Security News > 2024 > May > Check Point VPN zero-day exploited in attacks since April 30
Threat actors have been exploiting a high-severity Check Point Remote Access VPN zero-day since at least April 30, stealing Active Directory data needed to move laterally through the victims' networks in successful attacks.
Check Point warned customers on Monday that attackers are targeting their security gateways using old VPN local accounts with insecure password-only authentication.
"The vulnerability potentially allows an attacker to read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled," Check Point explained in an update to the initial advisory.
While Check Point shared that the attacks targeting CVE-2024-24919 as a zero-day started around May 24, cybersecurity company mnemonic warned today that it observed exploitation attempts in some of its customer environments since April 30.
The company added that the vulnerability is "Particularly critical" because it's easy to exploit remotely since it doesn't require user interaction or any privileges on attacked Check Point security gateways with Remote Access VPN and Mobile Access enabled.
Check Point releases emergency fix for VPN zero-day exploited in attacks.
News URL
Related news
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- CISA tags SonicWall VPN flaw as actively exploited in attacks (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- SonicWall SMA VPN devices targeted in attacks since January (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-28 | CVE-2024-24919 | Unspecified vulnerability in Checkpoint products Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. | 8.6 |