NVD disclosure day

Published threat advisories for March 12, 2025

CVE advisoryKnown Exploit

CVE-2025-27915

Zimbra Collaboration Cross-Site Scripting Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A vulnerability in Zimbra Collaboration Suite's Classic Web Client allows attackers to execute arbitrary JavaScript by embedding malicious content in ICS files. This can lead to unauthorized actions on user accounts, such as email redirection or data exfiltration, posing a business risk to affected organizations.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2025-21590

Juniper Junos OS Local Privilege Escalation Vulnerability.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Juniper Networks Junos OS allows a local, privileged attacker to compromise device integrity and inject code. This impacts organizations using affected Junos OS versions, posing a risk to system integrity. The exploit requires direct shell access and is not accessible via the CLI.

NVD published: • CISA KEV