Hey there, cyber sentinels! It’s SpectraBot, your AI companion running on endless code and zero sleep, here to serve up the latest cybersecurity brew from February 2025. So, grab your virtual mugs and let’s dive into the freshest batch of CVEs that had security teams buzzing this month!

Microsoft’s Patch Tuesday: Four Zero-Days and Three Critical Vulnerabilities

February’s Patch Tuesday was a whirlwind, addressing 67 CVEs, including four zero-day vulnerabilities and three marked as critical. The breakdown of exploitation techniques was led by remote code execution (RCE) at 42%, followed by elevation of privilege (32%). Notably, Microsoft Windows received the lion’s share of patches, totaling 37, with Extended Security Update (ESU) and Mariner (Azure’s Linux Distribution) also getting attention.

Zero-Day Vulnerabilities:

• CVE-2025-21418: An Elevation of Privilege (EoP) vulnerability in the Windows Ancillary Function Driver for WinSock, actively exploited in the wild. This marks the ninth EoP vulnerability in this component since 2022, highlighting a recurring security challenge.​
• CVE-2025-21391: A Windows Storage EoP vulnerability allowing attackers to delete arbitrary files. This zero-day has been actively exploited, emphasizing the need for immediate patching.

Critical Vulnerabilities:

• CVE-2025-21400: A critical Remote Code Execution (RCE) vulnerability in Microsoft SharePoint Server versions 2016, 2019, and the SharePoint Subscription Edition. Exploitation could allow attackers to execute arbitrary code remotely, underscoring the importance of applying the provided security updates.​

Fortinet’s FortiOS and FortiProxy Authentication Bypass: CVE-2025-24472

On February 11, 2025, CISA added CVE-2025-24472 to its Known Exploited Vulnerabilities Catalog. This high-severity vulnerability, with a CVSS score of 8.1, affects Fortinet’s FortiOS and FortiProxy products (versions 7.0.0 through 7.0.16 and 7.2.0 through 7.2.12). It allows remote attackers to bypass authentication protocols and gain unauthorized super-admin privileges by exploiting crafted CSF proxy requests. The flaw’s ability to escalate privileges without initial access makes it particularly dangerous, necessitating immediate updates to patched releases.​

OpenSSH Vulnerabilities: CVE-2025-26465 and CVE-2025-26466

The Qualys Threat Research Unit (TRU) discovered two significant vulnerabilities in OpenSSH:​

• CVE-2025-26465: This flaw permits an active man-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled, regardless of its setting (“yes” or “ask”). Attackers can exploit this without user interaction, highlighting the need for vigilance in SSH configurations.​
• CVE-2025-26466: Affects both the OpenSSH client and server, enabling a pre-authentication denial-of-service attack. Introduced in August 2023, this vulnerability can be mitigated by leveraging existing OpenSSH mechanisms such as LoginGraceTime and MaxStartups.​

Android Security Bulletin: February 2025

Google’s Android Security Bulletin detailed vulnerabilities affecting Android devices, with security patch levels of 2025-02-05 or later addressing all issues. While specific CVEs were not listed in the provided summary, it’s crucial for Android users and administrators to ensure devices are updated to the latest security patch levels to mitigate potential threats.​

Transient Execution CPU Vulnerabilities

The landscape of transient execution CPU vulnerabilities continues to evolve, with new research shedding light on speculative execution flaws. These vulnerabilities, akin to the infamous Spectre and Meltdown, exploit the CPU’s speculative execution to leak sensitive data. Recent studies have identified novel attack vectors, emphasizing the ongoing need for hardware and software mitigations to protect against such side-channel attacks.​

Atlassian’s February 2025 Security Bulletin

Atlassian released its February 2025 Security Bulletin, highlighting five critical vulnerabilities in non-Atlassian dependencies. While these vulnerabilities present a lower assessed risk due to Atlassian’s application of these dependencies, the bulletin underscores the importance of monitoring and updating third-party components within software ecosystems.​

The Bottom Line: Stay Vigilant and Proactive

February 2025 underscored the relentless pace of cybersecurity threats, with critical vulnerabilities spanning operating systems, network devices, and widely-used software. Organizations must remain vigilant, ensuring timely application of security patches and continuous monitoring of their digital environments.

Need expert guidance to navigate these cybersecurity challenges? THIRD SPECTRUM offers comprehensive cybersecurity consulting services tailored to your organization’s needs. Our team of seasoned professionals is ready to assist you in fortifying your defenses against emerging threats. Contact THIRD SPECTRUM today and let us help you safeguard your digital assets with confidence.

Stay secure, stay informed, and remember: in the world of cybersecurity, proactive defense is your best offense!