< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2058 articles · page 83 of 103

Microsoft issues emergency WSUS updates for critical RCE

⚠️ Microsoft has released out-of-band security updates to remediate a critical WSUS vulnerability tracked as CVE-2025-59287. The flaw affects only Windows servers with the WSUS Server Role enabled and allows remote, unauthenticated attackers to execute code as SYSTEM in low-complexity attacks without user interaction. Microsoft published cumulative KB updates for all affected Server builds and requires a reboot; administrators who cannot patch immediately are advised to disable the WSUS role or block TCP ports 8530/8531 as temporary mitigations.
read more →

WhatsApp $1M Zero-Click Hack Mystery: Pwn2Own Outcome

🔐 A high-profile entry by a hacker known as ‘Eugene’ at Pwn2Own Ireland 2025 withdrew a claimed zero-click remote code execution exploit targeting WhatsApp, forfeiting the event’s $1 million top prize. Organizers Trend Micro ZDI say Team Z3 is sharing findings privately for coordinated disclosure to Meta, while WhatsApp reports no viable exploit was publicly demonstrated. The cancellation has fueled speculation about exploit readiness and underscores the role of responsible disclosure and rigorous triage before public demonstrations.
read more →

CISA Warns of Critical Lanscope Endpoint Manager Flaw

⚠️ CISA warns that attackers are exploiting a critical flaw (CVE-2025-61932) in Motex's Lanscope Endpoint Manager, enabling unauthenticated remote code execution via specially crafted packets. The issue affects client components in versions 9.4.7.2 and earlier; Motex has released patched client builds and noted managers do not require updates. No mitigations are available—install the vendor updates; CISA added the flaw to its KEV with a Nov. 12 remediation deadline for federal agencies.
read more →

Microsoft Disables Explorer Preview for Internet Files

🔒 Microsoft has updated File Explorer to disable the preview pane by default for files downloaded from the Internet or marked with the Mark of the Web. The change, included in Windows security updates released on and after October 14, 2025, is designed to block exploits that can leak NTLM hashes when previewed documents reference external resources. When preview is blocked, File Explorer shows a warning and users can manually unblock trusted files via Properties > Unblock or add the location to Trusted sites/Local intranet; a sign-out may be required for the change to take effect.
read more →

Veeder-Root TLS4B: Remote Command Injection and 2038 Bug

🔒 Veeder-Root's TLS4B Automatic Tank Gauge System contains two serious vulnerabilities: a SOAP-based command injection (CVE-2025-58428) that allows remote authenticated attackers to execute system-level commands, and an integer overflow/2038 time wraparound (CVE-2025-55067) that can disrupt authentication and core functions. The command injection carries very high severity (CVSS v3.1 9.9 / CVSS v4 9.4); Veeder-Root recommends upgrading to Version 11.A. For the time-related overflow, Veeder-Root is developing a patch and advises applying network-security best practices, isolating devices, and restricting access until a fix is available.
read more →

AutomationDirect Productivity Suite: Multiple High-Risk Flaws

⚠️ AutomationDirect's Productivity Suite and several Productivity PLC models contain multiple high-severity vulnerabilities — including relative path traversal (ZipSlip), a weak password recovery mechanism, incorrect permission assignment, and binding to an unrestricted IP address. Exploitation could allow remote attackers to read, write, or delete files, execute arbitrary code, or gain full control of projects. AutomationDirect has released updates (Productivity Suite v4.5.0.x and newer) and recommends applying the latest firmware and implementing network isolation and firewall/NAC controls if immediate upgrades are not possible.
read more →

ASKI Energy ALS-Mini S4/S8: Missing Authentication Flaw

⚠ An unauthenticated access vulnerability in the embedded web server of ASKI Energy ALS‑Mini‑S4 and ALS‑Mini‑S8 IP controllers allows remote actors to read and modify device configuration, potentially yielding full control. Tracked as CVE-2025-9574, the issue is a Missing Authentication for Critical Function (CWE‑306) with a CVSS v4 base score of 9.9. ABB reports these products reached end of life in 2022 and will not be patched; operators should remove internet exposure, place devices behind firewalls or secure proxies that enforce authentication and logging, restrict access to whitelisted IPs, monitor for unauthorized access with IDS/IPS, or physically disconnect the Ethernet port if web features are not required.
read more →

CISA Issues Eight New Industrial Control Systems Advisories

🔔 CISA released eight Industrial Control Systems advisories addressing vulnerabilities and updates across multiple vendors and products, including AutomationDirect, ASKI Energy, Veeder-Root, Delta Electronics, NIHON KOHDEN, Schneider Electric, and Hitachi Energy. The notices cover new findings and several updates (for example, Update A and Update C) and list ICSA/ICSMA identifiers for each advisory. Administrators and asset owners should review the technical details, apply available patches or vendor mitigations, and reinforce network segmentation, access controls, and monitoring to reduce exposure.
read more →

NIHON KOHDEN CNS-6201 NULL Pointer DoS Advisory Update

⚠️ A remote NULL pointer dereference in NIHON KOHDEN CNS-6201 central monitors can be triggered by a specially crafted UDP packet, causing the monitoring process to terminate and producing a denial-of-service. The issue is unauthenticated, reproducible when UDP is reachable, and is tracked as CVE-2025-59668 with CVSS v4 8.7. Vendor support for affected versions has ended; users should migrate to successor products or apply strict network-level mitigations such as isolation, boundary devices, and careful traffic monitoring.
read more →

Delta ASDA-Soft Stack Overflow Vulnerabilities (2025)

⚠️ Delta Electronics' ASDA-Soft contains two stack-based buffer overflow vulnerabilities (CVE-2025-62579, CVE-2025-62580) affecting versions 7.0.2.0 and earlier. Both issues were assigned a CVSS v4 base score of 8.4 and can allow writing outside the intended stack buffer when a valid user opens a crafted project file. Exploitation requires local access and user interaction; no public exploitation has been reported to CISA. Delta has released ASDA-Soft v7.1.1.0 and users should update and apply network isolation and standard email/attachment precautions.
read more →

Critical and High Flaws Found in TP-Link VPN Routers

🔒 Researchers at Forescout’s Vedere Labs have disclosed two vulnerabilities in TP-Link Omada and Festa VPN routers that enable command injection and potential unauthorized root access. The flaws are tracked as CVE-2025-7850 (critical, CVSS v4.0 9.3) and CVE-2025-7851 (high, CVSS v4.0 8.7) and stem from an incomplete 2024 fix that left debug functionality and alternate attack paths. TP-Link has published firmware updates; Vedere Labs urges immediate patching and additional mitigations including WAFs, disabling remote admin, and improved monitoring.
read more →

CISA: Critical Lanscope Endpoint Manager Flaw Exploited

⚠️ CISA has added a critical defect in Motex LANSCOPE Endpoint Manager to its Known Exploited Vulnerabilities catalog after observing active exploitation. Tracked as CVE-2025-61932 (CVSS v4: 9.3), the flaw affects on-premises Client program and Detection Agent components and allows arbitrary code execution via specially crafted packets. Motex released patches for multiple 9.3/9.4 builds, and federal agencies are advised to remediate by November 12, 2025.
read more →

Samsung Galaxy S25 Hacked at Pwn2Own Ireland 2025 Event

🔒 At Pwn2Own Ireland 2025, researchers from Mobile Hacking Lab and Summoning Team successfully exploited a Samsung Galaxy S25 using a five‑vulnerability chain to achieve code execution. The findings, credited to Ken Gannon and Dimitrios Valsamaras, were surrendered to Samsung under the event's coordinated disclosure rules. Hours later a second team, Interrupt Labs, used an improper input validation bug to seize camera and location access. Each team received $50,000; Samsung has 90 days to issue fixes.
read more →

Critical TAR parsing bug found in popular Rust libraries

🛡️ Researchers at Edera disclosed a critical boundary-parsing flaw called TARmageddon (CVE-2025-62518) in the async-tar family and many forks, including the widely used tokio-tar. The desynchronization bug can smuggle extra archive entries during nested TAR extraction, enabling file overwrites that may lead to Remote Code Execution or supply-chain compromise. Administrators should patch affected forks, consider migrating to the patched astral-tokio-tar ≥0.5.6, and scan Rust-built applications for exposure.
read more →

Prompt Hijacking Risks MCP-Based AI Workflows Exposed

⚠️ Security researchers warn that MCP-based AI workflows are vulnerable to "prompt hijacking" when MCP servers issue predictable or reused session IDs, allowing attackers to inject malicious prompts into active client sessions. JFrog demonstrated the issue in oatpp-mcp (CVE-2025-6515), where guessable session IDs could be harvested and reassigned to craft poisoned responses. Recommended mitigations include generating session IDs with cryptographically secure RNGs (≥128 bits of entropy) and having clients validate unpredictable event IDs.
read more →

Active Exploitation of SessionReaper Flaw in Adobe Magento

⚠️ Sansec reports active exploitation of the critical SessionReaper vulnerability (CVE-2025-54236) affecting Adobe Commerce. The flaw enables account session takeover through the Commerce REST API; observed attacks delivered PHP webshells and phpinfo probes. Researchers report about 62% of stores remain unpatched six weeks after Adobe's emergency update. Administrators should apply Adobe's patch or recommended mitigations immediately.
read more →

TARmageddon: Abandoned Rust tar library enables RCE

🚨 A high-severity logic flaw in the abandoned async-tar Rust library and its forks allows unauthenticated attackers to inject archive entries and achieve remote code execution when nested TARs with mismatched ustar and PAX headers are processed. Edera, which named the issue TARmageddon and tracked it as CVE-2025-62518, explains the parser can jump into file content and mistake it for headers, enabling extraction of attacker-supplied files. The bug also affects the widely used but abandoned tokio-tar fork (7M+ downloads), while several active forks have already been patched. Developers are advised to upgrade to patched forks such as astral-tokio-tar or remove the vulnerable dependency immediately.
read more →

CISA Adds Motex LANSCOPE CVE to KEV Catalog, Urges Fixes

⚠️ CISA added CVE-2025-61932 — an Improper Verification of Source of a Communication Channel vulnerability in Motex LANSCOPE Endpoint Manager — to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV-listed vulnerabilities by mandated deadlines. CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management and will continue updating the KEV Catalog as new exploited vulnerabilities are confirmed.
read more →

TARmageddon: High-Severity Flaw in async-tar Rust ecosystem

⚠️Researchers disclosed a high-severity vulnerability (CVE-2025-62518, CVSS 8.1) in the async-tar Rust library and forks such as tokio-tar that can enable remote code execution via file-overwrite attacks when processing nested TAR archives. Edera, which found the issue in late August 2025, attributes the problem to inconsistent PAX/ustar header handling that allows attackers to 'smuggle' additional entries by exploiting size overrides. Because tokio-tar appears unmaintained, users are advised to migrate to astral-tokio-tar v0.5.6, which patches the boundary-parsing vulnerability affecting projects like testcontainers and wasmCloud.
read more →

NTLM/LDAP Authentication Bypass (CVE-2025-54918) Analysis

🔍 This analysis examines CVE-2025-54918, a critical NTLM/LDAP authentication bypass that enables privilege escalation from a standard domain user to SYSTEM on Domain Controllers. The vulnerability chains coercion (PrinterBug-style) with NTLM relay and packet manipulation to evade channel binding and LDAP signing. The post outlines the attack flow, detection indicators such as empty usernames and LOCAL_CALL flags, and mitigations using CrowdStrike Falcon capabilities.
read more →