Threat Intelligence Report

Today's security landscape has unveiled several critical and high-severity vulnerabilities, with the potential to pose significant threats if left unaddressed. Firstly, a critical vulnerability has been discovered in Quick Agent Software, potentially exposing Ricoh Multifunction Printers (MFPs) to remote attacks. This vulnerability, if exploited, could allow unauthorized users to gain control of the device, which could lead to data theft or malware deployment. Another severe vulnerability, CVE-2025-3200, has been identified in Wiesemann & Theis Com-Server devices, caused by the use of deprecated TLS protocols. This vulnerability could allow attackers to intercept and decipher encrypted data, jeopardizing the integrity and confidentiality of information transmitted through these devices.

Further, Quantum, a leading expert in scale-out storage, archive and data protection, has issued a critical patch to address Remote Code Execution (RCE) vulnerabilities (CVE-2025-46616, CVE-2025-46617) in its StorNext Graphical User Interface (GUI). Without this patch, attackers could exploit these vulnerabilities to execute arbitrary code, leading to a complete system compromise. In addition, a minuscule but potent bug in the Linux Kernel, CVE-2025-21756, can lead to a full root exploit, with proofs of concept (PoCs) already being released. This vulnerability, if left unpatched, could provide attackers with the highest level of access to the Linux system, leading to potential unauthorized data access or system manipulation.

Lastly, Apache Tomcat has remediated two significant flaws that could have enabled Denial of Service (DoS) attacks and bypass of rewrite rules, potentially impacting the availability and security of web applications. In contrast, a zero-click NTLM Authentication Bypass has been discovered in Microsoft Telnet Server, with PoCs released. Unfortunately, no patch is currently available for this issue, which could allow an attacker to bypass authentication procedures and gain unauthorized access to systems and sensitive information. These

The security landscape on this April 29, 2025, is marked by several critical and high-severity vulnerabilities, active threats, and significant security events. One of the most serious vulnerabilities is found in the Quick Agent Software, which exposes Ricoh MFPs to remote attacks. This vulnerability allows attackers to gain unauthorized access and to remotely control the affected devices. The potential impact of this vulnerability is significant, given the widespread use of Ricoh MFPs in various industries. Businesses and organizations that rely on these devices should promptly apply any available patches or follow recommended mitigation strategies to protect their networks. In addition, Wiesemann & Theis Com-Server Devices suffer from a critical vulnerability (CVE-2025-3200) due to their use of deprecated TLS protocols. The vulnerability exposes these devices to potential attacks, which could compromise the integrity, confidentiality, and availability of the information they handle. It is crucial for organizations using these devices to update their protocols and apply patches as soon as possible. Similarly, Quantum's StorNext GUI is affected by two critical remote code execution vulnerabilities (CVE-2025-46616, CVE-2025-46617). These vulnerabilities allow an attacker to execute arbitrary code on the target system, potentially leading to a complete system takeover. Quantum has already issued a critical patch, and all users are strongly advised to apply the update without delay. A tiny bug in the Linux kernel (CVE-2025-21756) has led to a full root exploit, with proof of concept (PoC) releases now available. This vulnerability can allow an attacker to gain root access, thereby taking full control of the system. Given the ubiquity of Linux-based systems and the severity of this vulnerability, it is crucial for all users to update their systems immediately. The Apache Tomcat security update fixes two vulnerabilities that could lead to denial of service (DoS) and rewrite rule bypass flaws. These vulnerabilities could disrupt services and bypass security measures, potentially leading to unauthorized access to sensitive data. Users of Apache Tomcat should apply this update as soon as possible to mitigate these risks. Lastly, a 0-click NTLM authentication bypass vulnerability affects the Microsoft Telnet Server. With PoC releases now available and no patch yet released, this vulnerability poses a significant risk. It allows an attacker to bypass authentication mechanisms, potentially gaining unauthorized access to systems and data. Users are advised to keep a close eye on updates from Microsoft and to consider temporary mitigation strategies until a patch is released. In conclusion, today's security landscape is marked by a number of serious vulnerabilities and potential threats. It is crucial for organizations to stay informed about these developments and take prompt action to protect their systems and data.