Blog
Flashpoint Weekly Vulnerability Insights and Prioritization Report
Week of February 12, 2025
Anticipate, contextualize, and prioritize vulnerabilities to effectively address threats to your organization.
Table Of Contents
The use of vulnerabilities as an initial access vector in threat actor campaigns is up by 180%, which means that it is more imperative than ever to build an effective prioritization plan. In this ongoing series, we dive into the vulnerabilities Flashpoint has identified as high priority, why they should be of focus, as well as provide analysis to help organizations make faster prioritization decisions for more-effective remediation.
With new vulnerability exploits and zero-days being discovered every day, having a proactive vulnerability management strategy is critical. By using this weekly report, security teams can adopt an intelligence-led approach for patch management—allowing organizations to implement timely remediation through comprehensive vulnerability intelligence.
Key Vulnerabilities:
Week of February 12, 2025
Foundational Prioritization
Of the vulnerabilities Flashpoint published this week, there are 81 that you can take immediate action on. They each have a solution, a public exploit exists, and are remotely exploitable. As such, these vulnerabilities are a great place to begin your prioritization efforts.
Diving Deeper – Urgent Vulnerabilities
Of the vulnerabilities Flashpoint published last week, three are highlighted in this week’s Vulnerability Insights and Prioritization Report because they all:
- Are in widely used products and are potentially enterprise-affecting
- Are exploited in the wild or have exploits available
- Allow full system compromise
- Can be exploited via the network alone or in combination with other vulnerabilities
- Have a solution to take action on
In addition, all of these vulnerabilities are easily discoverable and therefore should be investigated and fixed immediately.
To proactively address these vulnerabilities and ensure comprehensive coverage beyond publicly available sources on an ongoing basis, organizations can leverage Flashpoint Vulnerability Intelligence. Flashpoint provides comprehensive coverage encompassing IT, OT, IoT, CoTs, and open-source libraries and dependencies. It catalogs over 100,000 vulnerabilities that are not included in the NVD or lack a CVE ID, ensuring thorough coverage beyond publicly available sources. The vulnerabilities that are not covered by the NVD do not yet have CVE ID assigned and will be noted with a VulnDB ID.
| CVE ID | Title | CVSS Scores (v2, v3, v4) | Exploit Status | Exploit Consequence | Ransomware Likelihood Score | Social Risk Score | Solution Availability |
| CVE-2024-8266 | GitLab Improper Privilege Handling Remote Cross-user Pipeline Triggering | 5.5 9.6 8.6 | Public | Gaining Higher Privileges | High | Low | Yes |
| CVE-2025-0108 | Palo Alto PAN-OS Management Web Interface Improper URL Normalization | 6.4 8.2 8.8 | Exploited in the Wild | Remote Authentication Bypass | High | High | Yes |
| CVE-2025-24472 | Fortinet FortiOS (FortiGate) / FortiProxy CSF Proxy Request Handling | 9.3 8.1 9.2 | Exploited in the Wild | Remote Authentication Bypass | High | Medium | Yes |
NOTES: The severity of a given vulnerability score can change whenever new information becomes available. Flashpoint maintains its vulnerability database with the most recent and relevant information available. Login to view more vulnerability metadata and for the most up-to-date information.
CVSS scores: Our analysts calculate, and if needed, adjust NVD’s original CVSS scores based on new information being available.
Social Risk Score: Flashpoint estimates how much attention a vulnerability receives on social media. Increased mentions and discussions elevate the Social Risk Score, indicating a higher likelihood of exploitation. The score considers factors like post volume and authors, and decreases as the vulnerability’s relevance diminishes.
Ransomware Likelihood: This score is a rating that estimates the similarity between a vulnerability and those known to be used in ransomware attacks. As we learn more information about a vulnerability (e.g. exploitation method, technology affected) and uncover additional vulnerabilities used in ransomware attacks, this rating can change.
Flashpoint Ignite lays all of these components out. Below is an example of what this vulnerability record for GitLab Improper Privilege Handling looks like.
This record provides additional metadata like affected product versions, MITRE ATT&CK mapping, analyst notes, solution description, classifications, vulnerability timeline and exposure metrics, exploit references and more.
Analyst Comments on the Notable Vulnerabilities
Below, Flashpoint analysts describe the three vulnerabilities highlighted above as vulnerabilities that should be of focus for remediation if your organization is exposed.
CVE-2024-8266
CVE-2024-8266 is a security vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). It affects versions from 17.1 to 17.6.0. This vulnerability allows an attacker with a maintainer role within a project to trigger a pipeline as the project owner under certain circumstances. This could lead to unauthorized access or manipulation of project resources.
Essentially, a maintainer, who normally has limited permissions, could exploit this flaw to execute actions with the privileges of the project owner. This is a security concern as it violates the intended permission model within GitLab. Flashpoint analysts note that this vulnerability may only be exploited by an attacker with maintainer privileges.
To address this issue, GitLab users are strongly advised to upgrade to version 17.6.0 or later. This update contains the necessary fix to prevent exploitation of CVE-2024-8266. It is important to keep your GitLab instance updated to the latest version to ensure you have the latest security patches and are protected against known vulnerabilities.
CVE-2024-0108
CVE-2025-0108 is a vulnerability affecting the Palo Alto PAN-OS, which contains a flaw in the management web interface that is triggered as certain URLs with path components containing double-encoded strings are not properly normalized. With a specially crafted request, e.g. to /unauth/%252e%252e/php/ztp_gate.php/PAN_help/x.css, a remote attacker can bypass authentication mechanisms and access certain PHP scripts. Flashpoint analysts note that as of February 13, 2025, this has been reported as being exploited in the wild, even though the accessible PHP scripts do not allow remote code execution. Still, an attacker can impact the integrity and confidentiality of PAN-OS.
CVE-2025-24472
CVE-2025-24472 is a critical vulnerability found in FortiOS and FortiProxy products. This flaw is an authentication bypass that could allow a remote attacker to gain super-admin privileges. The vulnerability is due to an issue in how these products handle certain crafted CSF proxy requests. Successful exploitation could grant an attacker complete control over the affected system, potentially leading to data breaches, system disruption, or other malicious activities.
Flashpoint analysts note that CVE-2025-24472 was assigned by Fortinet on February 11 to represent an additional reported attack vector for CVE-2024-55591. This vulnerability has been reported as being exploited in the wild as of January 14, though Fortinet’s advisory is ambiguous as it reports that claim alongside both CVEs. Fortinet has released security updates to address this vulnerability. Users of affected FortiOS and FortiProxy versions are strongly advised to apply these updates as soon as possible to mitigate the risk. If updating is not immediately feasible, temporary mitigations may be available, such as disabling Security Fabric from the command-line interface. However, applying the official patch remains the most effective solution to resolve this security issue.
Previously Highlighted Vulnerabilities
| CVE/VulnDB ID | Name/Title | Flashpoint Published Date |
| CVE-2025-21218 | Microsoft Windows Kerberos Unspecified Application Handling Resource Consumption Remote DoS | Week of January 15, 2025 |
| CVE-2024-57811 | Eaton XC-303 Hardcoded Credentials | Week of January 15, 2025 |
| CVE-2024-55591 | Fortinet FortiOS (FortiGate) / FortiProxy Node.js WebSocket Module Improper Authentication Remote Authentication Bypass | Week of January 15, 2025 |
| CVE-2025-23006 | SonicWall SMA1000 Unspecified Insecure Deserialization | Week of January 22, 2025 |
| CVE-2025-20156 | Cisco Meeting Management (CMM) Unspecified REST API Endpoint Improper Authorization API Request Handling | Week of January 22, 2025 |
| CVE-2024-50664 | GPAC isomedia/sample_descs.c gf_isom_new_mpha_description() Function MPEGH Audio Configuration Handling Heap Buffer Overflow | Week of January 22, 2025 |
| CVE-2025-24085 | Apple Multiple Products CoreMedia Unspecified Use-After-Free | Week of January 29, 2025 |
| CVE-2024-40890 | Zyxel Multiple Products HTTP Unspecified Remote Command Execution | Week of January 29, 2025 |
| CVE-2024-40891 | Zyxel Multiple Products Telnet Unspecified Remote Command Execution | Week of January 29, 2025 |
| VulnDB ID: 389414 | uniapi Package for Python __init__.py Malicious Code Remote Code Execution | Week of January 29, 2025 |
| CVE-2025-25181 | Advantive VeraCore v5fmsnet/common/timeoutWarning.asp PmSess1 Parameter SQL Injection | Week of February 5, 2025 |
| CVE-2024-40890 | WhoDB /db.go DB_FILE Parameter Path Traversal Remote File Manipulation | Week of February 5, 2025 |
| CVE-2024-40891 | deep-diver LLM-As-Chatbot global_vars.py load_model() Function File Upload | Week of February 5, 2025 |
Transform Vulnerability Management with Flashpoint
Fill out the form to the left to subscribe to our newsletter, which features Flashpoint’s leading data and intelligence. Request a demo today to see how Flashpoint can transform your vulnerability management and exposure identification program.