Skip to content

2025.07

Features & Enhancements

Threat Actors — General Availability

Now available to NodeZero Elite tier customers, Threat Actor mapping links your pentest results to known adversary groups, showing how attackers could realistically exploit your weaknesses.

  • Pentest Summary Sankey Chart: New visualization highlights which threat actor groups are most likely to leverage your highest-impact CVEs.
  • Threat Actor Tab in Weakness Details: Provides an overview of each group, including descriptions, historical activity, and references.
  • Weakness Filtering: Narrow your view to only those weaknesses associated with specific adversaries.
  • Attack Graph Integration: Known threat actor CVE usage is now highlighted directly in attack chains.

UX Improvements

  • "Not Vulnerable" label in Rapid Response results renamed to "Not Exploitable" for greater clarity.
  • N-Day Test Results now titled Rapid Response Test Results.
  • Test results pages display the full vulnerability name, making it easier to identify and reference.
  • Rapid Response results now show Weakness ID tags to align with card details.

General Platform Enhancements

  • Accessibility: New "No Animation" setting helps users sensitive to motion or flashing effects.

  • MSP Usability:

    • Templates and Assets pages display client account ownership, with rolled-up child asset counts for parent accounts.
    • New Meta Flag for Loot & BloodHound enables self-service subclient management.
    • Subclients can now disable basic authentication for SSO-only access.
    • Vulnerability Management Hub: Direct Jira integration allows creation and tracking of tickets within the hub.
    • Data Quality & Clean-up: Removed duplicate entries, standardized weakness IDs, corrected CVE identifiers, and updated domain user brute-force settings in templates.

MCP Server — General Availability

The Model Context Protocol (MCP) Server is now publicly available, enabling Bring Your Own LLM workflows and agentic NodeZero integrations.

  • Latest builds published to registry (initial access restricted to H3 accounts).
  • Fully supported via h3-cli and Docker registry.
  • Hardened for GA with enhanced tracking of server usage.

New Attack Content

Rapid Response Updates

  • Citrix NetScaler ADC & Gateway — CitrixBleed 2 (CVE-2025-5777): Unauthenticated attackers can read sensitive information directly from server memory, potentially enabling session hijacking or further compromise.
  • PAN-OS GlobalProtect VPN XSS (CVE-2025-0133): Malicious JavaScript can execute in an authenticated Captive Portal user’s browser when they click a crafted link, enabling credential theft or session takeover.
  • Wing FTP (CVE-2025-47812): Exploits improper input validation to execute arbitrary commands on the server without authentication. Added to CISA Known Exploited Vulnerabilities (KEV) list.
  • FortiWeb SQL Injection (CVE-2025-25257): Enables unauthenticated execution of arbitrary code via SQL injection. Added to CISA KEV list.
  • CrushFTP (CVE-2025-54309): Grants remote attackers full administrative access via HTTPS.
  • Infoblox NetMRI (CVE-2025-20281): Unauthenticated RCE as the root user due to insufficient input validation. Added to CISA KEV list.
  • Flowise (CVE-2025-26319): Upload restriction bypass using encoded path traversal, allowing arbitrary file writes and potential RCE.

General Attack Content

  • Microsoft SharePoint — Toolshell (CVE-2025-53770 / CVE-2025-53771): Unauthenticated remote code execution by exploiting flaws in Toolshell, allowing attackers to run arbitrary commands on vulnerable servers.
  • Cisco Identity Services Engine (ISE) & Passive Identity Connector (ISE-PIC) (CVE-2025-20281): Remote code execution as root via insufficient validation of user input.
  • FortiWeb SQL Injection (CVE-2025-25257): Critical unauthenticated RCE via SQL injection.
  • SonicWall SMA 100 Series XSS (CVE-2025-40598): Executes malicious JavaScript in a user’s browser, enabling credential theft or session hijacking.

Platform Performance & Stability

  • Additional accessibility fixes in user documentation and chart visualizations.
  • Minor text and label corrections throughout the portal.

Back to Release Notes Index