This week, key vulnerabilities in SAP, Microsoft, Fortinet, Ivanti, and others demand immediate attention as threat actors exploit critical flaws.

Key vulnerabilities in SAP, Microsoft, Fortinet, and others demand immediate attention as threat actors exploit critical flaws.

Overview

Cyble Research and Intelligence Labs (CRIL) analyzed significant IT vulnerabilities disclosed between January 8 and 14, 2025.

The Cybersecurity and Infrastructure Security Agency (CISA) added seven vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Microsoft released its January 2025 Patch Tuesday updates, addressing 159 vulnerabilities, including eight zero-days, three of which are under active exploitation.

Other notable vulnerabilities this week are flaws in SAP NetWeaver Application Server and other high-profile products. CRIL’s monitoring of underground forums also revealed discussions on critical zero-day vulnerabilities and their potential weaponization.

Key Vulnerabilities

SAP NetWeaver and BusinessObjects

• CVE-2025-0070: Improper authentication in SAP NetWeaver AS for ABAP, enabling privilege escalation.
• CVE-2025-0066: Weak access controls leading to unauthorized information disclosure.
• CVE-2025-0063: SQL injection vulnerability allowing unauthorized database manipulation.
• CVE-2025-0061: Session hijacking in SAP BusinessObjects, risking sensitive data exposure.

Impact: SAP NetWeaver’s foundational role in critical industries like finance, healthcare, and manufacturing makes these vulnerabilities particularly concerning.

Mitigation: Patches are available for all vulnerabilities, and immediate application is recommended.

Fortinet FortiOS

• CVE-2024-55591: A critical authorization bypass vulnerability in FortiOS with a CVSS score of 9.8, allowing unauthorized users to execute arbitrary commands.

Impact: Exploited in the wild, this vulnerability has been observed in attempts to gain super-admin privileges on affected systems.

Mitigation: Upgrade FortiOS to the latest patched versions (7.0.17 or above for version 7.0 and 7.2.13 or above for version 7.2).

Also read: Fortinet’s Authentication Bypass Zero-Day: Mitigation Strategies and IoCs for Enhanced Security

Microsoft Hyper-V

• CVE-2025-21333, CVE-2025-21334, CVE-2025-21335: Use-after-free and buffer overflow vulnerabilities in Microsoft Hyper-V NT Kernel Integration VSP.

Impact: These vulnerabilities pose risks of denial-of-service or privilege escalation within virtualized environments.

Mitigation: Apply Microsoft’s January Patch Tuesday updates.

Vulnerabilities on Underground Forums

CRIL observed active discussions and Proof-of-Concept (PoC) code for vulnerabilities on underground forums:

• CVE-2024-55956: Critical unauthenticated file upload vulnerability in Cleo Harmony, VLTrader, and LexiCom products, allowing arbitrary code execution.

Observed Activity: PoC shared on Telegram by a threat actor.

• CVE-2024-45387: SQL injection vulnerability in Apache Traffic Ops, enabling attackers to execute SQL commands against backend databases.

Observed Activity: Threat actor “dragonov_66” posted PoC on cybercrime forums.

Additionally, a threat actor advertised for sale zero-day pre-authentication Remote Code Execution (RCE) vulnerabilities affecting GoCloud Routers and Entrolink PPX VPN services.

CISA’s Known Exploited Vulnerabilities (KEV) Catalog

The following vulnerabilities were added to CISA’s KEV catalog:

Also read: Inside the Active Threats of Ivanti’s Exploited Vulnerabilities

Recommendations

To mitigate risks associated with the identified vulnerabilities:

• Apply Patches Promptly:
  • Install vendor-released patches for all affected products immediately.
  • Use tools like Fortinet’s upgrade path utility for smooth version transitions.
• Implement Network Segmentation:
  • Isolate critical assets using VLANs and firewalls.
  • Restrict access to administrative interfaces through IP whitelisting.
• Monitor for Indicators of Compromise (IoCs):
  • Analyze logs for suspicious activities, such as unauthorized account creation or modifications to security policies.
  • Investigate IPs associated with malicious activity:
    • 45.55.158.47
    • 87.249.138.47
    • 149.22.94.37
• Strengthen Incident Response Plans:
  • Regularly test and update incident response protocols to address emerging threats.
• Enhance Visibility:
  • Maintain an up-to-date inventory of assets and perform regular vulnerability assessments.
• Adopt Multi-Factor Authentication (MFA):
  • Ensure strong authentication measures for all accounts, especially admin accounts.
• Engage in Threat Intelligence Monitoring:
  • Stay informed about security advisories from vendors and public authorities, including CISA and CERTs.

Related