Skip to content

Blog

Understanding CVE-2025-34028, Commvault’s Critical Pre-Auth RCE Vulnerability

In April 2025, a critical pre-auth Remote Code Execution vulnerability, CVE-2025-34028, was discovered in Commvault Command Center. This vulnerability allows attackers to achieve remote code execution without authentication by exploiting an Server-Side Request forgery (SSRF) and a path traversal issue that enables uploading and executing malicious ZIP files. With a CVSS score of 10.0, this… Read More »Understanding CVE-2025-34028, Commvault’s Critical Pre-Auth RCE Vulnerability

The Future of AI Pen Testing: Insights from Bruce Schneier & Renee Guttman At Cyber Risk Alliance Event, USA

At a May 2025 executive panel hosted by Cyber Risk Alliance, security influencers Bruce Schneier and Renee Guttman delivered a clear message: cybersecurity must evolve from static checks to continuous, intelligent validation. Their perspectives are especially close to home for us — both Renee and Bruce are Strategic Advisors at FireCompass, helping guide our mission to bring ethical, AI-powered… Read More »The Future of AI Pen Testing: Insights from Bruce Schneier & Renee Guttman At Cyber Risk Alliance Event, USA

FireCompass in the 2025 Gartner Market Guide for Adversarial Exposure Validation: Technical Insights

FireCompass has been included in the 2025 Gartner Market Guide for Adversarial Exposure Validation (AEV), a report that provides a technical overview of how organizations can empirically validate their security posture using continuous, automated adversarial testing. Key Technical Findings from the Report Definition and Purpose of AEV: Gartner defines AEV as technologies that provide consistent,… Read More »FireCompass in the 2025 Gartner Market Guide for Adversarial Exposure Validation: Technical Insights

Critical-Ivanti-Vulnerability-CVE-2025-22457

Critical Ivanti Vulnerability CVE-2025-22457: What You Need to Know

A critical remote code execution (RCE) vulnerability (CVE-2025-22457) was found in Ivanti’s Connect Secure (ICS), Policy Secure, Pulse Connect Secure (PCS), and ZTA Gateways in April 2025. This vulnerability enables unauthenticated attackers to run arbitrary code on affected devices by utilising a stack-based buffer overflow in the X-Forwarded-For http request header. According to threat intelligence… Read More »Critical Ivanti Vulnerability CVE-2025-22457: What You Need to Know

Critical Apache Tomcat Vulnerability: CVE-2025-24813 Enables RCE – Are You Vulnerable?

Critical Apache Tomcat Vulnerability: CVE-2025-24813 Enables RCE – Are You Vulnerable?

A Critical vulnerability, CVE-2025–24813, was discovered in Apache Tomcat, a widely used open-source Java servlet container. This vulnerability stems from improper handling of path normalization, allowing attackers to bypass security controls and achieve Remote Code Execution (RCE). With a high severity rating, this vulnerability poses a significant risk to organizations using affected versions of Apache… Read More »Critical Apache Tomcat Vulnerability: CVE-2025-24813 Enables RCE – Are You Vulnerable?