09 – 15 June 2025 After our last CVE of the Week post exploring a critical vulnerability in the open source landscape, we are back again in the Microsoft ecosystem, as it’s just past Patch Tuesday, which keeps on giving (and more importantly, fixing) weaknesses …
02 – 08 June 2025 Open-source enthusiast sysadmins might be familiar with Roundcube, one of the most popular webmail clients deployed, to be exact, Shodan currently lists over 160,000 publicly available instances. Unfortunately, it has now become the subject of our regular CVE of the …
It affects Versa Concerto, an orchestrator and interface to configure and monitor Versa OS devices in Secure SD-WAN and secure access service edge (SASE) deployments. The flaw affects widely used software and poses a serious risk of remote code execution (RCE) without authentication – making it a top priority.
It has the highest possible CVSS score of 10.
This vulnerability allows threat actors to exploit exposed systems over the network, potentially gaining full control. The attack surface is broad, and with proof-of-concept (PoC) exploits already circulating.
Affected systems are commonly used in enterprise environments.
Exploits are trivial to deploy once a target is found.
The impact can range from data theft to full infrastructure compromise.
This is a wake-up call to stay vigilant, keep systems updated, and prioritize proactive vulnerability management. CVE-2025-34027 is not just another CVE — it’s a critical risk that requires immediate attention.
Let’s not wait for headlines. Secure your systems today!
You can find more information and details on the subject at the link below:
https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce
White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.
With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.
They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.
19 – 15 May 2025 Multiple high-severity vulnerabilities were responsibly disclosed in VCF by Gustavo Bonito of the NATO Cyber Security Centre. From among these, our #CVEOfTheWeek is CVE-2025-41229. This is a Directory Traversal vulnerability, which might allow a malicious actor with network access to …
12 – 18 May 2025 A critical elevation of privilege vulnerability has been found in Azure DevOps, published on May 8, 2025, and updated with more details 2 days later on May 10, 2025. It has a CVSS score of 10.0! It’s not often that …
The security weakness is found in OpenCTI’s web-hook functionality. As outlined in the advisory, this feature enables users to tailor messages transmitted through web-hooks. It operates using JavaScript, which users can input into a web-hook template field.
The primary concern is that a malicious user could exploit this mechanism to execute commands within the hosting environment where OpenCTI runs. Although a protective layer has been implemented to block external modules in JavaScript code used for web-hooks, these safeguards can still be circumvented.
Furthermore, OpenCTI’s container-based deployments poses a security risk, as attackers could exploit web-hook JavaScript to access sensitive environment variables. Successful exploitation could lead to a wide range of malicious activities, including data breaches, system compromise, and lateral movement within the affected network.
The affected version of OpenCTI Platform is 6.4.8 and the patched version, which resolves this vulnerability, is 6.4.11.
Users of the OpenCTI Platform are strongly advised to upgrade OpenCTI Platform instance to version 6.4.11 or later to mitigate the risk posed by CVE-2025-24977.
Recommended Action:
Official advisory: https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm
White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.
With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.
They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.
