Exposures, Exposed! Weekly Round-up February 10 – February 16
? ? ? Welcome to the special post-Valentine’s edition of Exposures, Exposed! - XM Cyber’s weekly roundup of the most critical exposure events. Our devoted team has been keeping a loving eye on the cyber world, uncovering vulnerabilities that need your attention. Below, you’ll find this week’s most urgent and noteworthy exposures - because nothing says love like securing your environment!
NVIDIA Fixes Critical Container Toolkit Vulnerability in Update
NVIDIA has released version 1.17.4 of its Container Toolkit to address a critical vulnerability, CVE-2024-0132, that could allow attackers to escape containers and compromise hosts. While version 1.17.4 is the latest and recommended version, the fix for the vulnerability was introduced in version 1.16.2. The flaw enables a malicious user to mount the host’s root filesystem inside a container, providing unrestricted access to host files and Unix sockets. This could lead to full system takeover, including privileged container execution.
The vulnerability has been confirmed to impact multiple cloud service providers. The flaw also affects gVisor, a widely used container isolation solution.
The Takeaway: Users should update to NVIDIA Container Toolkit version 1.17.4 and ensure the --no-cntlibs flag remains enabled in production environments. Learn more here.
Apple CPU Vulnerabilities Enable New Data Theft Attacks??
Security researchers from Germany and the U.S. have identified two vulnerabilities in Apple processors that allow attackers to steal sensitive data. These flaws, named SLAP and FLOP, affect Apple’s latest chips, including M2, M3, A15, and A17 models.??
The vulnerabilities exploit speculative execution, a feature designed to improve CPU efficiency. Attackers can manipulate this process to access restricted memory areas, potentially exposing private user data. Unlike past Spectre-type attacks, researchers have demonstrated practical methods to exploit these flaws in real-world scenarios.??
Although these attacks require significant effort and specific conditions, they pose a risk to Apple users, particularly those handling valuable information. Apple has not yet issued a fix, and hardware-based mitigations are difficult to implement without performance trade-offs.??
The Takeaway: Apple users should stay informed about security updates and apply patches as soon as they become available. Learn more here.
OpenSSL Patches High-Severity Vulnerability Affecting Secure Connections
The OpenSSL Project has released patches for CVE-2024-12797, a high-severity flaw affecting OpenSSL 3.2, 3.3, and 3.4. The vulnerability involves clients using RFC7250 raw public keys (RPKs) to authenticate servers. Improper handshake verification in affected versions allows potential man-in-the-middle attacks on TLS and DTLS connections.
RPKs are disabled by default, but clients explicitly enabling them could be at risk if they rely solely on the handshake to detect authentication failures. OpenSSL has addressed this flaw in versions 3.4.1, 3.3.2, and 3.2.4. Most vulnerabilities patched in recent years have been low-severity, making this fix notable.
The Takeaway: Organizations using OpenSSL should update to the latest patched versions to mitigate security risks. Learn more here.
Microsoft Patches 67 Vulnerabilities in February Security Update
Microsoft has released security updates for 67 vulnerabilities, including three Critical and four zero-days affecting Windows NTLMv2 hash, Windows Storage, Windows Ancillary Function Driver, and Microsoft Surface devices. The most common exploitation technique this month is remote code execution at 42%, followed by elevation of privilege at 32%.
CVE-2025-21418 affects the Windows Ancillary Function Driver, allowing attackers to gain SYSTEM privileges. CVE-2025-21391 impacts Windows Storage, enabling file deletion. CVE-2025-21194 affects Microsoft Surface devices. CVE-2025-21377 exposes NTLMv2 hashes. Critical vulnerabilities include CVE-2025-21376 in LDAP, CVE-2025-21381 in Microsoft Excel, and CVE-2025-21379 in DHCP Client Service.
The Takeaway: Organizations should apply available patches immediately and review mitigation strategies for vulnerabilities without fixes. Learn more here.
Zimbra Patches Critical Vulnerabilities in Collaboration Software
Zimbra has released updates to fix security flaws in its Collaboration software. CVE-2025-25064 is an SQL injection vulnerability in the ZimbraSync Service SOAP endpoint, affecting versions before 10.0.12 and 10.1.4. It has a CVSS score of 9.8 and allows authenticated attackers to retrieve email metadata.
Zimbra has also fixed a stored cross-site scripting (XSS) vulnerability in the Classic Web Client. The flaw, which has not been assigned a CVE identifier, was addressed in versions 9.0.0 Patch 44, 10.0.13, and 10.1.5.
CVE-2025-25065 is a medium-severity SSRF vulnerability in the RSS feed parser with a CVSS score of 5.3. It has been patched in versions 9.0.0 Patch 43, 10.0.12, and 10.1.4.
The Takeaway: Users should update to the latest Zimbra Collaboration versions to mitigate security risks. Learn more here.
Cisco Fixes Critical Vulnerabilities in Identity Services Engine
Cisco has released security updates for critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). These flaws affect all device configurations in versions 3.3 and earlier.
CVE-2025-20124 is an insecure Java deserialization vulnerability with a CVSS score of 9.9. It allows an authenticated remote attacker to execute arbitrary code with root privileges.
CVE-2025-20125 is an authorization bypass vulnerability that enables an attacker with valid read-only credentials to access sensitive information, modify node configurations, and restart the node.
The Takeaway: Users should apply the Cisco security updates without delay to mitigate potential risks. Learn more here.
Fortinet Updates Advisory with New Authentication Bypass Flaw
Fortinet has disclosed CVE-2025-24472, an authentication bypass vulnerability affecting FortiOS and FortiProxy. The flaw was added to the advisory for CVE-2024-55591, a similar vulnerability patched last month.
CVE-2024-55591 has a critical CVSS score of 9.6, while CVE-2025-24472 has a high-severity score of 8.1. Fortinet’s advisory initially stated that reports showed active exploitation of the new flaw, but the company later clarified it has not confirmed such activity.
Patches for both vulnerabilities are available. Customers can also mitigate risk by disabling the HTTP/HTTPS administrative interface or restricting IP addresses. Fortinet stated that customers who followed previous guidance for CVE-2024-55591 are already protected.
The Takeaway: Users should apply the latest patches or implement recommended mitigations to secure their systems. Learn more here.
That’s all for this week – have any exposures to add to our list? Let us know!
Read our latest blog "From ArgoCD To Azure Hybrid Attacks":