Logic scanner now available! Try it out

ZeroPath Blog & Research

Explore our team's latest research and stay up to date with ZeroPath's capabilities.

All Research Product Insights CVE Analysis
Windows AFD.sys Zero-Day CVE-2025-32709: Exploiting Use-After-Free for SYSTEM Privileges

Windows AFD.sys Zero-Day CVE-2025-32709: Exploiting Use-After-Free for SYSTEM Privileges

An in-depth technical analysis of CVE-2025-32709, a use-after-free vulnerability in Windows Ancillary Function Driver for WinSock, actively exploited to escalate privileges to SYSTEM level.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 7m read
Windows NTFS Under Siege: Unpacking CVE-2025-32707 Privilege Escalation

Windows NTFS Under Siege: Unpacking CVE-2025-32707 Privilege Escalation

A critical out-of-bounds read vulnerability in Windows NTFS (CVE-2025-32707) allows attackers to escalate privileges to SYSTEM level, actively exploited in the wild.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Windows CLFS Driver Strikes Again: Privilege Escalation via CVE-2025-32706

Windows CLFS Driver Strikes Again: Privilege Escalation via CVE-2025-32706

CVE-2025-32706 exposes Windows systems to local privilege escalation, allowing attackers to gain SYSTEM-level control through improper input validation in the CLFS driver.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Microsoft Outlook Under Fire: Analyzing CVE-2025-32705's Out-of-Bounds Read Vulnerability

Microsoft Outlook Under Fire: Analyzing CVE-2025-32705's Out-of-Bounds Read Vulnerability

A detailed technical analysis of CVE-2025-32705, an out-of-bounds read vulnerability in Microsoft Outlook allowing local attackers to execute arbitrary code.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 5m read
Excel Under Siege: Dissecting CVE-2025-32704's Buffer Over-Read Vulnerability

Excel Under Siege: Dissecting CVE-2025-32704's Buffer Over-Read Vulnerability

An in-depth technical analysis of CVE-2025-32704, a critical buffer over-read vulnerability in Microsoft Excel, detailing exploitation methods, affected versions, and essential patching steps.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Visual Studio Under Siege: Command Injection Vulnerability CVE-2025-32702 Exposed

Visual Studio Under Siege: Command Injection Vulnerability CVE-2025-32702 Exposed

A critical command injection flaw (CVE-2025-32702) in Visual Studio exposes developers to local code execution risks. Immediate patching is advised.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Windows CLFS Driver Zero-Day CVE-2025-32701: Privilege Escalation in the Wild

Windows CLFS Driver Zero-Day CVE-2025-32701: Privilege Escalation in the Wild

An actively exploited use-after-free vulnerability in Windows CLFS driver (CVE-2025-32701) allows attackers to escalate privileges to SYSTEM-level. Immediate patching recommended.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Windows DWM Under Siege: CVE-2025-30400 Use-After-Free Exploit Grants SYSTEM Privileges

Windows DWM Under Siege: CVE-2025-30400 Use-After-Free Exploit Grants SYSTEM Privileges

An actively exploited use-after-free vulnerability in Windows DWM (CVE-2025-30400) enables attackers to escalate privileges to SYSTEM. Immediate patching is critical.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 7m read
Type Confusion Strikes Again: Analyzing CVE-2025-30397 in Microsoft's Scripting Engine

Type Confusion Strikes Again: Analyzing CVE-2025-30397 in Microsoft's Scripting Engine

CVE-2025-30397 exposes a critical type confusion flaw in Microsoft's Scripting Engine, enabling remote attackers to execute arbitrary code via Edge's IE Mode. Immediate patching is essential.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Excel Under Siege: Analyzing CVE-2025-30393 Use-After-Free Vulnerability

Excel Under Siege: Analyzing CVE-2025-30393 Use-After-Free Vulnerability

A detailed analysis of CVE-2025-30393, a critical use-after-free vulnerability in Microsoft Excel, enabling local code execution and potential system compromise.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Windows Win32K GRFX Heap Overflow (CVE-2025-30388): A Local Privilege Escalation Threat

Windows Win32K GRFX Heap Overflow (CVE-2025-30388): A Local Privilege Escalation Threat

A detailed technical analysis of CVE-2025-30388, a heap-based buffer overflow in Windows Win32K GRFX, enabling local attackers to execute arbitrary code.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Azure Document Intelligence Studio Path Traversal Flaw (CVE-2025-30387): Critical Privilege Escalation Risk

Azure Document Intelligence Studio Path Traversal Flaw (CVE-2025-30387): Critical Privilege Escalation Risk

A critical path traversal vulnerability (CVE-2025-30387) in Azure Document Intelligence Studio On-Prem allows attackers to escalate privileges remotely, demanding immediate patching and mitigation.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 7m read
Silent Threat: CVE-2025-30386 Exploits Microsoft Office Preview Pane for Remote Code Execution

Silent Threat: CVE-2025-30386 Exploits Microsoft Office Preview Pane for Remote Code Execution

CVE-2025-30386, a critical use-after-free vulnerability in Microsoft Office, allows attackers to execute code silently via the Preview Pane, posing significant risks to enterprise security.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Windows CLFS Driver CVE-2025-30385: A Deep Look into Use-After-Free Privilege Escalation

Windows CLFS Driver CVE-2025-30385: A Deep Look into Use-After-Free Privilege Escalation

An in-depth technical analysis of CVE-2025-30385, a use-after-free vulnerability in Windows CLFS Driver enabling local privilege escalation.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
CVE-2025-30384: Microsoft SharePoint Deserialization Flaw Opens Door to Local RCE

CVE-2025-30384: Microsoft SharePoint Deserialization Flaw Opens Door to Local RCE

An in-depth analysis of CVE-2025-30384, a deserialization vulnerability in Microsoft SharePoint allowing local attackers to execute arbitrary code.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Excel's Type Confusion Trouble: Unpacking CVE-2025-30383's Local Code Execution Risk

Excel's Type Confusion Trouble: Unpacking CVE-2025-30383's Local Code Execution Risk

A detailed technical analysis of CVE-2025-30383, a critical type confusion vulnerability in Microsoft Excel enabling local code execution.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 7m read
Microsoft SharePoint's CVE-2025-30382: Unpacking the Deserialization RCE Risk

Microsoft SharePoint's CVE-2025-30382: Unpacking the Deserialization RCE Risk

Explore the technical details behind CVE-2025-30382, a critical deserialization vulnerability in Microsoft SharePoint Server enabling remote code execution.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Excel Under Siege: Unpacking CVE-2025-30381's Out-of-Bounds Read Exploit

Excel Under Siege: Unpacking CVE-2025-30381's Out-of-Bounds Read Exploit

A critical out-of-bounds read vulnerability in Microsoft Excel (CVE-2025-30381) exposes users to potential local code execution. Discover the technical details, mitigation strategies, and patch information to safeguard your systems.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Excel's Memory Mishap: Analyzing CVE-2025-30379's Invalid Pointer Vulnerability

Excel's Memory Mishap: Analyzing CVE-2025-30379's Invalid Pointer Vulnerability

Explore CVE-2025-30379, a critical memory handling flaw in Microsoft Excel, allowing local attackers to execute arbitrary code via specially crafted documents.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Microsoft SharePoint Under Siege: Unpacking CVE-2025-30378 Deserialization Flaw

Microsoft SharePoint Under Siege: Unpacking CVE-2025-30378 Deserialization Flaw

A detailed technical analysis of CVE-2025-30378, a critical deserialization vulnerability in Microsoft SharePoint enabling local code execution.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Silent Threat: CVE-2025-30377 Exploits Microsoft Office Preview Pane for Remote Code Execution

Silent Threat: CVE-2025-30377 Exploits Microsoft Office Preview Pane for Remote Code Execution

CVE-2025-30377, a critical use-after-free vulnerability in Microsoft Office, enables attackers to execute arbitrary code via Outlook's Preview Pane without user interaction.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Excel Under Siege: Analyzing CVE-2025-30376 Heap-Based Buffer Overflow

Excel Under Siege: Analyzing CVE-2025-30376 Heap-Based Buffer Overflow

A detailed technical analysis of CVE-2025-30376, a heap-based buffer overflow vulnerability in Microsoft Excel, enabling local attackers to execute arbitrary code.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 7m read
Excel's Type Confusion Trouble: Unpacking CVE-2025-30375

Excel's Type Confusion Trouble: Unpacking CVE-2025-30375

A detailed exploration of CVE-2025-30375, a type confusion vulnerability in Microsoft Excel enabling local code execution.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Excel Under Attack: Unpacking CVE-2025-29979 Heap Overflow Vulnerability

Excel Under Attack: Unpacking CVE-2025-29979 Heap Overflow Vulnerability

A detailed technical analysis of CVE-2025-29979, a heap-based buffer overflow in Microsoft Office Excel, enabling local attackers to execute arbitrary code.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
PowerPoint Peril: Unpacking CVE-2025-29978's Use-After-Free Exploit

PowerPoint Peril: Unpacking CVE-2025-29978's Use-After-Free Exploit

An in-depth technical analysis of CVE-2025-29978, a use-after-free vulnerability in Microsoft PowerPoint enabling local code execution.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Excel Under Siege: Unpacking CVE-2025-29977's Use-After-Free Vulnerability

Excel Under Siege: Unpacking CVE-2025-29977's Use-After-Free Vulnerability

A detailed technical analysis of CVE-2025-29977, a critical use-after-free vulnerability in Microsoft Excel, including affected versions, exploitation methods, and mitigation strategies.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Microsoft SharePoint Privilege Escalation Alert: Inside CVE-2025-29976

Microsoft SharePoint Privilege Escalation Alert: Inside CVE-2025-29976

A critical privilege escalation vulnerability (CVE-2025-29976) in Microsoft SharePoint could allow authorized users to gain unauthorized administrative privileges. Immediate patching recommended.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 5m read
WTD.sys Under Siege: Analyzing CVE-2025-29971's Kernel-Level DoS Threat

WTD.sys Under Siege: Analyzing CVE-2025-29971's Kernel-Level DoS Threat

Explore the kernel-mode vulnerability CVE-2025-29971 in Microsoft's Web Threat Defense (WTD.sys), enabling remote attackers to trigger denial-of-service conditions.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Microsoft Brokering File System Flaw CVE-2025-29970: A Deep Look at Privilege Escalation Risks

Microsoft Brokering File System Flaw CVE-2025-29970: A Deep Look at Privilege Escalation Risks

Explore the critical use-after-free vulnerability CVE-2025-29970 in Microsoft's Brokering File System, enabling local attackers to escalate privileges to SYSTEM level.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
CVE-2025-29969: Windows Fundamentals TOCTOU Race Condition Opens Door to Network-Based Code Execution

CVE-2025-29969: Windows Fundamentals TOCTOU Race Condition Opens Door to Network-Based Code Execution

A detailed technical analysis of CVE-2025-29969, a high-severity TOCTOU race condition in Windows Fundamentals, enabling network-based code execution.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Critical Heap Overflow in Microsoft RD Gateway (CVE-2025-29967): Remote Code Execution Risk

Critical Heap Overflow in Microsoft RD Gateway (CVE-2025-29967): Remote Code Execution Risk

A detailed technical analysis of CVE-2025-29967, a critical heap-based buffer overflow in Microsoft's Remote Desktop Gateway Service, enabling remote code execution without authentication.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 5m read
Windows Remote Desktop Under Siege: Analyzing CVE-2025-29966 Heap Overflow

Windows Remote Desktop Under Siege: Analyzing CVE-2025-29966 Heap Overflow

A critical heap-based buffer overflow in Windows Remote Desktop Client (CVE-2025-29966) allows remote attackers to execute arbitrary code without user interaction. We dissect the vulnerability, exploitation methods, and essential mitigation strategies.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 7m read
Windows Media Heap Overflow (CVE-2025-29963): Remote Code Execution Alert

Windows Media Heap Overflow (CVE-2025-29963): Remote Code Execution Alert

A critical heap-based buffer overflow in Windows Media (CVE-2025-29963) allows remote attackers to execute arbitrary code, demanding immediate patching and mitigation.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
CVE-2025-26677: Remote Desktop Gateway Resource Exhaustion Threatens Enterprise Availability

CVE-2025-26677: Remote Desktop Gateway Resource Exhaustion Threatens Enterprise Availability

A high-severity uncontrolled resource consumption vulnerability in Windows Remote Desktop Gateway (RD Gateway) service (CVE-2025-26677) enables attackers to trigger denial-of-service conditions, disrupting critical remote access operations.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Windows Kernel Heap Overflow (CVE-2025-24063): Privilege Escalation Risks Explained

Windows Kernel Heap Overflow (CVE-2025-24063): Privilege Escalation Risks Explained

A detailed technical breakdown of CVE-2025-24063, a heap-based buffer overflow in the Windows Kernel, enabling local attackers to escalate privileges.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
Ivanti Neurons for ITSM Hit by Critical Auth Bypass (CVE-2025-22462): Immediate Action Required

Ivanti Neurons for ITSM Hit by Critical Auth Bypass (CVE-2025-22462): Immediate Action Required

A critical authentication bypass vulnerability (CVE-2025-22462) in Ivanti Neurons for ITSM allows unauthenticated attackers administrative access, demanding immediate patching and mitigation.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 7m read
NetAlertX Under Siege: Unauthenticated RCE Exploit (CVE-2024-46506)

NetAlertX Under Siege: Unauthenticated RCE Exploit (CVE-2024-46506)

A critical unauthenticated command injection vulnerability in NetAlertX (CVE-2024-46506) is actively exploited, enabling attackers to execute arbitrary commands remotely.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 7m read
Fortinet's Cookie Crumble: Analyzing CVE-2025-32756 Stack-Based Buffer Overflow

Fortinet's Cookie Crumble: Analyzing CVE-2025-32756 Stack-Based Buffer Overflow

A critical stack-based buffer overflow in Fortinet products (CVE-2025-32756) allows remote unauthenticated attackers to execute arbitrary code via malicious HTTP cookies.

ZeroPath Security Research

ZeroPath Security Research

2025-05-13
CVE Analysis 6m read
SAP S/4HANA Under Siege: Analyzing CVE-2025-43010's ABAP Injection Risk

SAP S/4HANA Under Siege: Analyzing CVE-2025-43010's ABAP Injection Risk

A critical vulnerability (CVE-2025-43010) in SAP S/4HANA's SCM Master Data Layer allows attackers to remotely replace ABAP programs, posing severe integrity and availability risks.

ZeroPath Security Research

ZeroPath Security Research

2025-05-12
CVE Analysis 5m read
Growatt Cloud Applications at Risk: Unpacking CVE-2025-24297 Stored XSS Vulnerability

Growatt Cloud Applications at Risk: Unpacking CVE-2025-24297 Stored XSS Vulnerability

A critical stored XSS vulnerability (CVE-2025-24297) in Growatt Cloud Applications allows attackers to inject malicious JavaScript, posing severe risks to user privacy and system integrity.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 7m read
Oracle Database Java VM Vulnerability CVE-2025-30736: Remote Exploitation Risks and Mitigation

Oracle Database Java VM Vulnerability CVE-2025-30736: Remote Exploitation Risks and Mitigation

CVE-2025-30736 exposes Oracle Database Java VM to remote unauthenticated attacks, risking critical data integrity and confidentiality. Immediate patching and mitigation strategies are essential.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 6m read
Oracle Configurator Exposed: Unauthenticated Data Access via CVE-2025-30728

Oracle Configurator Exposed: Unauthenticated Data Access via CVE-2025-30728

A critical vulnerability in Oracle Configurator (CVE-2025-30728) allows unauthenticated attackers to access sensitive enterprise data, posing significant confidentiality risks.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 7m read
Oracle E-Business Suite Under Siege: Critical RCE in iSurvey Module (CVE-2025-30727)

Oracle E-Business Suite Under Siege: Critical RCE in iSurvey Module (CVE-2025-30727)

A critical remote code execution vulnerability (CVE-2025-30727) has been identified in Oracle E-Business Suite's iSurvey Module, allowing unauthenticated attackers to fully compromise affected systems.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 6m read
Oracle E-Business Suite Exposed: CVE-2025-30716 Enables Unauthenticated Data Access

Oracle E-Business Suite Exposed: CVE-2025-30716 Enables Unauthenticated Data Access

A critical vulnerability in Oracle E-Business Suite's CRM User Management Framework (CVE-2025-30716) allows unauthenticated attackers to access sensitive data remotely. Immediate patching is essential.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 5m read
Oracle E-Business Suite Exposed: Unauthenticated Access via CVE-2025-30708

Oracle E-Business Suite Exposed: Unauthenticated Access via CVE-2025-30708

CVE-2025-30708 exposes Oracle E-Business Suite's User Management to unauthenticated attackers, risking critical data exposure. Immediate patching recommended.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 5m read
MySQL Connector/J Under Siege: Analyzing CVE-2025-30706's Critical Takeover Risk

MySQL Connector/J Under Siege: Analyzing CVE-2025-30706's Critical Takeover Risk

A detailed technical analysis of CVE-2025-30706, a high-severity vulnerability affecting MySQL Connector/J versions 9.0.0 to 9.2.0, enabling potential system takeover.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 6m read
Oracle Java SE and GraalVM JSSE Flaw (CVE-2025-21587): Unpacking the SSL/TLS Vulnerability

Oracle Java SE and GraalVM JSSE Flaw (CVE-2025-21587): Unpacking the SSL/TLS Vulnerability

CVE-2025-21587 exposes Oracle Java SE and GraalVM products to unauthorized data manipulation and access via JSSE vulnerabilities. Immediate patching is critical.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 6m read
Fueling Danger: Critical Authentication Flaw in Lantronix Xport (CVE-2025-2567)

Fueling Danger: Critical Authentication Flaw in Lantronix Xport (CVE-2025-2567)

A critical missing authentication vulnerability in Lantronix Xport devices (CVE-2025-2567) threatens fuel monitoring systems, risking severe operational disruptions and safety hazards.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 6m read
Libsoup's Double-Free Disaster: Analyzing CVE-2025-32911's Critical Memory Corruption Flaw

Libsoup's Double-Free Disaster: Analyzing CVE-2025-32911's Critical Memory Corruption Flaw

A critical double-free vulnerability (CVE-2025-32911) in libsoup's header parsing exposes Linux systems to severe memory corruption risks.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 6m read
Edge of Danger: Unpacking CVE-2025-29834's Out-of-Bounds Read in Microsoft Edge

Edge of Danger: Unpacking CVE-2025-29834's Out-of-Bounds Read in Microsoft Edge

Explore the technical intricacies behind CVE-2025-29834, an out-of-bounds read vulnerability in Microsoft Edge, and learn how to protect your systems.

ZeroPath Security Research

ZeroPath Security Research

2025-04-11
CVE Analysis 6m read
Analyzing CVE-2025-21601: Juniper Junos OS Web Management DoS Vulnerability

Analyzing CVE-2025-21601: Juniper Junos OS Web Management DoS Vulnerability

Detailed technical analysis of CVE-2025-21601, a critical DoS vulnerability affecting Juniper Junos OS web management components.

ZeroPath Security Research

ZeroPath Security Research

2025-04-09
CVE Analysis 7m read
Critical RCE in BentoML Runner Server: Deep Dive into CVE-2025-32375

Critical RCE in BentoML Runner Server: Deep Dive into CVE-2025-32375

An in-depth technical analysis of CVE-2025-32375, a critical remote code execution vulnerability in BentoML's runner server, including exploitation methods, detection techniques, and patching guidance.

ZeroPath Security Research

ZeroPath Security Research

2025-04-09
CVE Analysis 7m read
React Router Under Siege: Analyzing CVE-2025-31137 URL Spoofing Vulnerability

React Router Under Siege: Analyzing CVE-2025-31137 URL Spoofing Vulnerability

Dive deep into CVE-2025-31137, a high-severity URL spoofing vulnerability affecting React Router and Remix applications using Express adapters. Learn how attackers exploit HTTP headers and how to protect your applications.

ZeroPath Security Research

ZeroPath Security Research

2025-04-01
CVE Analysis 6m read
Next.js Middleware Exploit: CVE-2025-29927 Authorization Bypass

Next.js Middleware Exploit: CVE-2025-29927 Authorization Bypass

Explore the critical CVE-2025-29927 vulnerability in Next.js middleware, enabling attackers to bypass authorization checks and gain unauthorized access.

ZeroPath Security Research

ZeroPath Security Research

2025-03-21
CVE Analysis 6m read
Privilege Escalation in Microsoft Partner Center: Analyzing CVE-2025-29814

Privilege Escalation in Microsoft Partner Center: Analyzing CVE-2025-29814

A critical improper authorization flaw in Microsoft Partner Center (CVE-2025-29814) allows attackers to escalate privileges remotely. Here's our technical analysis and mitigation guidance.

ZeroPath Security Research

ZeroPath Security Research

2025-03-20
CVE Analysis 5m read
Exploiting Microsoft Dataverse: Deep Dive into CVE-2025-29807 Deserialization Flaw

Exploiting Microsoft Dataverse: Deep Dive into CVE-2025-29807 Deserialization Flaw

An in-depth technical analysis of CVE-2025-29807, a critical deserialization vulnerability in Microsoft Dataverse enabling remote code execution.

ZeroPath Security Research

ZeroPath Security Research

2025-03-20
CVE Analysis 5m read
Exploiting Trust: Inside CVE-2025-23120 Veeam Backup & Replication RCE Vulnerability

Exploiting Trust: Inside CVE-2025-23120 Veeam Backup & Replication RCE Vulnerability

An in-depth technical breakdown of CVE-2025-23120, a critical remote code execution vulnerability affecting Veeam Backup & Replication, including exploitation methods, detection strategies, and immediate patching guidance.

ZeroPath Security Research

ZeroPath Security Research

2025-03-20
CVE Analysis 7m read

Ready for effortless AppSec?

Get a live ZeroPath tour.

Schedule a demo with one of the founders Dean Valentine Raphael Karger Nathan Hrncirik Yaacov Tarko to get started.

Schedule a demo