Threat Advisories - NVD Disclosed June 24, 2025

CVE-2025-4378

ATA-AOF Mobile Application Cleartext and Hard-coded Credential Vulnerability

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A vulnerability in the ATA-AOF Mobile Application allows authentication abuse and bypass due to cleartext transmission of sensitive information and hard-coded credentials. This could expose sensitive data and compromise account access if the application is reachable and relevant.

NVD published: June 24, 2025

CVE advisoryCRITICAL

CVE-2025-4383

Art-in Wi-Fi Cloud Hotspot Authentication Abuse Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A critical vulnerability in Wi-Fi Cloud Hotspot may allow authentication bypass or abuse. This issue could enable unauthorized access over the network. It is important to determine if this technology is deployed to assess any potential impact.

NVD published: June 24, 2025

CVE advisoryKnown Exploit

CVE-2025-32975

Quest KACE SMA Authentication Bypass Allows Unauthorized Access.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Quest's KACE Systems Management Appliance enables attackers to bypass authentication and impersonate users, potentially leading to administrative takeover of systems. This poses a business risk by compromising data and operational control. Organizations should prioritize applying vendor-supplied patc

NVD published: June 24, 2025 • CISA KEV