Multiple Microsoft Excel Vulnerabilities

April 30, 2025

Hackers Use MS Equation Editor Flaw to Deploy XLoader

April 30, 2025

Multiple GitLab Products Vulnerabilities

April 30, 2025

Severity

Medium

Analysis Summary

CVE-2024-12619 CVSS:5.2

GitLab could allow a remote authenticated attacker to bypass security restrictions, caused by an improper access control vulnerability.

CVE-2024-8402 CVSS:3.7

An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to introduce malicious code. GitLab allow a local authenticated attacker to execute arbitrary commands on the system, caused by an input validation issue in the Google Cloud IAM integration feature.

Impact

Security Bypass
Gain Access

Indicators of Compromise

CVE

CVE-2024-12619
CVE-2024-8402

Affected Vendors

GitLab

Affected Products

GitLab - 17.9
GitLab - 17.8.5
GitLab - 17.10

Remediation

Upgrade to the latest version of GitLab, available from the GitLab Website.

CVE-2024-12619

CVE-2024-8402

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Patchwork APT Group – Active IOCs

VS Code in Browser Exposes Sessions

Multiple F5 BIG-IP Products Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Multiple Microsoft Excel Vulnerabilities

Hackers Use MS Equation Editor Flaw to Deploy XLoader

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.