Vulnerability Report - February 2025

March 1, 2025

Introduction

This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community.

It highlights the most frequently mentioned vulnerability for February 2025, based on sightings collected from various sources, including MISP, Exploit-DB, Bluesky, Mastodon, GitHub Gists, The Shadowserver Foundation, Nuclei, and more. For further details, please visit this page.

The final section focuses on exploitations observed through The Shadowserver Foundation’s honeypot network.

February at a glance

Sightings repartition per day

Repartition of all type of sightings per day for the month of January.

For more detailed information, check out the Vulnerability-Lookup dashboard:
https://vulnerability.circl.lu

Top 15 vulnerabilities of the month

The podium belongs to Ivanti, Fortinet, and Microsoft.

Vulnerability	Vendor	Product	Severity
CVE-2025-0282	Ivanti	Connect Secure	9.0
CVE-2024-55591	Fortinet	FortiOS	9.8
CVE-2024-49113	Microsoft	Windows 10 Version 1809	7.5
CVE-2015-2051	D-Link	DIR-645	9.8
CVE-2017-18368	ZyXEL	p660hn-t1a_v1	9.8
CVE-2025-0283	Ivanti	Connect Secure	7.0
CVE-2024-7344	Radix	SmartRecovery
CVE-2017-17215	Huawei Technologies Co., Ltd.	HG532
CVE-2018-10562	dasannetworks	gpon_router	9.8
CVE-2024-50603	Aviatrix	Controller	10.0
CVE-2025-23006	SonicWall	SMA1000
CVE-2014-8361	realtek	realtek_sdk	9.8
CVE-2016-10372	eir	d1000_modem	9.8
CVE-2016-6277	netgear	d6220	8.8
CVE-2017-9841	phpunit_project	phpunit	9.8

Evolution per week

Week 6

Ranking

Vulnerability	Count	Vendor	Product
CVE-2024-53104	61	Linux	Linux
CVE-2025-0411	54	7-Zip	7-Zip
CVE-2024-21413	25	Microsoft	Microsoft Office 2019
CVE-2025-0994	24	Trimble	Cityworks
CVE-2024-56161	21	AMD	AMD EPYC™ 7001 Series
CVE-2025-23114	20	Veeam	Backup for AWS
CVE-2025-20124	18	Cisco	Cisco Identity Services Engine Software
CVE-2024-40891	15	Zyxel	VMG4325-B10A firmware
CVE-2025-20125	15	Cisco	Cisco Identity Services Engine Software
CVE-2017-18368	14	ZyXEL	P660HN-T1

Insights from contributors

Threat Actors Use CVE-2019-18935 to Deliver Reverse Shells

Week 7

Ranking

Vulnerability	Count	Vendor	Product
CVE-2025-24200	92	Apple	iPadOS
CVE-2025-0108	83	Palo Alto Networks	Cloud NGFW
CVE-2025-1094	57		PostgreSQL
CVE-2025-21391	35	Microsoft	Windows 10 Version 1809
CVE-2025-21418	29	Microsoft	Windows 10 Version 1809
CVE-2024-53704	27	SonicWall	SonicOS
CVE-2024-12356	26	BeyondTrust	Remote Support
CVE-2024-12797	22	OpenSSL	OpenSSL
CVE-2024-9474	20	Palo Alto Networks	Cloud NGFW
CVE-2023-49103	16	ownCloud	ownCloud

Insights from contributors

Week 8

Ranking

Vulnerability	Count	Vendor	Product
CVE-2025-0108	56	Palo Alto Networks	Cloud NGFW
CVE-2025-26465	40	Red Hat	Red Hat Enterprise Linux 6
CVE-2025-26466	35	OpenSSH	OpenSSH
CVE-2025-26793	30	Hirsch	Enterphone MESH
CVE-2025-0111	24	Palo Alto Networks	Cloud NGFW
CVE-2025-1094	24	PostgreSQL	PostgreSQL
CVE-2018-0171	20	Cisco	Cisco IOS and IOS XE
CVE-2025-24989	20	Microsoft	Microsoft Power Pages
CVE-2024-53704	20	SonicWall	SonicOS
CVE-2025-26339	20	Q-Free	MaxTime

Insights from contributors

Week 9

Ranking

Vulnerability	Count	Vendor	Product
CVE-2017-3066	20	Adobe	Adobe ColdFusion
CVE-2024-20953	20	Oracle Corporation	Agile PLM Framework
CVE-2025-27364	19	MITRE	Caldera
CVE-2024-49035	13	Microsoft	Microsoft Partner Center
CVE-2023-22527	12	Atlassian	Confluence Data Center
CVE-2023-34192	11	Zimbra	Zimbra ZCS v.8.8.15
CVE-2025-20051	10	Mattermost	Mattermost
CVE-2023-20198	9	Cisco	Cisco IOS XE Software
CVE-2024-48248	9	NAKIVO	NAKIVO Backup and Replication Solution
CVE-2015-2051	8	D-Link	DIR-645

Insights from contributors

Formal Vulnerability Disclosure for iPhone 15 Pro Max (iOS 18.3.1)

Continuous exploitation

The sightings used for this analysis were mainly collected through The Shadowserver Foundation’s honeypot network.

Black Basta’s Leaked Chat Logs

On February 11, 2025, a significant leak exposed BLACKBASTA’s internal Matrix chat logs.

A bundle on Vulnerability-Lookup is tracking the observations we’ve detected related to Black Basta’s leaked chat logs. You will find all the impacted products, such as Zimbra, Microsoft Exchange Server, JetBrains, and PAN-OS.

As you can see, there are plenty of sighting correlations from Shadowserver and from MISP, with continuous exploitations.

CVE-2017-11882 (Microsoft Office) was detected in MISP seven years ago (MISP/5a17d980-5438-4503-ba89-693b0a950b0c). Additionally, recent exploitations have been observed for other CVEs. Various Nuclei templates are available for this set of vulnerabilities.

You can read an interesting comment with more details: Update on SVR Cyber Operations and Vulnerability Exploitation.

CVE-2016-6277 - Netgear

Thank you

Thank you to all the contributors and our diverse sources!

If you want to contribute to the next report, you can create your account.

LLMs + Vulnerability-Lookup: What We're Testing and Where We're Headed