Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing the outside attack surface. Netizen’s Security Operations Center (SOC) has compiled five critical vulnerabilities from March that should be immediately patched or addressed if present in your environment. Detailed writeups below:
CVE-2025-26633
CVE-2025-26633 is a high-severity vulnerability affecting the Microsoft Management Console (MMC). It arises from improper neutralization, allowing an unauthorized attacker to bypass a security feature when exploiting the flaw locally.
This vulnerability was included in Microsoft’s March 2025 Patch Tuesday, which addressed 56 CVEs. Notably, it was actively exploited in the wild before a patch was released. Reports indicate that the Russian ransomware group EncryptHub leveraged this zero-day in targeted attacks, potentially as early as 2023.
Security researchers have linked the exploitation of CVE-2025-26633 to advanced persistent threat (APT) groups, with campaigns designed to escalate privileges and facilitate ransomware deployment. Given its active exploitation, organizations are strongly urged to apply Microsoft’s security update immediately. Additionally, endpoint monitoring, behavior-based threat detection, and access control reviews can help mitigate risks associated with privilege escalation vulnerabilities.
CVE-2025-24983
CVE-2025-24983 is a high-severity use-after-free vulnerability in the Windows Win32 Kernel Subsystem that allows an authorized attacker to elevate privileges locally. This flaw was part of Microsoft’s March 2025 Patch Tuesday, which addressed 56 CVEs, including seven zero-day vulnerabilities, with six actively exploited in the wild before patches were available.
Security researchers discovered that this vulnerability had been exploited for nearly two years, dating back to 2023. Reports link its abuse to the EncryptHub ransomware group, which has been observed using zero-days in targeted attacks to escalate privileges and gain deeper access into compromised systems.
Due to its active exploitation, organizations should immediately apply Microsoft’s security patch to mitigate risks. Additional security measures, such as restricting administrative access, enabling advanced threat detection, and monitoring for abnormal process activity, can help prevent potential exploitation of privilege escalation vulnerabilities like CVE-2025-24983.
CVE-2025-24985
CVE-2025-24985 is a high-severity vulnerability in the Windows Fast FAT Driver, classified as an integer overflow or wraparound issue. This flaw enables an unauthorized attacker to execute code locally, potentially leading to escalation of privileges or system compromise.
This vulnerability was part of Microsoft’s March 2025 Patch Tuesday, which addressed 56 CVEs, including seven zero-day flaws, with six already exploited in the wild before patches were released. The vulnerability has been flagged by CISA and security researchers due to its potential use in real-world attacks, particularly by threat actors targeting Windows systems.
Given its severity and the history of zero-day exploitation, organizations should immediately apply the Microsoft security patch to prevent possible exploitation. Additional steps, such as restricting local execution permissions, monitoring file system activity, and deploying endpoint detection tools, can further reduce the risk posed by this vulnerability.
CVE-2025-24472
CVE-2025-24472 is a critical authentication bypass vulnerability affecting FortiOS and FortiProxy. The flaw exists in FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.2.0 through 7.2.12, as well as 7.0.0 through 7.0.19, potentially allowing a remote attacker to gain super-admin privileges by exploiting crafted CSF proxy requests.
This vulnerability has drawn significant attention from security researchers and government agencies, including CISA, due to its potential use in ransomware attacks and other high-profile cyber intrusions. Given its severity and the likelihood of active exploitation, security teams should immediately update to patched versions provided by Fortinet.
Additional mitigation measures include restricting access to administrative interfaces from untrusted networks, monitoring logs for unauthorized authentication attempts, implementing multi-factor authentication wherever possible, and deploying intrusion detection and prevention systems to detect anomalous activity. Organizations using affected versions should prioritize remediation efforts to prevent potential compromise.
CVE-2025-30154
CVE-2025-30154 is a high-severity vulnerability involving a supply chain compromise in the GitHub action reviewdog/action-setup. On March 11, 2025, between 18:42 and 20:31 UTC, malicious code was injected into reviewdog/action-setup@v1, causing it to dump exposed secrets into GitHub Actions Workflow Logs. This compromise also affected other reviewdog actions that rely on reviewdog/action-setup@v1, including reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos, regardless of their specific version or pinning method.
This incident highlights the risks associated with supply chain attacks in continuous integration and deployment (CI/CD) workflows. Developers and organizations using affected reviewdog actions should immediately verify their workflows for potential exposure, rotate any credentials or secrets that may have been leaked, and update to secure versions.
Additional security measures, such as enforcing the use of dependency pinning, scanning for malicious code in third-party actions, and monitoring repository activity for unauthorized changes, can help mitigate future risks.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
