T1505

Server Software Component

4 CVEs mapped

TA0003Persistence

Adversaries may abuse legitimate extensible development features of servers to establish persistent access to systems. Enterprise server applications may include features that allow developers to write and install software or scripts to extend the functionality of the main application. Adversaries may install malicious components to extend and abuse server applications.(Citation: volexity_0day_sophos_FW)

Platforms5

WindowsLinuxmacOSNetwork DevicesESXi

CVEs mapped to this technique4

CVE	Description	Severity	EPSS	Flags	Modified
CVE-2024-1708	ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.	HIGH8.4	88%p100	KEV+RWeaponized	2026-04-29
CVE-2025-33073	Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.	HIGH8.8	64%p99	KEVPoC	2026-02-26
CVE-2014-4148	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability."	HIGH8.8	51%p99	KEV	2026-04-22
CVE-2025-53521	When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	CRITICAL9.8	2.25%p81	KEV	2026-04-02