Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The latest batch of known exploited vulnerabilities includes issues in Rapid7 Velociraptor, SKYSEA Client View, and several Microsoft and Windows products.
As the dust settles on a very large Microsoft Patch Tuesday for October, it should come as no surprise that several of those vulnerabilities have found their way into the United States Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities Catalog.
You can read all about CVE-2025-24990 (a Microsoft Windows untrusted pointer dereference vulnerability), CVE-2025-47827 (an IGEL OS use of a key past its expiration date vulnerability), and CVE-2025-59230 (a Microsoft Windows improper access control vulnerability) in Cyber Daily’s Patch Tuesday round-up, but we’ll outline the other two vulnerabilities here.
CVE-2016-7836 is quite an old vulnerability in the asset management platform SKYSEA Client View, which was first disclosed back in 2017. It’s an improper authentication vulnerability that could lead to remote code execution due to a flaw in processing authentication in the management console program’s TCP connection. The issue is present in versions 11.221.03 and earlier, and has a CVSS score of 9.8.
CVE-2025-6264 is a more recent vulnerability in Rapid7’s Velociraptor endpoint monitoring platform. It is an incorrect default permissions vulnerability that could lead to the execution of arbitrary commands and eventually the takeover of the endpoint.
CVE-2025-6264 was initially disclosed earlier this year, but Cisco’s Talos research group recently tracked malicious ransomware activity exploiting the vulnerability.
“In August 2025, Talos responded to a ransomware attack by actors who appeared to be affiliated with Warlock ransomware, based on their ransom note and use of Warlock’s data leak site,” Talos said in a 9 October blog post.
“They deployed Warlock, LockBit, and Babuk ransomware to encrypt VMware ESXi virtual machines (VMs) and Windows servers. This severely impacted the customer’s IT environment.”
According to Talos, CVE-2025-6264 “played a significant role in this campaign”, allowing the threat actor to maintain persistence, evade detection, and ultimately deploy its malicious payload.
“Threat actors have also reportedly leveraged Velociraptor to download and execute Visual Studio Code with the likely intention of creating a tunnel to an attacker-controlled command-and-control (C2) server,” Talos said.
“The addition of this tool in the ransomware playbook is in line with findings from Talos’ 2024 Year in Review, which highlights that threat actors are utilising an increasing variety of commercial and open-source products.”
Despite active exploitation, CVE-2025-6264 is rated medium severity, with a CVSS score of 5.5. The issue is present in versions of Velociraptor up to 0.74.3.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
