Monday, April 21, 2025
CISA Exploit ListCybersecuritySoftware

CISA Warns of Active Exploitation of Critical Flaws in Zyxel Firewalls and Other Platforms

Justin Erickson

by Justin Erickson

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding the active exploitation of critical vulnerabilities affecting Zyxel firewalls, ProjectSend file-sharing software, and CyberPanel hosting platforms. Among them, the most significant is CVE-2024-51378 (CVSS score 10.0), an incorrect default permissions vulnerability that allows attackers to execute arbitrary code commands. ProjectSend and CyberPanel also suffer from severe flaws that leave systems vulnerable to data breaches and unauthorized access. CISA has added these vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing the urgent need for patching. Organizations using these services are advised to update their software immediately, implement strict access controls, and monitor activity for signs of compromise.

The flaws are listed as CVE-2024-51378, CVE-2023-45727, CVE-2024-11680, and CVE-2024-11667.

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)

Cyber Security News
The Hacker News
Tech Radar
SecurityWeek
CVE-2024-51378
CVE-2023-45727
CVE-2024-11680
CVE-2024-11667