The US Cybersecurity and Infrastructure Security Agency has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, putting enterprise security teams on high alert as the February 25, 2025 remediation deadline looms. Among the most concerning additions are a high-severity information disclosure flaw in Microsoft .NET Framework and a critical remote code execution vulnerability in Apache OFBiz, both now confirmed as actively exploited in the wild.
The Exploit Mechanics
The .NET Framework vulnerability, tracked as CVE-2024-29059, carries a CVSS v3 score of 7.5 and was originally discovered by security firm CODE WHITE in November 2023. The flaw enables attackers to leak internal object URIs through .NET Remoting services, which can then be weaponized to perform remote code execution attacks against vulnerable applications. Microsoft initially dismissed the report, stating it “does not meet our bar for immediate servicing,” but ultimately patched the vulnerability in its January 2024 security updates after CODE WHITE released a proof-of-concept exploit demonstrating the attack chain in February 2024.
The Apache OFBiz vulnerability, tracked as CVE-2024-45195, is even more severe with a critical CVSS v3 score of 9.8. Discovered by Rapid7, this flaw exploits a forced browsing weakness that exposes restricted application paths to unauthenticated direct request attacks. Attackers can achieve full remote code execution on affected servers without any authentication credentials, making it an exceptionally dangerous weapon in the hands of threat actors. The vulnerability affects all Apache OFBiz versions prior to 18.12.16.
Affected Systems
The .NET Remoting flaw impacts any application still using the legacy .NET Remoting communication framework, which remains surprisingly common in enterprise environments despite Microsoft having deprecated the technology in favor of Windows Communication Foundation. Financial services firms, healthcare providers, and government agencies running older .NET applications are particularly at risk. With Bitcoin trading around $96,482 and the broader crypto market maintaining a multi-trillion dollar valuation, any enterprise infrastructure vulnerability could have cascading effects on digital asset operations.
Apache OFBiz, an open-source enterprise resource planning system, is used by thousands of organizations worldwide for inventory management, order processing, and e-commerce operations. Organizations that have not upgraded to version 18.12.16 or later remain fully exposed to unauthenticated remote code execution attacks.
The Mitigation Strategy
CISA has mandated that all federal agencies apply the available patches by February 25, 2025, or cease using the affected products. For the .NET vulnerability, organizations should ensure they have applied the January 2024 security updates and audit any applications still using .NET Remoting. For Apache OFBiz, an immediate upgrade to version 18.12.16 or later is required. Additionally, organizations should implement network segmentation to limit the attack surface of legacy remoting services and deploy web application firewalls configured to block suspicious URI patterns associated with the OFBiz exploit.
Lessons Learned
The timeline of the .NET vulnerability disclosure raises serious questions about vendor response to security research. Microsoft took over a year from initial discovery to issuing a proper CVE advisory, during which time the vulnerability remained exploitable. Security teams must not rely solely on vendor patch cycles and should implement defense-in-depth strategies including runtime application self-protection tools and anomaly detection systems that can identify exploitation attempts before patches become available.
User Action Required
Organizations running .NET Framework applications with Remoting enabled or Apache OFBiz installations should immediately inventory their exposure, apply the relevant patches, and monitor logs for indicators of compromise. Network defenders should review the CISA KEV catalog entry for IOCs and ensure their detection rules are updated to flag exploitation attempts targeting these specific vulnerabilities. The February 25 deadline applies to federal agencies, but all organizations should treat these actively exploited flaws as critical priorities.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before making any financial decisions.
microsoft initially dismissing CVE-2024-29059 because it didnt meet their bar is wild. CODE WHITE handed them a working exploit and they still shrugged
CODE WHITE literally gave them a working PoC and microsoft said it didnt meet their bar. what exactly is the bar then, a full breach on CNN?
Microsofts bar is apparently a public breach and CNN coverage. CODE WHITE did their job for them and got shrugged off
The .NET Remoting attack chain is nastier than people realize. Leaking internal URIs is just step one, the RCE that follows is the real problem.
^ exactly. and these are the same enterprise systems running trading infra and custody solutions. patch your stuff people
the URI leak into RCE chain is textbook escalation. .NET Remoting should have been deprecated a decade ago
OFBiz with a 9.8 CVSS and still being exploited months after a patch dropped. Enterprise patching is genuinely broken.
their remediation deadline was feb 2025 and places still getting popped. the gap between patch available and patch applied is where all the damage happens
Microsoft initially dismissing CVE-2024-29059 because it didn’t meet their ‘bar’ was wild. CODE WHITE handed them a working exploit and they still shrugged.
OFBiz with a 9.8 CVSS and still being exploited months after a patch dropped shows how broken enterprise patching really is.