NVD disclosure day
CVE-2025-21418
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A privilege escalation vulnerability exists in the Windows Ancillary Function Driver for WinSock. This allows a local attacker to gain higher system permissions, potentially leading to unauthorized access and control of affected systems. This elevates business risk for organizations with unpatched systems.
CVE-2025-21391
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A Windows Storage vulnerability allows local privilege escalation, potentially leading to data deletion and service disruption. This poses a business risk to the integrity and availability of affected Windows systems.
CVE-2025-24472
Halo Surface Signal: 3 out of 5 — possibly public-facing.
A vulnerability in FortiOS and FortiProxy may allow an unauthenticated attacker to gain elevated administrative privileges. Exploitation requires knowledge of device serial numbers and the Security Fabric to be enabled, leading to unauthorized administrative control. The realistic business risk involves potential disru