ZDI: Upcoming Advisories The following is a list of vulnerabilities discovered by Zero Day Initiative researchers that are yet to be publicly disclosed. The affected vendor has been contacted on the specified date and while they work on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by IPS filters delivered ahead of public disclosure. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor’s fixes.
- ZDI-CAN-25862: Ashlar-Vellumon December 19, 2024 at 6:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2024-12-19, 2 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25710: Fortineton December 19, 2024 at 6:00 am
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Alexander Staalgaard’ was reported to the affected vendor on: 2024-12-19, 2 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25756: Ashlar-Vellumon December 19, 2024 at 6:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2024-12-19, 2 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25779: Canonon December 19, 2024 at 6:00 am
A CVSS score 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘YingMuo (@YingMuo) working with DEVCORE Internship Program.’ was reported to the affected vendor on: 2024-12-19, 2 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25972: Ashlar-Vellumon December 19, 2024 at 6:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2024-12-19, 2 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25755: Ashlar-Vellumon December 19, 2024 at 6:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2024-12-19, 2 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25945: Ashlar-Vellumon December 19, 2024 at 6:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2024-12-19, 2 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25681: Trend Microon December 19, 2024 at 6:00 am
A CVSS score 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by ‘NT AUTHORITY\ANONYMOUS LOGON’ was reported to the affected vendor on: 2024-12-19, 2 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25953: Ivantion December 19, 2024 at 6:00 am
A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Kevin Salapatek’ was reported to the affected vendor on: 2024-12-19, 2 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25944: Ashlar-Vellumon December 19, 2024 at 6:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2024-12-19, 2 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25943: Ashlar-Vellumon December 19, 2024 at 6:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2024-12-19, 2 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25812: Appleon December 19, 2024 at 6:00 am
A CVSS score 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-12-19, 2 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25587: QNAPon December 19, 2024 at 6:00 am
A CVSS score 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Corentin “@OnlyTheDuck” BAYET from REverse Tactics’ was reported to the affected vendor on: 2024-12-19, 2 days ago. The vendor is given until 2025-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25849: Lexmarkon December 18, 2024 at 6:00 am
A CVSS score 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘nella17 (@nella17tw), working with DEVCORE Internship Program, and DEVCORE Research Team’ was reported to the affected vendor on: 2024-12-18, 3 days ago. The vendor is given until 2025-04-17 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25788: Oracleon December 18, 2024 at 6:00 am
A CVSS score 7.5 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Emad Al-Mousa’ was reported to the affected vendor on: 2024-12-18, 3 days ago. The vendor is given until 2025-04-17 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25951: Autodeskon December 18, 2024 at 6:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2024-12-18, 3 days ago. The vendor is given until 2025-04-17 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25952: Autodeskon December 18, 2024 at 6:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2024-12-18, 3 days ago. The vendor is given until 2025-04-17 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25989: Autodeskon December 18, 2024 at 6:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2024-12-18, 3 days ago. The vendor is given until 2025-04-17 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24122: Appletonon December 17, 2024 at 6:00 am
A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘kimiya’ was reported to the affected vendor on: 2024-12-17, 4 days ago. The vendor is given until 2025-04-16 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25847: QNAPon December 13, 2024 at 6:00 am
A CVSS score 7.1 AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘nella17 (@nella17tw), working with DEVCORE Internship Program, and DEVCORE Research Team’ was reported to the affected vendor on: 2024-12-13, 8 days ago. The vendor is given until 2025-04-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25846: QNAPon December 13, 2024 at 6:00 am
A CVSS score 5.0 AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by ‘nella17 (@nella17tw), working with DEVCORE Internship Program, and DEVCORE Research Team’ was reported to the affected vendor on: 2024-12-13, 8 days ago. The vendor is given until 2025-04-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25406: Delta Electronicson December 12, 2024 at 6:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘kimiya’ was reported to the affected vendor on: 2024-12-12, 9 days ago. The vendor is given until 2025-04-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25971: Autodeskon December 12, 2024 at 6:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mat Powell of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-12-12, 9 days ago. The vendor is given until 2025-04-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25968: Autodeskon December 12, 2024 at 6:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mat Powell of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-12-12, 9 days ago. The vendor is given until 2025-04-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25970: Autodeskon December 12, 2024 at 6:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Mat Powell of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2024-12-12, 9 days ago. The vendor is given until 2025-04-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25848: Lexmarkon December 12, 2024 at 6:00 am
A CVSS score 6.3 AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by ‘nella17 (@nella17tw), working with DEVCORE Internship Program, and DEVCORE Research Team’ was reported to the affected vendor on: 2024-12-12, 9 days ago. The vendor is given until 2025-04-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25865: Sonoson December 11, 2024 at 6:00 am
A CVSS score 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Cody Gallagher and Charlie Waters’ was reported to the affected vendor on: 2024-12-11, 10 days ago. The vendor is given until 2025-04-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25740: X.Orgon December 11, 2024 at 6:00 am
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Jan-Niklas Sohn’ was reported to the affected vendor on: 2024-12-11, 10 days ago. The vendor is given until 2025-04-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25872: Rockwell Automationon December 11, 2024 at 6:00 am
A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by ‘Nikolai Skliarenko of Trend Micro Security Research’ was reported to the affected vendor on: 2024-12-11, 10 days ago. The vendor is given until 2025-04-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-25791: Hewlett Packard Enterpriseon December 11, 2024 at 6:00 am
A CVSS score 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2024-12-11, 10 days ago. The vendor is given until 2025-04-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.