NVD disclosure day
CVE-2025-31161
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
An authentication bypass vulnerability exists in CrushFTP, potentially allowing unauthorized access to administrative accounts and full system compromise. This presents a significant business risk due to the ease of exploitation and potential for data breaches. Organizations should identify and update affected software
CVE-2025-30406
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A deserialization vulnerability in CentreStack, stemming from a hardcoded machine key, allows attackers to achieve remote code execution. This poses a business risk by potentially compromising system integrity and sensitive data.
CVE-2025-22457
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A remote, unauthenticated attacker can exploit a buffer overflow vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways to execute code. This poses a risk to organizations by potentially allowing unauthorized access and control of affected systems.