January 2025 Vulnerability Review
Hey Vulnerability Watchers,
January saw major security flaws affecting IBM, SAP, and Microsoft, emphasizing the need for initiative-taking patching and strong vulnerability management.
IBM Concert Software was found vulnerable to multiple security issues, including weaknesses that expose sensitive system information, lack strict transport security (HSTS), and fail to neutralize malicious input in logs. Organizations should apply IBM’s recommended mitigations immediately.
SAP released patches for fourteen vulnerabilities, including two critical flaws in NetWeaver AS for ABAP and ABAP Platform (CVSS 9.9), which allow attackers to steal credentials and access sensitive data. A high-severity SQL injection flaw (CVE-2025-0063) in NetWeaver could also let attackers manipulate database data. Businesses should apply these updates without delay.
Microsoft’s January Patch Tuesday addressed 159 vulnerabilities, including ten critical flaws and eight actively exploited zero-days. Notable issues include a Windows Reliable Multicast Transport Driver flaw (CVE-2025-21307, CVSS 9.8) allowing remote code execution and a Windows OLE vulnerability (CVE-2025-21298) exploitable via malicious emails. These highlight the ongoing risks from phishing and unpatched systems.
With the high volume of threats, organizations must ensure swift patching and continuous monitoring to prevent cyberattacks. Stay vigilant, stay secure.
Raynet One, our new SaaS platform, provides exactly this transparency with complete True IT Asset Visibility and gives valuable insights into your portfolio. Get first insights into vulnerabilities and other risk factors in your IT landscape with just one click and after 10 minutes.
Raynet One, our new SaaS platform, provides exactly this transparency with complete True IT Asset Visibility and gives valuable insights into your portfolio. Get first insights into vulnerabilities and other risk factors in your IT landscape with just one click and after 10 minutes.
Get your 30-day Raynet One trial license now or take a look at our previous vulnerability reports.
January 2025 saw a significant drop in vulnerabilities, with a total of 1,437 new security flaws—down from previous months. Despite this decline, risks remain high, and organizations must stay vigilant.
The vulnerabilities affected 111 vendors and 523 products. Qualcomm leads as the most affected vendor, with 776 vulnerabilities, followed by Microsoft (151), Dell (85), and Apple (44). The most impacted products include Windows 10 (100), the Linux kernel (89 vulnerabilities), various macOS and iPadOS versions (19 each), and firmware updates across multiple platforms.
Severity analysis shows that 876 vulnerabilities are classified as high risk, 539 as medium, and 22 as low. This distribution highlights the importance of prompt patching, as the majority of reported flaws pose a significant threat to businesses, companies should prioritize fixing critical vulnerabilities and ensure continuous monitoring to mitigate potential cyber threats.
With attack vectors evolving, initiative-taking security measures remain essential. Stay ahead of threats, patch vulnerabilities, and protect your systems.
CVE-2025-21298
Publisher: Microsoft
Product: Windows 10 1507
Description: A remote code execution vulnerability exists in Windows OLE, which could allow an attacker to execute arbitrary code on the affected system. This vulnerability can be exploited through specially crafted data, leading to full system compromise.
CVE-2025-21307
Publisher: Microsoft
Product: Windows 10 1507
Description: A critical remote code execution vulnerability in the Windows Reliable Multicast Transport Driver (RMCAST) could allow an attacker to send crafted network packets, leading to arbitrary code execution with elevated privileges. This could result in system compromise and unauthorized access.
CVE-2025-21311
Publisher: Microsoft
Product: Windows 11 24H2
领英推荐
Description: A vulnerability in Windows NTLM VI could allow an attacker to elevate privileges and gain unauthorized system access. Exploiting this flaw may lead to credential theft and lateral movement within the network.
CVE-2025-0282
Publisher: Ivanti
Product: Connect Secure
Description: A stack-based buffer overflow vulnerability in Ivanti Connect Secure versions prior to 22.7R2.5, Ivanti Policy Secure versions before 22.7R1.2, and Ivanti Neurons for ZTA gateways before 22.7R2.3 could allow remote unauthenticated attackers to execute arbitrary code. Successful exploitation could lead to full system compromise.
CVE-2023-37936
Publisher: Fortinet
Product: FortiSwitch
Description: A use of hard-coded cryptographic keys in multiple versions of Fortinet FortiSwitch (7.4.0, 7.2.0-7.2.5, 7.0.0-7.0.7, 6.4.0-6.4.13, 6.2.0-6.2.7, 6.0.0-6.0.7) allows attackers to execute unauthorized code or commands via crafted requests. This vulnerability poses a significant risk of unauthorized access and system compromise.
CVE-2024-55591
Publisher: Fortinet
Product: FortiProxy
Description: An authentication bypass vulnerability affecting FortiOS (7.0.0-7.0.16) and FortiProxy (7.0.0-7.0.19, 7.2.0-7.2.12) allows a remote attacker to gain super-admin privileges. This flaw, triggered through crafted requests to the Node.js WebSocket module, could lead to full control of the affected system.
CVE-2024-54543
Publisher: Apple
Product: Safari
Description: A memory corruption vulnerability was addressed in Safari 18.2, iOS 18.2, iPadOS 18.2, macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, and visionOS 2.2. Processing maliciously crafted web content could lead to arbitrary code execution. Attackers could exploit this flaw to compromise affected devices.
CVE-2024-54676
Publisher: Apache
Product: OpenMeetings
Description: Apache OpenMeetings versions from 2.1.0 up to 8.0.0 lack proper whitelist/blacklist configuration for OpenJPA serialization. This flaw could lead to deserialization of untrusted data, allowing remote code execution. Users are strongly advised to upgrade to version 8.0.0 and apply the recommended security configurations.
The first month of the new year shows, that cybersecurity remains an ongoing challenge, with evolving threats requiring continuous vigilance. The vulnerabilities highlighted in this post serve as a reminder of the importance of maintaining up-to-date systems and implementing robust security protocols. It is essential for organizations to stay informed about emerging risks and to take immediate action to protect their digital infrastructure.
By staying initiative-taking and adopting best practices such as regular updates, patch management, and heightened awareness, you can better safeguard against the growing range of cyber threats. As always, collaboration and shared knowledge within the cybersecurity community will play a pivotal role in mitigating these risks and strengthening the defenses in the future.
With Raynet One, you will get a deep dive into your company’s vulnerabilities and can identify potential risk immediately.
Get your 30-day Raynet One trial license now and explore our new SaaS platform on your own.