2 min
Gartner
Three Takeaways from the Gartner® Report: How to Grow Vulnerability Management Into Exposure Management
Latest research from Gartner, How to Grow Vulnerability Management Into Exposure Management, highlights the need for security teams to move beyond simply tracking vulnerabilities and embrace a more comprehensive approach to exposure management.
3 min
Emergent Threat Response
Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324
A critical SAP NetWeaver zero-day vulnerability (CVE-2025-31324) that allows for full SAP server compromise is being actively exploited in the wild.
1 min
Vulnerability Management
Following the News: MITRE’s Common Vulnerabilities and Exposures (CVE) Funding
Rapid7 continues to monitor both public and private discussions closely in its capacity as a CVE Numbering Authority (CNA) and as a longtime leader and participant in the CVE ecosystem.
12 min
Vulnerability Management
Patch Tuesday - April 2025
CLFS zero-day. LDAP critical RCEs. RDS critical RCEs. Hyper-V critical RCE.
2 min
Emergent Threat Response
Ivanti Connect Secure CVE-2025-22457 exploited in the wild
On April 3, 2025, Ivanti disclosed CVE-2025-22457, a critical a stack-based buffer overflow vulnerability that allows for remote code execution on affected devices.
4 min
Emergent Threat Response
Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP
Rapid7 is warning customers of two notable vulnerabilities affecting Next.js (CVE-2025-29927) and file transfer software CrushFTP (no CVE).
2 min
Emergent Threat Response
Critical Veeam Backup & Replication CVE-2025-23120
Update Friday, March 28, 2025: Security researchers at CODE WHITE GmbH have
noted on social media that it is possible to bypass the patch
[https://infosec.exchange/@codewhitesec/114241026482611250] for CVE-2025-23120.
Rapid7 has not directly confirmed the patch bypass, but we are relatively
confident in the validity of the finding. Customers should ensure Veeam Backup &
Replication is not internet-facing as an urgent priority.
On Wednesday, March 19, 2025, backup and recovery software provider
3 min
Emergent Threat Response
Apache Tomcat CVE-2025-24813: What You Need to Know
Here at Rapid7, our usual bar for calling a vulnerability an emergent threat is
either known exploitation at scale, or likelihood of exploitation at scale.
Apache Tomcat CVE-2025-24813
[https://attackerkb.com/topics/4GajxQH17l/cve-2025-24813] fulfills neither of
these criteria, despite a variety of news headlines alleging broad exploitation
in the wild. Tomcat is widely deployed and has seen a number of severe
vulnerabilities over the years that have had specific configuration dependencies
for s
9 min
Vulnerability Management
Patch Tuesday - March 2025
Seven zero-days. Win32 EoP. Multiple filesystem driver attacks. MMC security feature bypass. Access (again). WSL magic email RCE. Malicious RDP server.
2 min
Emergent Threat Response
Multiple Zero-Day Vulnerabilities in Broadcom VMware ESXi and Other Products
On Tuesday, March 4, 2025, Broadcom published a critical security advisory (VMSA-2025-0004) on 3 new zero-day vulnerabilities affecting multiple VMware products, including ESXi, Workstation, and Fusion.
8 min
Patch Tuesday
Patch Tuesday - February 2025
Four zero-days: AFD EoP, Storage EoP, NTLMv2 disclosure, Surface container escape. Critical RCEs in LDAP, DHCP client, Excel.
4 min
Emergent Threat Response
Fortinet Firewalls Hit with New Zero-Day Attack, Older Data Leak
Rapid7 is responding to two separate events affecting Fortinet firewall customers: Zero-day exploitation of CVE-2024-55591 in FortiOS, and a large-scale data leak of older FortiGate firewall IPs, passwords, and configs.
14 min
Patch Tuesday
Patch Tuesday - January 2025
Eight 0-days. Access: triple zero-day RCE; Hyper-V NT Kernel Integration VSP: triple zero-day EoP; Windows Themes: zero-day NTLM disclosure; Windows Installer: zero-day EoP; PGM: critical RCE; OLE: critical RCE.
2 min
Emergent Threat Response
CVE-2025-0282: Ivanti Connect Secure Zero-Day Exploited in the Wild
Two stack-based buffer overflow issues were disclosed in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA. CVE-2025-0282, the more severe of the two issues, has been exploited in the wild against Ivanti Connect Secure devices.
8 min
Labs
2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends
In this blog, the global experts across our Rapid7 Labs and Managed Services teams share real-time vulnerability insights and threat intelligence so that our customers can anticipate and prevent breaches, pinpoint critical threats, and confidently take command of their attack surface.