Full Skyway Support Library
What is the FreePBX Vulnerability (CVE-2025-57819), what is the risk and how can you mitigate that risk?
What is it? FreePBX is an open-source web-based graphical user interface. Why is it a risk? FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary...
What is the IceWarp Mail Server Vulnerability (CVE-2025-14500), what is the risk and how can you mitigate that risk?
What is it? IceWarp is a Mail Server that also provides messaging and collaboration services. A vulnerability in the code allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this vulnerability. Why is...
What is the SolarWinds Serve-U vulnerability (CVE-2025-40538), what is the risk and how can you mitigate that risk?
What is it? SolarWinds Serv-U provides Managed File Transfer over HTTP. Versions 15.5.3 and earlier contain a programming error that gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin...
What is the Broadcom VMWare Time-of-Check, Time-of-Use (TOCTOU) Vulnerability (CVE-2025-22224), what is the risk and how can you mitigate that risk?
What is it? Broadcom VMWare is a popular virtualization server software that allows more than one virtual server to run on a single physical server. Different virtual servers may run different operating systems. VMWare (ESXi and Workstation) has a flaw that allows a...
What are the Broadcom VMWare Deleted Admin Group (CVE-2024-37085) and DDoS (CVE-2024-37086, CVE-2024-37087) Vulnerabilities, what is the risk and how can you mitigate that risk?
What is it? Broadcom VMWare is a popular virtualization server software that allows more than one virtual server to run on a single physical server. Different virtual servers may run different operating systems. VMWare (ESXi and vCenter Server) has flaws that allow...
What is the Zimbra Collaboration Suite (ZCS) web mail Vulnerability (CVE-2025-68645), what is the risk and how can you mitigate that risk?
What is it? Zimbra Collaboration Suite (ZCS) includes a web mail client written in PHP. A vulnerability exists in the way that files are loaded remotely. Why is it a risk? An attacker can read files on your server or inject PHP logic into mail processing. The Red Hot...
What is the Simple Service Discovery Protocol (SSDP) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? Simple Service Discovery Protocol (SSDP) is used to discover what devices (and their capabilities) are available in a local area network. It is the basis of Universal Plug and Play (UPnP) devices like printers and scanners but it also helps locate network...
What is the MeshCentral Command and Control (C&C, or C2) Vulnerability, what is the risk and how can you mitigate that risk?
What is it? MeshCentral is an open-source remote administration tool that provides remote control, hardware and software inventory, system monitoring, and background management including remote terminal and file management. While extremely useful, these remote control...
What is the Broadcom VMWare Memory Management Vulnerability (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239), what is the risk and how can you mitigate that risk?
What is it? Broadcom VMWare is a popular virtualization server software that allows more than one virtual server to run on a single physical server. Different virtual servers may run different operating systems. Several versions of VMWare (ESXi, Workstation, Fusion...
What is the ConnectWise ScreenConnect Vulnerability (CVE-2025-14265), what is the risk and how can you mitigate that risk?
What is it? ConnectWise ScreenConnect provides remote support (remote control) to help you support your staff. Remote Control software is naturally an attractive target for cyber attackers. ConnectWise ScreenConnect 25.7 and prior are affected by a bug in the...