Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.

CVE-2025-55336: Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

CVE-2025-55335: Windows NTFS Elevation of Privilege Vulnerability

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability

Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.

CVE-2025-55247: .NET Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?**

Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2025-48004: Microsoft Brokering File System Elevation of Privilege Vulnerability

No cwe for this issue in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

CVE-2025-47989: Azure Connected Machine Agent Elevation of Privilege Vulnerability

Untrusted pointer dereference in Agere Windows Modem Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-24990: Windows Agere Modem Driver Elevation of Privilege Vulnerability

Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns.
The Proofpoint Threat Research Team described the threat activity cluster as sophisticated, leveraging web injections and filtering checks as part of its attack chains.
"TA585 is notable because it

Cybersecurity researchers have shed light on a previously undocumented threat actor called **TA585** that has been observed delivering an off-the-shelf malware called **MonsterV2** via phishing campaigns.

The Proofpoint Threat Research Team described the threat activity cluster as sophisticated, leveraging web injections and filtering checks as part of its attack chains.

"TA585 is notable because it appears to own its entire attack chain with multiple delivery techniques," researchers Kyle Cucci, Tommy Madjar, and Selena Larson said. "Instead of leveraging other threat actors – like paying for distribution, buying access from initial access brokers, or using a third-party traffic delivery system – TA585 manages its own infrastructure, delivery, and malware installation."

MonsterV2 is a remote access trojan (RAT), stealer, and loader, which Proofpoint first observed being advertised on criminal forums in February 2025. It's worth noting that MonsterV2 is also called Aurotun Stealer (a misspelling of "autorun") and has been previously distributed via CastleLoader (aka CastleBot).

Phishing campaigns distributing the malware have been observed using U.S. Internal Revenue Service (IRS) themed lures to trick users into clicking on fake URLs that direct to a PDF, which, in turn, links to a web page employing the ClickFix social engineering tactic to activate the infection by running a malicious command in the Windows Run dialog or PowerShell terminal. The PowerShell command is designed to execute a next-stage PowerShell script that deploys MonsterV2.

Subsequent attack waves detected in April 2025 have resorted to malicious JavaScript injections on legitimate websites that serve fake CAPTCHA verification overlays to initiate the attack via ClickFix, ultimately leading to the delivery of the malware via a PowerShell command.

Initial iterations of this campaign distributed Lumma Stealer, before TA585 switched to MonsterV2 in early 2025. Interestingly, the JavaScript inject and the associated infrastructure (intlspring\[.\]com) have also been linked to the distribution of Rhadamanthys Stealer.

A third set of campaigns undertaken by TA585 has made use of email notifications from GitHub that are triggered when tagging GitHub users in bogus security notices that contain URLs leading to actor-controlled websites.

Both the activity clusters – that revolve around web injects and phony GitHub alerts -- have been associated with CoreSecThree, which, according to PRODAFT, is a "sophisticated framework" that's known to be active since February 2022 and has been "consistently" used to propagate stealer malware.

MonsterV2 is a full-featured malware that can steal sensitive data, act as a clipper by replacing cryptocurrency addresses in the infected systems' clipboard with threat actor-provided wallet addresses, establish remote control using Hidden Virtual Network Computing (HVNC), receive and execute commands from an external server, and download additional payloads.

The malware is sold by a Russian-speaking actor for $800 USD per month for the "Standard" edition, while the "Enterprise" version, which comes with stealer, loader, HVNC, and Chrome DevTools Protocol (CDP) support, costs $2,000 per month. A notable aspect of the stealer is that it avoids infecting Commonwealth of Independent States (CIS) countries.

MonsterV2 is typically packed using a C++ crypter called SonicCrypt, thereby allowing it to evade detection by running a series of anti-analysis checks prior to decrypting and loading the payload.

Once launched, the malware decrypts and resolves the Windows API functions crucial to its functioning, in addition to elevating its privileges. It then proceeds to decode an embedded configuration to connect to the command-and-control (C2) server, as well as determine its next course of action based on the parameters set -

*   anti\_dbg, if set to True, the malware attempts to detect and evade debuggers in use
*   anti\_sandbox, if set to True, the malware attempts to detect sandboxes and execute some rudimentary anti-sandbox techniques
*   aurotun (it's this misspelling that has given it the name Aurotun Stealer), if set to True, the malware attempts to set up persistence on the host
*   priviledge\_escalation, if set to True, the malware attempts to elevate its privileges

If the malware successfully establishes contact with the C2 server, it sends basic system information and the system's geolocation by sending a request to "api.ipify\[.\]org." The response from the server contains the command to be executed on the host. Some of the supported features are listed below -

*   Execute infostealer functionality and exfiltrate data to the server
*   Execute an arbitrary command via cmd.exe or PowerShell
*   Terminate, suspend, and resume target processes
*   Establish an HVNC connection to the infected system
*   Take screenshots of the desktop
*   Start a keylogger
*   Enumerate, manipulate, copy, and exfiltrate files
*   Shut down or crash the system
*   Download and execute next-stage payloads like StealC, Remcos RAT

"This activity was not correlated with TA585, however. Notably, with StealC, the MonsterV2 payloads were configured to use the same C2 server as the dropped StealC payload," Proofpoint said. "TA585 is a unique threat actor with advanced capabilities for targeting and delivery. As the cybercrime threat landscape is constantly changing, TA585 has adopted effective strategies for filtering, delivery, and malware installation."

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain

With just $800 in basic equipment, researchers found a stunning variety of data—including thousands of T-Mobile users’ calls and texts and even US military communications—sent by satellites unencrypted.

Satellites beam data down to the Earth all around us, all the time. So you might expect that those space-based radio communications would be encrypted to prevent any snoop with a satellite dish from accessing the torrent of secret information constantly raining from the sky. You would, to a surprising and troubling degree, be wrong.

Roughly half of geostationary satellite signals, many carrying sensitive consumer, corporate, and government communications, have been left entirely vulnerable to eavesdropping, a team of researchers at UC San Diego and the University of Maryland revealed today in a study that will likely resonate across the cybersecurity industry, telecom firms, and inside military and intelligence agencies worldwide.

For three years, the UCSD and UMD researchers developed and used an off-the-shelf, $800 satellite receiver system on the roof of a university building in the La Jolla seaside neighborhood of San Diego to pick up the communications of geosynchronous satellites in the small band of space visible from their Southern California vantage point. By simply pointing their dish at different satellites and spending months interpreting the obscure—but unprotected—signals they received from them, the researchers assembled an alarming collection of private data: They obtained samples of the contents of Americans’ calls and text messages on T-Mobile’s cellular network, data from airline passengers’ in-flight Wi-Fi browsing, communications to and from critical infrastructure such as electric utilities and offshore oil and gas platforms, and even US and Mexican military and law enforcement communications that revealed the locations of personnel, equipment, and facilities.

“It just completely shocked us. There are some really critical pieces of our infrastructure relying on this satellite ecosystem, and our suspicion was that it would all be encrypted,” says Aaron Schulman, a UCSD professor who co-led the research. “And just time and time again, every time we found something new, it wasn't.”

The group’s paper, which they’re presenting this week at an Association for Computing Machinery conference in Taiwan, is titled “Don’t Look Up”—a reference to the 2021 film of that title but also a phrase the researchers say describes the apparent cybersecurity strategy of the global satellite communications system. “They assumed that no one was ever going to check and scan all these satellites and see what was out there. That was their method of security,” Schulman says. “They just really didn't think anyone would look up.”

The researchers say that they’ve spent nearly the past year warning companies and agencies whose sensitive data they found exposed in satellite communications. Most of them, including T-Mobile, moved quickly to encrypt those communications and protect the data. Others, including some owners of vulnerable US critical infrastructure whom the researchers alerted more recently—and declined to name to WIRED—have yet to add encryption to their satellite-based systems. Researchers have pointed to the surveillance dangers of unencrypted satellite connections before, but the scale and scope of the new disclosures appear unrivaled.

UCSD and UMD researchers pose with their satellite receiver system on the roof of a university building in San Diego. From left to right: Annie Dai, Aaron Schulman, Keegan Ryan, Nadia Heninger, Morty Zhang. Not pictured: Dave Levin.

Courtesy of Ryan Kosta

The researchers’ work looked at only a small fraction of geostationary satellites whose signals they could pick up from San Diego—roughly 15 percent of those in operation, by the researchers’ estimate. This suggests vast amounts of data are likely still being exposed over satellite communications, says Matt Green, a computer science professor at Johns Hopkins University who focuses on cybersecurity and reviewed the study. Large swaths of satellite data will likely be vulnerable for years to come, too, as companies and governments grapple with whether and how to secure outdated systems, Green says.

“It's crazy. The fact that this much data is going over satellites that anyone can pick up with an antenna is just incredible,” Green says. “This paper will fix a very small part of the problem, but I think a lot of it is not going to change.”

“I would be shocked,” Green adds, “if this is something that intelligence agencies of any size are not already exploiting.”

**Half Conversations, Broadcast From Space**

The phone calls and text messages the researchers obtained, in particular, were exposed due to telecoms’ often overlooked use of satellite communications for offering cellular coverage to normal phone users who connect to cell towers in remote locations. Some towers in desert or mountainous regions of the US, for instance, connect to a satellite that relays their signals to and from the rest of a telecom’s core cellular network, the internal communications of the network known as “backhaul” traffic.

Anyone who sets up their own satellite receiver in the same broad region as one of those remote cell towers—often as far as thousands of miles away—can pick up the same signals meant for that tower. Doing so allowed the research team to obtain at least some amount of unencrypted backhaul data from the carriers T-Mobile, AT&T Mexico, and Telmex.

The T-Mobile data was particularly significant: In just nine hours of recording T-Mobile backhaul satellite communications from their single dish, the researchers collected the phone numbers of more than 2,700 users as well as all the phone calls and text messages the researchers received during that time. They could, however, only read or hear one side of those conversations: the content of the messages and calls sent _to_ T-Mobile’s remote towers, not sent _from_ them to the core cell network, which would have required another satellite dish near the one T-Mobile intended to receive the signal on the other end.

Cellular towers in remote regions sometimes connect to a satellite that relays their signals to and from the rest of a telecom’s core cellular network—the internal communications of the network known as “backhaul” traffic. Anyone who sets up their own satellite receiver in the same broad region as one of those remote cell towers—often as far as thousands of miles away—can pick up the same signals meant for that tower.

Illustration: WIRED Staff; Getty Images

“When we saw all this, my first question was, did we just commit a felony? Did we just wiretap?” says Dave Levin, a University of Maryland computer science professor who co-led the study. In fact, he says, the team didn’t actively intercept any communications, only passively listened to what was being sent to their receiver dish. “These signals are just being broadcast to over 40 percent of the Earth at any point in time,” Levin says.

Mexican telecom Telmex also transmitted unencrypted voice calls, the researchers found. The researchers further discovered that AT&T Mexico transmitted raw data over satellites that included users’ internet traffic—most of which was encrypted with HTTPS by the apps or browsers they used—but also some calling and texting metadata. They also found decryption keys that the researchers believe could likely have been used to decipher other sensitive information the AT&T Mexico network transmitted—though they didn’t attempt this.

Starting in December 2024, the researchers began contacting the affected telecoms. T-Mobile responded by encrypting its satellite transmissions within weeks, but responses from other cell carriers were mixed.

“Last year, this research helped surface a vendor's encryption issue found in a limited number of satellite backhaul transmissions from a very small number of cell sites, which was quickly fixed,” a T-Mobile spokesperson says, adding the issue was “not network-wide” and that the company has taken steps to “make sure this doesn't happen again.”

A spokesperson for AT&T says the company “promptly” fixed the issue. "A satellite vendor misconfigured a small number of cell towers in a remote region of Mexico,” they say. Telmex did not respond to WIRED’s request for comment.

Whether other cellular carriers around the US and world—outside the visibility of the researchers’ satellite dish—have encrypted their satellite-based network backhaul data remains an open question. The researchers say they didn’t see any unencrypted Verizon or AT&T US traffic from their dish.

The AT&T spokesperson says that its US and Mexico networks are separate, and it is “rare” to use satellites for cellular backhaul. "We typically route traffic on our closed, secure backhaul network,” the spokesperson says. “On those rare instances where data must be transmitted outside our closed network, it is our policy to encrypt it." Verizon did not respond to WIRED’s request for comment.

Beyond just cell towers in remote locations, it’s possible that a lack of encryption for cellular backhaul data could make anyone on the same network vulnerable, points out Johns Hopkins’ Green. Hackers might be able to perform a so-called relay attack with a spoofed cell tower—using the surveillance hardware sometimes called a stingray or IMSI catcher—and route any victim’s data to a cell tower that connects to a satellite uplink. “The implications of this aren't just that some poor guy in the desert is using his cell phone tower with an unencrypted backhaul,” says Green. “You could potentially turn this into an attack on anybody, anywhere in the country.”

**Military Helicopters and Power Grids, Exposed**

The researchers’ satellite dish also pulled down a significant collection of unprotected military and law enforcement communications. They obtained, for instance, unencrypted internet communications from US military sea vessels, as well as the vessels’ names. (A spokesperson for the US Defense Information Systems Agency acknowledged WIRED’s request for comment but had not provided a response at the time of writing).

For Mexican military and law enforcement, the exposures were far worse: The researchers say they found what appeared to be unencrypted communications with remote command centers, surveillance facilities, and units of the Mexican military and law enforcement. In some cases, they saw the unprotected transmission of sensitive intelligence information on activities like narcotics trafficking. In others, they found military asset tracking and maintenance records for aircraft like Mil Mi-17 and UH-60 Black Hawk helicopters, sea vessels, and armored vehicles, as well as their locations and mission details. “When we started seeing military helicopters, it wasn’t necessarily the sheer volume of data, but the extreme sensitivity of that data that concerned us,” says Schulman. The Mexican military did not immediately respond to WIRED’s requests for comment.

Just as sensitive, perhaps, were industrial systems communications from critical infrastructure like power grids and offshore oil and gas platforms. In one case, they found that the Comisión Federal de Electricidad (CFE), Mexico’s state-owned electric utility with nearly 50 million customers, was transmitting its internal communications in the clear—everything from work orders that included customers’ names and addresses to communications about equipment failures and safety hazards. (A CFE spokesperson acknowledged WIRED’s request for comment but didn't provide a response before publication.)

In other cases they have yet to publicly detail, the researchers say they also warned US infrastructure owners about unencrypted satellite communications for industrial control system software. In their phone calls with those infrastructure owners, some owners even expressed concerns that a malicious actor might have the ability to not only surveil the control systems of their facilities, but also, with enough sophistication, potentially disable or spoof them to tamper with the facility’s operation.

The researchers obtained a vast grab bag of other miscellaneous corporate and consumer data: They pulled down in-flight Wi-Fi data for Intelsat and Panasonic systems used by 10 different airlines. Within that data, they found unencrypted metadata about users’ browsing activities and even the unencrypted audio of the news programs and sports games being broadcast to them. They also obtained corporate emails and inventory records of Walmart’s Mexican subsidiary, satellite communications to ATMs managed by Santander Mexico, as well as the Mexican banks Banjercito and Banorte.

A spokesperson for Panasonic Avionics Corporation said they “welcome the findings” from the researchers, but claim it “has found that several statements attributed to us are either inaccurate or misrepresent our position.” When asked, the spokesperson did not specify what the company considered was inaccurate. “Our satellite communications systems are designed so that every user data session follows established security protocols,” the spokesperson says.

“Generally, our users choose the encryption that they apply to their communications to suit their specific application or need,” says a spokesperson for SES, the parent company of Intelsat. “For SES’s inflight customers, for example, SES provides a public Wi-Fi hot spot connection similar to the public internet available at a coffee shop or hotel. On such public networks, user traffic would be encrypted when accessing a website via HTTPS/TLS or communicating using a virtual private network.”

The researchers reported the swaths of unencrypted satellite communications from the Mexican government and Mexican organizations to CERT-MX, the country’s incident response team, which is part of the government’s National Guard, in April this year, before separately contacting companies. CERT-MX did not respond to WIRED’s repeated requests for comment.

A spokesperson for Santander Mexico says that no customer information or transactions were compromised, but confirmed that the exposed traffic was linked to a “small group” of ATMs used in remote areas of Mexico where using satellite connections is the only option available. “Although this traffic does not pose a risk to our customers, we took the report as an opportunity for improvement, implementing measures that reinforce the confidentiality of technical traffic circulating through these links,” the spokesperson says.

“While we cannot share specifics, we can confirm that our communications lines have been evaluated and confirmed secure,” a spokesperson for Walmart says. (The researchers confirm that they observed Walmart had encrypted its satellite communications in response to their warning.)

“The information of our customers and infrastructure is not exposed to any vulnerability,” a spokesperson for Grupo Financiero Banorte says. Banjercito could not be reached for comment.

“SIA and its members remain diligent in monitoring the threat landscape and continue to participate in various security efforts with government agencies, industry working groups, and international standards bodies,” says Tom Stroup, the president of the Satellite Industry Association, adding that it does not comment on specific company issues.

**Time to Look Up**

The amount of Mexico-related data in the researchers’ findings is, of course, no coincidence. Although their satellite dish was technically able to pick up transmissions from around a quarter of the sky, much of that swath included the Pacific Ocean, which has relatively few satellites above it, and only a small fraction of the transponders on the satellites it did see were transmitting data in the direction of its dish. The result, the researchers estimate, was that they examined only 15 percent of global satellite transponder communications, mostly in the western US and Mexico.

Geostationary satellites ring the Earth’s equator. The researchers’ satellite dish on the roof of their UC San Diego building was in a position to pick at least some signals from about a quarter of that ring. But because many of the satellites’ signals weren’t transmitted towards San Diego—and a large part of their coverage was over the Pacific Ocean, with relatively few satellites—they only received an estimated 15 percent of all geostationary satellite signals. That also means that other dishes placed elsewhere in the world would likely find entirely different signals transmitting different sensitive data.

Illustration: WIRED Staff; Getty Images

That suggests anyone could set up similar hardware somewhere else in the world and likely obtain their own collection of sensitive information. After all, the researchers restricted their experiment to only off-the-shelf satellite hardware: a $185 satellite dish, a $140 roof mount with a $195 motor, and a $230 tuner card, totaling less than $800.

“This was not NSA-level resources. This was DirecTV-user-level resources. The barrier to entry for this sort of attack is extremely low,” says Matt Blaze, a computer scientist and cryptographer at Georgetown University and law professor at Georgetown Law. “By the week after next, we will have hundreds or perhaps thousands of people, many of whom won’t tell us what they’re doing, replicating this work and seeing what they can find up there in the sky.”

One of the only barriers to replicating their work, the researchers say, would likely be the hundreds of hours they spent on the roof adjusting their satellite. As for the in-depth, highly technical analysis of obscure data protocols they obtained, that may now be easier to replicate, too: The researchers are releasing their own open-source software tool for interpreting satellite data, also titled “Don’t Look Up,” on Github.

The researchers’ work may, they acknowledge, enable others with less benevolent intentions to pull the same highly sensitive data from space. But they argue it will also push more of the owners of that satellite communications data to encrypt that data, to protect themselves and their customers. “As long as we’re on the side of finding things that are insecure and securing them, we feel very good about it,” says Schulman.

There’s little doubt, they say, that intelligence agencies with vastly superior satellite receiver hardware have been analyzing the same unencrypted data for years. In fact, they point out that the US National Security Agency warned in a 2022 security advisory about the lack of encryption for satellite communications. At the same time, they assume that the NSA—and every other intelligence agency from Russia to China—has set up satellite dishes around the world to exploit that same lack of protection. (The NSA did not respond to WIRED’s request for comment).

“If they aren't already doing this,” jokes UCSD cryptography professor Nadia Heninger, who co-led the study, “then where are my tax dollars going?”

Heninger compares their study’s revelation—the sheer scale of the unprotected satellite data available for the taking—to some of the revelations of Edward Snowden that showed how the NSA and Britain’s GCHQ were obtaining telecom and internet data on an enormous scale, often by secretly tapping directly into communications infrastructure.

“The threat model that everybody had in mind was that we need to be encrypting everything, because there are governments that are tapping undersea fiber optic cables or coercing telecom companies into letting them have access to the data,” Heninger says. “And now what we're seeing is, this same kind of data is just being broadcast to a large fraction of the planet.”

Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data

Liferay Portal 7.3.0 through 7.4.3.119, and Liferay DXP 2023.Q3.1 through 2023.Q3.8, 2023.Q4.0 through 2023.Q4.5, 7.4 GA through update 92 and 7.3 GA though update 36 shows content to users who do not have permission to view it via the Menu Display Widget. This security flaw could result in sensitive information being exposed to unauthorized users.

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

Latest News