Happy Friday! We were looking over the three recent additions to CISA KEV, and we observed that the team had already produced coverage for both initial access vulnerabilities (CVE-2025-24016 in early March and CVE-2025-32433 in mid-April). Once again, the team was ahead of the curve with actionable intelligence. Here are the release notes for the team's work released this week:
This vulnerability, affecting Invision Community, has been reported as exploited in the wild by Shadow Server since June 6. The vulnerability also has a few public exploits, including a Nuclei template and a Metasploit module. The team expects to see continued activity around this vulnerability, especially since there are internet-facing targets.
The team developed an exploit that injects an inline PHP reverse shell which detects the target OS and supports a TLS connect-back. Also included in this release are network signatures, PCAPs, and search engine queries for Invision's internet exposure.
The team developed coverage for CVE-2025-32813, a vulnerability affecting the network management software Infoblox NetMRI. This software represents a critical target and, generally speaking, shouldn't be internet-facing. The team has found a number online, however. This vulnerability was disclosed by Rhino Security Labs, and while it currently has a relatively low EPSS score (0.00148), we believe it can be quite valuable in an internal or external attack scenario.
The team developed exploits, PCAPs, network detection rules, and search engine queries for this vulnerability.
This vulnerability, affecting vBulletin, has been regularly seen by Shadow Server and GreyNoise. Affected versions are susceptible to a deserialization vulnerability that allows attackers to execute arbitrary system commands with the privileges of the web service.
The provided exploit includes an optional -command flag to execute a given command and return its output. If omitted, the exploit instead attempts to serve and execute a provided executable on the target host. Please see the README for more information about exploit functionality. The team also developed search engine queries (naturally, there are a bunch of these online), PCAPs, and network signatures.