Published threat advisories for March 11, 2025

A WebKit vulnerability allows malicious web content to escape security sandboxes on Apple devices. This could lead to unauthorized actions impacting affected organizations and their data. Prompt application of vendor updates is recommended to mitigate business risk.

NVD published: March 11, 2025 • CISA KEV

A security flaw in the Microsoft Management Console allows local attackers to bypass security features, potentially impacting data confidentiality, integrity, and availability. This poses a risk to affected Windows systems.

NVD published: March 11, 2025 • CISA KEV

A vulnerability in Windows NTFS allows local attackers to execute code, potentially compromising systems and data. Affected organizations face business risk from unauthorized access and control of local systems. Prioritizing remediation is advised.

NVD published: March 11, 2025 • CISA KEV

A vulnerability in Windows NTFS allows an authorized local attacker to read sensitive information. This impacts data confidentiality and poses a business risk. The exposure is classified as internal, meaning an attacker requires existing system access.

NVD published: March 11, 2025 • CISA KEV

An integer overflow in the Windows Fast FAT driver allows an unauthorized local attacker to execute code. This impacts systems running affected Windows versions, posing a risk of unauthorized access and modification of data, and could compromise system integrity.

NVD published: March 11, 2025 • CISA KEV

A vulnerability in Windows NTFS allows an attacker with physical access to disclose sensitive information from log files. This impacts organizations by potentially exposing confidential data, posing a risk to data privacy and integrity.

NVD published: March 11, 2025 • CISA KEV

A vulnerability in the Windows Win32 Kernel Subsystem allows an authorized local attacker to elevate privileges, potentially impacting system control and data integrity. This risk necessitates prompt remediation to protect organizational assets.

NVD published: March 11, 2025 • CISA KEV

A network spoofing vulnerability in Windows NTLM allows unauthorized attackers to manipulate file names or paths. This could lead to unauthorized actions and potential data breaches within affected organizations. The business risk is associated with the potential for attackers to impersonate legitimate users over a net

NVD published: March 11, 2025 • CISA KEV

A vulnerability in the FreeType library allows for arbitrary code execution when processing specific font files. This could impact organizations by compromising systems and leading to data breaches. Business risk is elevated as this flaw may already be exploited in the wild.

NVD published: March 11, 2025 • CISA KEV

A vulnerability in AMI's SPx allows remote attackers to bypass authentication on server management interfaces, potentially leading to data loss or system compromise. Organizations using affected systems should prioritize applying vendor updates and restricting network access to the management interface. The risk to bus

NVD published: March 11, 2025 • CISA KEV