Rapid responses

runZero’s Rapid Response program provides immediate detection and notification of emerging threats. Each Rapid Response includes a query to find matching assets, a trigger to analyze all inventories for exposure, and a corresponding blog post with the details of the issue. This program focuses on helping customers mitigate exposures before compromise.

Vulnerabilities covered by the Rapid Response program are replaced by more specific coverage as mitigations become available.

Latest Rapid Responses

DateNameTypeSeverityQueryUS SaaS LinkEU SaaS Link
09/30/2025Rapid Response: VMware Aria Operations Local Privilege Escalation (CVE-2025-41244)servicesInfo_asset.protocol:http AND protocol:http AND has:last.html.title AND last.html.title:="VMware Aria Operations"LinkLink
09/25/2025Rapid Response: Cisco ASA and FTD Multiple Vulnerabilities (September 2025)assetsInfo(os:="Cisco Adaptive Security Appliance" OR hw:="Cisco ASA%") AND (protocol:http OR protocol:tls)LinkLink
09/24/2025Rapid Response: Cisco IOS and IOS XE SNMP DoS and RCE Vulnerability (CVE-2025-20352)assetsInfo(os:="Cisco IOS" OR os:="Cisco IOS XE" OR hw:="Cisco Meraki MS390%" OR hw:="Cisco Meraki C9300%") AND has:snmp.v2DefaultCommunitiesLinkLink
09/23/2025Rapid Response: SolarWinds Web Help Desk RCE (CVE-2025-26399)softwareCriticalvendor:=SolarWinds AND (product:="Web Help Desk" OR product:="webhelpdesk") AND (version:>0 AND version:<12.8.7.2174)LinkLink
09/19/2025Rapid Response: Fortra GoAnywhere MFT License Servlet Deserialization Vulnerability (CVE-2025-10035)softwareCriticalvendor:=Fortra AND (product:="Goanywhere Managed File Transfer" OR product:="GoAnywhere MFT%") AND (version:>0 AND version:<7.8.4 AND NOT version:=7.6.3)LinkLink
09/18/2025Rapid Response: WatchGuard Firebox IKED RCE (CVE-2025-9242)assetsInfoos:="WatchGuard Fireware"LinkLink
09/17/2025Rapid Response: Daikin Security Gateway Authentication Bypass (CVE-2025-10127)servicesInfo_asset.protocol:http AND protocol:http AND has:html.title AND html.title:="Security GW" AND has:favicon.ico.image.mmh3 AND favicon.ico.image.mmh3:="1417553504"LinkLink
09/12/2025Rapid Response: Dassault Systèmes (3DS) DELMIA Apriso RCE (CVE-2025-5086)servicesInfo_asset.protocol:http AND protocol:http AND has:last.html.title AND last.html.title:="DELMIA Apriso%"LinkLink
09/09/2025Rapid Response: Adobe Commerce & Magento Session Takeover With Unconfirmed RCE (CVE-2025-54236)softwareCriticalvendor:=Adobe AND product:=Magento AND (version:>0 AND version:<="2.4.9-alpha2")LinkLink
09/09/2025Rapid Response: SAP NetWeaver (RMI-P4) Insecure Deserialization (CVE-2025-42944)softwareCriticalvendor:=SAP AND product:"NetWeaver" AND (version:>0 AND version:<=7.50)LinkLink
09/03/2025Rapid Response: Sangoma FreePBX RCE (CVE-2025-57819)softwareCritical((vendor:=FreePBX AND product:=PBX) OR (vendor:=Sangoma AND product:=FreePBX)) AND (version:>0 AND (version:<"15.0.66(%)" OR version:<"16.0.89(%)" OR version:<"17.0.3(%)"))LinkLink
08/29/2025Rapid Response: Arcserve Unified Data Protection < 10.2 Heap Overflow VulnerabilitiessoftwareInfo(vendor:=Arcserve OR vendor:="Arcserve (USA)") AND (product:=UDP OR product:="Arcserve Unified Data Protection") AND version:<10.2LinkLink
08/26/2025Rapid Response: NetScaler ADC And NetScaler Gateway Multiple VulnerabilitiesassetsInfohw:="Citrix Netscaler Gateway" OR os:="Citrix ADC" OR os:="Citrix NetScaler"LinkLink
08/22/2025Rapid Response: Rockwell Automation ControlLogix Ethernet RCE (CVE-2025-7353)servicesCritical(_asset.protocol:="ethernetip" OR asset.protocol:="ethernetip-udp") AND protocol:"ethernetip" AND (ethernetip.product:="1756-EN2T/D" OR ethernetip.product:="1756-EN2F/C" OR ethernetip.product:="1756-EN2TR/C" OR ethernetip.product:="1756-EN3TR/B" OR ethernetip.product:="1756-EN2TP/A") AND (ethernetip.revision:<"12" OR ethernetip.revision:"12.0%")LinkLink
08/20/2025Rapid Response: Trend Micro Apex One OS Command Injection VulnerabilitiessoftwareInfovendor:="Trend Micro" product:="Apex One"LinkLink
08/15/2025Rapid Response: Plex Media Server 1.41.7.X To 1.42.0.X < 1.42.1 Undisclosed Vulnerability (CVE-2025-34158)softwareMediumvendor:=Plex AND product:"Media Server" AND (version:>0 AND version:<"1.42.1")LinkLink
08/14/2025Rapid Response: Multiple Vulnerabilities In N-Able N-CentralsoftwareInfovendor:="N-able" product:="N-central"LinkLink
08/14/2025Rapid Response: Fortinet FortiWeb Authentication Bypass (CVE-2025-52970)softwareInfovendor:=Fortinet AND product:=FortiWebLinkLink
08/13/2025Rapid Response: Fortinet FortiSIEM OS Command Injection (CVE-2025-25256)softwareInfovendor:="Fortinet" product:="FortiSIEM"LinkLink
Updated