All news in category "Security Advisory and Patch Watch"

Mitsubishi MELSEC iQ-F CPU Module Denial-of-Service

🔒 CISA published Advisory ICSA-25-233-01 on August 21, 2025 describing a Denial-of-Service vulnerability (CVE-2025-5514, CVSS v3 5.3) in the Mitsubishi Electric MELSEC iQ-F Series CPU module web server. An attacker can send specially crafted HTTP requests that exploit an Improper Handling of Length Parameter Inconsistency to delay processing and prevent legitimate users from accessing the web server. Mitsubishi Electric reports no plans to release a fix and advises customers to restrict network exposure, use IP filtering and VPNs, and limit physical access. CISA recommends isolating control networks behind firewalls and minimizing internet exposure.

CISA Adds Apple iOS/iPadOS/macOS KEV: CVE-2025-43300

⚠️ CISA added CVE-2025-43300 to its Known Exploited Vulnerabilities (KEV) Catalog, identifying an out‑of‑bounds write in Apple iOS, iPadOS, and macOS that the agency says is under active exploitation. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by established deadlines, and CISA strongly urges all organizations to prioritize timely patching and mitigation. This vulnerability reflects a common and high-risk memory-corruption vector that can enable code execution or other severe impacts if exploited. CISA will continue to update the KEV Catalog as new evidence of exploitation emerges.

FUJIFILM Synapse Mobility Privilege Escalation Advisory

🔒 FUJIFILM Healthcare Americas Corporation has released fixes for a privilege-escalation vulnerability (CVE-2025-54551) affecting Synapse Mobility. The issue is an external control of an assumed-immutable web parameter that can be abused remotely with low attack complexity; CVSS v4 score is 5.3. FUJIFILM recommends upgrading to 8.2 or applying patches for 8.0–8.1.1. Immediate mitigations include disabling the configurator search function or unchecking "Allow plain text accession number," and CISA advises minimizing network exposure and using secure remote access.

Siemens Mendix SAML Module: Signature Verification Flaw

⚠️ The Siemens Mendix SAML module contains an improper verification of cryptographic signature that can be exploited remotely and has been assigned CVE-2025-40758 with a CVSS v3.1 base score of 8.7. Affected versions prior to V3.6.21, V4.0.3, and V4.1.2 (depending on Mendix compatibility) may allow unauthenticated attackers to hijack accounts in specific SSO configurations. Siemens recommends updating to the fixed versions, enabling UseEncryption, and reducing network exposure using firewalls and secure VPNs.

CISA Issues Four New Industrial Control Systems Advisories

🛡️ CISA released four Industrial Control Systems (ICS) advisories on August 19, 2025, highlighting vulnerabilities and potential exploits that could affect operational technology environments. The advisories—ICSA-25-231-01 (Siemens Desigo CC Product Family and SENTRON Powermanager), ICSA-25-231-02 (Siemens Mendix SAML Module), ICSA-25-217-02 (Tigo Energy Cloud Connect Advanced, Update A), and ICSA-25-219-07 (EG4 Electronics EG4 Inverters, Update A)—include technical details and recommended mitigations. Users and administrators are urged to review the advisories and apply vendor guidance and mitigations promptly to reduce exposure.

Siemens CodeMeter Privilege Escalation in Desigo CC

🔒 Siemens has disclosed a Least Privilege Violation in the Wibu CodeMeter runtime that affects the Desigo CC product family and SENTRON Powermanager series. The issue (CVE-2025-47809) can allow local privilege escalation immediately after installation if the CodeMeter Control Center is present and not restarted. A CVSS v3.1 base score of 8.2 has been assigned. Siemens and WIBU recommend updating to CodeMeter v8.30a and restarting systems; CISA advises network segmentation and minimizing exposure.

PerfektBlue: Bluetooth Vulnerabilities in Car Infotainment

🔒 Researchers have identified a chain of four Bluetooth vulnerabilities collectively named PerfektBlue in the OpenSynergy Blue SDK, used in millions of vehicles. An attacker that pairs via Bluetooth can exploit AVRCP flaws to execute code on the head unit and inherit its Bluetooth privileges, potentially accessing microphones, location data, and personal information. Vehicle owners should update head-unit firmware when patches are available and disable Bluetooth when not in use.

CISA Adds Trend Micro Apex One KEV OS Command Injection

🛡️ CISA has added CVE-2025-54948, an OS command injection vulnerability in Trend Micro Apex One, to its Known Exploited Vulnerabilities (KEV) Catalog after observing active exploitation. The entry underscores the significant risk these flaws pose to federal and nonfederal networks and reiterates that BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate KEV entries by specified deadlines. CISA strongly urges all organizations to prioritize timely remediation and integrate KEV fixes into standard vulnerability management practices.

Rockwell FactoryTalk Linx Access Control Flaw Risk

⚠️ Rockwell Automation's FactoryTalk Linx contains an improper access control vulnerability in the Network Browser that can be triggered by changing process.env.NODE_ENV to 'development', which disables FTSP token validation. An attacker with local access could create, modify, or delete Linx drivers on affected systems running versions prior to 6.50. The issue is tracked as CVE-2025-7972 (CVSS v4: 8.4) and Rockwell advises updating to 6.50 or applying recommended mitigations and network isolation.

Siemens Engineering Platforms Vulnerability Advisory

⚠️ Siemens and CISA published an advisory describing a deserialization of untrusted data flaw in multiple engineering and automation products that has been assigned CVE-2024-54678 and a CVSS v3.1 base score of 8.2. The vulnerability permits a local, authenticated attacker to misuse a Windows Named Pipe to cause type confusion and execute arbitrary code with application privileges. Siemens lists numerous affected SIMATIC, SIMOTION, SINAMICS, SIRIUS, and TIA Portal components and offers mitigations such as running affected software on single-user Windows hosts or restricting OS access to administrators; some products currently have no fix planned and are documented in SSA-693808.

Rockwell Automation FLEX 5000 I/O: Input Validation Flaw

⚠️ Rockwell Automation has disclosed two improper input validation vulnerabilities in the FLEX 5000 I/O modules (5069-IF8 and 5069-IY8) assigned CVE-2025-7861 and CVE-2025-7862. Successful exploitation can remotely induce a fault state that requires a power cycle to recover, producing a denial-of-service condition. Both issues carry elevated CVSS v4 scores (8.7) and are exploitable with low attack complexity. Rockwell recommends upgrading affected modules to V2.012 or later and following established security best practices.

Rockwell Viewpoint Privilege Escalation Security Advisory

🛡️ Rockwell Automation's FactoryTalk Viewpoint (version 14.00 and earlier) contains a privilege-escalation vulnerability tracked as CVE-2025-7973 that arises from improper handling of MSI repair operations. An attacker who can trigger a repair can hijack the SYSTEM-run cscript.exe console to spawn an elevated command prompt, enabling full privilege escalation; CVSS v4 is 8.5 (low attack complexity). Update to 15.00 or apply vendor-recommended mitigations; the issue is not remotely exploitable and no public exploitation has been reported.

Rockwell Micro800 Series: Critical Remote Exploitation Risk

⚠️ Rockwell Automation's Micro800 family contains multiple high-severity vulnerabilities (CVSS v4 9.3) that could be exploited remotely to achieve code execution or privilege escalation. Affected models include Micro820, Micro850, and Micro870 series on specified firmware versions; impacts stem from flaws in Azure RTOS NetX Duo and ThreadX and malformed CIP packets. Rockwell and CISA advise updating to V23.011+ where available, applying vendor fixes for CVE-2023-48691/48692/48693 and CVE-2025-7693, minimizing network exposure, and performing risk assessments before deployment.

Siemens RUGGEDCOM ROX II Authentication Bypass Advisory

⚠️ Siemens reported an authentication bypass vulnerability in the RUGGEDCOM ROX II family that permits bypassing authentication via the device Built-In-Self-Test (BIST) mode. An attacker with physical serial access could obtain a root shell (CVE-2025-40761); a CVSS v4 base score of 8.6 has been assigned. No patch is available; recommended mitigations include setting secure boot passwords and isolating devices from untrusted networks.

CISA and Partners Issue OT Asset Inventory Guidance

🔒 CISA and international partners released new guidance to help operational technology (OT) owners and operators establish and maintain comprehensive asset inventories and taxonomies. The resource provides practical steps to identify, classify, and track OT devices and components that support critical infrastructure, including industrial control systems and automation. Implementing these practices aligns with the Cross-Sector Cybersecurity Performance Goals and enhances visibility, risk management, and operational resilience for mission-critical services.

Microsoft Patch Tuesday: August 2025 Security Fixes

🔒 Microsoft released fixes for more than 100 vulnerabilities in August 2025, including at least 13 rated Critical. Notable flaws include CVE-2025-53786, which lets attackers pivot from compromised on‑premises Exchange Server instances into cloud tenant services, and CVE-2025-53779 (BadSuccessor), a Kerberos dMSA weakness that can yield domain admin rights. Other high‑risk bugs affect GDI+, Word preview and NTLM; several fixes require configuration steps beyond patch installation.

Microsoft August 2025 Patch Tuesday: 111 Vulnerabilities

⚠️ Microsoft released its August 2025 Patch Tuesday updates addressing 111 vulnerabilities, including 13 marked critical. The fixes span remote code execution, elevation-of-privilege and information-disclosure flaws across Windows, Hyper-V, Microsoft Office, GDI+ and cloud services. Microsoft reports no observed in-the-wild exploitation but notes several issues where exploitation is assessed as “more likely.” Talos is issuing Snort detection rules and urges administrators to apply vendor updates and intrusion-detection signatures promptly.

August 2025 Patch Tuesday: 107 CVEs, 13 Critical, Zero-Day

🛡️ Microsoft’s August 2025 Patch Tuesday addresses 107 CVEs, including one publicly disclosed Windows Kerberos zero‑day (CVE-2025-53779) and 13 Critical flaws. Notable fixes cover high‑severity RCEs in the Windows Graphics Component and GDI+ and an NTLM elevation‑of‑privilege issue. Microsoft has released patches; organizations should apply updates promptly and use Falcon Exposure Management to prioritize and visualize exposure.

WinRAR zero-day (CVE-2025-8088) used in RomCom attacks

🔒 ESET researchers uncovered a previously unknown WinRAR vulnerability, tracked as CVE-2025-8088, that is being actively exploited by the Russia-aligned actor RomCom in targeted spearphishing campaigns. The Windows path traversal flaw enables execution of arbitrary code when victims open crafted archives. Users should update to WinRAR 7.13 immediately and consult ESET's video and blogpost for indicators and mitigation.

Erlang/OTP SSH RCE: CVE-2025-32433 Exploitation Wave

⚠️ Unit 42 details active exploitation of CVE-2025-32433, a critical (CVSS 10.0) unauthenticated RCE in the Erlang/OTP SSH daemon that processes SSH protocol messages prior to authentication. Researchers reproduced and validated the bug and observed exploit bursts from May 1–9, 2025, with payloads delivering reverse shells and DNS-based callbacks to randomized subdomains. Immediate remediation is to upgrade to OTP-27.3.3, OTP-26.2.5.11 or OTP-25.3.2.20 (or later); temporary measures include disabling SSH, restricting access and applying Unit 42 signature 96163.