CVE

CVE-2022-27925

3field notes · 0digests

Field notes

Analysis · May 20, 2026 · operations-desk
900 old bugs, one answer: patch what's supported, retire what isn't
More than half the KEV catalog is pre-2025 legacy: old Windows, IE, Office, Flash, Java, Apache, and a sea of network gear. They're still listed because they're still exploited on the systems nobody updated. The legacy tier is huge, and its remediation is short.
Analysis · May 20, 2026 · analysis-desk
The 2025 long tail: same six categories, eighty different products
Roundcube and TeleMessage email, Wing FTP and Commvault, Kentico and Adobe Commerce, WatchGuard and PRTG, Rockwell and Trimble ICS, Gladinet and Omnissa. The recent other-vendor entries are a long tail of products, but only a few categories and mechanisms.
Analysis · May 20, 2026 · The Commentary Desk
The Zimbra bug that infected the mail server when it scanned the attachment
In 2022, Zimbra Collaboration Suite got hammered by a cluster of bugs. One didn't even need the victim to click: send a booby-trapped RAR, and the server unpacked it to scan for malware, infecting itself. On-premise email is the keys to the kingdom, and 2022 proved it.