ZeroPath Blog & Research
Explore our team's latest research and stay up to date with ZeroPath's capabilities.

CVE Analysis
•2025-05-13
•6 min read
Microsoft SharePoint Under Siege: Unpacking CVE-2025-30378 Deserialization Flaw
A detailed technical analysis of CVE-2025-30378, a critical deserialization vulnerability in Microsoft SharePoint enabling local code execution.
ZeroPath Security Research

CVE Analysis
•2025-05-13
•6 min read
Silent Threat: CVE-2025-30377 Exploits Microsoft Office Preview Pane for Remote Code Execution
CVE-2025-30377, a critical use-after-free vulnerability in Microsoft Office, enables attackers to execute arbitrary code via Outlook's Preview Pane without user interaction.
ZeroPath Security Research

CVE Analysis
•2025-05-13
•7 min read
Excel Under Siege: Analyzing CVE-2025-30376 Heap-Based Buffer Overflow
A detailed technical analysis of CVE-2025-30376, a heap-based buffer overflow vulnerability in Microsoft Excel, enabling local attackers to execute arbitrary code.
ZeroPath Security Research

CVE Analysis
•2025-05-13
•6 min read
Excel's Type Confusion Trouble: Unpacking CVE-2025-30375
A detailed exploration of CVE-2025-30375, a type confusion vulnerability in Microsoft Excel enabling local code execution.
ZeroPath Security Research

CVE Analysis
•2025-05-13
•6 min read
Excel Under Attack: Unpacking CVE-2025-29979 Heap Overflow Vulnerability
A detailed technical analysis of CVE-2025-29979, a heap-based buffer overflow in Microsoft Office Excel, enabling local attackers to execute arbitrary code.
ZeroPath Security Research

CVE Analysis
•2025-05-13
•6 min read
PowerPoint Peril: Unpacking CVE-2025-29978's Use-After-Free Exploit
An in-depth technical analysis of CVE-2025-29978, a use-after-free vulnerability in Microsoft PowerPoint enabling local code execution.
ZeroPath Security Research

CVE Analysis
•2025-05-13
•6 min read
Excel Under Siege: Unpacking CVE-2025-29977's Use-After-Free Vulnerability
A detailed technical analysis of CVE-2025-29977, a critical use-after-free vulnerability in Microsoft Excel, including affected versions, exploitation methods, and mitigation strategies.
ZeroPath Security Research

CVE Analysis
•2025-05-13
•5 min read
Microsoft SharePoint Privilege Escalation Alert: Inside CVE-2025-29976
A critical privilege escalation vulnerability (CVE-2025-29976) in Microsoft SharePoint could allow authorized users to gain unauthorized administrative privileges. Immediate patching recommended.
ZeroPath Security Research

CVE Analysis
•2025-05-13
•6 min read
WTD.sys Under Siege: Analyzing CVE-2025-29971's Kernel-Level DoS Threat
Explore the kernel-mode vulnerability CVE-2025-29971 in Microsoft's Web Threat Defense (WTD.sys), enabling remote attackers to trigger denial-of-service conditions.
ZeroPath Security Research

CVE Analysis
•2025-05-13
•6 min read
Microsoft Brokering File System Flaw CVE-2025-29970: A Deep Look at Privilege Escalation Risks
Explore the critical use-after-free vulnerability CVE-2025-29970 in Microsoft's Brokering File System, enabling local attackers to escalate privileges to SYSTEM level.
ZeroPath Security Research

CVE Analysis
•2025-05-13
•6 min read
CVE-2025-29969: Windows Fundamentals TOCTOU Race Condition Opens Door to Network-Based Code Execution
A detailed technical analysis of CVE-2025-29969, a high-severity TOCTOU race condition in Windows Fundamentals, enabling network-based code execution.
ZeroPath Security Research

CVE Analysis
•2025-05-13
•5 min read
Critical Heap Overflow in Microsoft RD Gateway (CVE-2025-29967): Remote Code Execution Risk
A detailed technical analysis of CVE-2025-29967, a critical heap-based buffer overflow in Microsoft's Remote Desktop Gateway Service, enabling remote code execution without authentication.
ZeroPath Security Research

CVE Analysis
•2025-05-13
•7 min read
Windows Remote Desktop Under Siege: Analyzing CVE-2025-29966 Heap Overflow
A critical heap-based buffer overflow in Windows Remote Desktop Client (CVE-2025-29966) allows remote attackers to execute arbitrary code without user interaction. We dissect the vulnerability, exploitation methods, and essential mitigation strategies.
ZeroPath Security Research

CVE Analysis
•2025-05-13
•6 min read
Windows Media Heap Overflow (CVE-2025-29963): Remote Code Execution Alert
A critical heap-based buffer overflow in Windows Media (CVE-2025-29963) allows remote attackers to execute arbitrary code, demanding immediate patching and mitigation.
ZeroPath Security Research

CVE Analysis
•2025-05-13
•6 min read
CVE-2025-26677: Remote Desktop Gateway Resource Exhaustion Threatens Enterprise Availability
A high-severity uncontrolled resource consumption vulnerability in Windows Remote Desktop Gateway (RD Gateway) service (CVE-2025-26677) enables attackers to trigger denial-of-service conditions, disrupting critical remote access operations.
ZeroPath Security Research

CVE Analysis
•2025-05-13
•6 min read
Windows Kernel Heap Overflow (CVE-2025-24063): Privilege Escalation Risks Explained
A detailed technical breakdown of CVE-2025-24063, a heap-based buffer overflow in the Windows Kernel, enabling local attackers to escalate privileges.
ZeroPath Security Research

CVE Analysis
•2025-05-13
•7 min read
Ivanti Neurons for ITSM Hit by Critical Auth Bypass (CVE-2025-22462): Immediate Action Required
A critical authentication bypass vulnerability (CVE-2025-22462) in Ivanti Neurons for ITSM allows unauthenticated attackers administrative access, demanding immediate patching and mitigation.
ZeroPath Security Research

CVE Analysis
•2025-05-13
•7 min read
NetAlertX Under Siege: Unauthenticated RCE Exploit (CVE-2024-46506)
A critical unauthenticated command injection vulnerability in NetAlertX (CVE-2024-46506) is actively exploited, enabling attackers to execute arbitrary commands remotely.
ZeroPath Security Research

CVE Analysis
•2025-05-13
•6 min read
Fortinet's Cookie Crumble: Analyzing CVE-2025-32756 Stack-Based Buffer Overflow
A critical stack-based buffer overflow in Fortinet products (CVE-2025-32756) allows remote unauthenticated attackers to execute arbitrary code via malicious HTTP cookies.
ZeroPath Security Research

CVE Analysis
•2025-05-12
•5 min read
SAP S/4HANA Under Siege: Analyzing CVE-2025-43010's ABAP Injection Risk
A critical vulnerability (CVE-2025-43010) in SAP S/4HANA's SCM Master Data Layer allows attackers to remotely replace ABAP programs, posing severe integrity and availability risks.
ZeroPath Security Research