Threat Advisories - NVD Disclosed January 14, 2025

CVE-2025-21335

Windows Hyper-V Elevation of Privilege Vulnerability.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Windows Hyper-V allows a local attacker to escalate privileges, potentially impacting system integrity and data confidentiality. Organizations using affected Windows versions should apply vendor-provided updates to mitigate this risk.

NVD published: January 14, 2025 • CISA KEV

CVE advisoryKnown Exploit

CVE-2025-21334

Windows Hyper-V Elevation of Privilege Vulnerability.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Windows Hyper-V's NT Kernel Integration VSP could allow a local attacker to elevate privileges to SYSTEM level on affected systems. This could impact data integrity and system control. The risk is internal, requiring local access for exploitation, but is listed in the Known Exploited Vulnerabilities

NVD published: January 14, 2025 • CISA KEV

CVE advisoryKnown Exploit

CVE-2025-21333

Windows Hyper-V Privilege Escalation Vulnerability.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Windows Hyper-V's NT Kernel Integration VSP allows local attackers to elevate privileges. This could result in unauthorized system control and data compromise, posing a business risk.

NVD published: January 14, 2025 • CISA KEV

CVE advisoryKnown Exploit

CVE-2024-13161

Ivanti Endpoint Manager: Information Disclosure Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An absolute path traversal vulnerability in Ivanti Endpoint Manager allows unauthenticated attackers to leak sensitive information. This impacts affected organizations by exposing confidential data. The realistic business risk involves potential unauthorized access to organizational information.

NVD published: January 14, 2025 • CISA KEV

CVE advisoryKnown Exploit

CVE-2024-13160

A risk advisory title for this CVE is: Ivanti Endpoint Manager Information Disclosure via Path Traversal.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An absolute path traversal vulnerability in Ivanti Endpoint Manager allows remote, unauthenticated attackers to leak sensitive information. This impacts organizations by potentially exposing confidential data, which could lead to business risk.

NVD published: January 14, 2025 • CISA KEV

CVE advisoryKnown Exploit

CVE-2024-13159

Ivanti Endpoint Manager Information Leakage Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An absolute path traversal flaw in Ivanti Endpoint Manager allows unauthenticated remote attackers to leak sensitive information. This can expose organizational data to unauthorized parties, posing a business risk.

NVD published: January 14, 2025 • CISA KEV

CVE advisoryKnown Exploit

CVE-2024-55591

Fortinet Authentication Bypass Vulnerability.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

An authentication bypass flaw affects FortiOS and FortiProxy, potentially allowing attackers to gain super-admin privileges. This vulnerability, exploited via crafted requests, poses a significant risk by enabling unauthorized access and control over network resources. Organizations should address this issue promptly.

NVD published: January 14, 2025 • CISA KEV