{"vulnerability": "CVE-2025-2021", "sightings": [{"uuid": "1053b960-1a8b-4b2e-b45b-f1f358458e4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20212", "type": "published-proof-of-concept", "source": "https://t.me/CyberBulletin/10687", "content": "The Hidden Dangers of VPNs: Critical Vulnerabilities Exposed (Late 2024 \u2013 Early 2025)\n\nVirtual Private Networks (VPNs) have long been considered an essential tool for securing online activity. However, a closer examination reveals an unsettling reality: VPNs themselves are increasingly becoming high-value targets for attackers. Over the past several months, a wave of critical vulnerabilities has shaken trust in these technologies, impacting both consumers and enterprises alike.\n\nIn this report, we highlight the most significant VPN vulnerabilities discovered from late 2024 into early 2025 \u2014 and why blind reliance on VPNs may no longer be a safe bet.\n\n\n---\n\nCVE-2025-22457: Critical Buffer Overflow in Ivanti Connect Secure and Pulse Connect Secure\n\nIn April 2025, researchers uncovered CVE-2025-22457, a critical unauthenticated stack-based buffer overflow vulnerability affecting Ivanti Connect Secure (ICS) and Pulse Connect Secure VPN appliances. Impacted versions include ICS 22.7R2.5 and earlier, as well as Pulse Connect Secure 9.1x, which reached end-of-support in December 2024.\n\nInitially, Ivanti assessed the issue as non-exploitable due to character restrictions (periods and numbers only) within the overflow. However, a suspected Chinese advanced persistent threat (APT) group, dubbed UNC5221, demonstrated that \u2014 through intricate exploitation techniques \u2014 remote code execution was indeed achievable.\n\nExploitation Details:\n\nProof-of-concept (PoC) exploits are already available publicly, such as the sfewer-r7 implementation on GitHub. Attackers can leverage these to gain a reverse shell with limited user privileges (\"nr\"), circumventing initial vendor assumptions about exploitability.\n\nA netcat listener captures the shell.\n\nThe exploit brute-forces address space layout randomization (ASLR) protections by guessing base addresses for libdsplibs.so.\n\nSuccessful exploitation results in unauthorized access to the underlying system.\n\n\nExposure:\nAs of April 2025, Shodan scans indicated over 4,000 vulnerable instances exposed online.\n\n\n---\n\nCVE-2024-53704: Authentication Bypass in SonicWall SSL VPN\n\nAnother significant threat emerged with CVE-2024-53704, a critical authentication bypass vulnerability impacting SonicWall\u2019s SSL VPN solutions based on SonicOS versions 7.1.x (through 7.1.1-7058), 7.1.2-7019, and 8.0.0-8035.\n\nDiscovered by Computest Security in November 2024 and patched in January 2025, this flaw allows attackers to hijack active VPN sessions by manipulating Base64-encoded session cookies \u2014 bypassing even multi-factor authentication (MFA) mechanisms.\n\nAttack Technique:\n\nBy inserting 32 null bytes encoded in Base64 into the swap cookie of a GET request, adversaries can effectively impersonate legitimate users without valid credentials.\n\nDespite available patches, thousands of systems remained unpatched into early 2025. According to Bishop Fox, more than 4,500 SonicWall VPN instances were still exposed as of February 2025.\n\n\n---\n\nCVE-2025-0282 and CVE-2025-0283: Stack-Based Buffer Overflows in Ivanti Products\n\nIn January 2025, Ivanti disclosed two additional vulnerabilities:\n\nCVE-2025-0282 (CVSS 9.0): Unauthenticated stack-based buffer overflow enabling remote code execution.\n\nCVE-2025-0283 (CVSS 7.0): Local privilege escalation via stack-based buffer overflow.\n\n\nAffected products included Ivanti Connect Secure, Policy Secure, and Neurons for Zero Trust Access (ZTA) gateways.\n\nExploitation Insights:\n\nPublic exploits, such as the one by sfewer-r7, target specific product versions with tailored ROP (Return-Oriented Programming) chains.\n\nSuccessful exploitation allows execution of operating system commands under non-root privileges, confirming breach activity.\n\n\nNotably, the exploit requires multiple attempts due to ASLR protections but ultimately grants unauthorized access if persistence is maintained.\n\n\n---\n\nCVE-2025-20212: Cisco Meraki AnyConnect VPN Denial-of-Service Vulnerability\n\nCisco disclosed CVE-2025-20212, a high-severity DoS vulnerability affecting AnyConnect VPN servers on Meraki MX and Z series devices.", "creation_timestamp": "2025-04-27T03:42:30.000000Z"}, {"uuid": "6389a365-ddfc-4c2d-82c1-b3631eab9d4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20212", "type": "seen", "source": "https://t.me/cvedetector/21899", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-20212 - Cisco AnyConnect VPN Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-20212 \nPublished : April 2, 2025, 5:15 p.m. | 1\u00a0hour, 15\u00a0minutes ago \nDescription : A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must have valid VPN user credentials on the affected device.  \n  \n This vulnerability exists because a variable is not initialized when an SSL VPN session is established. An attacker could exploit this vulnerability by supplying crafted attributes while establishing an SSL VPN session with an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN sessions and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.  \n  \n Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers without manual intervention. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-02T20:50:34.000000Z"}, {"uuid": "4fa25893-7982-408e-9da4-b160419a4483", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20212", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lm47knafpc2x", "content": "", "creation_timestamp": "2025-04-06T00:41:30.717375Z"}, {"uuid": "321b3dfb-7ce2-441e-8428-f06861e69085", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20212", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lm4av5xudc2x", "content": "", "creation_timestamp": "2025-04-06T01:05:20.010462Z"}, {"uuid": "7d39bc5c-40f9-498d-9719-09850afc2467", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20213", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15470", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-20213\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid read-only credentials with CLI access on the affected system.\n\nThis vulnerability is due to improper access controls on files that are on the local file system. An attacker could exploit this vulnerability by running a series of crafted commands on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device and gain privileges of the root user. To exploit this vulnerability, an attacker would need to have CLI access as a low-privilege user.\n\ud83d\udccf Published: 2025-05-07T17:18:23.179Z\n\ud83d\udccf Modified: 2025-05-08T03:56:27.560Z\n\ud83d\udd17 References:\n1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-fileoverwrite-Uc9tXWH", "creation_timestamp": "2025-05-08T04:22:56.000000Z"}, {"uuid": "3c744a92-5cf5-44aa-bb97-5216e4544773", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20213", "type": "seen", "source": "https://t.me/cvedetector/24743", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-20213 - Cisco Catalyst SD-WAN Manager Local File System Overwrite Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-20213 \nPublished : May 7, 2025, 6:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid read-only credentials with CLI access on the affected system.  \n  \nThis vulnerability is due to improper access controls on files that are on the local file system. An attacker could exploit this vulnerability by running a series of crafted commands on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device and gain privileges of the root user. To exploit this vulnerability, an attacker would need to have CLI access as a low-privilege user. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-07T21:31:42.000000Z"}, {"uuid": "1fd4a190-e1e8-4b9a-a65e-218674446770", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20214", "type": "seen", "source": "https://t.me/cvedetector/24744", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-20214 - Cisco IOS XE NACM Unauthorized Data Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-20214 \nPublished : May 7, 2025, 6:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or operational data.  \n  \n This vulnerability exists because a subtle change in inner API call behavior causes results to be filtered incorrectly. An attacker could exploit this vulnerability by using either NETCONF, RESTCONF, or gRPC Network Management Interface (gNMI) protocols and query data on paths that may have been denied by the NACM configuration. A successful exploit could allow the attacker to access data that should have been restricted according to the NACM configuration.  \n  \n Note: This vulnerability requires that the attacker obtain the credentials from a valid user with privileges lower than 15, and that NACM was configured to provide restricted read access for that user. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-07T21:31:43.000000Z"}, {"uuid": "d526d810-c7f7-4d0b-b9d8-6564cf9a0ce9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20216", "type": "seen", "source": "https://t.me/cvedetector/24745", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-20216 - Cisco Catalyst SD-WAN Manager Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-20216 \nPublished : May 7, 2025, 6:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user.  \n  \nThis vulnerability is due to improper sanitization of input to the web interface. An attacker could exploit this vulnerability by convincing an authenticated user to click a malicious link. A successful exploit could allow the attacker to inject HTML into the browser of an authenticated Cisco Catalyst SD-WAN Manager user. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-07T21:31:44.000000Z"}, {"uuid": "faeec2af-f38b-460d-bc65-4b2249de199e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20211", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3likej7e4y62z", "content": "", "creation_timestamp": "2025-02-19T18:06:40.658129Z"}, {"uuid": "b7e25d54-a00e-4e1e-9f70-6a51ec709303", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20217", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lwggju4gdyd2", "content": "", "creation_timestamp": "2025-08-15T08:27:49.249654Z"}, {"uuid": "e33cb5e0-1d95-4240-897a-2e7baf735779", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20217", "type": "seen", "source": "https://bsky.app/profile/mds52.bsky.social/post/3lyl6bzxk6c2j", "content": "", "creation_timestamp": "2025-09-11T16:31:03.323251Z"}, {"uuid": "b6a7d386-9958-4e99-8501-871e5def576e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20217", "type": "seen", "source": "https://t.me/true_secator/7332", "content": "Cisco \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0431\u043e\u043b\u0435\u0435 20 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043e\u0431\u043d\u043e\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0437\u0430 \u0430\u0432\u0433\u0443\u0441\u0442 2025 \u0433\u043e\u0434\u0430 \u0434\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Secure Firewall Management Center (FMC), Secure Firewall Threat Defense (FTD) \u0438 Secure Firewall Adaptive Security Appliance (ASA).\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f CVE-2025-20265 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 10,0) \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443 Secure FMC, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u0443\u044e \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 Cisco FTD \u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u044b RADIUS, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044e\u0442\u0441\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u043c.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0435\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u044d\u0442\u0430\u043f\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0447\u0435\u0433\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0432\u0445\u043e\u0434\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u0440\u0438 \u0432\u0432\u043e\u0434\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u043e\u0445\u043e\u0434\u044f\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u043d\u0430 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 RADIUS.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0441 \u0432\u044b\u0441\u043e\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\n\u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 Secure FMC \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d \u043d\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e RADIUS \u0434\u043b\u044f \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f SSH \u0438\u043b\u0438 \u043e\u0431\u043e\u0438\u0445.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 Secure FMC Software 7.0.7 \u0438 7.7.0, \u0435\u0441\u043b\u0438 \u0432 \u043d\u0438\u0445 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f RADIUS.\n\n\u041e\u0431\u0445\u043e\u0434\u043d\u044b\u0445 \u043f\u0443\u0442\u0435\u0439, \u043a\u0440\u043e\u043c\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439, \u043d\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442.\n\n\u041f\u043e\u043c\u0438\u043c\u043e CVE-2025-20265 Cisco \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0440\u044f\u0434 \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a:\n\n- CVE-2025-20217\u00a0(CVSS: 8,6): DoS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Snort 3 \u0432 Secure Firewall Threat Defense.\n\n- CVE-2025-20222\u00a0(CVSS: 8,6): DoS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c IPv6 \u0447\u0435\u0440\u0435\u0437 IPsec \u0432 Secure Firewall \u0438 Secure Firewall \u0434\u043b\u044f Firepower \u0441\u0435\u0440\u0438\u0438 2100.\n\n- CVE-2025-20224, CVE-2025-20225, CVE-2025-20239\u00a0(\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 8,6): DoS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 IKEv2 \u0432 IOS, IOS XE, Secure Firewall Adaptive Security Appliance \u0438 Secure Firewall Threat Defense Software.\n\n- CVE-2025-20133, CVE-2025-20243\u00a0(CVSS: 8,6): DoS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 SSL VPN \u0434\u043b\u044f Secure Firewall \u0438 Secure Firewall.\n\n- CVE-2025-20134\u00a0(CVSS: 8,6): DoS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SSL/TLS-\u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 \u0432 Secure Firewall \u0438 Secure Firewall Threat Defense.\n\n- CVE-2025-20136\u00a0(CVSS: 8,6): DoS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 DNS \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0430\u0434\u0440\u0435\u0441\u043e\u0432 Secure Firewall Adaptive Security Appliance \u0438 Secure Firewall Threat Defense.\n\n- CVE-2025-20263\u00a0(CVSS: 8,6): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u043a\u0430\u0437\u043e\u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u043e\u0441\u0442\u0438 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 Secure Firewall Adaptive Security Appliance \u0438 Secure Firewall Threat Defense Software.\n\n- CVE-2025-20148\u00a0(CVSS: 8,5): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c HTML-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0432 Secure Firewall Management Center.\n\n- CVE-2025-20251\u00a0(CVSS: 8,5): DoS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c VPN-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 VPN \u0432 Secure Firewall \u0438 Secure Firewall Threat Defense.\n\n- CVE-2025-20127\u00a0(CVSS: 7,7): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f TLS 1.3 \u0442\u0438\u043f\u0430 DoS \u0432 Secure Firewall \u0438 Secure Firewall \u0434\u043b\u044f Firepower \u0441\u0435\u0440\u0438\u0439 3100 \u0438 4200.\n\n- CVE-2025-20244\u00a0(CVSS: 7,7): DoS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 VPN \u0441 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u0432 Secure Firewall Adaptive Security Appliance \u0438 Secure Firewall Threat Defense.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a, \u043f\u043e\u043a\u0430 \u043d\u0438 \u043e\u0434\u043d\u0430 \u0438\u0437 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u043d\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u043b\u0430\u0441\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445, \u043d\u043e \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u043e\u0441\u043e\u0431\u043e\u0435 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0435 \u043a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u044f \u043a \u0440\u0435\u0448\u0435\u043d\u0438\u044f\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 - \u044d\u0442\u043e \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0438\u0437\u043e\u0439\u0442\u0438.", "creation_timestamp": "2025-08-15T11:00:11.000000Z"}, {"uuid": "eabf2d3c-6d8e-42ee-bd2f-d45fcdd17c76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20211", "type": "seen", "source": "https://t.me/cvedetector/18462", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-20211 - Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-20211 \nPublished : Feb. 19, 2025, 4:15 p.m. | 2\u00a0hours, 23\u00a0minutes ago \nDescription : A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface.  \n  \nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T20:25:06.000000Z"}, {"uuid": "d39212a5-f4ed-417f-9341-b51a57bb667b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20212", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10123", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-20212\n\ud83d\udd25 CVSS Score: 7.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)\n\ud83d\udd39 Description: A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must have valid VPN user credentials on the affected device.\n This vulnerability exists because a variable is not initialized when an SSL VPN session is established. An attacker could exploit this vulnerability by supplying crafted attributes while establishing an SSL VPN session with an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN sessions and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.\n Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers without manual intervention.\n\ud83d\udccf Published: 2025-04-02T16:15:40.815Z\n\ud83d\udccf Modified: 2025-04-02T16:15:40.815Z\n\ud83d\udd17 References:\n1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vNRpDvfb", "creation_timestamp": "2025-04-02T16:34:58.000000Z"}, {"uuid": "2b600e6d-a7de-4177-ab40-af468e2e75ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20216", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15381", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-20216\n\ud83d\udd25 CVSS Score: 4.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\ud83d\udd39 Description: A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user.\n\nThis vulnerability is due to improper sanitization of input to the web interface. An attacker could exploit this vulnerability by convincing an authenticated user to click a malicious link. A successful exploit could allow the attacker to inject HTML into the browser of an authenticated Cisco Catalyst SD-WAN Manager user.\n\ud83d\udccf Published: 2025-05-07T17:18:52.178Z\n\ud83d\udccf Modified: 2025-05-07T17:52:32.845Z\n\ud83d\udd17 References:\n1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-inj-GxVtK6zj", "creation_timestamp": "2025-05-07T18:23:08.000000Z"}, {"uuid": "ce546987-60c8-4d37-be23-15cd91cdd577", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20212", "type": "published-proof-of-concept", "source": "https://t.me/CyberBulletin/3124", "content": "The Hidden Dangers of VPNs: Critical Vulnerabilities Exposed (Late 2024 \u2013 Early 2025)\n\nVirtual Private Networks (VPNs) have long been considered an essential tool for securing online activity. However, a closer examination reveals an unsettling reality: VPNs themselves are increasingly becoming high-value targets for attackers. Over the past several months, a wave of critical vulnerabilities has shaken trust in these technologies, impacting both consumers and enterprises alike.\n\nIn this report, we highlight the most significant VPN vulnerabilities discovered from late 2024 into early 2025 \u2014 and why blind reliance on VPNs may no longer be a safe bet.\n\n\n---\n\nCVE-2025-22457: Critical Buffer Overflow in Ivanti Connect Secure and Pulse Connect Secure\n\nIn April 2025, researchers uncovered CVE-2025-22457, a critical unauthenticated stack-based buffer overflow vulnerability affecting Ivanti Connect Secure (ICS) and Pulse Connect Secure VPN appliances. Impacted versions include ICS 22.7R2.5 and earlier, as well as Pulse Connect Secure 9.1x, which reached end-of-support in December 2024.\n\nInitially, Ivanti assessed the issue as non-exploitable due to character restrictions (periods and numbers only) within the overflow. However, a suspected Chinese advanced persistent threat (APT) group, dubbed UNC5221, demonstrated that \u2014 through intricate exploitation techniques \u2014 remote code execution was indeed achievable.\n\nExploitation Details:\n\nProof-of-concept (PoC) exploits are already available publicly, such as the sfewer-r7 implementation on GitHub. Attackers can leverage these to gain a reverse shell with limited user privileges (\"nr\"), circumventing initial vendor assumptions about exploitability.\n\nA netcat listener captures the shell.\n\nThe exploit brute-forces address space layout randomization (ASLR) protections by guessing base addresses for libdsplibs.so.\n\nSuccessful exploitation results in unauthorized access to the underlying system.\n\n\nExposure:\nAs of April 2025, Shodan scans indicated over 4,000 vulnerable instances exposed online.\n\n\n---\n\nCVE-2024-53704: Authentication Bypass in SonicWall SSL VPN\n\nAnother significant threat emerged with CVE-2024-53704, a critical authentication bypass vulnerability impacting SonicWall\u2019s SSL VPN solutions based on SonicOS versions 7.1.x (through 7.1.1-7058), 7.1.2-7019, and 8.0.0-8035.\n\nDiscovered by Computest Security in November 2024 and patched in January 2025, this flaw allows attackers to hijack active VPN sessions by manipulating Base64-encoded session cookies \u2014 bypassing even multi-factor authentication (MFA) mechanisms.\n\nAttack Technique:\n\nBy inserting 32 null bytes encoded in Base64 into the swap cookie of a GET request, adversaries can effectively impersonate legitimate users without valid credentials.\n\nDespite available patches, thousands of systems remained unpatched into early 2025. According to Bishop Fox, more than 4,500 SonicWall VPN instances were still exposed as of February 2025.\n\n\n---\n\nCVE-2025-0282 and CVE-2025-0283: Stack-Based Buffer Overflows in Ivanti Products\n\nIn January 2025, Ivanti disclosed two additional vulnerabilities:\n\nCVE-2025-0282 (CVSS 9.0): Unauthenticated stack-based buffer overflow enabling remote code execution.\n\nCVE-2025-0283 (CVSS 7.0): Local privilege escalation via stack-based buffer overflow.\n\n\nAffected products included Ivanti Connect Secure, Policy Secure, and Neurons for Zero Trust Access (ZTA) gateways.\n\nExploitation Insights:\n\nPublic exploits, such as the one by sfewer-r7, target specific product versions with tailored ROP (Return-Oriented Programming) chains.\n\nSuccessful exploitation allows execution of operating system commands under non-root privileges, confirming breach activity.\n\n\nNotably, the exploit requires multiple attempts due to ASLR protections but ultimately grants unauthorized access if persistence is maintained.\n\n\n---\n\nCVE-2025-20212: Cisco Meraki AnyConnect VPN Denial-of-Service Vulnerability\n\nCisco disclosed CVE-2025-20212, a high-severity DoS vulnerability affecting AnyConnect VPN servers on Meraki MX and Z series devices.", "creation_timestamp": "2025-04-27T05:42:31.000000Z"}, {"uuid": "870ef253-99bf-4190-9fad-e2d5b181916f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20210", "type": "seen", "source": "https://t.me/cvedetector/24748", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-20210 - \"Cisco Catalyst Center Unauthenticated API Proxy Configuration Disclosure and Modification\"\", \n  \"Content\": \"CVE ID : CVE-2025-20210 \nPublished : May 7, 2025, 6:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings.  \n  \nThis vulnerability is due to the lack of authentication in an API endpoint. An attacker could exploit this vulnerability by sending a request to the affected API of a Catalyst Center device. A successful exploit could allow the attacker to view or modify the outgoing proxy configuration, which could disrupt internet traffic from Cisco Catalyst Center or may allow the attacker to intercept outbound internet traffic. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-07T21:31:48.000000Z"}, {"uuid": "6e8ac3ac-70aa-4512-a186-5ab3523997af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2021", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-125/", "content": "", "creation_timestamp": "2025-03-10T04:00:00.000000Z"}, {"uuid": "002ee9f1-cfd2-48e9-b201-89e390c33dcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20212", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llu3i4oqlk2f", "content": "", "creation_timestamp": "2025-04-02T19:07:14.387820Z"}, {"uuid": "1b477b6f-b4d7-4e27-812d-9572e8843cb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20212", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lluwu24s3s2a", "content": "", "creation_timestamp": "2025-04-03T03:17:02.708487Z"}, {"uuid": "3192c1e6-becd-49b3-be4f-b85bdfab1e23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20212", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/114274076903927800", "content": "", "creation_timestamp": "2025-04-03T12:40:35.220115Z"}, {"uuid": "be7db0f4-aa56-4e92-bd6e-d4c7d7f20bd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20212", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/114274076903927800", "content": "", "creation_timestamp": "2025-04-03T12:40:35.218657Z"}, {"uuid": "1489cd93-ba5c-4653-a3cd-a74505b57400", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20212", "type": "seen", "source": "https://bsky.app/profile/jbhall56.bsky.social/post/3llvwdz6qpk2q", "content": "", "creation_timestamp": "2025-04-03T12:40:44.252039Z"}, {"uuid": "6238cce2-0407-46d3-9a32-bd7ef9643671", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20217", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lwezgixmvn23", "content": "", "creation_timestamp": "2025-08-14T18:57:40.543670Z"}]}