Skip to content

Commit 3a67232

Browse files
cedricbonhommecedricbonhomme
committed
new: [news] Vulnerability Report - April 2025
1 parent 62101da commit 3a67232

File tree

1 file changed

+208
-0
lines changed

1 file changed

+208
-0
lines changed

content/news/2025-05-01-vulnerability-report-april-2025.md

Lines changed: 208 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,208 @@
1+
---
2+
title: "Vulnerability Report - April 2025"
3+
slug: vulnerability-report-april-2025
4+
author: CIRCL team
5+
layout: news
6+
date: 2025-05-01
7+
publishDate: 2025-04-30
8+
tags:
9+
- VulnerabilityReport
10+
- Report
11+
---
12+
13+
{{< card link="/tags/vulnerabilityreport/" title="All vulnerability reports" icon="document-report" >}}
14+
15+
16+
## Introduction
17+
18+
This vulnerability report has been generated using data aggregated on
19+
[Vulnerability-Lookup](https://vulnerability.circl.lu),
20+
with contributions from the platform’s community.
21+
22+
It highlights the most frequently mentioned vulnerability for April 2025, based on sightings collected from various sources, including [MISP](https://www.misp-project.org), Exploit-DB, Bluesky, [Mastodon](https://joinmastodon.org), GitHub Gists, [The Shadowserver Foundation](https://www.shadowserver.org/), [Nuclei](https://github.com/projectdiscovery/nuclei), and more. For further details, please visit [this page](https://www.vulnerability-lookup.org/user-manual/sightings/).
23+
24+
The final section focuses on exploitations observed through [The Shadowserver Foundation](https://www.shadowserver.org)'s honeypot network.
25+
26+
27+
## Top 10 vulnerabilities of the month
28+
29+
30+
| Vulnerability | Vendor | Product | Count | Severity |
31+
| -------------- | ------ | ------- | ----- | -------- |
32+
| [CVE-2025-22457](https://vulnerability.circl.lu/vuln/CVE-2025-22457) | [Ivanti](https://vulnerability.circl.lu/search?vendor=ivanti) | [Connect Secure](https://vulnerability.circl.lu/search?vendor=ivanti&product=connect_secure) | 188 | 9 |
33+
| [CVE-2025-32433](https://vulnerability.circl.lu/vuln/CVE-2025-32433) | [erlang](https://vulnerability.circl.lu/search?vendor=erlang) | [otp](https://vulnerability.circl.lu/search?vendor=erlang&product=otp) | 119 | 10 |
34+
| [CVE-2025-31324](https://vulnerability.circl.lu/vuln/CVE-2025-31324) | [SAP](https://vulnerability.circl.lu/search?vendor=sap_se) | [SAP NetWeaver](https://vulnerability.circl.lu/search?vendor=sap_se&product=sap+netweaver) | 101 | 10 |
35+
| [CVE-2025-31161](https://vulnerability.circl.lu/vuln/CVE-2025-31161) | [CrushFTP](https://vulnerability.circl.lu/search?vendor=crushftp) | [CrushFTP](https://vulnerability.circl.lu/search?vendor=crushftp&product=crushftp) | 108 | 9.8 |
36+
| [CVE-2025-29824](https://vulnerability.circl.lu/vuln/CVE-2025-29824) | [Microsoft](https://vulnerability.circl.lu/search?vendor=microsoft) | [Windows 10 Version 1809](https://vulnerability.circl.lu/search?vendor=microsoft&product=windows+10+version+1809) | 85 | 7.8 |
37+
| [CVE-2025-24054](https://vulnerability.circl.lu/vuln/CVE-2025-24054) | [Microsoft](https://vulnerability.circl.lu/search?vendor=microsoft) | [Windows 10 Version 1809](https://vulnerability.circl.lu/search?vendor=microsoft&product=windows+10+version+1809) | 79 | 6.5 |
38+
| [CVE-2025-30406](https://vulnerability.circl.lu/vuln/CVE-2025-30406) | [Gladinet](https://vulnerability.circl.lu/search?vendor=gladinet) | [CentreStack](https://vulnerability.circl.lu/search?vendor=gladinet&product=centrestack) | 64 | 9 |
39+
| [CVE-2025-24200](https://vulnerability.circl.lu/vuln/CVE-2025-24200) | [Apple](https://vulnerability.circl.lu/search?vendor=apple) | [iPadOS](https://vulnerability.circl.lu/search?vendor=apple&product=ipados) | 61 | 6.1 |
40+
| [CVE-2017-18368](https://vulnerability.circl.lu/vuln/CVE-2017-18368) | [ZyXEL](https://vulnerability.circl.lu/search?vendor=zyxel) | [p660hn-t1a_v1, p660hn-t1a_v2, 5200w-t](https://vulnerability.circl.lu/search?vendor=zyxel&product=p660hn-t1a_v1) | 60 | 9.8 |
41+
| [CVE-2015-2051](https://vulnerability.circl.lu/vuln/CVE-2015-2051) | [dlink](https://vulnerability.circl.lu/search?vendor=dlink) | [dir-645](https://vulnerability.circl.lu/search?vendor=dlink&product=dir-645) | 60 | 8.8 |
42+
43+
A scanner is available for CVE-2025-31324 (SAP):
44+
- https://gist.github.com/avishaifrad/f4e23a97156b1905a7ec8b962a9f2bc8
45+
- https://github.com/Onapsis/Onapsis_CVE-2025-31324_Scanner_Tools
46+
47+
You can [create a notification](https://vulnerability.circl.lu/user/notifications/create?vendor=SAP_SE&product=SAP+NetWeaver+(Visual+Composer+development+server)) for this SAP product to get alerts about new activity.
48+
49+
CVE-2017-18368 and CVE-2015-2051 are continuously exploited, with a recent increase in activity.
50+
51+
52+
## Evolution per week
53+
54+
### Week 14
55+
56+
#### Ranking
57+
58+
| Vulnerability | Vendor | Product | Count | Severity |
59+
| -------------- | ------ | ------- | ----- | -------- |
60+
| [CVE-2025-22457](https://vulnerability.circl.lu/vuln/CVE-2025-22457) | [Ivanti](https://vulnerability.circl.lu/search?vendor=ivanti) | [Connect Secure](https://vulnerability.circl.lu/search?vendor=ivanti&product=connect_secure) | 100 | 9.0 |
61+
| [CVE-2025-31161](https://vulnerability.circl.lu/vuln/CVE-2025-31161) | [CrushFTP](https://vulnerability.circl.lu/search?vendor=crushftp) | [CrushFTP](https://vulnerability.circl.lu/search?vendor=crushftp&product=crushftp) | 46 | 9.8 |
62+
| [CVE-2025-30065](https://vulnerability.circl.lu/vuln/CVE-2025-30065) | [Apache Software Foundation](https://vulnerability.circl.lu/search?vendor=apache+software+foundation) | [Apache Parquet Java](https://vulnerability.circl.lu/search?vendor=apache+software+foundation&product=apache_parquet_java) | 27 | 10 |
63+
| [CVE-2025-24813](https://vulnerability.circl.lu/vuln/CVE-2025-24813) | [Apache Software Foundation](https://vulnerability.circl.lu/search?vendor=apache+software+foundation) | [Apache Tomcat](https://vulnerability.circl.lu/search?vendor=apache+software+foundation&product=apache+tomcat) | 26 | 9.8 |
64+
| [CVE-2025-1268](https://vulnerability.circl.lu/vuln/CVE-2025-1268) | [Canon Inc.](https://vulnerability.circl.lu/search?vendor=canon+inc.) | [Generic Plus PCL6 Printer Driver](https://vulnerability.circl.lu/search?vendor=canon+inc.&product=generic+plus+pcl6+printer+driver) | 25 | 9.4 |
65+
| [CVE-2024-20439](https://vulnerability.circl.lu/vuln/CVE-2024-20439) | [Cisco](https://vulnerability.circl.lu/search?vendor=cisco) | [Cisco Smart License Utility](https://vulnerability.circl.lu/search?vendor=cisco&product=cisco+smart+license+utility) | 21 | 9.8 |
66+
| [CVE-2025-1974](https://vulnerability.circl.lu/vuln/CVE-2025-1974) | [kubernetes](https://vulnerability.circl.lu/search?vendor=kubernetes) | [ingress-nginx](https://vulnerability.circl.lu/search?vendor=kubernetes&product=ingress-nginx) | 20 | 9.8 |
67+
| [CVE-2025-26633](https://vulnerability.circl.lu/vuln/CVE-2025-26633) | [Microsoft](https://vulnerability.circl.lu/search?vendor=microsoft) | [Windows 10 Version 1809](https://vulnerability.circl.lu/search?vendor=microsoft&product=windows+10+version+1809) | 19 | 7 |
68+
| [CVE-2025-24201](https://vulnerability.circl.lu/vuln/CVE-2025-24201) | [Apple](https://vulnerability.circl.lu/search?vendor=apple) | [iOS and iPadOS](https://vulnerability.circl.lu/search?vendor=apple&product=ios_and_ipados) | 15 | 7.1 |
69+
70+
71+
72+
### Week 15
73+
74+
#### Ranking
75+
76+
| Vulnerability | Vendor | Product | Count | Severity |
77+
| --------------- | ------ | ------- | ----- | -------- |
78+
| [CVE-2025-29824](https://vulnerability.circl.lu/vuln/CVE-2025-29824) | [Microsoft](https://vulnerability.circl.lu/search?vendor=microsoft) | [Windows 10 Version 1809](https://vulnerability.circl.lu/search?vendor=microsoft&product=windows+10+version+1809) | 59 | 7.8 |
79+
| [CVE-2025-22457](https://vulnerability.circl.lu/vuln/CVE-2025-22457) | [Ivanti](https://vulnerability.circl.lu/search?vendor=ivanti) | [Connect Secure](https://vulnerability.circl.lu/search?vendor=ivanti&product=connect_secure) | 55 | 9.0 |
80+
| [CVE-2025-24200](https://vulnerability.circl.lu/vuln/CVE-2025-24200) | [Apple](https://vulnerability.circl.lu/search?vendor=apple) | [iPadOS](https://vulnerability.circl.lu/search?vendor=apple&product=ipados) | 46 | 6.1 |
81+
| [CVE-2024-53197](https://vulnerability.circl.lu/vuln/CVE-2024-53197) | [Linux](https://vulnerability.circl.lu/search?vendor=linux) | [Linux](https://vulnerability.circl.lu/search?vendor=linux&product=linux) | 42 | 7.8 |
82+
| [CVE-2025-31161](https://vulnerability.circl.lu/vuln/CVE-2025-31161) | [CrushFTP](https://vulnerability.circl.lu/search?vendor=crushftp) | [CrushFTP](https://vulnerability.circl.lu/search?vendor=crushftp&product=crushftp) | 38 | 9.8 |
83+
| [CVE-2024-53150](https://vulnerability.circl.lu/vuln/CVE-2024-53150) | [Linux](https://vulnerability.circl.lu/search?vendor=linux) | [Linux](https://vulnerability.circl.lu/search?vendor=linux&product=linux) | 36 | 7.8 |
84+
| [CVE-2024-48887](https://vulnerability.circl.lu/vuln/CVE-2024-48887) | [Fortinet](https://vulnerability.circl.lu/search?vendor=fortinet) | [FortiSwitch](https://vulnerability.circl.lu/search?vendor=fortinet&product=fortiswitch) | 31 | 9.8 |
85+
| [CVE-2024-0132](https://vulnerability.circl.lu/vuln/CVE-2024-0132) | [NVIDIA](https://vulnerability.circl.lu/search?vendor=nvidia) | [Container Toolkit](https://vulnerability.circl.lu/search?vendor=nvidia&product=container+toolkit) | 24 | 9 |
86+
| [CVE-2025-0108](https://vulnerability.circl.lu/vuln/CVE-2025-0108) | [Palo Alto Networks](https://vulnerability.circl.lu/search?vendor=palo_alto_networks) | [Cloud NGFW](https://vulnerability.circl.lu/search?vendor=palo+alto+networks&product=cloud+ngfw) | 18 | 8.8 |
87+
88+
89+
#### Insights from contributors
90+
91+
- [Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)](https://vulnerability.circl.lu/comment/1b563420-7047-49bc-8488-2571aa82709c)
92+
- [Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure](https://vulnerability.circl.lu/comment/d302d303-b999-46ae-9812-71067bf20469)
93+
94+
95+
### Week 16
96+
97+
#### Ranking
98+
99+
| Vulnerability | Vendor | Product | Count | Severity |
100+
| --------------- | ------ | ------- | ----- | -------- |
101+
| [CVE-2025-32433](https://vulnerability.circl.lu/vuln/CVE-2025-32433) | [erlang](https://vulnerability.circl.lu/search?vendor=erlang) | [otp](https://vulnerability.circl.lu/search?vendor=erlang&product=otp) | 70 | 10 |
102+
| [CVE-2025-24054](https://vulnerability.circl.lu/vuln/CVE-2025-24054) | [Microsoft](https://vulnerability.circl.lu/search?vendor=microsoft) | [Windows 10 Version 1809](https://vulnerability.circl.lu/search?vendor=microsoft&product=windows+10+version+1809) | 58 | 7.8 |
103+
| [CVE-2025-31200](https://vulnerability.circl.lu/vuln/CVE-2025-31200) | [Apple](https://vulnerability.circl.lu/search?vendor=apple) | [visionOS](https://vulnerability.circl.lu/search?vendor=apple&product=visionos) | 49 | 7.5 |
104+
| [CVE-2025-30406](https://vulnerability.circl.lu/vuln/CVE-2025-30406) | [Gladinet](https://vulnerability.circl.lu/search?vendor=gladinet) | [CentreStack](https://vulnerability.circl.lu/search?vendor=gladinet&product=centrestack) | 44 | 9 |
105+
| [CVE-2025-31201](https://vulnerability.circl.lu/vuln/CVE-2025-31201) | [Apple](https://vulnerability.circl.lu/search?vendor=apple) | [visionOS](https://vulnerability.circl.lu/search?vendor=apple&product=visionos) | 42 | 6.8 |
106+
| [CVE-2025-24859](https://vulnerability.circl.lu/vuln/CVE-2025-24859) | [Apache Software Foundation](https://vulnerability.circl.lu/search?vendor=apache+software+foundation) | [Apache Roller](https://vulnerability.circl.lu/search?vendor=apache+software+foundation&product=apache+roller) | 32 | 2.1 |
107+
| [CVE-2021-20035](https://vulnerability.circl.lu/vuln/CVE-2021-20035) | [SonicWall](https://vulnerability.circl.lu/search?vendor=sonicwall) | [SMA100](https://vulnerability.circl.lu/search?vendor=sonicwall&product=sma100) | 26 | 6.5 |
108+
| [CVE-2025-29824](https://vulnerability.circl.lu/vuln/CVE-2025-29824) | [Microsoft](https://vulnerability.circl.lu/search?vendor=microsoft) | [Windows 10 Version 1809](https://vulnerability.circl.lu/search?vendor=microsoft&product=windows+10+version+1809) | 24 | 7.8 |
109+
| [CVE-2025-22457](https://vulnerability.circl.lu/vuln/CVE-2025-22457) | [Ivanti](https://vulnerability.circl.lu/search?vendor=ivanti) | [Connect Secure](https://vulnerability.circl.lu/search?vendor=ivanti&product=connect_secure) | 23 | 9.0 |
110+
| [CVE-2024-56406](https://vulnerability.circl.lu/vuln/CVE-2024-56406) | [perl](https://vulnerability.circl.lu/search?vendor=perl) | [perl](https://vulnerability.circl.lu/search?vendor=perl&product=perl) | 18 | 8.6 |
111+
112+
#### Insights from contributors
113+
114+
- [CVE-2025-24054, NTLM Exploit in the Wild - Checkpoint Research](https://vulnerability.circl.lu/comment/00b15597-d2d6-413f-b3a1-38c62db1e6b0)
115+
- [PHP Core Security Audit Results](https://vulnerability.circl.lu/bundle/9bbd91e2-309f-4b35-9b31-fc613b3101d9)
116+
117+
118+
### Week 17
119+
120+
#### Ranking
121+
122+
| Vulnerability | Vendor | Product | Count | Severity |
123+
| --------------- | ------ | ------- | ----- | -------- |
124+
| [CVE-2025-32433](https://vulnerability.circl.lu/vuln/CVE-2025-32433) | [erlang](https://vulnerability.circl.lu/search?vendor=erlang) | [otp](https://vulnerability.circl.lu/search?vendor=erlang&product=otp) | 42 | 10 |
125+
| [CVE-2025-31324](https://vulnerability.circl.lu/vuln/CVE-2025-31324) | [SAP](https://vulnerability.circl.lu/search?vendor=sap) | [SAP NetWeaver](https://vulnerability.circl.lu/search?vendor=sap&product=sap_netweaver) | 42 | 10 |
126+
| [CVE-2025-34028](https://vulnerability.circl.lu/vuln/CVE-2025-34028) | [Commvault](https://vulnerability.circl.lu/search?vendor=commvault) | [Command Center Innovation Release](https://vulnerability.circl.lu/search?vendor=commvault&product=command+center+innovation+release) | 39 | 10 |
127+
| [CVE-2025-0282](https://vulnerability.circl.lu/vuln/CVE-2025-0282) | [Ivanti](https://vulnerability.circl.lu/search?vendor=ivanti) | [Connect Secure](https://vulnerability.circl.lu/search?vendor=ivanti&product=connect_secure) | 24 | 9 |
128+
| [CVE-2025-32434](https://vulnerability.circl.lu/vuln/CVE-2025-32434) | [pytorch](https://vulnerability.circl.lu/search?vendor=pytorch) | [pytorch](https://vulnerability.circl.lu/search?vendor=pytorch&product=pytorch) | 19 | 9.3 |
129+
| [CVE-2025-24054](https://vulnerability.circl.lu/vuln/CVE-2025-24054) | [Microsoft](https://vulnerability.circl.lu/search?vendor=microsoft) | [Windows 10 Version 1809](https://vulnerability.circl.lu/search?vendor=microsoft&product=windows+10+version+1809) | 19 | 6.5 |
130+
| [CVE-2021-42013](https://vulnerability.circl.lu/vuln/CVE-2021-42013) | [Apache Software Foundation](https://vulnerability.circl.lu/search?vendor=apache+software+foundation) | [Apache HTTP Server](https://vulnerability.circl.lu/search?vendor=apache+software+foundation&product=apache_http_server) | 16 | 9.8 |
131+
| [CVE-2015-2051](https://vulnerability.circl.lu/vuln/CVE-2015-2051) | [dlink](https://vulnerability.circl.lu/search?vendor=dlink) | [dir-645](https://vulnerability.circl.lu/search?vendor=dlink&product=dir-645) | 14 | 8.8 |
132+
| [CVE-2017-18368](https://vulnerability.circl.lu/vuln/CVE-2017-18368) | [ZyXEL](https://vulnerability.circl.lu/search?vendor=zyxel) | [p660hn-t1a_v1, p660hn-t1a_v2, 5200w-t](https://vulnerability.circl.lu/search?vendor=zyxel&product=p660hn-t1a_v1) | 14 | 9.8 |
133+
| [CVE-2025-1731](https://vulnerability.circl.lu/vuln/CVE-2025-1731) | [Zyxel](https://vulnerability.circl.lu/search?vendor=zyxel) | [USG FLEX H series uOS firmware](https://vulnerability.circl.lu/search?vendor=zyxel&product=usg+flex+h+series+uos+firmware) | 13 | 7.8 |
134+
135+
136+
#### Insights from contributors
137+
138+
- [Check if SAP system is vulnerable to CVE-2025-31324](https://gist.github.com/avishaifrad/f4e23a97156b1905a7ec8b962a9f2bc8)
139+
- [IBM WebSphere Application Server is vulnerable to server-side request forgery](https://vulnerability.circl.lu/comment/62e17ecb-0345-4b1c-b7d6-343410dd1084)
140+
- [Path Traversal Vulnerability in Surveillance Software - Luxembourg and Belgium notified](https://vulnerability.circl.lu/comment/a7120db2-1a20-4a03-849d-4688d5ea7992)
141+
142+
143+
144+
## CVEs with appearances from week 14 to 17
145+
146+
Persistent ones (appear in at least 2 weeks):
147+
148+
- CVE-2025-22457 – Week 14, 15, 16, 17
149+
- CVE-2025-31161 – Week 14, 15, 17
150+
- CVE-2025-29824 – Week 15, 16
151+
- CVE-2025-24054 – Week 16, 17
152+
153+
## Appear only once
154+
155+
Week 14 only:
156+
- CVE-2025-30065, CVE-2025-24813, CVE-2025-1268, CVE-2024-20439, CVE-2025-1974
157+
158+
Week 15 only:
159+
160+
- CVE-2025-24200, CVE-2024-53197, CVE-2024-53150
161+
162+
Week 16 only:
163+
164+
- CVE-2025-32433, CVE-2025-31200
165+
Week 17 only:
166+
167+
- CVE-2025-31324, CVE-2025-0282, CVE-2025-1731
168+
169+
170+
171+
## Continuous exploitation
172+
173+
The sightings used for this analysis were mainly collected through
174+
[The Shadowserver Foundation](https://www.shadowserver.org)'s honeypot network.
175+
176+
| Vulnerability | Count |
177+
| ------------- | ----- |
178+
| [CVE-2015-2051](https://vulnerability.circl.lu/vuln/CVE-2015-2051) | 30 |
179+
| [CVE-2019-1653](https://vulnerability.circl.lu/vuln/CVE-2019-1653) | 30 |
180+
| [CVE-2019-12780](https://vulnerability.circl.lu/vuln/CVE-2019-12780) | 30 |
181+
| [CVE-2017-18368](https://vulnerability.circl.lu/vuln/CVE-2017-18368) | 30 |
182+
| [CVE-2022-26134](https://vulnerability.circl.lu/vuln/CVE-2022-26134) | 30 |
183+
| [CVE-2023-38646](https://vulnerability.circl.lu/vuln/CVE-2023-38646) | 30 |
184+
| [CVE-2021-42013](https://vulnerability.circl.lu/vuln/CVE-2021-42013) | 30 |
185+
| [CVE-2016-6277](https://vulnerability.circl.lu/vuln/CVE-2016-6277) | 30 |
186+
| [CVE-2018-10562](https://vulnerability.circl.lu/vuln/CVE-2018-10562) | 30 |
187+
| [CVE-2025-0108](https://vulnerability.circl.lu/vuln/CVE-2025-0108) | 30 |
188+
| [CVE-2016-10372](https://vulnerability.circl.lu/vuln/CVE-2016-10372) | 30 |
189+
| [CVE-2021-44228](https://vulnerability.circl.lu/vuln/CVE-2021-44228) | 30 |
190+
| [CVE-2017-9841](https://vulnerability.circl.lu/vuln/CVE-2017-9841) | 30 |
191+
| [CVE-2017-17215](https://vulnerability.circl.lu/vuln/CVE-2017-17215) | 30 |
192+
193+
This table highlights vulnerabilities that are consistently and recently exploited at a high rate.
194+
Often found at network edges, such as routers, VPNs, and similar devices.
195+
196+
197+
198+
## Thank you
199+
200+
Thank you to all the contributors and our diverse sources!
201+
202+
If you want to contribute to the next report, you can [create your account](https://vulnerability.circl.lu/user/signup).
203+
204+
205+
## Feedback and Support
206+
207+
If you have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us!
208+
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/

0 commit comments

Comments
 (0)