Security Vulnerabilities - CVEs Published In March 2025
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-03-11
Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-03-11
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVSS Score
4.3
EPSS Score
0.003
Published
2025-03-11
Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally.
CVSS Score
6.7
EPSS Score
0.001
Published
2025-03-11
Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-03-11
Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.
CVSS Score
7.8
EPSS Score
0.004
Published
2025-03-11
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
4.8
EPSS Score
0.001
Published
2025-03-11
Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-03-11
Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or delete content or media held within folders the editor does not have access to. The issue is patched in versions 10.8.9 and 13.7.1. No known workarounds are available.
CVSS Score
4.9
EPSS Score
0.002
Published
2025-03-11
Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue.
CVSS Score
6.3
EPSS Score
0.005
Published
2025-03-11