Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We admit it – we’ve had our heads in the clouds recently. Since we started working with Wiz as one of their integration partners, we’ve been spending even more time thinking about cloud assets. And these assets are everywhere! Gartner predicts double digit growth across all cloud segments in 2025.

On April 24th, 2025, SAP disclosed CVE-2025-31324, a critical missing authorization check vulnerability (CVSS 10.0) affecting the Metadata Uploader component of SAP NetWeaver Visual Composer. This vulnerability fails to restrict file upload content, allowing unauthenticated remote attackers to achieve full remote code execution (RCE) on affected servers.

Cloud-Native Application Protection Platforms (CNAPPs) combine tools that scan your code, check your open-source libraries, protect your cloud workloads, and monitor your cloud configurations. But CNAPPs aren’t a silver bullet. They lack external active testing and blackbox cloud asset discovery, two capabilities that can leave exploitable vulnerabilities undetected. CNAPPs depend on APIs and deployment hooks to see what’s running.

CVE-2025-22457, a critical vulnerability (CVSS 9.0) affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti ZTA Gateways. The issue stems from a stack-based buffer overflow triggered by sending a specially crafted X-Forwarded-For HTTP header. Successful exploitation enables unauthenticated remote code execution. This vulnerability was originally misidentified as a buffer overflow vulnerability that could not lead to either remote code execution (RCE) or denial of service (DoS).