Blog
Flashpoint Weekly Vulnerability Insights and Prioritization Report
Week of March 3, 2025
Anticipate, contextualize, and prioritize vulnerabilities to effectively address threats to your organization.
Table Of Contents
The use of vulnerabilities as an initial access vector in threat actor campaigns is up by 180%, which means that it is more imperative than ever to build an effective prioritization plan. In this ongoing series, we dive into the vulnerabilities Flashpoint has identified as high priority, why they should be of focus, as well as provide analysis to help organizations make faster prioritization decisions for more-effective remediation.
With new vulnerability exploits and zero-days being discovered every day, having a proactive vulnerability management strategy is critical. By using this weekly report, security teams can adopt an intelligence-led approach for patch management—allowing organizations to implement timely remediation through comprehensive vulnerability intelligence.
Key Vulnerabilities:
Week of March 3, 2025
Foundational Prioritization
Of the vulnerabilities Flashpoint published this week, there are 106 that you can take immediate action on. They each have a solution, a public exploit exists, and are remotely exploitable. As such, these vulnerabilities are a great place to begin your prioritization efforts.
Diving Deeper – Urgent Vulnerabilities
Of the vulnerabilities Flashpoint published last week, four are highlighted in this week’s Vulnerability Insights and Prioritization Report because they all:
- Are in widely used products and are potentially enterprise-affecting
- Are exploited in the wild or have exploits available
- Allow full system compromise
- Can be exploited via the network alone or in combination with other vulnerabilities
- Have a solution to take action on
In addition, all of these vulnerabilities are easily discoverable and therefore should be investigated and fixed immediately.
To proactively address these vulnerabilities and ensure comprehensive coverage beyond publicly available sources on an ongoing basis, organizations can leverage Flashpoint Vulnerability Intelligence. Flashpoint provides comprehensive coverage encompassing IT, OT, IoT, CoTs, and open-source libraries and dependencies. It catalogs over 100,000 vulnerabilities that are not included in the NVD or lack a CVE ID, ensuring thorough coverage beyond publicly available sources. The vulnerabilities that are not covered by the NVD do not yet have CVE ID assigned and will be noted with a VulnDB ID.
| CVE ID | Title | CVSS Scores (v2, v3, v4) | Exploit Status | Exploit Consequence | Ransomware Likelihood Score | Social Risk Score | Solution Availability |
| CVE-2025-27364 | MITRE Caldera Manx / Sandcat Plugins HTTP Header Linker Argument Injection | 10.0 10.0 9.3 | Public | Remote Code Execution | High | Medium | Patch for source code exists. Take action to mitigate risk. |
| CVE-2025-27140 | WeGIA /html/configuracao/importar_dump.php filename Parameter Remote OS Command Injection | 10.0 10.0 10.0 | Public | Arbitrary OS Command Execution | High | Low | Yes |
| CVE-2025-27135 | RAGFlow ExeSQL Class Unspecified SQL Injection | 7.5 9.8 9.3 | Public | Arbitrary Data Manipulation or Disclosure | Medium | Low | No official patch exists. Take action to mitigate risk. |
| CVE-2024-8420 | DHVC Form Plugin for WordPress Registration Role | 10.0 9.8 9.3 | Public | Remote Privilege Escalation | High | Low | Yes |
NOTES: The severity of a given vulnerability score can change whenever new information becomes available. Flashpoint maintains its vulnerability database with the most recent and relevant information available. Login to view more vulnerability metadata and for the most up-to-date information.
CVSS scores: Our analysts calculate, and if needed, adjust NVD’s original CVSS scores based on new information being available.
Social Risk Score: Flashpoint estimates how much attention a vulnerability receives on social media. Increased mentions and discussions elevate the Social Risk Score, indicating a higher likelihood of exploitation. The score considers factors like post volume and authors, and decreases as the vulnerability’s relevance diminishes.
Ransomware Likelihood: This score is a rating that estimates the similarity between a vulnerability and those known to be used in ransomware attacks. As we learn more information about a vulnerability (e.g. exploitation method, technology affected) and uncover additional vulnerabilities used in ransomware attacks, this rating can change.
Flashpoint Ignite lays all of these components out. Below is an example of what this vulnerability record for MITRE CALDERA looks like.
This record provides additional metadata like affected product versions, MITRE ATT&CK mapping, analyst notes, solution description, classifications, vulnerability timeline and exposure metrics, exploit references and more.
Analyst Comments on the Notable Vulnerabilities
Below, Flashpoint analysts describe the four vulnerabilities highlighted above as vulnerabilities that should be of focus for remediation if your organization is exposed.
CVE-2025-27364
CVE-2025-27364 describes a flaw in the Manx and Sandcat plugin in MITRE Caldera that is triggered when input passed via HTTP headers is not properly sanitized. With a specially crafted request, a remote attacker can inject linker arguments used to compile the Sandcat or Manx agents and execute arbitrary shell commands. Currently, there are no known workarounds or upgrades to correct this issue. However, a patch has been committed to the source code repository (for instance, GIT, CVS, and SVN) that addresses this vulnerability. Until this patch is incorporated into the next release of the software, manually patching an existing installation is the only known available solution.
CVE-2025-27140
CVE-2025-27140 is a flaw in WeGIA, specifically in the /html/configuracao/importar_dump.php script, which is triggered when input passed via the “filename” parameter is not properly validated. A remote attacker can inject and execute arbitrary OS commands with a specially crafted request. The vendor reported that this issue has been fixed. Please refer to the product listing for upgraded versions that address this vulnerability.
CVE-2025-27135
CVE-2025-27135 is a SQL injection attack issue. RAGFlow contains a flaw that may allow threat actors to carry out of a SQL injection attack because the ExeSQL class does not properly sanitize input before using it in SQL queries. Remote attackers may inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. While the issue is referred to as “unspecified,” there is sufficient information for a casual attacker to quickly determine the details required to exploit this issue. Currently, no patched version is available. Until a patch is released, mitigation steps should be taken to limit exposure of the vulnerable component. If possible, strict input validation and sanitization measures should be implemented to minimize the risk of SQL injection.
CVE-2024-8420
CVE-2024-8420 is a vulnerability identified within the DHVC Form plugin for WordPress triggered by manipulating the “role” field during registration. This may allow a remote attacker to gain elevated privileges. It has been reported that this has been fixed. Please refer to the product listing for upgraded versions that address this vulnerability.
Previously Highlighted Vulnerabilities
| CVE/VulnDB ID | Name/Title | Flashpoint Published Date |
| CVE-2025-21218 | Microsoft Windows Kerberos Unspecified Application Handling Resource Consumption Remote DoS | Week of January 15, 2025 |
| CVE-2024-57811 | Eaton XC-303 Hardcoded Credentials | Week of January 15, 2025 |
| CVE-2024-55591 | Fortinet FortiOS (FortiGate) / FortiProxy Node.js WebSocket Module Improper Authentication Remote Authentication Bypass | Week of January 15, 2025 |
| CVE-2025-23006 | SonicWall SMA1000 Unspecified Insecure Deserialization | Week of January 22, 2025 |
| CVE-2025-20156 | Cisco Meeting Management (CMM) Unspecified REST API Endpoint Improper Authorization API Request Handling | Week of January 22, 2025 |
| CVE-2024-50664 | GPAC isomedia/sample_descs.c gf_isom_new_mpha_description() Function MPEGH Audio Configuration Handling Heap Buffer Overflow | Week of January 22, 2025 |
| CVE-2025-24085 | Apple Multiple Products CoreMedia Unspecified Use-After-Free | Week of January 29, 2025 |
| CVE-2024-40890 | Zyxel Multiple Products HTTP Unspecified Remote Command Execution | Week of January 29, 2025 |
| CVE-2024-40891 | Zyxel Multiple Products Telnet Unspecified Remote Command Execution | Week of January 29, 2025 |
| VulnDB ID: 389414 | uniapi Package for Python __init__.py Malicious Code Remote Code Execution | Week of January 29, 2025 |
| CVE-2025-25181 | Advantive VeraCore v5fmsnet/common/timeoutWarning.asp PmSess1 Parameter SQL Injection | Week of February 5, 2025 |
| CVE-2024-40890 | WhoDB /db.go DB_FILE Parameter Path Traversal Remote File Manipulation | Week of February 5, 2025 |
| CVE-2024-40891 | deep-diver LLM-As-Chatbot global_vars.py load_model() Function File Upload | Week of February 5, 2025 |
| CVE-2024-8266 | GitLab Improper Privilege Handling Remote Cross-user Pipeline Triggering | Week of February 12, 2025 |
| CVE-2025-0108 | Palo Alto PAN-OS Management Web Interface Improper URL Normalization | Week of February 12, 2025 |
| CVE-2025-24472 | Fortinet FortiOS (FortiGate) / FortiProxy CSF Proxy Request Handling | Week of February 12, 2025 |
| CVE-2025-21355 | Microsoft Bing Unspecified Missing Authentication Remote Code Execution | Week of February 24, 2025 |
| CVE-2025-26613 | WeGIA gerenciar_backup.php file Parameter Remote OS Command Injection | Week of February 24, 2025 |
| CVE-2024-13789 | Ravpage Plugin for WordPress ravpage.php paramsv2 Parameter Insecure Deserialization PHP Object Injection Remote Code Execution | Week of February 24, 2025 |
| CVE-2025-1539 | D-Link DAP-1320 /storagein.pd-XXXXXX replace_special_char() Function URI Remote | Week of February 24, 2025 |
Transform Vulnerability Management with Flashpoint
Fill out the form to the left to subscribe to our newsletter, which features Flashpoint’s leading data and intelligence. Request a demo today to see how Flashpoint can transform your vulnerability management and exposure identification program.