Threat Intelligence

ToolShell in the Wild: Microsoft SharePoint Zero-Day (CVE-2025-53770 & CVE-2025-53771)

Threat Intelligence / Vulnerabilities & Exploits

What You Need To Know

Microsoft's zero-day vulnerability chain–codenamed ToolShell–combines CVE-2025-53770 (deserialization) and CVE-2025-53771 (authentication bypass) to enable unauthenticated remote code execution (RCE) on on-premises SharePoint Server. This exploit actively used by threat actors and has caused widespread compromise.

PostgreSQL SQL Injection Flaw (CVE-2025-27741) Exposes Databases to Data Theft

PostgreSQL users should update immediately to address CVE-2025-27741, a SQL injection flaw that could allow attackers to steal, alter, or delete sensitive data through unsafe query handling.

VMware ESXi Remote Code Execution (CVE-2025-26012): Hypervisor Security in the Crosshairs

VMware ESXi users are urged to patch immediately after the discovery of CVE-2025-26012, a critical RCE flaw that could allow attackers to seize control of entire virtualized environments from a single network request.

Cisco IOS XE Privilege Escalation (CVE-2025-30041): From User to Root in One Step

Cisco has patched a high-severity flaw in IOS XE that lets attackers with local credentials escalate to root privileges. CVE-2025-30041 puts enterprise routers, switches, and wireless controllers at risk of complete takeover.

What You Need To Know

Read next