SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Legacy FortiOS Bug Exploited to Bypass Authentication
In the realm of cybersecurity, vulnerabilities are a constant concern, and the repercussions of neglecting older flaws can be significant. A recent example of this is the active exploitation of a five-year-old vulnerability in Fortinet’s FortiOS SSL VPN, identified as CVE-2020-12812. This flaw allow...
CVE Research
MongoBleed: MongoDB Zlib Vulnerability (CVE-2025-14847) and how to remediate it
A high-severity vulnerability known as MongoBleed (CVE-2025-14847), was recently identified and patched in MongoDB, the widely used open-source NoSQL database. The issue, named for its ability to “bleed” uninitialized memory from the server, stems from improper handling of zlib-compressed wire proto...
CVE Research
Zero-Day Crisis: CVE-2025-20393 Unpatched on Cisco Email Gateways, Exploited by China-Linked Hackers
Network edge devices continue to be a primary target for sophisticated state-sponsored actors aiming to bypass traditional perimeter defenses. Recent disclosures reveal a critical zero-day vulnerability in Cisco’s Secure Email Gateway (SEG) and Secure Web Manager (SMA) appliances is being actively e...
CVE Research
SonicWall Disclosure: Active Attacks Target SMA 100, CVE-2025-40602 Patched
SonicWall has released security updates to remediate an actively exploited local privilege escalation vulnerability, tracked as CVE-2025-40602, affecting Secure Mobile Access (SMA) 100 series appliances. The flaw exists in the Appliance Management Console (AMC) and has been confirmed to be exploited...
CVE Research
AWS Intelligence Report: GRU-Linked Hackers Behind Sustained Infrastructure Attacks
Cybercriminals and nation-state advanced persistent threat (APT) groups are increasingly adopting stealth-driven, persistence-focused operational models that rely less on zero-day exploits and more on abusing misconfigurations, credential replay, and trusted infrastructure. Recent disclosures from A...
CVE Research
No Credentials Required: FortiGate SAML SSO Exploit Path Explained
Two maximum severity vulnerabilities have been identified in a range of Fortinet products, including the widely deployed FortiGate firewalls. These vulnerabilities, designated as CVE-2025-59718 and CVE-2025-59719, carry a CVSS score of 9.8, indicating their critical impact. The flaws allow for an u...
CVE Research
Three Zero-Days and 57 Fixes: A Critical Year-End Patch Tuesday from Microsoft
This month’s Patch Tuesday delivers a modest-sized update, but with high-impact fixes. Microsoft has patched 57 vulnerabilities, including 3 zero-day flaws (one actively exploited and two publicly disclosed) along with several critical-severity bugs.
CVE Research
CVE-2025-55182: Immediate Operationalization of React2Shell by China-Nexus Threat Actors
Within hours of the public disclosure of CVE-2025-55182 (React2Shell) on December 3, 2025, security researchers observed active exploitation attempts from several China-nexus cyber threat groups, including Earth Lamia and Jackpot Panda. This critical unauthenticated remote code execution vulnerabili...
CVE Research
Understanding CVE-2025-66516: Critical XXE Exposure in Apache Tika
A maximum severity vulnerability has been identified in Apache Tika, a widely used open-source content analysis toolkit. This vulnerability, designated as CVE-2025-66516, has a CVSS score of 10.0, indicating its critical impact. The flaw allows XML External Entity (XXE) injection attacks, potentiall...