention. Paessler’s monitoring tool is extensively used by enterprises to oversee network performance, making these vulnerabilities highly dangerous. The criticality of these flaws stems from their potential to allow unauthorized access and disruption to crucial monitoring functions within IT infrastructures.

Critical Vulnerabilities Impacting IT Infrastructure

The report also analyzed the threat landscape by highlighting various vulnerabilities with the potential to severely affect organizations. Among the most interesting was CVE-2025-0411, a vulnerability identified in 7-Zip, a popular open-source file archiver. This flaw allows attackers to bypass important security protocols and poses a significant risk to organizations using the software for file management.

Another vulnerability, CVE-2025-21298, is a remote code execution (RCE) vulnerability within Windows OLE (Object Linking and Embedding), which could enable attackers to execute arbitrary code through specially crafted emails. This vulnerability, which is being actively exploited by advanced persistent threats (APTs), can be triggered by simply opening or previewing an email with a malicious attachment, making it a cyber risk for users of Microsoft Outlook.

Vulnerabilities and Exploits on Underground Forums

CRIL’s report also focused on the growing concerns surrounding underground forums and Telegram channels, where cybercriminals often share Proof of Concepts (PoC) and exploits. CRIL observed that several vulnerabilities—such as CVE-2025-24118 (critical privilege escalation in Apple’s macOS) and CVE-2024-55591 (authentication bypass in FortiOS)—are being actively weaponized by threat actors. These forums have become a breeding ground for cybercriminals looking to exploit critical vulnerabilities in the wild.

Particularly notable was the exploitation of CVE-2024-55591, a critical authentication bypass vulnerability in FortiOS, which affects versions 7.0.0 through 7.0.16. This vulnerability allows remote attackers to gain super-admin privileges on vulnerable systems, potentially leading to full system compromise. Despite being disclosed in January 2025, the vulnerability continues to be weaponized and exploited by cybercriminals.

Additionally, CRIL observed the increasing spread of CVE-2025-24118 and CVE-2025-21293, which relate to macOS and Microsoft Active Directory Domain Services, respectively. These vulnerabilities offer attackers a clear window of opportunity, allowing them to escalate privileges and execute arbitrary codes.

Recent Vulnerability Discoveries

The report also covers other high-severity vulnerabilities discovered in the past week, some of which are actively exploited by attackers. For instance:

1. CVE-2024-53104: A critical privilege escalation vulnerability in the Linux Kernel affecting Android devices. The flaw allows attackers to exploit improperly parsed data to execute arbitrary code, potentially affecting millions of devices globally.
2. CVE-2024-56161: A vulnerability affecting AMD CPUs (Zen 1 through Zen 4), which could allow attackers to load malicious CPU microcode. This flaw, if exploited, could lead to a loss of confidentiality and integrity, putting sensitive data at risk.
3. CVE-2025-21298: This vulnerability allows remote code execution through a specially crafted email, further highlighting the persistent danger posed by email-borne attacks. It affects systems running Windows OLE, with the risk of complete system compromise when exploited.

Recommendation and Mitigation Strategies

To defend against the active threats posed by these vulnerabilities, CRIL recommends organizations implement a series of security best practices:

1. Regularly update all systems: Ensure that all software and hardware, including those on the KEV catalog, are updated with the latest security patches to mitigate any known vulnerabilities.
2. Implement patch management processes: Develop and enforce a patch management strategy that prioritizes critical patches and ensures consistent application across IT infrastructure.
3. Network segmentation: Segregate critical systems from less secure networks using firewalls, VLANs, and access controls to minimize exposure to external threats.
4. Multi-factor authentication (MFA): Enforce MFA across the network to enhance security, particularly for remote access to critical infrastructure.
5. Security monitoring: Invest in Security Information and Event Management (SIEM) solutions to monitor network activity and identify suspicious behaviors that may indicate an attack.
6. Vulnerability assessment and penetration testing (VAPT): Conduct regular vulnerability assessments to identify weaknesses in the system and run penetration tests to identify potential exploitation risks.
7. Leverage vulnerability intelligence: Stay informed about new threats and vulnerabilities by subscribing to official security advisories and utilizing threat intelligence tools, such as those offered by Cyble Vision and other AI-powered platforms, which provide real-time analysis and monitoring.

Conclusion

The latest report from Cyble Research & Intelligence Labs (CRIL) highlights the growing cybersecurity threat landscape, highlighting the need for vigilance, timely patching, and proactive security strategies. As cybercriminals exploit vulnerabilities in the KEV catalog, swift action is crucial to protect critical systems.

Cyble’s AI-driven cybersecurity platforms, like Cyble Vision and Cyble Hawk, provide real-time intelligence and continuous monitoring, helping organizations stay ahead of emerging threats. By integrating Cyble’s advanced solutions with regular updates and best security practices, businesses can minimize risks and defend against future attacks.

To access full IT vulnerability intelligence reports from Cyble, along with IoCs and additional insights and details, click here.

Related

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.