CVE

A critical remote code execution (RCE) vulnerability (CVE-2025-22457) was found in Ivanti’s Connect Secure (ICS), Policy Secure, Pulse Connect Secure (PCS), and ZTA Gateways in April 2025. This vulnerability enables unauthenticated attackers to run arbitrary code on affected devices by utilising a stack-based buffer overflow in the X-Forwarded-For http request header. According to threat intelligence… Read More »Critical Ivanti Vulnerability CVE-2025-22457: What You Need to Know

A Critical vulnerability, CVE-2025–24813, was discovered in Apache Tomcat, a widely used open-source Java servlet container. This vulnerability stems from improper handling of path normalization, allowing attackers to bypass security controls and achieve Remote Code Execution (RCE). With a high severity rating, this vulnerability poses a significant risk to organizations using affected versions of Apache… Read More »Critical Apache Tomcat Vulnerability: CVE-2025-24813 Enables RCE – Are You Vulnerable?

In early 2025, a critical authentication bypass vulnerability, CVE-2025-0108, was discovered in Palo Alto Networks’ PAN-OS. This vulnerability allows attackers to bypass authentication and gain unauthorized access to the PAN-OS management interface by exploiting a path confusion issue between Nginx and Apache. With a high severity rating, this vulnerability poses a significant risk to organizations… Read More »CVE-2025-0108: How Attackers Exploit Palo Alto PAN-OS: Are You Vulnerable?