Blog

Flashpoint Weekly Vulnerability Insights and Prioritization Report

Anticipate, contextualize, and prioritize vulnerabilities to effectively address threats to your organization.

Default Author Image
April 24, 2025

Vulnerability exploitation is on the rise, being the initial access vector for 20% of all data breaches in 2024, according to recent research from the Verizon 2025 DBIR—meaning it is more imperative than ever to have a proactive vulnerability management strategy. However, given recent volatility surrounding the Common Vulnerabilities and Exposures (CVE) program, many organizations are struggling with increasing amounts of incomplete vulnerability data, disruption of compliance reporting, and delays in coordinated disclosure and vendor patch releases.

In this ongoing series, we dive into the most critical and high priority vulnerabilities that the Flashpoint Intelligence team collects on a weekly basis. We discuss why they should be of focus and provide analysis to help organizations make faster prioritization decisions for more-effective remediation. Using this report, security teams can adopt an intelligence-led approach for patch management—allowing organizations to implement timely remediation through comprehensive vulnerability intelligence.

Key Vulnerabilities:
Week of April 12 – April 18, 2025

Foundational Prioritization

Of the vulnerabilities Flashpoint published this week, there are 108 that you can take immediate action on. They each have a solution, a public exploit exists, and are remotely exploitable. As such, these vulnerabilities are a great place to begin your prioritization efforts.

Image 1: Number of vulnerabilities published last week that have a publicly available exploit, are remotely exploitable and have a solution available. (Source: Flashpoint)

Diving Deeper – Urgent Vulnerabilities

Of the vulnerabilities Flashpoint published last week, five are highlighted in this week’s Vulnerability Insights and Prioritization Report because they all:

  • Are in widely used products and are potentially enterprise-affecting
  • Are exploited in the wild or have exploits available
  • Allow full system compromise
  • Can be exploited via the network alone or in combination with other vulnerabilities
  • Have a solution to take action on

In addition, all of these vulnerabilities are easily discoverable and therefore should be investigated and fixed immediately.

To proactively address these vulnerabilities and ensure comprehensive coverage beyond publicly available sources on an ongoing basis, organizations can leverage Flashpoint Vulnerability Intelligence. Flashpoint provides comprehensive coverage encompassing IT, OT, IoT, CoTs, and open-source libraries and dependencies. It catalogs over 100,000 vulnerabilities that are not included in the NVD or lack a CVE ID, ensuring thorough coverage beyond publicly available sources. The vulnerabilities that are not covered by the NVD do not yet have CVE ID assigned and will be noted with a VulnDB ID.

CVE IDTitleCVSS Scores (v2, v3, v4)Exploit StatusExploit ConsequenceRansomware Likelihood ScoreSocial Risk ScoreSolution Availability
CVE-2025-32433Erlang/OTP SSH ssh_connection.erl Missing Authentication SSH Protocol Message Handling10.0
10.0
10.0
PublicRemote Code ExecutionHighHighYes
CVE-2025-1980Symfonia Ready_ Profile Section File Upload10.0
9.8
9.3
PublicRemote Code ExecutionMediumLowNo
CVE-2025-32068OAuth Extension for MediaWiki Repository/RefreshTokenRepository.php isRefreshTokenRevoked() Function Refresh Token Permission Revocation Validation10.0
10.0
10.0
PublicRemote Authorization BypassHighLowYes
CVE-2025-31201Apple Multiple Products RPAC Unspecified Pointer Authentication Bypass9.0
8.8
8.7
Exploited in the WildAuthentication BypassLowHighYes
CVE-2025-3495Delta Electronics COMMGR Session ID Generation Insufficient Entropy Remote Brute-Force Weakness10.0
9.8
9.3
PrivateRemote Code ExecutionHighLowNo
Scores as of: April 21, 2025

NOTES: The severity of a given vulnerability score can change whenever new information becomes available. Flashpoint maintains its vulnerability database with the most recent and relevant information available. Login to view more vulnerability metadata and for the most up-to-date information.

CVSS scores: Our analysts calculate, and if needed, adjust NVD’s original CVSS scores based on new information being available.

Social Risk Score: Flashpoint estimates how much attention a vulnerability receives on social media. Increased mentions and discussions elevate the Social Risk Score, indicating a higher likelihood of exploitation. The score considers factors like post volume and authors, and decreases as the vulnerability’s relevance diminishes.

Ransomware Likelihood: This score is a rating that estimates the similarity between a vulnerability and those known to be used in ransomware attacks. As we learn more information about a vulnerability (e.g. exploitation method, technology affected) and uncover additional vulnerabilities used in ransomware attacks, this rating can change.

Flashpoint Ignite lays all of these components out. Below is an example of what this vulnerability record for CVE-2025-32433 looks like.



This record provides additional metadata like affected product versions, MITRE ATT&CK mapping, analyst notes, solution description, classifications, vulnerability timeline and exposure metrics, exploit references and more.

Analyst Comments on the Notable Vulnerabilities

Below, Flashpoint analysts describe the five vulnerabilities highlighted above as vulnerabilities that should be of focus for remediation if your organization is exposed.

CVE-2025-32433

Erlang/OTP contains a flaw in ssh_connection.erl that is triggered as authentication mechanisms are not properly implemented. A remote attacker can execute arbitrary code with a specially crafted Secure Shell protocol (SSH) message. The vendor has since fixed the issue. For upgraded versions that address this vulnerability, navigate to the vulnerability in Ignite and view the affected products section.

CVE-2025-1980

Symfonia Ready contains a flaw in the Profile section that is triggered when file types and extensions for uploaded files are not properly validated before being placed in a web-accessible path. This may allow a remote attacker to upload, for instance, a specially crafted file and then request it to execute arbitrary code with the privileges of the web service.

The Ready_ application’s Profile section allows users to upload files of any type and extension without restriction. The server was misconfigured by default when installed at the turn of 2021 and 2022. It is recommended to check the configuration.

CVE-2025-32068

The OAuth Extension for MediaWiki contains a flaw in the isRefreshTokenRevoked() function in Repository/RefreshTokenRepository.php. The flaw is triggered when it fails to properly check whether the user has revoked permissions for a client when validating a refresh token. This may allow a remote attacker to retain privileged access after it should have been revoked, for instance, via Special:OAuthManageMyGrants. The vendor has since fixed the issue. For upgraded versions that address this vulnerability, navigate to the vulnerability in Ignite and view the affected products section.

CVE-2025-31201

Multiple Apple products contain an unspecified flaw in the RPAC component that may allow an authenticated attacker to bypass Pointer Authentication. The vendor has provided no further details; however, it has since fixed the issue. For upgraded versions that address this vulnerability, navigate to the vulnerability in Ignite and view the affected products section.

This issue is being exploited in the wild as of April 16, 2025. Specifically, it may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. Flashpoint analysts note that only an attacker with arbitrary read and write capability may exploit this vulnerability.

CVE-2025-3495

Delta Electronics COMMGR contains a flaw as a weak pseudo-random number generator (PRNG) is used to generate session IDs. This may allow a remote attacker to determine a session ID via a brute-force attack, resulting in the execution of arbitrary code. Flashpoint analysts are not currently aware of a solution for this vulnerability. The vendor reportedly intends to release a fix, though no specific information was provided.

Previously Highlighted Vulnerabilities

CVE/VulnDB IDName/TitleFlashpoint Published Date
CVE-2025-21218Microsoft Windows Kerberos Unspecified Application Handling Resource Consumption Remote DoSWeek of January 15, 2025
CVE-2024-57811Eaton XC-303 Hardcoded CredentialsWeek of January 15, 2025
CVE-2024-55591Fortinet FortiOS (FortiGate) / FortiProxy Node.js WebSocket Module Improper Authentication Remote Authentication BypassWeek of January 15, 2025
CVE-2025-23006SonicWall SMA1000 Unspecified Insecure DeserializationWeek of January 22, 2025
CVE-2025-20156Cisco Meeting Management (CMM) Unspecified REST API Endpoint Improper Authorization API Request HandlingWeek of January 22, 2025
CVE-2024-50664GPAC isomedia/sample_descs.c gf_isom_new_mpha_description() Function MPEGH Audio Configuration Handling Heap Buffer OverflowWeek of January 22, 2025
CVE-2025-24085Apple Multiple Products CoreMedia Unspecified Use-After-FreeWeek of January 29, 2025
CVE-2024-40890Zyxel Multiple Products HTTP Unspecified Remote Command ExecutionWeek of January 29, 2025
CVE-2024-40891Zyxel Multiple Products Telnet Unspecified Remote Command ExecutionWeek of January 29, 2025
VulnDB ID: 389414uniapi Package for Python __init__.py Malicious Code Remote Code ExecutionWeek of January 29, 2025
CVE-2025-25181Advantive VeraCore v5fmsnet/common/timeoutWarning.asp PmSess1 Parameter SQL InjectionWeek of February 5, 2025
CVE-2024-40890WhoDB /db.go DB_FILE Parameter Path Traversal Remote File ManipulationWeek of February 5, 2025
CVE-2024-40891deep-diver LLM-As-Chatbot global_vars.py load_model() Function File UploadWeek of February 5, 2025
CVE-2024-8266GitLab Improper Privilege Handling Remote Cross-user Pipeline TriggeringWeek of February 12, 2025
CVE-2025-0108Palo Alto PAN-OS Management Web Interface Improper URL NormalizationWeek of February 12, 2025
CVE-2025-24472Fortinet FortiOS (FortiGate) / FortiProxy CSF Proxy Request HandlingWeek of February 12, 2025
CVE-2025-21355Microsoft Bing Unspecified Missing Authentication Remote Code ExecutionWeek of February 24, 2025
CVE-2025-26613WeGIA gerenciar_backup.php file Parameter Remote OS Command InjectionWeek of February 24, 2025
CVE-2024-13789Ravpage Plugin for WordPress ravpage.php paramsv2 Parameter Insecure Deserialization PHP Object Injection Remote Code ExecutionWeek of February 24, 2025
CVE-2025-1539D-Link DAP-1320 /storagein.pd-XXXXXX replace_special_char() Function URI RemoteWeek of February 24, 2025
CVE-2025-27364MITRE Caldera Manx / Sandcat Plugins HTTP Header Linker Argument InjectionWeek of March 3, 2025
CVE-2025-27140WeGIA /html/configuracao/importar_dump.php filename Parameter Remote OS Command InjectionWeek of March 3, 2025
CVE-2025-27135RAGFlow ExeSQL Class Unspecified SQL InjectionWeek of March 3, 2025
CVE-2024-8420DHVC Form Plugin for WordPress Registration Role Field ManipulationWeek of March 3, 2025
CVE-2024-56196Apache Traffic Server proxy/http/remap/UrlRewrite.cc Older Version Incompatible ACLs Unspecified Remote IssueWeek of March 10, 2025
CVE-2025-27554ToDesktop Deployment Handling Firebase Admin Key DisclosureWeek of March 10, 2025
CVE-2025-22224VMware ESXi / Workstation VMCI Unspecified Time-of-Check Time-of-Use (TOCTOU) Race Condition Guest-to-Host Heap Buffer OverflowWeek of March 10, 2025
CVE-2025-1393Weidmueller PROCON-WIN Unspecified Hard-Coded CredentialsWeek of March 10, 2025
CVE-2025-24201Apple WebKit WebGL Context Handling Unspecified Out-of-Bounds WriteWeek of March 17, 2025
CVE-2025-27363FreeType truetype/ttgload.c load_truetype_glyph() Function Font Subglyph Structure Parsing Integer OverflowWeek of March 17, 2025
CVE-2025-2000IBM Qiskit SDK qiskit.qpy.load() Function QPY File Handling Insecure DeserializationWeek of March 17, 2025
CVE-2025-27636
CVE-2025-29891
Apache Camel support/DefaultHeaderFilterStrategy.java Letter Case / Parameter Handling Filter Bypass Header InjectionWeek of March 17, 2025
CVE-2025-1496BG-TEK Coslat Hotspot Improper Authentication Attempt Restriction Remote Brute-Force Weakness
Week of March 24, 2025
CVE-2025-27781Applio inference.py / tts.py model_file Parameter Insecure Deserialization Remote Code ExecutionWeek of March 24, 2025
CVE-2025-29913NASA CryptoLib core/crypto_tc.c Crypto_TC_Prep_AAD() Function Integer Underflow Remote Heap Buffer OverflowWeek of March 24, 2025
CVE-2025-2746Kentico Xperience (Kentico CMS) AuthenticateToken() Function /CMSPages/Staging/SyncServer.asmx Endpoint Invalid Username Handling Remote Authentication BypassWeek of March 24, 2025
CVE-2025-29927Next.js Middleware x-middleware-subrequest Header Handling Remote Authorization BypassWeek of March 24, 2025
CVE-2025-1974 CVE-2025-2787NGINX Ingress Controller (ingress-nginx) Admission Controller Ingress Object Handling Configuration Injection (IngressNightmare)Week of March 31, 2025
CVE-2025-30259WhatsApp Cloud Unspecified PDF File HandlingWeek of March 31, 2025
CVE-2025-2783Google Chrome Mojo Improper Sentinel Handle Value HandlingWeek of March 31, 2025
CVE-2025-30216NASA CryptoLib core/crypto_tm.c Crypto_TM_Process_Setup() Function Secondary Header Length Handling Remote Heap Buffer OverflowWeek of March 31, 2025
CVE-2025-22457Ivanti Multiple Products WebRequest::dispatchRequest() Function X-Forwarded-For Header Handling Remote Stack Buffer OverflowWeek of April 2, 2025
CVE-2025-2071FAST LTA Silent Bricks WebUI Multiple Parameter Remote OS Command InjectionWeek of April 2, 2025
CVE-2025-30356NASA CryptoLib core/crypto_tc.c Crypto_TC_ApplySecurity_Cam() Function Frame Length Field Integer Underflow Remote Heap Buffer OverflowWeek of April 2, 2025
CVE-2025-3015Open Asset Import Library (assimp) AssetLib/ASE/ASELoader.cpp ASEImporter::BuildUniqueRepresentation() Function Out-of-bounds Read Arbitrary Code ExecutionWeek of April 2, 2025
CVE-2025-31129Jooby internal/pac4j/SessionStoreImpl.java ‎SessionStoreImpl::strToObject() Function Insecure Deserialization Remote Code ExecutionWeek of April 2, 2025
CVE-2025-3248Langflow backend/base/langflow/api/v1/validate.py post_validate_code() Function Missing AuthenticationWeek of April 7, 2025
CVE-2025-27797Inaba Denki Sangyo AC-WPS-11ac Series Unspecified Remote OS Command ExecutionWeek of April 7, 2025
CVE-2025-27690Dell PowerScale OneFS Unspecified Default PasswordWeek of April 7, 2025
CVE-2025-32375BentoML Runner Server Request Handling Insecure DeserializationWeek of April 7, 2025
VulnDB ID: 398725Amazon AWS Simple Storage Service Nonexistent Cloud Resource Uncontrolled Search Path ElementWeek of April 7, 2025

Transform Vulnerability Management with Flashpoint

Fill out the form to the left to subscribe to our newsletter, which features Flashpoint’s leading data and intelligence. Request a demo today to see how Flashpoint can transform your vulnerability management and exposure identification program.

See Flashpoint in Action