CVE-2025-23374 – Dell Enterprise SONiC Vulnerability

January 30, 2025

DanaBot Trojan – Active IOCs

January 30, 2025

Multiple Microsoft Products Vulnerabilities

January 30, 2025

Severity

High

Analysis Summary

CVE-2025-21415 CVSS:9.9

Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.

CVE-2025-21396 CVSS:7.5

Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.

Impact

Security Bypass
Privilege Escalation

Indicators of Compromise

CVE

CVE-2025-21415
CVE-2025-21396

Affected Vendors

Microsoft

Affected Products

Microsoft Azure AI Face Service
Microsoft Account

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2025-21415

CVE-2025-21396

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Local Privilege Escalation to Root via Sudo chroot in Linux

CoinMiner Malware – Active IOCs

Google Warns of Active Exploits Targeting Chrome V8 Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

CVE-2025-23374 – Dell Enterprise SONiC Vulnerability

DanaBot Trojan – Active IOCs

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation