Rewterz

NJRAT – Active IOCs

August 5, 2025
Rewterz

Multiple Dell Products Vulnerabilities

August 5, 2025

Multiple Apache Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-54656 CVSS:6.5

Apache Struts Extras could allow a remote attacker to bypass security restrictions, caused by an improper output neutralization for Logs vulnerability. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. The specially-crafted input may lead to log output where part of the message masquerades as a separate log line

CVE-2024-41177 CVSS:6.1

Apache Zeppelin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Helium module.

CVE-2024-52279 CVSS:6.1

Apache Zeppelin could allow a remote attacker to read arbitrary files, caused by improper JDBC URL validation.

CVE-2024-51775 CVSS:6.1

Apache Zeppelin could allow a remote attacker to execute arbitrary commands via CSWSH, caused by missing origin validation in WebSockets.

Impact

  • Gain Access
  • Security Bypass
  • Cross-Site Scripting
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2025-54656

  • CVE-2024-41177

  • CVE-2024-52279

  • CVE-2024-51775

Affected Vendors

Apache

Affected Products

  • Apache Struts Extras before 2
  • Apache Zeppelin 0.11.1

Remediation

Refer to Apache Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-54656

CVE-2024-41177

CVE-2024-52279

CVE-2024-51775

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.