ZeroPath Blog & Research
Explore our team's latest research and stay up to date with ZeroPath's capabilities.
CVE Analysis
•2025-09-09
•8 min read
Adobe Acrobat Reader CVE-2025-54257 Use After Free Vulnerability: Brief Summary and Technical Review
This post provides a brief summary and technical review of CVE-2025-54257, a Use After Free vulnerability affecting Adobe Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier. The vulnerability enables arbitrary code execution via malicious PDF files and is rated with a CVSS score of 7.8. Includes affected versions, technical mechanism, and references.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-09
•7 min read
Ivanti Connect Secure CVE-2025-55141: Brief Summary of a Critical Missing Authorization Vulnerability
A brief summary of CVE-2025-55141, a critical missing authorization flaw in Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access. This post covers affected versions, technical root cause, and vendor security history based on available public information.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-09
•7 min read
Ivanti Connect Secure CVE-2025-55142 Authorization Bypass: Brief Summary and Technical Review
A brief summary of CVE-2025-55142, a high-severity authorization bypass in Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access. This post covers affected versions, technical details, and vendor security history based on available public sources.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-09
•7 min read
Ivanti Connect Secure CVE-2025-55145: Brief Summary of Missing Authorization in HTML5 Session Handling
A brief summary of CVE-2025-55145, a missing authorization vulnerability in Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access. This post covers affected versions, technical mechanism, and vendor security history based on available information.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-09
•8 min read
Ivanti Connect Secure CSRF Vulnerability (CVE-2025-55147): Brief Summary and Technical Review
This post provides a brief summary and technical review of CVE-2025-55147, a high-severity CSRF vulnerability affecting Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access prior to specific versions. Includes affected version details and vendor security history.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-09
•7 min read
Ivanti Connect Secure CVE-2025-55148: Brief Summary of Missing Authorization Vulnerability
A brief summary of CVE-2025-55148, a missing authorization vulnerability in Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access. This post covers affected versions, technical mechanism, and vendor security history based on available information.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-09
•8 min read
CoreDNS etcd Plugin TTL Confusion (CVE-2025-58063): Brief Summary and Technical Review
Brief summary of CVE-2025-58063, a TTL confusion vulnerability in CoreDNS's etcd plugin affecting versions 1.2.0 up to 1.12.3. This post covers technical details, affected versions, and vendor security history, with references to official advisories and technical documentation.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-09
•7 min read
OPEXUS FOIAXpress PAL CVE-2025-58462 SQL Injection: Brief Summary and Technical Details
A brief summary of CVE-2025-58462, a critical SQL injection vulnerability in OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0. This post outlines affected versions, technical details, and vendor security history based on available public sources.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-09
•8 min read
Ivanti Endpoint Manager CVE-2025-9712: Brief Summary of Remote Code Execution via Insufficient Filename Validation
Brief summary of CVE-2025-9712 affecting Ivanti Endpoint Manager. This post covers technical details, affected versions, patch information, and vendor security context. No proof of concept or detection methods are included.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-09
•8 min read
Ivanti Endpoint Manager CVE-2025-9872: Brief Summary of Critical RCE via Filename Validation Flaw
This post provides a brief summary of CVE-2025-9872, a high-severity remote code execution vulnerability in Ivanti Endpoint Manager due to insufficient filename validation. It covers affected versions, technical details, patch information, and vendor security history.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-08
•8 min read
Tenda AC20 CVE-2025-10120 Buffer Overflow: Brief Technical Summary
A brief summary of CVE-2025-10120, a high-severity buffer overflow in Tenda AC20 routers up to firmware 16.03.08.12. This post covers affected versions, technical root cause, and vendor security history based on public information.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-08
•8 min read
D-Link DIR-823X Command Injection (CVE-2025-10123): Brief Summary and Technical Review
This post provides a brief summary and technical review of CVE-2025-10123, a command injection vulnerability in D-Link DIR-823X routers up to firmware 250416. The vulnerability allows remote attackers to execute arbitrary commands by manipulating the Hostname parameter in the /goform/set_static_leases endpoint. No official patch or detection guidance is available at this time.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-08
•7 min read
SAP ABAP Reports CVE-2025-42916 Input Validation Flaw: Brief Summary and Technical Review
Brief summary of CVE-2025-42916 affecting SAP ABAP reports due to missing input validation, allowing privileged users to delete arbitrary database table content if not protected by authorization groups. Includes technical details and affected versions.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-08
•7 min read
SAP ABAP CVE-2025-42929: Brief Summary of Arbitrary Database Table Deletion via Input Validation Flaw
This post provides a brief summary of CVE-2025-42929, a high-severity input validation flaw in SAP ABAP that allows privileged attackers to delete arbitrary database table content when authorization groups are not properly configured. Includes technical details, affected versions, and references to SAP advisories.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-08
•7 min read
SAP Business One SLD Credential Exposure (CVE-2025-42933): Brief Summary and Technical Review
Brief summary of CVE-2025-42933 affecting SAP Business One SLD, where improper encryption in the SLD backend exposes sensitive credentials in HTTP responses. Includes technical context, affected versions, and vendor security history based on available sources.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-08
•8 min read
SAP NetWeaver on IBM i-Series: Brief Summary of CVE-2025-42958 Authentication Bypass
A brief summary of CVE-2025-42958, a critical authentication bypass in SAP NetWeaver on IBM i-series. This post covers technical details, affected versions, and vendor history based on available public information.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-08
•9 min read
AutomatorWP CVE-2025-9539: Brief Summary of Critical Unauthorized Automation Import Vulnerability in WordPress
Brief summary of CVE-2025-9539 affecting AutomatorWP for WordPress. This post covers technical details, affected versions, and vendor security history for this high-severity unauthorized automation import vulnerability. No PoC, patch, or detection methods are included.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-08
•7 min read
SAP NetWeaver AS Java CVE-2025-42922 Arbitrary File Upload Vulnerability – Brief Summary and Technical Review
A brief summary of CVE-2025-42922, a critical arbitrary file upload vulnerability in SAP NetWeaver AS Java. This post covers technical details, affected versions, and vendor security history based on available sources.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-08
•8 min read
SAP NetWeaver CVE-2025-42944: Brief Summary of Critical Deserialization Flaw
A brief summary of CVE-2025-42944, a critical SAP NetWeaver deserialization vulnerability that allows unauthenticated remote code execution via the RMI-P4 module. This post covers technical details, affected versions, and vendor security history based on available public sources.
ZeroPath CVE Analysis
CVE Analysis
•2025-09-06
•8 min read
AMD SMM Input Validation Flaw: Brief Summary of CVE-2024-21947 in Ryzen, Threadripper, and Embedded Processors
This post provides a brief summary of CVE-2024-21947, an SMM input validation flaw affecting a wide range of AMD processors. We cover technical details, affected versions, patch information, and AMD’s security response history.
ZeroPath CVE Analysis