Cyber Exposure Alerts

A recently disclosed vulnerability affecting MongoDB instances has been reportedly exploited in the wild. Exploit code has been released for this flaw dubbed MongoBleed.Key takeaways:MongoBleed is a memory leak vulnerability affecting multiple versions of MongoDB. Exploitation of MongoDB has been observed and exploit code is publicly available . Immediate patching is recommended as the combination of public exploit code and a high number of potentially affected internet connected instances make this a flaw attackers will be targeting.BackgroundOn December 19, MongoDB issued a security advisory to address a vulnerability affecting the zlib implementation of MongoDB.CVEDescriptionCVSSv3VPRCVE-2025-14847MongoDB Uninitialized Memory Leak Vulnerability (“MongoBleed”)7.58.0*Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly. This blog post was published on December 29 and reflects VPR at that time.AnalysisCVE-2025-14847 is a memory leak vulnerability affecting MongoDB instances in which zlib compression is enabled. A flaw in how MongoDB implements zlib decompression could allow unauthenticated attackers to leak uninitialized memory, which can contain sensitive data including credentials, session tokens and API keys. This flaw was dubbed “MongoBleed” by Elastic Security researcher Joe Desimone, who published a proof-of-concept demonstrating the vulnerability. While exploitation does require zlib compression to be enabled and a vulnerable MongoDB version to be internet exposed, reports of in the wild exploitation have already begun.According to Censys, there are over 87,000 potentially vulnerable instances of MongoDB that have been identified, with the largest concentration being found in the United States.Source: CensysProof of conceptOn December 25, a public proof-of-concept (PoC) was released on GitHub. This PoC demonstrates how data can be leaked from uninitialized memory. According to the PoC details, the following data could be leaked:MongoDB internal logs and stateWiredTiger storage engine configurationSystem /proc data (meminfo, network stats)Docker container pathsConnection UUIDs and client IPsSolutionMongoDB has released patches to address this vulnerability as outlined in the table below:Affected VersionFixed VersionMongoDB Server v3.6 (All Versions)Upgrade to MongoDB 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, 4.4.30 or laterMongoDB Server v4.0 (All Versions)Upgrade to MongoDB 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, 4.4.30 or laterMongoDB Server v4.2 (All Versions)Upgrade to MongoDB 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, 4.4.30 or laterMongoDB 4.4.0 through 4.4.29Upgrade to MongoDB 4.4.30 or laterMongoDB 5.0.0 through 5.0.31Upgrade to MongoDB 5.0.32 or laterMongoDB 6.0.0 through 6.0.26Upgrade to MongoDB 6.0.27 or laterMongoDB 7.0.0 through 7.0.26Upgrade to MongoDB 7.0.28 or laterMongoDB 8.0.0 through 8.0.16Upgrade to MongoDB 8.0.17 or laterMongoDB 8.2.0 through 8.2.2Upgrade to MongoDB 8.2.3 or laterAccording to the MongoDB security advisory, if immediate patching is not able to be performed, the workaround suggestion is to disable zlib compression. In addition, we recommend that you limit network access to MongoDB instances to trusted IP addresses only. While this step was not outlined in the advisory, it has been recommended as a security best practice by MongoDB.Identifying affected systemsA list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2025-14847 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.Tenable Attack Surface Management customers are able to identify assets running MongoDB services by using the filter ‘Services contains mongod’ as shown in the screenshot below: Get more informationMongoDB Security AdvisoryCensys: MongoBleed – Critical MongoDB Uninitialized Memory Disclosure Vulnerability [CVE-2025-14847]Join Tenable’s Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

A zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild in a chained attack with CVE-2025-23006.Key takeaways:CVE-2025-40602 is a local privilege escalation vulnerability in the appliance management console (AMC) of the SonicWall SMA 1000 appliance. CVE-2025-40602 has been exploited in a chained attack with CVE-2025-23006, a deserialization of untrusted data vulnerability patched in January. A list of Tenable plugins for this vulnerability can be found on the individual CVE pages for CVE-2025-40602 and CVE-2025-23006.BackgroundOn December 17, SonicWall published a security advisory (SNWLID-2025-0019) for a newly disclosed vulnerability in its Secure Mobile Access (SMA) 1000 product, a remote access solution.CVEDescriptionCVSSv3CVE-2025-40602SonicWall SMA 1000 Privilege Escalation Vulnerability6.6AnalysisCVE-2025-40602 is a local privilege escalation vulnerability in the appliance management console (AMC) of the SonicWall SMA 1000 appliance. An authenticated, remote attacker could exploit this vulnerability to escalate privileges on an affected device. While on its own, this flaw would require authentication in order to exploit, the advisory from SonicWall states that CVE-2025-40602 has been exploited in a chained attack with CVE-2025-23006, a deserialization of untrusted data vulnerability patched in January. The combination of these two vulnerabilities would allow an unauthenticated attacker to execute arbitrary code with root privileges.According to SonicWall, “SonicWall Firewall products are not affected by this vulnerability.”Historical exploitation of SonicWall vulnerabilitiesSonicWall products have been a frequent target for attackers over the years. Specifically, the SMA product line has been targeted in the past by ransomware groups, as well as being featured in the Top Routinely Exploited Vulnerabilities list co-authored by multiple United States and International Agencies.Earlier this year, an increase in ransomware activity tied to SonicWall Gen 7 Firewalls was observed. While initially it was believed that a new zero-day may have been the root cause, SonicWall later provided a statement noting that exploitation activity was in relation to CVE-2024-40766, an improper access control vulnerability which had been observed to have been exploited in the wild. More information on this can be found on our blog.Given the past exploitation of SonicWall devices, we put together the following list of known SMA vulnerabilities that have been exploited in the wild:CVEDescriptionTenable Blog LinksYearCVE-2019-7481SonicWall SMA100 SQL Injection Vulnerability12019CVE-2019-7483SonicWall SMA100 Directory Traversal Vulnerability-2019CVE-2021-20016SonicWall SSLVPN SMA100 SQL Injection Vulnerability1, 2, 3, 4, 52021CVE-2021-20038SonicWall SMA100 Stack-based Buffer Overflow Vulnerability1, 2, 32021CVE-2025-23006SonicWall SMA 1000 Deserialization of Untrusted Data Vulnerability12025CVE-2024-40766SonicWall SonicOS Improper Access Control Vulnerability12025Proof of conceptAt the time this blog was published, no proof-of-concept (PoC) code had been published for CVE-2025-40602. If and when a public PoC exploit becomes available for CVE-2025-40602, we anticipate a variety of attackers will attempt to leverage this flaw as part of their attacks.SolutionSonicWall has released patches to address this vulnerability as outlined in the table below:Affected VersionFixed Version12.4.3-03093 and earlier12.4.3-0324512.5.0-02002 and earlier12.5.0-02283The advisory also provides a workaround to reduce potential impact. This involves restricting access to the AMC to trusted sources. We recommend reviewing the advisory for the most up to date information on patches and workaround steps.Identifying affected systemsA list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2025-40602 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline. In addition, product coverage for CVE-2025-23006 can be found here.Tenable Attack Surface Management customers are able to identify these assets using a filtered search for SonicWall devices: Get more informationSonicWall SNWLID-2025-0019 Security AdvisoryTenable Blog: CVE-2025-23006: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Reportedly ExploitedJoin Tenable’s Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Microsoft addressed over 1,100 CVEs as part of Patch Tuesday releases in 2025, including 40 zero-day vulnerabilities.Key takeaways:Microsoft’s 2025 Patch Tuesday releases addressed 1,130 CVEs. This is the second year in a row where the CVE count was over 1,000. Elevation of Privilege vulnerabilities accounted for 38.3% of all Patch Tuesday vulnerabilities in 2025, followed by Remote Code Execution flaws at 30.8%. 41 zero-day vulnerabilities were addressed across all Patch Tuesday releases in 2025, including 24 that were exploited in the wild.BackgroundMicrosoft’s Patch Tuesday, a monthly release of software patches for Microsoft products, has just celebrated its 22nd anniversary. The Tenable Research Special Operations Team (RSO) first covered the 20th anniversary in 2023, followed by our 2024 year in review publication, covering the trends and significant vulnerabilities from the 2024 Patch Tuesday releases.AnalysisIn 2025, Microsoft patched 1,130 CVEs throughout the year across a number of products. This was a 12% increase compared to 2024, when Microsoft patched 1,009 CVEs. With another year of Patch Tuesday releases behind us, Microsoft has yet to break its 2020 record with 1,245 CVE’s patched. However, this is the second year in a row that Microsoft crossed the 1,000 CVE threshold, and the third time since Patch Tuesday’s inception.In 2025, Microsoft broke its record for the most CVEs patched in a month twice. The year started off with the largest Patch Tuesday release with 157 CVEs patched. This record was broken again in October with 167 CVEs patched.Patch Tuesday 2025 by severityEach month, Microsoft categorizes vulnerabilities into four main severity levels: low, moderate, important and critical.Over the last three years, the bulk of the Patch Tuesday vulnerabilities continue to be rated as important. In 2025,  91.3% of all CVEs patched were rated important, followed by critical at 8.1%. Moderate accounted for 0.4%, while there were no CVEs rated as low in 2025.Patch Tuesday 2025 by impactIn addition to severity levels, Microsoft also categorizes vulnerabilities by seven impact levels: remote code execution (RCE), elevation of privilege (EoP), denial of service (DoS), information disclosure, spoofing, security feature bypass and tampering.In 2024, RCE vulnerabilities led the impact category, however 2025 saw EoP vulnerabilities taking the lead with 38.3% of all Patch Tuesday vulnerabilities. RCE accounted for 30.8%, followed by information disclosure flaws at 14.2% and DoS vulnerabilities at 7.7%. In a strange coincidence, this year there were only 4 CVEs categorized as tampering, which was the same in 2024. In both 2024 and 2025, tampering flaws accounted for only 0.4%.Patch Tuesday 2025 zero-day vulnerabilitiesIn 2025, Microsoft patched 41 CVEs that were identified as zero-day vulnerabilities. Of the 41 CVEs, 24 were exploited in the wild. While not all zero-days were exploited, we classify zero-days as those vulnerabilities that were disclosed prior to being patched by the vendor.Looking deeper at the 24 CVEs that were exploited in the wild, 62.5% were EoP flaws. EoP vulnerabilities are often leveraged by advanced persistent threat (APT) actors and determined cybercriminals seeking to elevate privileges as part of post-compromise activity. Following EoP flaws, RCEs were the second most prominent vulnerabilities across Patch Tuesday, accounting for 20.8% of zero-day flaws.While only a small number of zero-days were addressed as part of 2025’s Patch Tuesday releases, we took a deeper dive into some of the more notable zero-days from the year. The table below includes these CVEs along with details on their exploitation activity.CVEDescriptionExploitation ActivityCVE-2025-24983Windows Win32 Kernel Subsystem Elevation of Privilege VulnerabilityUsed with the PipeMagic backdoor to spread ransomware.CVE-2025-29824Windows Common Log File System Driver Elevation of Privilege VulnerabilityExploited by Storm-2460, also known as RansomEXX. Abused by the PipeMagic backdoor in order to spread ransomware.CVE-2025-26633Microsoft Management Console Security Feature Bypass VulnerabilityExploited by Water Gamayu (aka EncryptHub, Larva-208) to deploy the MSC EvilTwin trojan loader. The attack campaigns also saw several malware variants abused, including EncryptHub stealer, DarkWisp backdoor, SilentPrism backdoor, Stealc and the Rhadamanthys stealer.CVE-2025-33053Internet Shortcut Files Remote Code Execution VulnerabilityExploited by the APT known as Stealth Falcon (aka FruityArmor, G0038) to deploy Horus Agent malware.CVE-2025-49704Microsoft SharePoint Remote Code Execution VulnerabilityExploited by multiple APTs and nation-state actors including Linen Typhoon (aka Emissary Panda), Violet Typhoon, Storm-2603 and Warlock ransomware (aka GOLD SALEM). Chained with CVE-2025-49706 in an attack dubbed ToolShell.CVE-2025-49706Microsoft SharePoint Server Spoofing VulnerabilityExploited by multiple APTs and nation-state actors including Linen Typhoon (aka Emissary Panda), Violet Typhoon, Storm-2603 and Warlock ransomware (aka GOLD SALEM). Chained with CVE-2025-49704 in an attack dubbed ToolShell.ConclusionWith 2025’s Patch Tuesday releases in our rear-view mirror, it’s evident that we continue to see an upward trend in the number of vulnerabilities addressed year over year by Microsoft. With the lion’s share of the market for operating systems, it’s imperative that defenders are quick to apply patches on the monthly release of Patch Tuesday updates. Attackers are often opportunistic and ready to capitalize on the latest exploitable vulnerabilities. As always, the RSO team will continue our monthly cadence of Patch Tuesday blogs, ensuring our readers have the actionable information necessary to take immediate action and improve their organization’s security posture.Get more informationTenable Blog: Microsoft Patch Tuesday 2024 Year in ReviewTenable Blog: Microsoft Patch Tuesday 2023 Year in ReviewJoin Tenable’s Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

3Critical53Important0Moderate0LowMicrosoft addresses 56 CVEs, including two publicly disclosed vulnerabilities and one zero-day that was exploited in the wild to close out the final Patch Tuesday of 2025Microsoft patched 56 CVEs in its December 2025 Patch Tuesday release, with three rated critical, and 53 rated as important.This month’s update includes patches for:Application Information ServicesAzure Monitor AgentCopilotMicrosoft Brokering File SystemMicrosoft Edge for iOSMicrosoft Exchange ServerMicrosoft Graphics ComponentMicrosoft OfficeMicrosoft Office AccessMicrosoft Office ExcelMicrosoft Office OutlookMicrosoft Office SharePointMicrosoft Office WordStorvsp.sys DriverWindows Camera Frame Server MonitorWindows Client-Side Caching (CSC) ServiceWindows Cloud Files Mini Filter DriverWindows Common Log File System DriverWindows DWM Core LibraryWindows Defender Firewall ServiceWindows DirectXWindows Hyper-VWindows InstallerWindows Message QueuingWindows PowerShellWindows Projected File SystemWindows Projected File System Filter DriverWindows Remote Access Connection ManagerWindows Resilient File System (ReFS)Windows Routing and Remote Access Service (RRAS)Windows ShellWindows Storage VSP DriverWindows Win32K – GRFXElevation of privilege (EoP) vulnerabilities accounted for 50% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 33.9%.ImportantCVE-2025-62221 | Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityCVE-2025-62221 is an EoP vulnerability in the Windows Cloud Files Mini Filter Driver. It was assigned a CVSSv3 score of 7.8 and rated as important. A local, authenticated attacker could exploit this vulnerability to elevate to SYSTEM privileges. According to Microsoft, this vulnerability was exploited in the wild as a zero-day.Microsoft also patched two additional EoP vulnerabilities in the Windows Cloud Files Mini Filter Driver, CVE-2025-62454 and CVE-2025-62457. Both were assigned the same CVSSv3 score of 7.8 and rated important. However, CVE-2025-62454 was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index while CVE-2025-62457 was assessed as “Exploitation Unlikely.”ImportantCVE-2025-64671 | GitHub Copilot for Jetbrains Remote Code Execution VulnerabilityCVE-2025-64671 is a RCE vulnerability in the GitHub Copilot Plugin for JetBrains Integrated Development Environments (IDEs). It was assigned a CVSSv3 score of 8.4, rated important and assessed as “Exploitation Less Likely” The issue stems from a command injection vulnerability in GitHub Copilot. An attacker could leverage a “malicious Cross Prompt Inject” either through an MCP Server or untrusted files. Successful exploitation would grant an attacker the ability to append unapproved commands onto existing allowed commands due to the ‘auto-approve’ setting in the terminal.This vulnerability has been dubbed IDEsaster by security researcher, Ari Marzuk who is credited for reporting this vulnerability to Microsoft.ImportantCVE-2025-54100 | PowerShell Remote Code Execution VulnerabilityCVE-2025-54100 is a RCE vulnerability in Windows PowerShell. This vulnerability was assigned a CVSSv3 score of 7.8 and is rated as important. According to the advisory, this RCE was publicly disclosed prior to a patch being made available. The advisory notes that after installing the update, a warning prompt will be displayed anytime the Invoke-WebRequest command is used.This vulnerability was attributed to several researchers including Justin Necke, DeadOverflow, Pēteris Hermanis Osipovs, Anonymous, Melih Kaan Yıldız and Osman Eren. The researcher known as DeadOverflow has a YouTube video demonstrating how this flaw can be abused and links to a HackerOne report opened with the curl project by another researcher. According to the HackerOne report, the issue was not related to curl, but rather appeared to be related to the PowerShell curl alias that utilizes Invoke-WebRequest.ImportantCVE-2025-62458 | Win32k Elevation of Privilege VulnerabilityCVE-2025-62458 is an EoP vulnerability affecting Microsoft’s Win32k, a core kernel-side driver used in Windows. This vulnerability received a CVSSv3 score of 7.8, was rated as important and assessed as “Exploitation More Likely.” Successful exploitation of this vulnerability would allow an attacker to gain SYSTEM level privileges on an affected host.Including CVE-2025-62458, this is the ninth EoP vulnerability affecting Win32k addressed by Microsoft in 2025, with 14 EoP flaws addressed in the driver throughout 2024.CriticalCVE-2025-62554 and CVE-2025-62557 | Microsoft Office Remote Code Execution VulnerabilityCVE-2025-62554 and CVE-2025-62557 are RCE vulnerabilities affecting Microsoft Office. Both received CVSSv3 scores of 8.4 and were rated as critical. An attacker could exploit these flaws through social engineering by sending the malicious Microsoft Office document file to an intended target. Successful exploitation would grant code execution privileges to the attacker.Despite being flagged as “Less Likely” to be exploited, Microsoft notes that the Preview Pane is an attack vector for both vulnerabilities, which means exploitation does not require the target to open the file. According to the advisories from Microsoft, security updates for Microsoft Office LTSC for Mac are not yet available and will be released as soon as they are ready.Tenable SolutionsA list of all the plugins released for Microsoft’s December 2025 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.Get more informationMicrosoft’s December 2025 Security UpdatesTenable plugins for Microsoft December 2025 Patch Tuesday Security UpdatesJoin Tenable’s Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

A maximum severity vulnerability (CVSS 10) was discovered in React, one of the most popular JavaScript frameworks. If your app supports React Server Components, you are likely vulnerable out of the box, even if you aren’t using Server Functions explicitly. Patch immediately.Change logUpdate December 5: This FAQ blog has been updated to note the release of an official proof-of-concept from Lachlan Davidson and reports of attempted exploitation in the wild.Click here to review the change log historyUpdate December 5: This FAQ blog has been updated to note the release of an official proof-of-concept from Lachlan Davidson and reports of attempted exploitation in the wild.Update December 4: This FAQ blog has been updated to include a reference to the official react2shell website, confirmation that a public proof-of-concept exists, and a CVE reference change in our Next.js plugin.BackgroundTenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding React2Shell, a critical vulnerability in React Server Components.FAQWhat is the React Server Component (RSC) vulnerability?On December 3, 2025, the React Team published a blog post regarding a critical vulnerability affecting React Server Components.What is the vulnerability that was disclosed to the React Team?The React Team confirmed the presence of one critical vulnerability:CVEDescriptionCVSSv3CVE-2025-55182React Server Components Remote Code Execution Vulnerability10.0This vulnerability was disclosed to the React Team by Lachlan Davidson on November 29, 2025. Davidson has since created a website called react2shell.com.What is CVE-2025-55182?CVE-2025-55182 is an unsafe deserialization vulnerability in RSC. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted payload to a vulnerable React Server Function endpoint. Successful exploitation could result in remote code execution on the server.Are we still vulnerable if our app doesn’t use React Server Functions endpoints?Potentially. According to the React Team, even if React Server Functions are not in-use, the vulnerability is still exploitable if React Server Components are supported.What is React2Shell?“React2Shell” is the name given to CVE-2025-55182, a nod to the Log4Shell vulnerability.Logo created by Tenable Research Special Operations, inspired by the iconic Log4Shell logo.Is there a proof-of-concept (PoC) available for this vulnerability?At the time this blog post was published on December 3, there were no confirmed public PoC exploits for CVE-2025-55182 that work against default configurations. However, on December 4, a working proof-of-concept was made public. Lachlan Davidson also published an official proof-of-concept on December 4.What React Server Components are vulnerable?The following components have been confirmed to be vulnerable:Affected ComponentAffected Versionsreact-server-dom-parcel19.0, 19.1.0, 19.1.1, 19.2.0react-server-dom-turbopack19.0, 19.1.0, 19.1.1, 19.2.0react-server-dom-webpack19.0, 19.1.0, 19.1.1, 19.2.0However, other frameworks that bundle React are impacted as well including Next.js, React Router, Expo, Redwood SDK, Waku and more.Did Next.js publish their own advisory and CVE?Yes, the Next.js team published a security advisory and their own CVE, CVE-2025-66478. However, the National Vulnerability Database (NVD) rejected this CVE as a duplicate of CVE-2025-55182.What Next.js versions are affected?Affected versions of Next.js that use the App Router are vulnerable, including:Affected Next.js versions15.0.4 and below15.1.8 and below15.2.5 and below15.3.5 and below15.4.7 and below15.5.6 and below16.0.6 and below14.3.0-canary.77 and later releasesHow severe is this vulnerability?It has the potential to be very severe. In 2024, according to the State of JavaScript, an annual developer survey of the JavaScript ecosystem, React was used by 82% of respondents.What adds to the elevated severity is the fact that exploitation can occur in apps that support React Server Components, even if the React Server Function endpoints are not in use.Has CVE-2025-55182 been exploited in the wild?On December 4, Amazon Threat Intelligence published a blog post linking exploitation attempts of React2Shell to China state-nexus threat groups leveraging public exploits “within hours.”It is important to note the PoCs used in these exploitation attempts required specific configurations. However, now that public PoC exploits against default configurations are available, we anticipate an escalation of exploitation by threat actors, ransomware affiliates and opportunistic cybercriminals.Are patches or mitigations available for CVE-2025-55182?Yes, the React Team published the following fixed versions of React Server Components:React Server ComponentFixed Versionsreact-server-dom-parcel19.0.1, 19.1.2, 19.2.1react-server-dom-turbopack19.0.1, 19.1.2, 19.2.1react-server-dom-webpack19.0.1, 19.1.2, 19.2.1The following are fixed versions of Next.js:Fixed Next.js versions15.0.515.1.915.2.615.3.615.4.815.5.716.0.7For additional update instructions for React Router, Expo, Redwood SDK, Waku and others, please visit the React Team’s blog.Has Tenable released any product coverage for these vulnerabilities?A list of Tenable plugins for this vulnerability can be found on the individual CVE page as they’re released:CVE-2025-55182This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.Update: We originally linked our Next.js version check plugin to CVE-2025-66478. However, because NVD rejected this CVE as a duplicate, we have updated the plugin to reference the original React CVE, CVE-2025-55182.Tenable Cloud Security customers can scan for the React2Shell vulnerability across your cloud workloads and docker images detected in your cloud environments:Get more informationReact Team: Critical Security Vulnerability in React Server ComponentsNext.js: Security Advisory: CVE-2025-66478Facebook Security Advisory: CVE-2025-55182Join Tenable’s Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to immediately audit for at least 800 compromised packages.A massive resurgence of the Sha1-Hulud malware family, self-titled by the attackers as “The Second Coming,” was observed around Nov. 24 targeting the npm ecosystem. Attackers compromised at least 800 high-profile publisher accounts to upload trojanized versions of legitimate packages. Unlike previous iterations, these versions have new payloads and execute using install lifecycle scripts to compromise developer environments and CI/CD pipelines at scale. This time, the malware is significantly more aggressive than the previous campaign, including attempts to destroy the victim’s home directory and, in some cases, even delete all writable files owned by the user.Frequently asked questions about Sha1-Hulud: The Second ComingWhat is the initial vector of this new campaign?The attack chain begins when a developer installs a compromised package containing a modified manifest file. The adversary injects a preinstall lifecycle script into package.json that immediately triggers a file named setup_bun.js upon installation.Unlike typical supply chain attacks that execute malicious logic directly through the Node.js process, this script automatically downloads and installs the Bun runtime, a separate JavaScript environment. Once installed, the malware uses the Bun binary to execute a bundled payload, often named bun_environment.js. This “bring your own runtime” technique effectively allows the malicious code to operate outside the visibility of standard Node.js security tools and static analysis scanners that monitor the primary build process.What is the impact of this campaign?The blast radius of this campaign is extensive. Tens of thousands of GitHub repositories are reportedly affected. It extends to high-profile integrations, including ones from Zapier, ENS Domains, and Postman. By hijacking trusted publisher accounts rather than using typosquatting, the attackers successfully poisoned the supply chain at a fundamental level. This forced malicious code into thousands of corporate environments simply through routine dependency updates.What are the immediate steps cloud security teams can take to address this issue?Audit your environment: Use a security scanner to check if you have malicious versions of the affected packages (see list below).Remove them by upgrading to a later version.Which Tenable products can be used to address these malicious packages?Tenable automatically and proactively detects malicious packages associated with Shai-Hulud campaigns across both on-premises and cloud environments.This isn’t a one-time check. Tenable Nessus and Tenable Cloud Security, our cloud-native application protection platform (CNAPP), continuously monitor for new indicators of compromise (IOCs) and track research associated with this evolving campaign. As Shai-Hulud adapts its tactics, our threat intelligence and risk analysis capabilities update in real-time, ensuring your defense remains current and effective.Plugin ID 265897 can be used to identify compromised packages affected in the Sha1-Hulud campaigns.Tenable Cloud Security classifies affected packages as malicious; detected packages will appear in your Tenable Console environment the next time data is synced.An appendix with a full listing of affected packages is available here.

Fortinet has released an advisory for a recently disclosed zero-day path traversal vulnerability which has been exploited in the wild. Organizations are urged to patch immediately.BackgroundOn October 6, Defused published an X post regarding an unknown exploit targeting Fortinet devices. Shortly after, several cyber security organizations began investigating and confirming that a new exploit appeared to have silently been fixed in some releases of Fortinet’s FortiWeb. This includes researchers at WatchTowr who were able to reproduce the vulnerability. Within hours of their publication, Fortinet released a security advisory acknowledging that CVE-2025-64446 has been exploited in the wild.CVEDescriptionCVSSv3CVE-2025-64446Fortinet FortiWeb Path Traversal Vulnerability9.1AnalysisCVE-2025-64446 is a relative path traversal vulnerability affecting Fortinet’s FortiWeb. An unauthenticated attacker could exploit this vulnerability to execute arbitrary commands on an affected device. According to the advisory and several reports released prior to the publication of the security advisory, this vulnerability has been exploited in the wild.Security advisory released days after exploitationWhile it’s not clear when exploitation was first observed, researchers at Defused were the first to raise the alarm about the unknown exploit targeting Fortinet devices. ⚠️Unknown Fortinet exploit (possibly a CVE-2022-40684 variant) from 64.95.13.8 🇺🇸 ( BLNWX ) VirusTotal Detections: 0/95 🟢 JWT payload translates into:{“username”: “admin”,”profname”: “prof_admin”,”vdom”: “root”,”loginname”: “admin”} pic.twitter.com/IdTcdxBuBf— Defused (@DefusedCyber) October 6, 2025 On November 13, WatchTowr posted on X proof that they had reproduced the exploit and followed up the following day with a blog and the release of an artifact generator on GitHub. another exploited in-the-wild FortiWeb vuln? It must be Thursday! pic.twitter.com/F9TQgdJQ4l— watchTowr (@watchtowrcyber) November 13, 2025 Prior to the publication of the security advisory (FG-IR-25-910) from Fortinet, several research groups began testing the exploit to determine which versions were affected and which were patched. Although several new releases appeared to contain a fix based on testing of the exploit, confirmed patch information was not available until Fortinet published their security advisory.Historical Exploitation of Fortinet DevicesFortinet vulnerabilities have historically been common targets for cyber attackers, and CVE-2025-64446 is the twenty-first Fortinet vulnerability to be added to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) list. The Research Special Operations Team has written blogs about several of these vulnerabilities as shown in the table below:CVEDescriptionPatchedTenable BlogCVE-2025-25256Fortinet FortiSIEM Command Injection VulnerabilityAugust 2025CVE-2025-25256: Proof of Concept Released for Critical Fortinet FortiSIEM Command Injection VulnerabilityCVE-2025-32756Fortinet FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera Arbitrary Code Execution VulnerabilityMay 2025CVE-2025-32756: Zero-Day Vulnerability in Multiple Fortinet Products Exploited in the WildCVE-2024-55591Fortinet Authentication Bypass in FortiOS and FortiProxyJanuary 2025CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the WildCVE-2024-21762Fortinet FortiOS Out-of-bound Write Vulnerability in sslvpndFebruary 2024CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN VulnerabilityCVE-2023-27997FortiOS and FortiProxy Heap-Based Buffer Overflow VulnerabilityJune 2023CVE-2023-27997: Heap-Based Buffer Overflow in Fortinet FortiOS and FortiProxy SSL-VPN (XORtigate)CVE-2022-42475FortiOS and FortiProxy Heap-Based Buffer Overflow VulnerabilityDecember 2022CVE-2022-42475: Fortinet Patches Zero Day in FortiOS SSL VPNsAA23-250A: Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475CVE-2022-40684FortiOS and FortiProxy Authentication Bypass VulnerabilityOctober 2022CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxyProof of conceptAt the time this blog was published on November 14, several public exploits had been released. In addition, active exploitation of this vulnerability has been observed. The combination of public exploits and known exploitation means that this vulnerability should be mitigated as soon as possible.SolutionFortinet has released patches for the following FortiWeb versions:Affected VersionFixed Version7.0.0 through 7.0.117.0.12 or above7.2.0 through 7.2.117.2.12 or above7.4.0 through 7.4.97.4.10 or above7.6.0 through 7.6.47.6.5 or above8.0.0 through 8.0.18.0.2 or aboveIn addition, Fortinet provides the workaround of disabling HTTP or HTTPS on any public (internet) facing devices in order to reduce risk. While patching is still recommended, this mitigation can be used to reduce risk until patching can be completed. According to Fortinet, access to the management interface via HTTP/HTTPS should be restricted to only be accessed internally and not be publicly exposed.Identifying affected systemsA list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2025-64446 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline. Tenable Web App Scanning plugin ID 115040 will also be available soon.Additionally, customers can utilize Tenable Attack Surface Management to identify public facing Fortinet devices by using the following subscription: Get more informationFortinet security advisory FG-IR-25-910WatchTowr blog: When The Impersonation Function Gets Used To Impersonate Users (Fortinet FortiWeb (??) Auth. Bypass)Join Tenable’s Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

5Critical58Important0Moderate0LowMicrosoft addresses 63 CVEs including one zero-day vulnerability which was exploited in the wild.Microsoft patched 63 CVEs in its November 2025 Patch Tuesday release, with five rated critical, and 58 rated as important.This month’s update includes patches for:Azure Monitor AgentCustomer Experience Improvement Program (CEIP)Dynamics 365 Field Service (online)GitHub Copilot and Visual Studio CodeHost Process for Windows TasksMicrosoft Configuration ManagerMicrosoft Dynamics 365 (on-premises)Microsoft Graphics ComponentMicrosoft OfficeMicrosoft Office ExcelMicrosoft Office SharePointMicrosoft Office WordMicrosoft Streaming ServiceMicrosoft Wireless Provisioning SystemMultimedia Class Scheduler Service (MMCSS)Nuance PowerScribeOneDrive for AndroidRole: Windows Hyper-VSQL ServerStorvsp.sys DriverVisual StudioVisual Studio Code CoPilot Chat ExtensionWindows Administrator ProtectionWindows Ancillary Function Driver for WinSockWindows Bluetooth RFCOM Protocol DriverWindows Broadcast DVR User ServiceWindows Client-Side Caching (CSC) ServiceWindows Common Log File System DriverWindows DirectXWindows KerberosWindows KernelWindows License ManagerWindows OLEWindows Remote DesktopWindows Routing and Remote Access Service (RRAS)Windows Smart CardWindows SpeechWindows Subsystem for Linux GUIWindows TDX.sysWindows WLAN ServiceElevation of privilege (EoP) vulnerabilities accounted for 46% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 25.4%.ImportantCVE-2025-62215 | Windows Kernel Elevation of Privilege VulnerabilityCVE-2025-62215 is an EoP vulnerability in the Windows Kernel. It was assigned a CVSSv3 score of 7.0 and rated important. A local, authenticated attacker could exploit this vulnerability by winning a race condition in order to gain SYSTEM privileges. According to Microsoft, this vulnerability was exploited in the wild as a zero-day.Including CVE-2025-62215, there have been 11 EoP vulnerabilities patched in the Windows Kernel in 2025, with five of these included in the October 2025 Patch Tuesday release.CriticalCVE-2025-62199 | Microsoft Office Remote Code Execution VulnerabilityCVE-2025-62199 is a RCE vulnerability in Microsoft Office. It was assigned a CVSSv3 score of 7.8, rated critical and assessed as “Exploitation Less Likely” according to Microsoft’s Exploitability Index. An attacker could exploit this flaw through social engineering by sending the malicious Microsoft Office document file to an intended target. Successful exploitation would grant code execution privileges to the attacker.Despite being flagged as “Less Likely” to be exploited, Microsoft notes that the Preview Pane is an attack vector, which means exploitation does not require the target to open the file.Microsoft patched two additional Microsoft Office RCEs this month. CVE-2025-62205 and CVE-2025-62216 both were assigned CVSSv3 scores of 7.8 and rated as important. CVE-2025-62205 was assessed as “Exploitation Less Likely” while CVE-2025-62216 was assessed as “Exploitation Unlikely.” In contrast to CVE-2025-62199, the preview pane is not an attack vector for these two vulnerabilities.ImportantCVE-2025-60719, CVE-2025-62213, and CVE-2025-62217 | Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityCVE-2025-60719, CVE-2025-62213 and CVE-2025-62217 are EoP vulnerabilities affecting the Ancillary Function Driver for WinSock for Microsoft Windows. All three were assigned CVSSv3 scores of 7.0, were rated as important and assessed as “Exploitation More Likely.” A local, authenticated attacker could exploit these vulnerabilities to elevate to SYSTEM level privileges.CriticalCVE-2025-60724 | GDI+ Remote Code Execution VulnerabilityCVE-2025-60724 is a RCE vulnerability affecting the Windows Graphics Device Interface (GDI). It was assigned a CVSSv3 score of 9.8, rated as critical and assessed as “Exploitation Less Likely.” A remote attacker could exploit this flaw by convincing a victim to download and open a crafted file which could exploit a heap-based buffer overflow in order to execute arbitrary code.Tenable SolutionsA list of all the plugins released for Microsoft’s November 2025 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.Get more informationMicrosoft’s November 2025 Security UpdatesTenable plugins for Microsoft November 2025 Patch Tuesday Security UpdatesJoin Tenable’s Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Oracle addresses 170 CVEs in its final quarterly update of 2025 with 374 patches, including 40 critical updates.BackgroundOn October 21, Oracle released its Critical Patch Update (CPU) for October 2025, the fourth and final quarterly update of the year. This CPU contains fixes for 170 unique CVEs in 374 security updates across 29 Oracle product families. Out of the 374 security updates published this quarter, 10.7% of patches were assigned a critical severity. Medium severity patches accounted for the bulk of security patches at 46.3%, followed by high severity patches at 39.0%.This quarter’s update includes 40 critical patches across 12 CVEs.SeverityIssues PatchedCVEsCritical4012High14657Medium17391Low1510Total374170AnalysisThis quarter, the Oracle TimesTen In-Memory Database product family contained the highest number of patches at 73, accounting for 19.5% of the total patches, followed by Oracle Spatial Studio at 64 patches, which accounted for 17.1% of the total patches.A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.Oracle Product FamilyNumber of PatchesRemote Exploit without AuthOracle TimesTen In-Memory Database7347Oracle Spatial Studio6446Oracle Construction and Engineering3329Oracle E-Business Suite2017Oracle Insurance Applications187Oracle Java SE187Oracle JD Edwards1814Oracle Retail Applications163Oracle Secure Backup92Oracle Communications Applications96Oracle Supply Chain90Oracle Enterprise Manager85Oracle HealthCare Applications85Oracle Hyperion86Oracle MySQL88Oracle Commerce77Oracle Health Sciences Applications74Oracle Database Server62Oracle GoldenGate62Oracle Analytics53Oracle Hospitality Applications55Oracle Essbase42Oracle Communications32Oracle Financial Services Applications31Oracle Fusion Middleware33Oracle Siebel CRM32Oracle Graph Server and Client10Oracle REST Data Services10Oracle PeopleSoft11Oracle E-Business Zero-Day VulnerabilitiesAs part of its CPU release for October, Oracle noted the publication of two separate out-of-band Security Alerts for its E-Business Suite (EBS) to address two zero-day vulnerabilities, CVE-2025-61882 on October 4, and CVE-2025-61884 on October 11, that were exploited in the wild. For more information about these EBS zero-day vulnerabilities, please refer to our FAQ blog post, CVE-2025-61882: Frequently Asked Questions About Oracle E-Business Suite (EBS) Zero-Day and Associated Vulnerabilities.SolutionCustomers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the October 2025 advisory for full details.Identifying affected systemsA list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.Get more informationOracle Critical Patch Update Advisory – October 2025Oracle October 2025 Critical Patch Update Risk MatricesOracle Advisory to CVE MapJoin Tenable’s Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Partnering with an EDR vendor after a nation-state has already stolen your source code isn’t innovation — it’s a gamble. You don’t build a fire extinguisher while the house is burning. You find every spark before it becomes the next inferno.Key takeaways:F5’s BIG-IP is used to secure everything from government agencies to critical infrastructure. The theft of BIG-IP source code and undisclosed vulnerabilities by a nation-state actor is a five-alarm fire for national security and puts all organizations at risk. We provide detailed steps Tenable customers can take immediately, as well as general guidance on how organizations can protect themselves now and in the long term.The breach of F5’s BIG-IP product development environment is a five-alarm fire for national security and once again raises doubts about the safety of the software supply chain.Among the data stolen in the nation-state attack: source code for BIG-IP networking solutions as well as undisclosed security vulnerabilities that were under investigation. According to F5’s October 15 8-K filing with the U.S. Securities and Exchange Commission (SEC), some of the exfiltrated files from its knowledge management platform contained configuration or implementation information for a small percentage of customers. The company also rotated its signing certificates and keys on October 13.F5’s BIG-IP isn’t just another piece of software. It is a foundational element in the technology stack used to secure everything from government agencies to critical infrastructure. In the hands of a hostile actor, this stolen data is a master key that could be used to launch devastating attacks, similar to the campaigns waged by Salt Typhoon and Volt Typhoon. We haven’t seen a software supply chain compromise of this scale since SolarWinds.The implications are far-reaching. BIG-IP is used by approximately 57,000 companies; while the majority are in the $1 million – $10 million revenue range, F5 says its products are used by 85% of the Fortune 500. Affected products include BIG-IP (F5OS), BIG-IP (TMOS), Virtual Edition (VE), BIG-IP Next, BIG-IQ, and BIG-IP Next for Kubernetes (BNK) / Cloud-Native Network Functions (CNF). For a full list of CVEs associated with this incident, see Frequently Asked Questions About The August 2025 F5 Security Incident.While F5 has not observed evidence of modified source code or a supply-chain attack, the stolen data could potentially be used to develop new exploits for unpatched vulnerabilities. In response, F5 released security patches on October 15.The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive requiring that all organizations with F5 products apply these updates immediately. “The alarming ease with which these vulnerabilities can be exploited by malicious actors demands immediate and decisive action from all federal agencies,” said CISA Acting Director Madhu Gottumukkala in a follow-up statement. “These same risks extend to any organization using this technology, potentially leading to a catastrophic compromise of critical information systems. We emphatically urge all entities to implement the actions outlined in this Emergency Directive without delay.” The U.K.’s National Cyber Security Center (NCSC) also issued an alert about the incident.This incident does not affect Tenable products but we have released new plugins and additional guidance to help organizations secure their environments.Organizations using F5 BIG-IP are advised to update the software as soon as possible, harden any public-facing BIG-IP devices, and remove any unsupported devices from their networks. The company said it is “partnering with CrowdStrike to extend Falcon EDR sensors and Overwatch Threat Hunting to BIG-IP for additional visibility and to strengthen defenses. An early access version will be available to BIG-IP customers and F5 will provide all supported customers with a free Falcon EDR subscription.”While we applaud F5’s transparency and efforts to help organizations respond to the incident, this is not the time for experimentation. You don’t build a fire extinguisher while your house is burning. Likewise, waiting for an endpoint detection and response (EDR) vendor to build a solution after a threat actor has already accessed your most sensitive environment is ill-advised. The nation-state actor has been embedded in F5’s environment for some time, with access to highly sensitive data. They can act on what they’ve accessed at any time. Moreover, threat actors have repeatedly demonstrated their ability to disable EDR tools, thereby evading endpoint-based detection methods and rendering them largely useless.The following key actions required by CISA in its mitigation guidance extend well beyond the capabilities of EDR:Inventory: Identify all instances of F5 BIG-IP hardware devices and F5OS, BIG-IP TMOS, Virtual Edition, BIG-IP Next, BIG-IP IQ software, and BNK / CNF.Harden public-facing hardware and software appliances: Identify if physical or virtual BIG-IP devices exposed to the public internet provide public access to the networked management interface.Update instances of BIG-IP hardware and software applications:  Apply the latest vendor updates by Oct. 22, 2025, for the following products: F5OS, BIG-IP TMOS, BIG-IQ, and BNK / CNF — validate the F5 published MD5 checksums for its software image files and other F5 downloaded software. For other devices, update with the latest software release by Oct. 31, 2025, and apply the latest F5-provided asset hardening guidance.Disconnect end-of-support devices: Disconnect all public-facing F5 devices that have reached their end-of-support date. Report mission-critical exceptions to CISA.Mitigate against cookie leakage: If CISA notifies an agency of a BIG-IP cookie leakage vulnerability, the agency shall follow CISA’s accompanying mitigation instructions.Report: Submit a complete inventory of F5 products and actions taken to CISA by 11:59 p.m. EDT, Oct. 29, 2025.We cannot stress enough the importance of finding and fixing the 44 CVEs associated with this incident immediately. Doing so requires visibility into areas of your infrastructure that can’t be reached by the “good enough” vulnerability scanning tools available from endpoint vendors. The immediate need is for effective triage.Below, we provide detailed guidance on steps Tenable customers can take immediately. (Non-Tenable customers can start a free trial of Tenable Vulnerability Management today to see where they’re impacted so they can swiftly take action.)Longer term, organizations need to prepare for the likelihood of nation-state actors leveraging additional F5 vulnerabilities for initial access, after which they will pivot to Living off the Land techniques to stealthily execute commands, establish persistence, move laterally, and escalate privileges. We’ve seen examples of such activity with Salt Typhoon and Volt Typhoon. Once it occurs, it becomes very difficult to detect and eradicate the actor. More guidance on preventive measures can be found below in the section “How do I protect my organization from the long-term impact of the F5 BIG-IP breach?”I’m a Tenable Vulnerability Management customer. What should I do today?Here are two examples of how to use Tenable Vulnerability Management to quickly find F5 BIG-IP in your environment and identify the related CVEs. A full list of CVEs associated with this incident can be found here. The inventory plugin for remote BIG-IP Web Management Interface is available here. The screenshot below shows how you can quickly filter for the F5 BIG-IP version using plugin id: 76940 . This allows you to quickly see the version and the installed modules of your F5 device. Source: Tenable, October 2025 The screenshot below shows how you can see all known vulnerabilities for your F5 device. You can filter for CVEs and export the data to engage the various teams for remediation. Source: Tenable 2025 How do I protect my organization from the long-term impact of the F5 BIG-IP breach?In addition to applying the urgent mitigations above, organizations need to be on alert for any infiltration attempts. Organizations are urged to take the following actions:Inventory all F5 assets in your environments. Tenable Vulnerability Management can provide a detailed and comprehensive inventory of your F5 assets as part of its network-wide scanning. It identifies F5 devices through methods like active scanning, passive monitoring, and credentialed scans, collecting detailed information about the asset, including its configuration and vulnerabilities. This granular level of discovery goes beyond simple asset lists to give you a clear, actionable view of every F5 device on your network.Continuously monitor assets in cloud, IT and OT environments. Tenable Vulnerability Management offers continuous monitoring across diverse environments, including IT, cloud, and OT. By deploying Tenable agents on transient devices, performing active scans on traditional IT assets, and using passive monitoring for sensitive OT systems, Tenable Vulnerability Management ensures you have an always-on, real-time assessment of your security posture, regardless of where the assets reside.Correlate data from asset inventories, vulnerability assessments, and security operations for a unified view of risk. Tenable Vulnerability Management is designed to be a central hub for vulnerability data. It correlates data from its own asset discovery and vulnerability assessments to provide a unified view of risk. It can also integrate with other security tools and CMDBs to enrich asset data and streamline remediation workflows.Incorporate threat intelligence feeds to understand which threats are most likely to be exploited and what risks they pose to your unique environment. Tenable utilizes a risk-based prioritization approach to help you focus on the most dangerous threats. It combines its Vulnerability Priority Rating (VPR) with your unique environmental context to provide a single, dynamic score that reflects the true risk of a vulnerability. This allows you to move beyond static, generic scores like CVSS and focus remediation efforts on the issues that are most likely to be exploited in the wild, enabling you to reduce your organization’s overall cyber risk more effectively.Learn moreJoin Tenable’s Research Special Operations team to discuss the F5 incident in our Tenable Connect: Threat Roundtable.Start a free trial of Tenable Vulnerability Management today.