Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, February 15, 2025.
CVE-2025-1094 impacts PostgreSQL with SQL injection
CVE-2025-1094 is a critical security vulnerability affecting the PostgreSQL interactive tool psql. This vulnerability presents significant risks to the integrity and security of database systems using PostgreSQL.
CVE-2025-1094 is an SQL injection vulnerability that arises from improper neutralization of quoting syntax in PostgreSQL’s libpq functions, such as PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn(). This flaw allows attackers to inject malicious data into some of the REST API endpoints’ query parameters. When the PostgreSQL interactive tool reads untrusted input, it can lead to unauthorized access, data manipulation, and potentially severe security breaches…..
CVE-2025-21293 PoC Exploit Code Released
CVE-2025-21293 is an elevation of privilege vulnerability in Active Directory Domain Services. The vulnerability arises from excessive permissions granted to the Network Configuration Operators group, which can be exploited to achieve system-level privileges. This issue was initially discovered in September 2024 and was subsequently patched in January 2025…..
Mustang Panda Exploits Windows GUI Vulnerability
A recently discovered vulnerability in the Microsoft Windows GUI (Graphical User Interface) is being actively exploited by the Mustang Panda threat group, which is believed to have connections to Chinese state interests. Mustang Panda is known for its cyber espionage activities and has now turned its attention to exploiting this Windows GUI vulnerability to achieve its malicious objectives….
ARM and Qualcomm have been involved in a legal dispute since 2022, primarily revolving around ARM’s allegations that Qualcomm violated its licensing agreements following Qualcomm’s acquisition of Nuvia, a startup co-founded by former Apple processor designers……
CVE-2025-1146 impacts selected CrowdStrike Falcon Sensors
CVE-2025-1146 is a significant security vulnerability affecting CrowdStrike Falcon sensors for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. This vulnerability presents a critical risk to the integrity and security of affected systems……
This brings the end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us, please follow us on Facebook, Twitter, Instagram
