09 – 15 June 2025 After our last CVE of the Week post exploring a critical vulnerability in the open source landscape, we are back again in the Microsoft ecosystem, as it’s just past Patch Tuesday, which keeps on giving (and more importantly, fixing) weaknesses …
02 – 08 June 2025 Open-source enthusiast sysadmins might be familiar with Roundcube, one of the most popular webmail clients deployed, to be exact, Shodan currently lists over 160,000 publicly available instances. Unfortunately, it has now become the subject of our regular CVE of the …
VMware Cloud Foundation (VCF) is an integrated software platform developed by VMware that provides a complete solution for managing and operating a hybrid cloud infrastructure. It combines VMware’s compute, storage, networking, and cloud management services into a single automated platform.
VMware has stressed that there are no available workarounds for these vulnerabilities, making patching the sole effective method of mitigation.
Administrators using VMware Cloud Foundation 5.x are strongly advised to upgrade immediately to version 5.2.1.2.
For organizations running VMware Cloud Foundation 4.5.x, the recommended course of action is to follow the instructions outlined in knowledge base article KB398008.
Blackpoint created a list with further guidance that could strengthen our infrastructure resiliency:
Isolate Management Interfaces
Place ESXi and vCenter servers on a dedicated management VLAN. Avoid exposing them to the internet unless absolutely necessary.
Restrict Access to Management Services
Limit access to management interfaces to trusted IP addresses or subnets. Where feasible, block outbound internet access from hosts.
Harden Authentication and Access Controls
Use strong, unique credentials for all accounts. Disable SSH unless it is actively required.
Minimize Attack Surface
Disable any unused services and protocols—such as CIM, SNMP, SSH, or Web UI—to reduce potential entry points.
Secure and Test Backups
Store backups offline or in immutable object storage. Regularly test backup restoration processes to ensure reliability during an incident.
Official advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25733
Further information on the CVE Trio: https://cybersecuritynews.com/vmware-cloud-foundation-vulnerability/y/
White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.
With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.
They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.
12 – 18 May 2025 A critical elevation of privilege vulnerability has been found in Azure DevOps, published on May 8, 2025, and updated with more details 2 days later on May 10, 2025. It has a CVSS score of 10.0! It’s not often that …
05 – 11 May 2025 A critical security vulnerability has been identified in the OpenCTI Platform which is designed to structure, store, organize and visualize technical and non-technical information about cyber threats. This vulnerability, tracked as CVE-2025-24977 is our new CVEofTheWeek with an assigned CVSS …
With a maximum CVSS score of 10.0, it allows unauthenticated attackers to upload malicious files, potentially leading to full system compromise. According to the enterprise application security firm Onapsis, this vulnerability has the potential to expose over 10,000 SAP applications with internet-facing components to cyberattacks.
SAP (Systems, Applications, and Products in Data Processing) is a global leader in enterprise application software. Its NetWeaver platform supports various business-critical applications. Visual Composer within NetWeaver is a development environment that allows users to design and deploy applications with minimal coding effort.
The CVE-2025-31324 vulnerability exists in the Metadata Uploader function of the Visual Composer. Due to missing authorization checks, remote attackers can exploit this flaw to upload executable files such as JSP webshell files or Java classes directly to the server via crafted POST requests. Once uploaded, these files can be executed using simple GET requests, giving attackers control over the vulnerable system.
Exploitation can lead to data theft, installation of persistent backdoors, lateral movement within the corporate network, or even deployment of ransomware.
Post-compromise, attackers leveraged advanced tools including the Brute Ratel command-and-control framework and the Heaven’s Gate technique for memory manipulation and evasion. These tools facilitated persistent access, code injection into trusted Windows processes, and deployment of encrypted payloads, effectively bypassing many traditional endpoint defenses.
This vulnerability is already being exploited in the wild. Threat actors have been observed uploading web shells to compromised servers, allowing them to issue system commands and further infiltrate enterprise environments.
To mitigate this threat, organizations should immediately apply SAP’s patch detailed in Security Note 3594142.
Additionally, SAP customers are strongly advised to disable the deprecated Visual Composer tool, restrict external access to development-related URLs, centralize log monitoring, and inspect application directories—especially `j2ee/cluster/apps/sapcom/irj/servlet_jsp/irj/root/`—for unauthorized files.
Given the active exploitation and high risk posed by this vulnerability, immediate action is strongly recommended to protect business-critical SAP environments.
SAP Security Patch Day Security Notes:
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html
Futher information:
https://www.securityweek.com/sap-zero-day-possibly-exploited-by-initial-access-broker/
White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.
With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.
They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.
The cybersecurity world runs on shared language. We don’t often talk about it in those terms—but that’s exactly what the CVE (Common Vulnerabilities and Exposures) system is. A global taxonomy of flaws. A universal index of weakness. The quiet backbone that lets defenders coordinate responses …
03-10 March 2025 Palo Alto PAN-OS authentication bypass exploited in the wild: CVE-2025-0108 This week’s #CVEofTheWeek is about an actively exploited critical Authentication Bypass vulnerability in Palo Alto PAN-OS. PAN-OS is the software that runs all Palo Alto Networks Next-Generation Firewalls (NGFW). The high-level properties …