These advisories, published on April 22, 2025, provide detailed information on security flaws, associated Common Vulnerabilities and Exposures (CVEs), and recommended mitigations for affected organizations. A critical privilege-escalation vulnerability in Google Cloud Platform (GCP), dubbed "ConfusedComposer," could have allowed attackers to gain elevated permissions to sensitive cloud resources. These vulnerabilities could allow attackers to slip maliciously crafted packets through unpatched firmware, potentially disrupting critical automation processes in manufacturing, energy, and transportation sectors. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This advisory, updated in April, addresses an incorrect calculation of buffer size vulnerability tracked as CVE-2024-11425 (CVSS v3.1: 7.5) in Schneider Electric Modicon M580 PLCs, BMENOR2200H, and EVLink Pro AC devices. Organizations utilizing any of the affected components should prioritize security updates according to their risk assessment protocols and implement recommended mitigations without delay. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Exploitation could allow remote attackers to disclose sensitive credentials by sending specially crafted messages to the device. These vulnerabilities could allow attackers to gain full access or cause a denial-of-service. She is covering various cyber security incidents happening in the Cyber Space. Each vulnerability allows attackers to bypass authorization controls and manipulate the application’s database. This flaw can result in a partial denial-of-service (DoS) condition if exploited in redundant server setups where the connection between servers is disrupted.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 23 Apr 2025 07:45:14 +0000