Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On April 24th, 2025, SAP disclosed CVE-2025-31324, a critical missing authorization check vulnerability (CVSS 10.0) affecting the Metadata Uploader component of SAP NetWeaver Visual Composer. This vulnerability fails to restrict file upload content, allowing unauthenticated remote attackers to achieve full remote code execution (RCE) on affected servers.

Cloud-Native Application Protection Platforms (CNAPPs) combine tools that scan your code, check your open-source libraries, protect your cloud workloads, and monitor your cloud configurations. But CNAPPs aren’t a silver bullet. They lack external active testing and blackbox cloud asset discovery, two capabilities that can leave exploitable vulnerabilities undetected. CNAPPs depend on APIs and deployment hooks to see what’s running.

CVE-2025-22457, a critical vulnerability (CVSS 9.0) affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways. The issue stems from a stack-based buffer overflow triggered by sending a specially crafted X-Forwarded-For HTTP header. Successful exploitation enables unauthenticated remote code execution. This vulnerability was originally misidentified as a buffer overflow vulnerability that could not lead to either remote code execution (RCE) or denial of service (DoS).

A critical improper authorization vulnerability (CVSS 9.1) in Next.js, tracked as CVE-2025-29927, was publicly disclosed on March 21, 2025. Next.js is a popular React-based web framework used for building full-stack applications. This vulnerability impacts applications that utilize middleware for authorization checks. Middleware functions used to implement access control, session validation, redirects, or security headers on incoming HTTP requests.

Organizations rely on stable systems to run their operations. Unfortunately, the IP addresses representing these systems can change frequently. This is especially challenging for cybersecurity, where identifying and tracking assets by IP address is crucial. Dynamic IP management is the practice of identifying, tracking, and contextualizing systems that use dynamic IPs to ensure accurate visibility, reduce noise, and maintain a continuous security posture.

On February 12, 2025, Palo Alto Networks announced CVE-2025-0108, a high severity (8.8) authentication bypass vulnerability affecting Palo Alto Networks PAN-OS management web interface. Successful exploitation of this vulnerability allows unauthenticated attackers with network access to invoke certain PHP scripts without proper authentication. While it does not lead to remote code execution, it impacts the confidentiality and integrity of the affected system.

Industrial control systems (ICS) and SCADA (Supervisory Control and Data Acquisition) environments were never designed to be exposed to the internet. Yet, as manufacturing enterprises embrace digital transformation, they find themselves in a challenging position—balancing operational efficiency with cybersecurity risk.