Headline
INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense
Cary, North Carolina, 14th May 2025, CyberNewsWire
Cary, North Carolina, May 14th, 2025, CyberNewsWire
INE Security, a global leader in hands-on cybersecurity training and certifications, today highlighted how ongoing real-world practice with the latest CVEs (Common Vulnerabilities and Exposures) is essential for transforming security teams from reactive to proactive defenders.
With over 26,000 new CVEs documented in the past year, security teams are drowning in vulnerability alerts while facing exploit windows that have compressed to hours in many cases.
“Reading CVE bulletins is not the same as knowing how to stop the attack,” said Dara Warn, CEO at INE Security. “Our Skill Dive platform gives practitioners hands-on experience with real vulnerabilities in contained environments, cutting incident response times when these same issues hit production. This practical approach delivers far more value than traditional security certifications alone.”
Skill Dive is INE Security’s risk-free technical environment featuring exclusive labs not found in learning paths and courses. Skill Dive’s Vulnerabilities Lab Collection offers a continuously updated library of labs specifically designed to provide hands-on practice with actual CVEs, allowing security practitioners, including those preparing for pentester certifications, to experience both the exploitation and mitigation of current real-world threats in a safe environment.
CVEs: From Bulletin to Defense
CVEs are the standard identifiers for known vulnerabilities, but many security teams struggle to implement effective mitigations at scale, even those with Sec+ and other entry-level certifications.
Common challenges include:
- Risk prioritization across hundreds of monthly CVEs
- Testing mitigations without impacting production
- Adapting defenses to diverse system configurations
- Building response muscle memory that works under pressure
- Getting ahead of the threat curve instead of constantly reacting
Practice Today’s Threats. Prevent Tomorrow’s Breaches.
INE Security’s Skill Dive Vulnerabilities Lab Collection delivers:
- Exclusive vulnerability labs not available in standard security training
- Monthly CVE updates focusing on high-impact vulnerabilities
- Isolated practice environment for both offensive and defensive techniques
- Complete severity coverage from critical zero-days to common misconfigurations
- Practical exploitation and defense experience that transfers directly to production incidents
“When a critical CVE drops, you don’t have time to theorize,” said Tracy Wallace, Director of Content at INE Security. “Teams with hands-on practice respond significantly faster because they’ve seen similar attack patterns before. Log4Shell (CVE-2021-44228) was a perfect example – practitioners who had experience with JNDI injection attacks were able to implement effective mitigations within hours, while others took days or even weeks to fully remediate.”
Real Benefits for Security Teams
Skill Dive delivers immediate advantages for practitioners:
- Develop attack pattern recognition that speeds incident response
- Understand attack chains beyond what bulletins describe
- Practice team coordination for high-pressure security events
- Identify defensive gaps before attackers find them
- Build skills that directly translate to career advancement
SecOps teams, security analysts, and IT admins get exactly what certification courses miss: hands-on practice with real-world vulnerabilities.
“Security professionals who regularly drill on current vulnerabilities become exponentially more valuable to their organizations,” said Wallace. “The best defenders understand both the attack and defense sides of the equation.”
High-Impact CVEs in the Skill Dive Collection
The platform features hands-on labs for the most actively exploited vulnerabilities in enterprise environments, including:
- OpenMetadata Authentication Bypass (CVE-2024-28255): Exploit the target machine running OpenMetadata by bypassing the authentication and gaining remote code execution (RCE)
- Calibre RCE (CVE-2024-6782): Exploit the remote code execution vulnerability in Calibre, leading to unauthorized system access
- Log4Shell (CVE-2021-44228): Practice identifying and remediating this critical remote code execution vulnerability that continues to plague Java applications across multiple sectors
- Spring4Shell (CVE-2022-22965): Gain hands-on experience with this widely exploited RCE vulnerability affecting Spring Framework applications
“We continuously track which vulnerabilities are most actively exploited,” said Wallace. “Our collection prioritizes CVEs with the highest real-world impact, not just theoretical severity ratings.”
Proactive Security Through Deliberate Practice
The Skill Dive approach includes:
- Monthly updates aligned with emerging threat patterns
- Realistic environments mirroring production systems
- Practical documentation focused on effective mitigations
- Continuous evolution based on real-world attack trends
Recent lab additions include other top-exploited vulnerabilities such as Cacti Import Packages RCE (CVE-2024-25641), Gradio Path Traversal (CVE-2024-1561), Calibre Arbitrary File Read (CVE-2024-6781), Graylog Information Exposure (CVE-2024-24824), and Navidrome SQL Injection (CVE-2024-47062).
“Security teams that regularly practice with new vulnerabilities stop more breaches, period,” said Wallace. “Practice transforms defense from constant firefighting into strategic advantage.”
Availability
Individual subscriptions to Skill Dive are available now. Enterprise packages for team training are also available.
For more information, users can visit ine.com/cyber-ranges
About INE Security
INE Security is the premier provider of online networking and cybersecurity training and cybersecurity certifications. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity. The company is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.
Contact
Kathryn Brown
INE Security
[email protected]
Related news
Ubuntu Security Notice 6969-1 - It was discovered that Cacti did not properly apply checks to the "Package Import" feature. An attacker could possibly use this issue to perform arbitrary code execution. This issue only affected Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. It was discovered that Cacti did not properly sanitize values when using javascript based API. A remote attacker could possibly use this issue to inject arbitrary javascript code resulting into cross-site scripting vulnerability. This issue only affected Ubuntu 24.04 LTS.
This Metasploit module exploits OpenMetadata versions 1.2.3 and below by chaining an API authentication bypass using JWT tokens along with a SpEL injection vulnerability to achieve arbitrary command execution.
This Metasploit module exploits a Python code injection vulnerability in the Content Server component of Calibre version 6.9.0 through 7.15.0. Once enabled (disabled by default), it will listen in its default configuration on all network interfaces on TCP port 8080 for incoming traffic, and does not require any authentication. The injected payload will get executed in the same context under which Calibre is being executed.
This exploit module leverages an arbitrary file write vulnerability in Cacti versions prior to 1.2.27 to achieve remote code execution. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The module finally triggers the payload to execute arbitrary PHP code in the context of the user running the web server. Authentication is needed and the account must have access to the Import Packages feature. This is granted by setting the Import Templates permission in the Template Editor section.
Cacti versions 1.2.26 and below suffer from a remote code execution execution vulnerability in import.php.
Once attackers have control over a workload in the cluster, they can leverage access for lateral movement both inside the cluster and to external resources.
An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via `launch(share=True)`, thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on `huggingface.co` are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.
### Summary Arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. ### Details Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. https://github.com/Graylog2/graylog2-server/blob/e458db8bf4f789d4d19f1b37f0263f910c8d036c/graylog2-server/src/main/java/org/graylog2/rest/resources/system/ClusterConfigResource.java#L208-L214 ### PoC A request of the following form will output the content of the `/etc/passwd` file: ``` curl -u admin:<admin-password> -X PUT http://localhost:9000/api/system/cluster_config/java.io.File \ -H "Content-Type: application/json" \ -H "X-Requested-By: poc" \ -d '"/etc/passwd"' ``` To perform the request, authorization is required. Only users posessing the `clusterconfigentry:create` and `clusterconfigentry:edit` permissions are allowed to ...
An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.
A financially motivated threat actor has been outed as an initial access broker (IAB) that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware. SecureWorks Counter Threat Unit (CTU) has dubbed the e-crime group Gold Melody, which is also known by the names Prophet Spider (CrowdStrike) and UNC961 (Mandiant). "This financially motivated
An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
Categories: Exploits and vulnerabilities Categories: News Tags: wormable Tags: zero-day Tags: spring4shell Tags: cve-2022-34718 Tags: log4j Tags: openssl Tags: cve-2022-36934 Tags: cve-2022-27492 Tags: cve-2022-22965 Tags: cve-2022-22963 What does it take to make the discussion of vulnerabilities useful? And where did this go wrong in 2022? (Read more...) The post 4 over-hyped security vulnerabilities of 2022 appeared first on Malwarebytes Labs.
The subgroup of an Iranian nation-state group known as Nemesis Kitten has been attributed as behind a previously undocumented custom malware dubbed Drokbk that uses GitHub as a dead drop resolver to exfiltrate data from an infected computer, or to receive commands. "The use of GitHub as a virtual dead drop helps the malware blend in," Secureworks principal researcher Rafe Pilling said. "All the
TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application.
Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.
A threat actor is said to have "highly likely" exploited a security flaw in an outdated Atlassian Confluence server to deploy a never-before-seen backdoor against an unnamed organization in the research and technical services sector. The attack, which transpired over a seven-day-period during the end of May, has been attributed to a threat activity cluster tracked by cybersecurity firm Deepwatch
MobileIron Core is affected by the Log4Shell vulnerability whereby a JNDI string sent to the server will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the tomcat user. This Metasploit module will start an LDAP server that the target will need to connect to.
Plus: A Google Chrome patch licks the DevilsTongue spyware, Android’s kernel gets a tune-up, and Microsoft fixes 84 flaws.
What are container image vulnerabilities?
An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.
A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.
Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.
Calibre-Web before 0.6.18 allows user table SQL Injection.
Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable to remote code execution due to an unsafe data binding used to populate an object from request parameters to set a Tomcat specific ClassLoader. By crafting a request to the application and referencing the org.apache.catalina.valves.AccessLogValve class through the classLoader with parameters such as the following: class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp, an unauthenticated attacker can gain remote code execution.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
Summary Summary Microsoft used the Spring Framework RCE, Early Announcement to inform analysis of the remote code execution vulnerability, CVE-2022-22965, disclosed on 31 Mar 2022. We have not to date noted any impact to the security of our enterprise services and have not experienced any degraded service availability due to this vulnerability.
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.