10 min
Patch Tuesday
Patch Tuesday - May 2025
Seven zero-days: Window Scripting Engine, 2x CLFS, DWM, Visual Studio, AFD for Winsock, Defender for Identity.
19 min
Vulnerability Disclosure
Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)
Rapid7 is disclosing three new vulnerabilities in SonicWall SMA 100 series appliances (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821). An attacker with access to an SMA SSLVPN user account can chain these vulnerabilities for root-level code execution.
5 min
Exposure Command
Exploring an Untethered, Unified Approach to CTEM
Unlike traditional standalone VM, CASM, EASM, SIEM, or EDR tools that rely on proprietary agents, Exposure Command from Rapid7 brings it all together into one platform.
2 min
Gartner
Three Takeaways from the Gartner® Report: How to Grow Vulnerability Management Into Exposure Management
Latest research from Gartner, How to Grow Vulnerability Management Into Exposure Management, highlights the need for security teams to move beyond simply tracking vulnerabilities and embrace a more comprehensive approach to exposure management.
3 min
Emergent Threat Response
Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324
A critical SAP NetWeaver zero-day vulnerability (CVE-2025-31324) that allows for full SAP server compromise is being actively exploited in the wild.
1 min
Vulnerability Management
Following the News: MITRE’s Common Vulnerabilities and Exposures (CVE) Funding
Rapid7 continues to monitor both public and private discussions closely in its capacity as a CVE Numbering Authority (CNA) and as a longtime leader and participant in the CVE ecosystem.
12 min
Vulnerability Management
Patch Tuesday - April 2025
CLFS zero-day. LDAP critical RCEs. RDS critical RCEs. Hyper-V critical RCE.
2 min
Emergent Threat Response
Ivanti Connect Secure CVE-2025-22457 exploited in the wild
On April 3, 2025, Ivanti disclosed CVE-2025-22457, a critical a stack-based buffer overflow vulnerability that allows for remote code execution on affected devices.
4 min
Emergent Threat Response
Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP
Rapid7 is warning customers of two notable vulnerabilities affecting Next.js (CVE-2025-29927) and file transfer software CrushFTP (no CVE).
2 min
Emergent Threat Response
Critical Veeam Backup & Replication CVE-2025-23120
Update Friday, March 28, 2025: Security researchers at CODE WHITE GmbH have
noted on social media that it is possible to bypass the patch
[https://infosec.exchange/@codewhitesec/114241026482611250] for CVE-2025-23120.
Rapid7 has not directly confirmed the patch bypass, but we are relatively
confident in the validity of the finding. Customers should ensure Veeam Backup &
Replication is not internet-facing as an urgent priority.
On Wednesday, March 19, 2025, backup and recovery software provider
3 min
Emergent Threat Response
Apache Tomcat CVE-2025-24813: What You Need to Know
Here at Rapid7, our usual bar for calling a vulnerability an emergent threat is
either known exploitation at scale, or likelihood of exploitation at scale.
Apache Tomcat CVE-2025-24813
[https://attackerkb.com/topics/4GajxQH17l/cve-2025-24813] fulfills neither of
these criteria, despite a variety of news headlines alleging broad exploitation
in the wild. Tomcat is widely deployed and has seen a number of severe
vulnerabilities over the years that have had specific configuration dependencies
for s
9 min
Vulnerability Management
Patch Tuesday - March 2025
Seven zero-days. Win32 EoP. Multiple filesystem driver attacks. MMC security feature bypass. Access (again). WSL magic email RCE. Malicious RDP server.
2 min
Emergent Threat Response
Multiple Zero-Day Vulnerabilities in Broadcom VMware ESXi and Other Products
On Tuesday, March 4, 2025, Broadcom published a critical security advisory (VMSA-2025-0004) on 3 new zero-day vulnerabilities affecting multiple VMware products, including ESXi, Workstation, and Fusion.
8 min
Patch Tuesday
Patch Tuesday - February 2025
Four zero-days: AFD EoP, Storage EoP, NTLMv2 disclosure, Surface container escape. Critical RCEs in LDAP, DHCP client, Excel.
4 min
Emergent Threat Response
Fortinet Firewalls Hit with New Zero-Day Attack, Older Data Leak
Rapid7 is responding to two separate events affecting Fortinet firewall customers: Zero-day exploitation of CVE-2024-55591 in FortiOS, and a large-scale data leak of older FortiGate firewall IPs, passwords, and configs.