1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Security Feature Bypass Capability Group

Known Exploited Vulnerabilities Security Feature Bypass Capability Group

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-21715 Microsoft Office Publisher Security Feature Bypass Vulnerability exploitation_technique T1204.002 Malicious File
Comments
CVE-2023-21715 is a security feature bypass vulnerability exploitable when a user opens a specially-crafted file bypassing macro policies.
References
  1. https://www.helpnetsecurity.com/2023/02/14/microsoft-patches-three-exploited-zero-days-cve-2023-21715-cve-2023-23376-cve-2023-21823/
CVE-2021-31207 Microsoft Exchange Server Security Feature Bypass Vulnerability primary_impact T1565 Data Manipulation
Comments
This vulnerability is exploited via authentication bypass, allowing the adversary to write to files.
References
  1. https://www.rescana.com/post/critical-analysis-of-cve-2021-31207-bypassing-security-in-microsoft-exchange-server
  2. https://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html
CVE-2021-31207 Microsoft Exchange Server Security Feature Bypass Vulnerability exploitation_technique T1548.002 Bypass User Account Control
Comments
This vulnerability is exploited via authentication bypass, allowing the adversary to write to files.
References
  1. https://www.rescana.com/post/critical-analysis-of-cve-2021-31207-bypassing-security-in-microsoft-exchange-server
  2. https://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html
CVE-2015-0310 Adobe Flash Player ASLR Bypass Vulnerability exploitation_technique T1189 Drive-by Compromise
Comments
This vulnerability is exploited with maliciously-crafted code hosted on a website via drive-by compromise. It has been seen used in the wild by exploit kits.
References
  1. https://www.zero-day.cz/database/172/
CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability exploitation_technique T1203 Exploitation for Client Execution
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
  1. https://www.helpnetsecurity.com/2025/04/17/apple-plugs-zero-days-holes-used-in-targeted-iphone-attacks-cve-2025-31200-cve-2025-31201/
  2. https://otx.alienvault.com/pulse/68535107fa6c00d6f9ffbc84
CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability primary_impact T1105 Ingress Tool Transfer
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
  1. https://www.helpnetsecurity.com/2025/04/17/apple-plugs-zero-days-holes-used-in-targeted-iphone-attacks-cve-2025-31200-cve-2025-31201/
  2. https://otx.alienvault.com/pulse/68535107fa6c00d6f9ffbc84
CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability secondary_impact T1562 Impair Defenses
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
  1. https://www.helpnetsecurity.com/2025/04/17/apple-plugs-zero-days-holes-used-in-targeted-iphone-attacks-cve-2025-31200-cve-2025-31201/
  2. https://otx.alienvault.com/pulse/68535107fa6c00d6f9ffbc84
CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability secondary_impact T1106 Native API
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
  1. https://www.helpnetsecurity.com/2025/04/17/apple-plugs-zero-days-holes-used-in-targeted-iphone-attacks-cve-2025-31200-cve-2025-31201/
  2. https://otx.alienvault.com/pulse/68535107fa6c00d6f9ffbc84
CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability secondary_impact T1059 Command and Scripting Interpreter
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
  1. https://www.helpnetsecurity.com/2025/04/17/apple-plugs-zero-days-holes-used-in-targeted-iphone-attacks-cve-2025-31200-cve-2025-31201/
  2. https://otx.alienvault.com/pulse/68535107fa6c00d6f9ffbc84
CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability secondary_impact T1001 Data Obfuscation
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
  1. https://www.helpnetsecurity.com/2025/04/17/apple-plugs-zero-days-holes-used-in-targeted-iphone-attacks-cve-2025-31200-cve-2025-31201/
  2. https://otx.alienvault.com/pulse/68535107fa6c00d6f9ffbc84
CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability secondary_impact T1557 Adversary-in-the-Middle
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
  1. https://www.helpnetsecurity.com/2025/04/17/apple-plugs-zero-days-holes-used-in-targeted-iphone-attacks-cve-2025-31200-cve-2025-31201/
  2. https://otx.alienvault.com/pulse/68535107fa6c00d6f9ffbc84
CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability exploitation_technique T1566.001 Spearphishing Attachment
Comments
Attackers can double-archive malicious payloads with 7-Zip to bypass Windows's Mark-of-the-Web security feature, further allowing the bypassing of Microsoft Defender SmartScreen. This allows attackers to disseminate these payloads via methods like email attachments, which would normally be subject to additional scrutiny by the service's protective measures. This flaw was patched in 7-Zip version 24.09.
References
  1. https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html
CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability exploitation_technique T1553.005 Mark-of-the-Web Bypass
Comments
Attackers can double-archive malicious payloads with 7-Zip to bypass Windows's Mark-of-the-Web security feature, further allowing the bypassing of Microsoft Defender SmartScreen. This allows attackers to disseminate these payloads via methods like email attachments, which would normally be subject to additional scrutiny by the service's protective measures. This flaw was patched in 7-Zip version 24.09.
References
  1. https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html
CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability primary_impact T1588.001 Malware
Comments
Attackers can double-archive malicious payloads with 7-Zip to bypass Windows's Mark-of-the-Web security feature, further allowing the bypassing of Microsoft Defender SmartScreen. This allows attackers to disseminate these payloads via methods like email attachments, which would normally be subject to additional scrutiny by the service's protective measures. This flaw was patched in 7-Zip version 24.09.
References
  1. https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html
CVE-2024-21413 Microsoft Outlook Improper Input Validation Vulnerability exploitation_technique T1566.002 Spearphishing Link
Comments
Attackers can send a specially crafted email that uses the file:// protocol to reference a server that they own, ending the file:// link with an exclamation mark to bypass Outlook's security features, leading to remote code execution.
References
  1. https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
CVE-2024-21413 Microsoft Outlook Improper Input Validation Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
Attackers can send a specially crafted email that uses the file:// protocol to reference a server that they own, ending the file:// link with an exclamation mark to bypass Outlook's security features, leading to remote code execution.
References
  1. https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability

Capabilities

Capability ID Capability Name Number of Mappings
CVE-2021-31207 Microsoft Exchange Server Security Feature Bypass Vulnerability 2
CVE-2024-21413 Microsoft Outlook Improper Input Validation Vulnerability 2
CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability 7
CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability 3
CVE-2015-0310 Adobe Flash Player ASLR Bypass Vulnerability 1
CVE-2023-21715 Microsoft Office Publisher Security Feature Bypass Vulnerability 1