ZeroPath Blog & Research
Explore our team's latest research and stay up to date with ZeroPath's capabilities.
CVE Analysis
•2025-10-15
•8 min read
BIG-IP Advanced WAF and ASM CVE-2025-54858: Brief Summary of JSON Schema Uncontrolled Recursion Vulnerability
A brief summary of CVE-2025-54858 affecting F5 BIG-IP Advanced WAF and ASM. This post covers technical details, affected versions, and vendor security history for this high-severity uncontrolled recursion vulnerability in JSON schema processing.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-15
•8 min read
BIG-IP SSL Orchestrator CVE-2025-55036: Brief Summary of Out-of-Bounds Write Vulnerability
This post provides a brief summary of CVE-2025-55036, a high-severity out-of-bounds write vulnerability affecting F5 BIG-IP SSL Orchestrator when configured as an explicit forward proxy with proxy connect enabled. Includes affected version details, technical context, and vendor security history.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-15
•8 min read
F5 BIG-IP Advanced WAF and ASM: Brief Summary of CVE-2025-55669 HTTP/2 TMM Termination Vulnerability
This post provides a brief summary of CVE-2025-55669, a high-severity vulnerability in F5 BIG-IP Advanced WAF and ASM when configured with server-side HTTP/2 profiles. The flaw can cause TMM termination and denial of service under certain traffic conditions. Includes affected versions, technical mechanism, and vendor security history.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-15
•9 min read
F5 BIG-IP CVE-2025-58096: Brief Summary of TMM Out-of-Bounds Write Denial of Service
This post provides a brief summary of CVE-2025-58096, a denial of service vulnerability in F5 BIG-IP Traffic Management Microkernel (TMM) triggered by a non-default checksum configuration. It covers technical details, affected versions, and vendor security history.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-15
•8 min read
F5 BIG-IP Next HTTP2 Ingress NULL Pointer Dereference (CVE-2025-58120): Brief Summary and Technical Review
This post provides a brief summary and technical review of CVE-2025-58120, a high-severity NULL pointer dereference vulnerability affecting F5 BIG-IP Next SPK, CNF, and Kubernetes products with HTTP2 Ingress enabled. We focus on affected versions, technical root cause, and vendor history based on available public sources.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-15
•11 min read
BIG-IP AFM CVE-2025-59478: Brief Summary of DoS Protection Profile Vulnerability
A brief summary of CVE-2025-59478, a high severity denial of service vulnerability in F5 BIG-IP AFM DoS protection profiles. This post covers affected versions, technical root cause, and vendor history, with references to official advisories.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-15
•8 min read
F5 BIG-IP CVE-2025-59481 Privilege Escalation: Brief Summary and Technical Review
This post provides a brief summary and technical review of CVE-2025-59481, a privilege escalation vulnerability in F5 BIG-IP iControl REST and tmsh. It covers affected versions, technical details, and vendor security history, with references to official advisories and research.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-15
•8 min read
F5 VELOS F5OS-C Partition Control Plane: CVE-2025-59778 Resource Allocation Vulnerability – Brief Summary
This post provides a brief summary of CVE-2025-59778, a resource allocation vulnerability affecting F5 VELOS F5OS-C partition control planes with the Allowed IP Addresses feature enabled. It covers affected versions, technical details, and vendor security context based on available advisories and technical documentation.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-15
•8 min read
F5 BIG-IP CVE-2025-61951: Brief Summary of DTLS 1.2 TMM Out-of-Bounds Read Denial of Service
This post provides a brief summary of CVE-2025-61951, a high-severity out-of-bounds read vulnerability in F5 BIG-IP's Traffic Management Microkernel (TMM) when configured for DTLS 1.2 with specific Server SSL profile settings. The summary covers technical details, affected versions, and vendor security history, with references for further reading.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-15
•8 min read
F5OS-A and F5OS-C Privilege Escalation (CVE-2025-61955): Brief Summary and Technical Review
This post provides a brief summary and technical review of CVE-2025-61955, a high-severity privilege escalation vulnerability in F5OS-A and F5OS-C. We cover the technical mechanism, affected versions, and vendor security history based on available public information.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-15
•8 min read
F5 BIG-IP CVE-2025-61958: Brief Summary of tmsh iHealth Appliance Mode Bypass
A brief summary of CVE-2025-61958, a privilege escalation vulnerability in F5 BIG-IP's tmsh iHealth utility. This post covers technical details, affected versions, and vendor history, focusing on the risk to Appliance mode deployments. No PoC, patch, or detection information is included.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-15
•9 min read
F5 BIG-IP APM CVE-2025-61960: Brief Summary of a Remote Denial of Service Vulnerability
A brief summary of CVE-2025-61960, a remote denial of service vulnerability impacting F5 BIG-IP Access Policy Manager portal access. This post covers affected versions, technical root cause, and vendor security context based on available public information.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-15
•7 min read
Orion SMS OTP Verification CVE-2025-9967: Privilege Escalation via Account Takeover – Brief Summary
Brief summary of CVE-2025-9967 affecting all versions up to 1.1.7 of the Orion SMS OTP Verification plugin for WordPress. This post covers technical details of the authentication bypass and privilege escalation flaw, affected versions, and vendor security history.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-14
•8 min read
Brief Look: Heap-Based Buffer Overflow in Fortinet fgfmsd (CVE-2024-50571)
This post provides a brief summary of CVE-2024-50571, a heap-based buffer overflow in Fortinet's fgfmsd daemon affecting FortiAnalyzer, FortiManager, FortiOS, and FortiProxy. It covers affected versions, technical details, and vendor security history based on available public sources.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-14
•7 min read
Ivanti EPMM CVE-2025-10242 OS Command Injection: Brief Summary and Technical Review
This post provides a brief summary and technical review of CVE-2025-10242, an OS command injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) admin panel affecting versions before 12.6.0.2, 12.5.0.4, and 12.4.0.4. The vulnerability allows remote authenticated attackers with admin privileges to achieve remote code execution. Patch information and affected version details are included.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-14
•7 min read
Ivanti EPMM CVE-2025-10243: Brief Summary of OS Command Injection in Admin Panel
This post provides a brief summary of CVE-2025-10243, an OS command injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) admin panel affecting versions before 12.6.0.2, 12.5.0.4, and 12.4.0.4. The vulnerability allows remote code execution by authenticated admin users. Includes technical details, affected versions, and vendor security history.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-14
•8 min read
Ivanti EPMM CVE-2025-10985 OS Command Injection: Brief Summary and Technical Review
This post provides a brief summary and technical review of CVE-2025-10985, an OS command injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) prior to versions 12.6.0.2, 12.5.0.4, and 12.4.0.4. The vulnerability allows authenticated admin users to execute arbitrary OS commands, potentially leading to remote code execution. Includes affected version details, technical mechanism, and vendor security history.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-14
•7 min read
FortiProxy and FortiOS ZTNA Certificate Validation Flaw: Brief Summary of CVE-2025-25253
This post provides a brief summary of CVE-2025-25253, an improper certificate validation vulnerability in FortiProxy and FortiOS ZTNA proxy. It covers affected versions, technical details, and vendor security context, with all references included for further review.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-14
•8 min read
SIMATIC CP 1542SP-1 and SIPLUS ET 200SP: Brief Summary of CVE-2025-40771 Authentication Bypass
This post provides a brief summary of CVE-2025-40771, a critical authentication bypass vulnerability affecting Siemens SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, CP 1543SP-1, and SIPLUS ET 200SP communication processors prior to firmware V2.4.24. The flaw allows unauthenticated remote access to configuration data. Patch and affected version details are included.
ZeroPath CVE Analysis
CVE Analysis
•2025-10-14
•8 min read
Fortinet FortiVoice CVE-2025-47856: Brief Summary of Command Injection Vulnerability and Impact
This post provides a brief summary of CVE-2025-47856, a command injection vulnerability affecting Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, and before 6.4.10. It covers technical details, affected versions, and vendor security history based on available public sources.
ZeroPath CVE Analysis