Exploited: Critical Unauthenticated Access Vulnerability in CrushFTP (CVE-2025-2825)
In the ever-evolving landscape of web application vulnerabilities, a new critical flaw has emerged. CVE-2025-2825 is a high-severity vulnerability that allows attackers to bypass authentication on CrushFTP servers. This popular enterprise file transfer solution is often used in corporate environments to manage sensitive data, making this vulnerability particularly concerning. Attackers ... Read More
IONIX Unveils Parked Domain Classification
IONIX is proud to announce the launch of our new Parked Domain Classification capability within our Exposure Management platform. This feature enables security teams to intelligently categorize and monitor parked domains as distinct assets, significantly reducing alert noise while maintaining comprehensive visibility across your entire domain portfolio. By implementing risk-based ... Read More
Exploited! Kentico Xperience Staging Service Authentication Bypass Vulnerabilities (CVE-2025-2746 & CVE-2025-2747)
Recently, two critical security flaws were discovered in Kentico Xperience 13, a popular digital experience platform (CMS). Tracked as CVE-2025-2746 and CVE-2025-2747, these vulnerabilities allow unauthenticated attackers to bypass the Staging Sync Server’s authentication, potentially gaining administrative control over the CMS. Both issues carry a CVSS score of 9.8 (Critical) ... Read More
Exploited! Apache Tomcat Path Equivalence Vulnerability (CVE-2025-24813)
Apache Tomcat recently disclosed a critical security vulnerability, CVE-2025-24813, affecting several versions of its widely used servlet container. This vulnerability arises from improper handling of path equivalence checks involving filenames with internal dots (file…txt). Exploitation could result in unauthorized information disclosure, file manipulation, and even remote code execution (RCE). What ... Read More
Exploited: XWiki Remote Code Execution Vulnerability (CVE-2025-24893)
Overview A newly discovered critical vulnerability in the XWiki Platform, tracked as CVE-2025-24893, allows unauthenticated remote code execution (RCE) through the SolrSearch macro. This vulnerability was assigned a CVSS score of 9.8 as rated by GitHub, Inc.) , can be exploited by attackers to execute arbitrary Groovy code on affected ... Read More
Exploited! PAN‑OS Authentication Bypass Vulnerability (CVE‑2025‑0108)
What is CVE‑2025‑0108 PAN‑OS Authentication Bypass Vulnerability? Recently, Palo Alto Networks disclosed CVE‑2025‑0108—a high-severity authentication bypass in the PAN‑OS management web interface. Although the flaw does not enable remote code execution, it compromises the confidentiality and integrity of management functions. In this post, we’ll break down the technical details, discuss ... Read More
