Home / 2025 Advisories Archive

2025 Advisories Archive

Severity	Date Published	Date Updated	Check Point Reference	Industry Reference	Description
Critical	31 Mar 2025	8 Apr 2025	CPAI-2025-0141	CVE-2025-2825 CVE-2025-31161	CrushFTP Authentication Bypass (CVE-2025-2825; CVE-2025-31161)
Medium	31 Mar 2025	8 Apr 2025	CPAI-2025-0113	CVE-2025-27218	Sitecore Insecure Deserialization (CVE-2025-27218)
Critical	8 Apr 2025	8 Apr 2025	CPAI-2024-1515	CVE-2024-43919	WordPress YARPP Plugin Authentication Bypass (CVE-2024-43919)
Critical	8 Apr 2025	8 Apr 2025	CPAI-2023-2015	CVE-2023-51092	Tenda M3 Stack Overflow (CVE-2023-51092)
High	8 Apr 2025	8 Apr 2025	CPAI-2024-1457	CVE-2024-43461	Microsoft Windows Spoofing (CVE-2024-43461)
Critical	7 Apr 2025	7 Apr 2025	CPAI-2025-0169	CVE-2025-0851	Deep Java Library Path Traversal (CVE-2025-0851)
Critical	7 Apr 2025	7 Apr 2025	CPAI-2025-0168	CVE-2025-22457	Ivanti Buffer Overflow (CVE-2025-22457)
High	7 Apr 2025	7 Apr 2025	CPAI-2022-2202	CVE-2022-24314	Schneider-Electric Interactive Graphical SCADA System Memory Corruption (CVE-2022-24314)
Medium	7 Apr 2025	7 Apr 2025	CPAI-2020-4299	CVE-2020-12027	Rockwell Automation FactoryTalk View SE Information Disclosure (CVE-2020-12027)
High	7 Apr 2025	7 Apr 2025	CPAI-2020-4296	CVE-2020-5807	Rockwell Automation FactoryTalk Diagnostics Denial of Service (CVE-2020-5807)
Critical	7 Apr 2025	7 Apr 2025	CPAI-2024-1516	CVE-2024-48884	Fortinet Multiple Products Directory Traversal (CVE-2024-48884)
Medium	6 Apr 2025	6 Apr 2025	CPAI-2024-1578	CVE-2024-0305	Ncast Project Ncast Information Disclosure (CVE-2024-0305)
High	6 Apr 2025	6 Apr 2025	CPAI-2017-1954	CVE-2017-12637	SAP NetWeaver Application Server Java Directory Traversal (CVE-2017-12637)
High	6 Apr 2025	6 Apr 2025	CPAI-2022-2200	CVE-2022-2230	GitLab Cross-Site Scripting (CVE-2022-2230)
Critical	6 Apr 2025	6 Apr 2025	CPAI-2025-0120	CVE-2025-22896 CVE-2025-24865	mySCADA myPRO Information Disclosure (CVE-2025-22896; CVE-2025-24865)
Critical	26 Mar 2025	6 Apr 2025	CPAI-2025-0121	CVE-2025-1097 CVE-2025-1098 CVE-2025-1974 CVE-2025-24513 CVE-2025-24514	NGINX Ingress Controller Remote Code Execution (CVE-2025-1097; CVE-2025-1098; CVE-2025-1974; CVE-2025-24513; CVE-2025-24514)
Critical	6 Apr 2025	6 Apr 2025	CPAI-2024-1511	CVE-2024-4295	WordPress Icegram Email Subscribers and Newsletters Plugin SQL Injection (CVE-2024-4295)
High	3 Apr 2025	6 Apr 2025	CPAI-2024-1499	CVE-2024-30081	Microsoft Windows Spoofing (CVE-2024-30081)
Critical	6 Apr 2025	6 Apr 2025	CPAI-2025-0097		HTTP Webshells Activity
Critical	13 Mar 2025	6 Apr 2025	CPAI-2025-0084	CVE-2025-24813	Apache Tomcat Remote Code Execution (CVE-2025-24813)
High	31 Mar 2025	6 Apr 2025	CPAI-2024-1362	CVE-2024-57727	SimpleHelp Directory Traversal (CVE-2024-57727)
Critical	6 Apr 2025	6 Apr 2025	CPAI-2024-1066	CVE-2024-49368	Nginx UI Command Injection (CVE-2024-49368)
Medium	3 Apr 2025	3 Apr 2025	CPAI-2025-0162	CVE-2025-2748	Kentico Xperience Cross-Site Scripting (CVE-2025-2748)
High	3 Apr 2025	3 Apr 2025	CPAI-2025-0158	CVE-2025-30208	Vite Information Disclosure (CVE-2025-30208)
Medium	3 Apr 2025	3 Apr 2025	CPAI-2020-4295	CVE-2020-5806	Rockwell Automation FactoryTalk Linx Denial of Service (CVE-2020-5806)
High	3 Apr 2025	3 Apr 2025	CPAI-2020-4294	CVE-2020-5802	Rockwell Automation FactoryTalk Linx Denial of Service (CVE-2020-5802)
High	3 Apr 2025	3 Apr 2025	CPAI-2020-4293	CVE-2020-5801	Rockwell Automation FactoryTalk Linx Denial of Service (CVE-2020-5801)
Medium	3 Apr 2025	3 Apr 2025	CPAI-2022-2198	CVE-2022-32215	Llhttp HTTP Request Smuggling (CVE-2022-32215)
Critical	3 Apr 2025	3 Apr 2025	CPAI-2024-1542	CVE-2024-36435	Supermicro BMC Stack-Based Buffer Overflow (CVE-2024-36435)
High	3 Apr 2025	3 Apr 2025	CPAI-2020-3850	CVE-2020-13935	Apache Tomcat Denial of Service (CVE-2020-13935)
Critical	2 Apr 2025	2 Apr 2025	CPAI-2023-2019	CVE-2023-25610	Fortinet Multiple Products Remote Code Execution (CVE-2023-25610)
Critical	2 Apr 2025	2 Apr 2025	CPAI-2024-1539	CVE-2024-44849	Qualitor Remote Code Execution (CVE-2024-44849)
Critical	2 Apr 2025	2 Apr 2025	CPAI-2018-2908	CVE-2018-7846	Schneider-Electric Modicon M580 Remote Code Execution (CVE-2018-7846)
Critical	27 Mar 2025	2 Apr 2025	CPAI-2025-0107	CVE-2025-21298	Microsoft Windows Remote Code Execution (CVE-2025-21298)
Critical	1 Apr 2025	1 Apr 2025	CPAI-2024-1508	CVE-2024-7464	TOTOLINK CP900 Command Injection (CVE-2024-7464)
Medium	31 Mar 2025	31 Mar 2025	CPAI-2024-1544	CVE-2024-28156	Jenkins Build Monitor View Plugin Cross-Site Scripting (CVE-2024-28156)
Medium	31 Mar 2025	31 Mar 2025	CPAI-2025-0140	CVE-2025-23199	Librenms Cross-Site Scripting (CVE-2025-23199)
Critical	31 Mar 2025	31 Mar 2025	CPAI-2024-1540	CVE-2024-9487	GitHub Enterprise Server Authentication Bypass (CVE-2024-9487)
High	31 Mar 2025	31 Mar 2025	CPAI-2025-0135	CVE-2025-24054	Microsoft Windows NTLM Relay (CVE-2025-24054)
High	31 Mar 2025	31 Mar 2025	CPAI-2025-0131	CVE-2025-29635	D-Link DIR-823X Command Injection (CVE-2025-29635)
High	31 Mar 2025	31 Mar 2025	CPAI-2024-1517	CVE-2024-50322	Ivanti Endpoint Manager Directory Traversal (CVE-2024-50322)
High	31 Mar 2025	31 Mar 2025	CPAI-2024-1525	CVE-2024-53991	Discourse Remote Code Execution (CVE-2024-53991)
High	31 Mar 2025	31 Mar 2025	CPAI-2020-4288	CVE-2020-13340	GitLab Cross-Site Scripting (CVE-2020-13340)
High	31 Mar 2025	31 Mar 2025	CPAI-2024-1466	CVE-2024-50567	Fortinet FortiWeb Command Injection (CVE-2024-50567)
Medium	31 Mar 2025	31 Mar 2025	CPAI-2025-0060		Nagios Enterprises Nagios XI SQL Injection
Medium	31 Mar 2025	31 Mar 2025	CPAI-2025-0026	CVE-2025-21308	Microsoft Windows Spoofing (CVE-2025-21308)
High	30 Mar 2025	30 Mar 2025	CPAI-2024-1536	CVE-2024-7646	NGINX Ingress Controller Code Injection (CVE-2024-7646)
Critical	30 Mar 2025	30 Mar 2025	CPAI-2024-1526	CVE-2024-50379	Apache Tomcat Information Disclosure (CVE-2024-50379)
Critical	30 Mar 2025	30 Mar 2025	CPAI-2024-1523	CVE-2024-54085	AMI SPx Authentication Bypass (CVE-2024-54085)
High	30 Mar 2025	30 Mar 2025	CPAI-2024-1522	CVE-2024-12992	Pandora FMS Command Injection (CVE-2024-12992)