NVD disclosure day

Published threat advisories for January 8, 2025

CVE-2025-0282

Ivanti Gateways Vulnerable to Remote Code Execution

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A stack-based buffer overflow vulnerability in Ivanti gateways allows unauthenticated remote attackers to execute code. This could impact systems and data, posing a business risk.

NVD published: January 8, 2025 • CISA KEV

CVE advisoryKnown Exploit

CVE-2024-50603

Aviatrix Controller OS Command Injection Vulnerability.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

An unauthenticated attacker can execute arbitrary code on Aviatrix Controllers via improper OS command handling. This presents a significant risk of unauthorized system access and data compromise. Organizations should address this vulnerability promptly.

NVD published: January 8, 2025 • CISA KEV