Blog

Flashpoint Weekly Vulnerability Insights and Prioritization Report

Anticipate, contextualize, and prioritize vulnerabilities to effectively address threats to your organization.

Default Author Image
Flashpoint Intel Team
January 22, 2025
Table Of Contents
Table of Contents
Key Vulnerabilities
Foundational Prioritization
Diving Deeper – Urgent Vulnerabilities
Analyst Comments on the Notable Vulnerabilities
More
subscribe to our newsletter

Vulnerabilities continue to be a rising threat vector as 2025 unfolds, as witnessed in the headlines and reflected in Flashpoint’s data. In 2024, a staggering 37,385 vulnerabilities were disclosed, with over 36% having a publicly available exploit. To mitigate the risk of exploitation, organizations are constantly trying to predict and find exposures to prevent unauthorized access and the installation of malicious software such as infostealers and ransomware. However, given the level of readily available exploit information, where should security, IT and intelligence teams prioritize their efforts? Given that resources are limited, it’s critical to prioritize actions that will yield the greatest results. Not every vulnerability needs to be addressed immediately. But, without comprehensive intelligence and detailed metadata, making the critical decision of what to prioritize can be nearly impossible.

Effective prioritization depends on several factors, including severity and exploitability, as well as the uniqueness of your business operations, which will dictate a given vulnerability’s effect on your attack surface. By using an intelligence-led approach, organizations can implement a prioritization program that allocates resources efficiently, while making sure that the most critical threats are addressed first.

In this ongoing series, we’ll dive into vulnerabilities that Flashpoint identified as high priority, why these vulnerabilities should be focused on, as well as provide analysis to make prioritization decisions faster and help organizations make informed decisions about remediation.

Key Vulnerabilities

Foundational Prioritization

Of the vulnerabilities Flashpoint published last week, there are 151 that you can take action on. They each have a solution, a public exploit exists and are remotely exploitable. These vulnerabilities are a great place to begin your prioritization efforts.

Vulnerability Prioritization Chart
Image 1: Number of vulnerabilities published last week that have a publicly available exploit, are remotely exploitable and have a solution available. (Source: Flashpoint)

Diving Deeper – Urgent Vulnerabilities

Of the vulnerabilities Flashpoint published last week, three are highlighted in this week’s Vulnerability Insights and Prioritization Report because they all:

  • Are in widely used products and are potentially enterprise-affecting
  • Are exploited in the wild or have exploits available
  • Allow full system compromise
  • Can be exploited via the network alone or in combination with other vulnerabilities
  • Have a solution to take action on

In addition, all of these vulnerabilities are easily discoverable and therefore should be investigated and fixed immediately.

To proactively address these vulnerabilities and ensure comprehensive coverage beyond publicly available sources on an ongoing basis, organizations can leverage Flashpoint Vulnerability Intelligence. Flashpoint provides comprehensive coverage encompassing IT, OT, IoT, CoTs, and open-source libraries and dependencies. It catalogs over 100,000 vulnerabilities that are not included in the NVD or lack a CVE ID, ensuring thorough coverage beyond publicly available sources. The vulnerabilities that are not covered by the NVD do not yet have CVE ID assigned and will be noted with a VulnDB ID.

CVE IDTitleCVSS Scores (v2, v3, v4)Exploit StatusExploit ConsequenceRansomware Likelihood ScoreSocial Risk ScoreSolution Availability
CVE-2025-21218Microsoft Windows Kerberos Unspecified Application Handling Resource Consumption Remote DoS7.8
7.5
8.7		PrivateRemote Code ExecutionLowLowYes
CVE-2024-57811Eaton XC-303 Hardcoded Credentials
10
9.8
9.3		PublicRoot accessCriticalLowYes
CVE-2024-55591Fortinet FortiOS (FortiGate) / FortiProxy Node.js WebSocket Module Improper Authentication Remote Authentication Bypass10
9.8
9.3		Exploited in the WildSuper admin privilegesHighHighYes
Scores as of: January 22, 2025



NOTES: The severity of a given vulnerability score can change whenever new information becomes available. Flashpoint maintains its vulnerability database with the most recent and relevant information available.

CVSS scores: Our analysts calculate, and if needed, adjust NVD’s original CVSS scores based on new information being available.

Social Risk Score: Flashpoint estimates how much attention a vulnerability receives on social media. Increased mentions and discussions elevate the Social Risk Score, indicating a higher likelihood of exploitation. The score considers factors like post volume and authors, and decreases as the vulnerability’s relevance diminishes.

Ransomware Likelihood: This score is a rating that estimates the similarity between a vulnerability and those known to be used in ransomware attacks. As we learn more information about a vulnerability (e.g. exploitation method, technology affected) and uncover additional vulnerabilities used in ransomware attacks, this rating can change.

Flashpoint Ignite lays all of these components out. Below is an example of what this vulnerability record for the Fortinet FortiOS vulnerability looks like in Flashpoint Ignite.



This record provides additional metadata like affected product versions, MITRE ATT&CK mapping, analyst notes, solution description, classifications, vulnerability timeline and exposure metrics, exploit references and more.

Analyst Comments on the Notable Vulnerabilities

Last week marked the first Microsoft patch Tuesday of 2025, the release was substantial and included many. Beyond the three Hyper-V NT Kernel Integration VSP vulnerabilities that were all exploited in the wild (i.e. Zero-days) there was an additional Microsoft-related vulnerability, that was notable:

CVE-2025-21218, a use-after-free error in the OLE component that is triggered during the handling of specially crafted emails. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code.

A vulnerability in Eaton products, with the Eaton XC-303 which offers a high-performance and flexible control system that makes it possible for machinery and equipment manufacturers to achieve streamlined automation:

CVE-2024-57811 is related to Eaton XC-303’s use of hard-coded credentials. The “root” account has a password that is hardcoded in. This allows a remote attacker to trivially gain privileged access to the program. The Eaton XC-303 is a modular programmable logic controller (PLC) designed for industrial automation applications. The XC-303 is suitable for various applications, including machine control, packaging systems, material handling, and process automation.

Lastly, another one from Fortinet, in their FortiOS (Fortigate) systems:

CVE-2024-55591 describes a Fortinet FortiOS (FortiGate) and FortiProxy vulnerability in the Node.js web socket module that is triggered when authentication mechanisms are not properly implemented. This vulnerability may allow a remote attacker to bypass authentication and gain super admin privileges. As of January 14, this was reported as being exploited in the wild.

Fill out the form to the left to subscribe to our newsletter, which features Flashpoint’s leading data and intelligence. Request a demo today to see how Flashpoint can transform your vulnerability management and exposure identification program.

Begin your free trial today.

Get a Free Trial

Contact Sales