Overview

Cyble’s vulnerability intelligence report to clients last week highlighted flaws in Ivanti, Apple, Fortinet, and SonicWall products.

The report from Cyble Research and Intelligence Labs (CRIL) examined 22 vulnerabilities and dark web exploits, including some with significant internet-facing exposures.

Microsoft had a relatively quiet Patch Tuesday, with the most noteworthy fixes being for two actively exploited zero-day vulnerabilities (CVE-2025-21391, a Windows Storage Elevation of Privilege Vulnerability, and CVE-2025-21418, a Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability), but other IT vendors also issued updates on the second Tuesday of the month. Both Microsoft vulnerabilities were added to CISA’s Known Exploited Vulnerabilities catalog.

Cyble’s vulnerability intelligence unit highlighted five new vulnerabilities as meriting high-priority attention by security teams, plus a month-old vulnerability at elevated risk of attack.

The Top IT Vulnerabilities

Three of the vulnerabilities highlighted by Cyble (CVE-2025-22467, CVE-2024-38657, and CVE-2024-10644) affect Ivanti Connect Secure (ICS), a secure remote access solution, and Ivanti Policy Secure (IPS), a network access control (NAC) solution.

CVE-2025-22467 is a stack-based buffer overflow vulnerability in ICS that could allow remote authenticated attackers with low privileges to execute code. 

CVE-2024-10644 is a code injection vulnerability that could allow remote code execution in ICS and IPS by remote authenticated attackers.

CVE-2024-38657 is an external control of a file name vulnerability that could enable remote authenticated attackers to perform arbitrary file writing in ICS and IPS.

CVE-2025-24200 is a zero-day authorization vulnerability affecting multiple generations of iPhones and iPads that can be exploited to disable Apple’s USB Restricted Mode. Apple stated that it is aware of a report indicating that the issue may have been exploited in “an extremely sophisticated attack against specific targeted individuals.”

CVE-2025-24472 is an authentication bypass using an alternate path or channel vulnerability affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19, and may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests. Fortinet customers who previously upgraded for the CVE-2024-55591 vulnerability are protected from the new issue.

CVE-2024-53704 is an improper authentication vulnerability in the SSLVPN authentication mechanism of SonicWall NSv devices and certain other SonicWall firewall products that could allow a remote attacker to bypass authentication and gain unauthorized access to secure networks. Cyble noted that the recent public release of exploit code for the vulnerability significantly increases the risk of exploitation attempts, making immediate patching essential. Cyble noted that a large number of internet-facing devices may be vulnerable (image below).

Cyble Recommendations

To protect against these vulnerabilities and exploits, Cyble recommends that organizations implement the following best practices:

• Regularly update all software and hardware systems with the latest patches from official vendors.
• Develop a comprehensive patch management strategy that includes inventory management, patch assessment, testing, deployment, and verification. Automate the process where possible to ensure consistency and efficiency.
• Divide your network into distinct segments to isolate critical assets from less secure areas. Use firewalls, VLANs, and access controls to limit access and reduce the attack surface exposed to potential threats.
• Create and maintain an incident response plan that outlines procedures for detecting, responding to, and recovering from security incidents, including ransomware-resistant backups. Regularly test and update the plan to ensure its effectiveness and alignment with current threats.
• Implement comprehensive monitoring and logging solutions to detect and analyze suspicious activities. Use SIEM (Security Information and Event Management) systems to aggregate and correlate logs for real-time threat detection and response.
• Subscribe to security advisories and alerts from official vendors, CERTs, and other authoritative sources. Regularly review and assess the impact of these alerts on your systems and take appropriate actions.
• Conduct regular vulnerability assessment and penetration testing (VAPT) exercises to identify and remediate vulnerabilities in your systems. Complement these exercises with periodic security audits to ensure compliance with security policies and standards.

Conclusion

Security teams should prioritize actively exploited vulnerabilities—and those at high risk of exploitation—when determining their patching efforts. They should also consider other indicators of risk, such as web exposure and data and application sensitivity.

Implementing strong security practices is essential for protecting sensitive data and maintaining system integrity. A comprehensive threat intelligence solution like Cyble can monitor for threats, exposures, and leaks specific to your environment, allowing you to respond quickly to events and prevent them from becoming wider incidents.

To access full IT vulnerability and other reports from Cyble, click here.

Related

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.