Threat Advisories - NVD Disclosed April 25, 2025

CVE-2025-3935

ScreenConnect: Code Injection Risk from ViewState Compromise.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Certain versions of ScreenConnect software face a code injection risk if privileged machine keys are compromised, potentially allowing remote code execution on affected servers. This stems from platform-level behavior, not a direct software flaw. A patch is available that addresses this risk.

NVD published: April 25, 2025 • CISA KEV

CVE advisoryKnown Exploit

CVE-2025-3928

Commvault Web Server Vulnerability Allows Webshell Creation.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in the Commvault Web Server allows authenticated attackers to create and execute webshells, potentially leading to system compromise and unauthorized access. This poses a business risk to organizations relying on Commvault for data management.

NVD published: April 25, 2025 • CISA KEV

CVE advisoryKnown Exploit

CVE-2025-32432

Craft CMS Remote Code Execution Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A remote code execution vulnerability exists in Craft CMS. Affected organizations face risks of system compromise and data breaches due to this high-impact, low-complexity attack vector. Remediation is advised through vendor-provided patches.

NVD published: April 25, 2025 • CISA KEV