Key vulnerabilities in major platforms such as SAP, Microsoft, and Fortinet have been identified, necessitating immediate attention due to active exploitation by threat actors. The vulnerabilities include privilege escalation, unauthorized access, and critical flaws in widely used applications. Affected: SAP, Microsoft, Fortinet
Keypoints :
- Cyble Research and Intelligence Labs (CRIL) analyzed vulnerabilities disclosed between January 8 and 14, 2025.
- CISA added seven vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
- Microsoft’s January 2025 Patch Tuesday updates addressed 159 vulnerabilities, including eight zero-days.
- Significant vulnerabilities identified in SAP NetWeaver and BusinessObjects.
- Fortinet FortiOS has a critical authorization bypass vulnerability with a CVSS score of 9.8.
- Microsoft Hyper-V has multiple vulnerabilities posing risks of denial-of-service or privilege escalation.
- Active discussions on underground forums regarding vulnerabilities and Proof-of-Concept (PoC) code.
- Recommendations include applying patches, implementing network segmentation, and enhancing incident response plans.
MITRE Techniques :
- Privilege Escalation (T1068): Improper authentication in SAP NetWeaver AS for ABAP allowing privilege escalation (CVE-2025-0070).
- Unauthorized Access (T1078): Weak access controls leading to unauthorized information disclosure (CVE-2025-0066).
- SQL Injection (T1190): SQL injection vulnerability allowing unauthorized database manipulation (CVE-2025-0063).
- Session Hijacking (T1557): Session hijacking in SAP BusinessObjects risking sensitive data exposure (CVE-2025-0061).
- Command Execution (T1203): Critical unauthenticated file upload vulnerability in Cleo Harmony, VLTrader, and LexiCom products allowing arbitrary code execution (CVE-2024-55956).
- SQL Injection (T1190): SQL injection vulnerability in Apache Traffic Ops enabling attackers to execute SQL commands (CVE-2024-45387).
Indicator of Compromise :
- [IP Address] 45.55.158.47
- [IP Address] 87.249.138.47
- [IP Address] 149.22.94.37
- [Others IoC] Proof-of-Concept (PoC) code shared on Telegram.
- Check the article for all found IoCs.
Full Research: https://cyble.com/blog/weekly-it-vulnerability-report-critical-updates/