ZeroPath Blog & Research

Explore our team's latest research and stay up to date with ZeroPath's capabilities.

Windows AFD.sys Zero-Day CVE-2025-32709: Exploiting Use-After-Free for SYSTEM Privileges
Windows NTFS Under Siege: Unpacking CVE-2025-32707 Privilege Escalation
Windows CLFS Driver Strikes Again: Privilege Escalation via CVE-2025-32706
Microsoft Outlook Under Fire: Analyzing CVE-2025-32705's Out-of-Bounds Read Vulnerability
Excel Under Siege: Dissecting CVE-2025-32704's Buffer Over-Read Vulnerability
Visual Studio Under Siege: Command Injection Vulnerability CVE-2025-32702 Exposed
Windows CLFS Driver Zero-Day CVE-2025-32701: Privilege Escalation in the Wild
Windows DWM Under Siege: CVE-2025-30400 Use-After-Free Exploit Grants SYSTEM Privileges
Type Confusion Strikes Again: Analyzing CVE-2025-30397 in Microsoft's Scripting Engine
Excel Under Siege: Analyzing CVE-2025-30393 Use-After-Free Vulnerability
Windows Win32K GRFX Heap Overflow (CVE-2025-30388): A Local Privilege Escalation Threat
Azure Document Intelligence Studio Path Traversal Flaw (CVE-2025-30387): Critical Privilege Escalation Risk
Silent Threat: CVE-2025-30386 Exploits Microsoft Office Preview Pane for Remote Code Execution
Windows CLFS Driver CVE-2025-30385: A Deep Look into Use-After-Free Privilege Escalation
CVE-2025-30384: Microsoft SharePoint Deserialization Flaw Opens Door to Local RCE
Excel's Type Confusion Trouble: Unpacking CVE-2025-30383's Local Code Execution Risk
Microsoft SharePoint's CVE-2025-30382: Unpacking the Deserialization RCE Risk
Excel Under Siege: Unpacking CVE-2025-30381's Out-of-Bounds Read Exploit
Excel's Memory Mishap: Analyzing CVE-2025-30379's Invalid Pointer Vulnerability
Microsoft SharePoint Under Siege: Unpacking CVE-2025-30378 Deserialization Flaw
Silent Threat: CVE-2025-30377 Exploits Microsoft Office Preview Pane for Remote Code Execution
Excel Under Siege: Analyzing CVE-2025-30376 Heap-Based Buffer Overflow
Excel's Type Confusion Trouble: Unpacking CVE-2025-30375
Excel Under Attack: Unpacking CVE-2025-29979 Heap Overflow Vulnerability
PowerPoint Peril: Unpacking CVE-2025-29978's Use-After-Free Exploit
Excel Under Siege: Unpacking CVE-2025-29977's Use-After-Free Vulnerability
Microsoft SharePoint Privilege Escalation Alert: Inside CVE-2025-29976
WTD.sys Under Siege: Analyzing CVE-2025-29971's Kernel-Level DoS Threat
Microsoft Brokering File System Flaw CVE-2025-29970: A Deep Look at Privilege Escalation Risks
CVE-2025-29969: Windows Fundamentals TOCTOU Race Condition Opens Door to Network-Based Code Execution
Critical Heap Overflow in Microsoft RD Gateway (CVE-2025-29967): Remote Code Execution Risk
Windows Remote Desktop Under Siege: Analyzing CVE-2025-29966 Heap Overflow
Windows Media Heap Overflow (CVE-2025-29963): Remote Code Execution Alert
CVE-2025-26677: Remote Desktop Gateway Resource Exhaustion Threatens Enterprise Availability
Windows Kernel Heap Overflow (CVE-2025-24063): Privilege Escalation Risks Explained
Ivanti Neurons for ITSM Hit by Critical Auth Bypass (CVE-2025-22462): Immediate Action Required
NetAlertX Under Siege: Unauthenticated RCE Exploit (CVE-2024-46506)
Fortinet's Cookie Crumble: Analyzing CVE-2025-32756 Stack-Based Buffer Overflow
SAP S/4HANA Under Siege: Analyzing CVE-2025-43010's ABAP Injection Risk
Growatt Cloud Applications at Risk: Unpacking CVE-2025-24297 Stored XSS Vulnerability
Oracle Database Java VM Vulnerability CVE-2025-30736: Remote Exploitation Risks and Mitigation
Oracle Configurator Exposed: Unauthenticated Data Access via CVE-2025-30728
Oracle E-Business Suite Under Siege: Critical RCE in iSurvey Module (CVE-2025-30727)
Oracle E-Business Suite Exposed: CVE-2025-30716 Enables Unauthenticated Data Access
Oracle E-Business Suite Exposed: Unauthenticated Access via CVE-2025-30708
MySQL Connector/J Under Siege: Analyzing CVE-2025-30706's Critical Takeover Risk
Oracle Java SE and GraalVM JSSE Flaw (CVE-2025-21587): Unpacking the SSL/TLS Vulnerability
Fueling Danger: Critical Authentication Flaw in Lantronix Xport (CVE-2025-2567)
Libsoup's Double-Free Disaster: Analyzing CVE-2025-32911's Critical Memory Corruption Flaw
Edge of Danger: Unpacking CVE-2025-29834's Out-of-Bounds Read in Microsoft Edge
Analyzing CVE-2025-21601: Juniper Junos OS Web Management DoS Vulnerability
Critical RCE in BentoML Runner Server: Deep Dive into CVE-2025-32375
React Router Under Siege: Analyzing CVE-2025-31137 URL Spoofing Vulnerability
Next.js Middleware Exploit: CVE-2025-29927 Authorization Bypass
Privilege Escalation in Microsoft Partner Center: Analyzing CVE-2025-29814
Exploiting Microsoft Dataverse: Deep Dive into CVE-2025-29807 Deserialization Flaw
Exploiting Trust: Inside CVE-2025-23120 Veeam Backup & Replication RCE Vulnerability

Ready for effortless AppSec?

Get a live ZeroPath tour.

Schedule a demo with one of the founders Dean Valentine Raphael Karger Nathan Hrncirik Yaacov Tarko to get started.