AppCheck presents our weekly roundup of critical vulnerabilities being actively exploited ‘in the wild’ by organised threat actors, during the week ending 21st March 2025. Organisations in both the public and private sectors can use the list each week as an input to their vulnerability management prioritisation framework: ‘Known Exploited Vulnerabilities’ are vulnerabilities that are confirmed as being actively used to target and exploit organisations around the globe within the last seven days. As such, they represent perhaps the greatest ongoing cybersecurity risk to businesses, and a very real and present threat. The vulnerabilities are often being exploited by highly organised criminal groups for direct financial gain, via techniques such as malware and ransomware installation. AppCheck summarises the details of each known ongoing exploitation below, but for full details – including impact, versions affected, and any remediation or mitigation guidance – check out AppCheck’s free ‘Detections Service’ at https://detections.appcheck-ng.com/ – you can click on the title of any of the exploitations below to see more information from this service.
This week: CISA expanded its Known Exploited Vulnerabilities (KEV) catalog, emphasising the ongoing threat of active exploitation and urging swift mitigation. The newly listed vulnerabilities impact major vendors such as Juniper, Apple, Fortinet, and SAP, making them high-priority targets for attackers. Notably, the list also includes less conventional targets, such as NAKIVO backup software, an IP camera from Edimax, and even a case of attackers injecting malicious code into a GitHub repository.
CISA (America’s Cyber Defense Agency) maintains a catalogue of ‘KEV’s (Known Exploited Vulnerabilities), publishing alerts of known exploitations on an often-daily basis. Although intended primarily as advisories for US governmental and federal agencies, the list is openly published for the benefit of the wider cybersecurity community and network defenders, and to help every organisation better manage vulnerabilities to keep pace with a volatile and shifting threat landscape.
Attackers have successfully exploited a flaw in Juniper’s Junos OS, injecting arbitrary code due to improper isolation. This has led to unauthorized control over affected systems.
A WebKit vulnerability has been actively exploited across multiple Apple operating systems. Attackers have crafted malicious web content to break out of web sandboxes, compromising user security.
Threat actors have exploited a vulnerability in the Changed-Files GitHub Action to extract sensitive credentials from action logs. Stolen data includes AWS access keys, GitHub tokens, npm credentials, and private RSA keys.
Attackers have actively exploited an authentication bypass in Fortinet’s FortiOS and FortiProxy, gaining super-admin privileges. Exploitation has resulted in ransomware deployments on compromised devices.
An old but still-exploited vulnerability in SAP NetWeaver has been used to access sensitive files through directory traversal. Attackers have successfully extracted confidential information.
Cybercriminals have exploited a path traversal flaw in NAKIVO Backup and Replication software to gain administrative credentials. This has led to remote code execution on affected systems.
A command injection vulnerability in Edimax IC-7100 IP cameras has been actively exploited. Attackers have executed remote code, compromising surveillance systems.
To keep up to date with future high-profile advisories for critical ongoing exploitations that may threaten your technical estate, tune in next Friday for next week’s KEV roundup.
AppCheck now offers additional coverage of critical security updates from several key vendors too, including:
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
No software to download or install.
Contact us or call us 0113 887 8380
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorised by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA)
