All news in category “Security Advisory and Patch Watch”

🛡️ CISA released a Malware Analysis Report analyzing two malware families recovered from an organization compromised via CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile. The report, titled Malicious Listener for Ivanti EPMM Systems, provides indicators of compromise and detection content including YARA and SIGMA rules to support hunting and response. Recommended mitigations stress upgrading Ivanti EPMM to the latest versions and treating mobile device management systems as high-value assets with enhanced monitoring, access controls, and restrictions.

🔍 CISA analyzed malicious artifacts deployed after threat actors exploited CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile (EPMM). The report details two distinct loader/listener sets written to /tmp that enable arbitrary code execution through crafted HTTP requests. CISA provides IOCs, YARA and SIGMA detection rules, and recommends immediate patching and treating MDM systems as high-value assets.

⚠️ Dover Fueling Solutions disclosed critical vulnerabilities in its ProGauge MagLink LX4, LX4 Plus, and LX4 Ultimate tank monitors that may be exploited remotely. Identified issues include an integer overflow (CVE-2025-55068), a hard-coded cryptographic signing key (CVE-2025-54807), and non‑changeable weak default root credentials (CVE-2025-30519), with ratings up to CVSS v4 9.3. Affected firmware must be updated to 4.20.3 for LX4/LX4 Plus or 5.20.3 for LX4 Ultimate; operators are urged to minimize network exposure and place devices behind firewalls.

🔒 Cognex disclosed multiple high-severity vulnerabilities in In-Sight Explorer and firmware for the In-Sight 2000/7000/8000/9000 series (versions 5.x through 6.5.1). Identified issues include hard-coded credentials, cleartext management protocols (including telnet and a proprietary TCP 1069 service), weak default permissions, authentication bypass via capture-replay, and insufficient server-side enforcement. CISA assigns high CVSS scores (up to 8.8 v3.1 and 8.6 v4), warns of credential disclosure, configuration manipulation, and potential denial-of-service, and recommends migration to newer In-Sight Vision Suite systems and network isolation.

⚠️ Schneider Electric disclosed OS command injection vulnerabilities in Saitel DR and Saitel DP RTUs that could allow execution of arbitrary shell commands when BLMon is invoked in an SSH session. Two issues (CVE-2025-9996, CVE-2025-9997) carry a CVSS v4 base score of 5.8 (v3.1 6.6). Affected firmware versions are Saitel DR <= 11.06.29 and Saitel DP <= 11.06.33; fixed firmware releases are available and require a reboot. Schneider recommends restricting BLMon access, firewalling SSH, and following standard patching and ICS best practices.

⚠️ Hitachi Energy disclosed a critical deserialization-of-untrusted-data vulnerability affecting Service Suite (versions prior to 9.6.0.4 EP4) that permits unauthenticated remote access via IIOP or T3 to compromise Oracle WebLogic Server. The issue is tracked as CVE-2020-2883 with a CVSS v4 base score of 9.3 and is characterized as remotely exploitable with low attack complexity. Hitachi Energy advises updating affected instances to version 9.8.2 or the latest release and applying vendor mitigation guidance immediately. CISA additionally recommends minimizing network exposure, isolating control networks behind firewalls, using up-to-date VPNs for remote access, and performing risk and impact assessments prior to deploying defensive changes.

🔔 A vulnerability in Westermo WeOS 5 when IPSec is enabled can allow a specially crafted ESP packet to trigger an immediate device reboot. Westermo reported the flaw and released WeOS 5 version 5.24.0 to address the issue. CISA rates the vulnerability as remotely exploitable with a CVSS v4 score of 8.2 and notes high attack complexity.

🔒 WatchGuard has released security updates to address a remote code execution vulnerability affecting its Firebox firewalls. Tracked as CVE-2025-9242, the flaw stems from an out-of-bounds write in the iked process and can be exploited remotely when devices are configured to use IKEv2 VPN. Patches are available for Fireware OS 12.x, 2025.1, and select 11.x builds, and WatchGuard offers a temporary workaround for environments using branch office VPNs to static peers.

🔒Google has released emergency security updates to address a high-severity Chrome zero-day, CVE-2025-10585, which a public exploit indicates is being used in the wild. The vulnerability is a type confusion weakness in Chrome's V8 JavaScript engine and was reported by Google's Threat Analysis Group. Google issued emergency Stable Desktop releases — Chrome 140.0.7339.185/.186 for Windows and macOS and 140.0.7339.185 for Linux — and recommends users update immediately via Chrome menu > Help > About Google Chrome and click 'Relaunch' once the update finishes. The company also said it may withhold technical details until a majority of users have applied the fix.

⚠️ Google released security updates for Chrome to address four vulnerabilities, including a zero-day (CVE-2025-10585) in the V8 JavaScript and WebAssembly engine that is reported to be exploited in the wild. The issue is a type confusion bug discovered and reported by Google's Threat Analysis Group on September 16, 2025, and can enable arbitrary code execution or crashes. Users should update to Chrome 140.0.7339.185/.186 (Windows/macOS) or 140.0.7339.185 (Linux) and apply vendor patches for other Chromium-based browsers when available.

⚠️ JFrog Security Research disclosed multiple CVEs in Chaos-Mesh, including three critical flaws that permit in-cluster attackers to execute arbitrary code on any pod. The Chaos Controller Manager exposes an unauthenticated ClusterIP GraphQL /query endpoint on port 10082 by default, enabling mutations such as killProcesses and cleanTcs. The critical issues (CVSS 9.8) arise from unsafe command construction in resolvers and an ExecBypass routine that allows OS command injection. Operators should upgrade to Chaos-Mesh 2.7.3 immediately; as a temporary mitigation redeploy the Helm chart with the control server disabled.

🛡️ Apple has released iOS 16.7.12 and iPadOS 16.7.12 to address a critical zero-day in the ImageIO framework (CVE-2025-43300) that can trigger memory corruption when processing crafted images. The vendor says the flaw is an out-of-bounds write and that it may have been exploited in targeted attacks against specific individuals. The fix improves bounds checking and was back-ported from the 18.6.2 updates to reach older devices. Users, particularly those on older iPhones and iPads, are advised to install the update immediately.

🔓 Two security researchers, Omo and Rowley, disclosed critical vulnerabilities in Securam Prologic electronic safe locks that can be abused to open many devices without specialized tools. One flaw exploits a legitimate locksmith unlock feature and, according to the researchers, can expose codes remotely or with trivial access. The pair delayed public disclosure after receiving legal threats from Securam and only proceeded after securing pro bono counsel from the EFF’s Coders’ Rights Project. Securam says it will update its locks by year’s end but will not patch units already sold.

🔒 Amazon RDS for MySQL now supports the Extended Support minor release 5.7.44-RDS.20250818, and AWS recommends upgrading to this build to address known security vulnerabilities and bug fixes in earlier 5.7 releases. Extended Support provides up to three additional years of critical security and bug fixes after a major community end-of-support date. This coverage applies to MySQL databases running on both RDS and Aurora, and administrators can create or update instances in the Amazon RDS Management Console; see the Amazon RDS User Guide for upgrade details.

🔴 Researchers from JFrog disclosed critical command-injection vulnerabilities in Chaos-Mesh (tracked as CVE-2025-59358, CVE-2025-59360, CVE-2025-59361, and CVE-2025-59359) that allow an attacker with access to an unprivileged pod to execute shell commands via an exposed GraphQL API and the Chaos Daemon. Three of the flaws carry a CVSS score of 9.8 and can be exploited in default deployments, enabling denial-of-service or full cluster takeover. Users are advised to upgrade to Chaos-Mesh 2.7.3 or to disable the chaosctl tool and its port via the Helm chart as a workaround.

⚠️Security researchers disclosed multiple critical vulnerabilities in Chaos Mesh that allow minimally privileged in-cluster actors to execute fault injections and potentially take over Kubernetes clusters. The issues, grouped as Chaotic Deputy, include an unauthenticated GraphQL debugging endpoint and several operating-system command-injection flaws (CVE-2025-59358 through CVE-2025-59361). Chaos Mesh released a remediation in 2.7.3; administrators should patch immediately or restrict access to the daemon and API server if they cannot upgrade.

🔒 Apple has released security updates that backport a patch for CVE-2025-43300 to older iPhone, iPad and iPod touch builds. The flaw is an out-of-bounds write in the Image I/O framework that can cause memory corruption, crashes, or enable remote code execution when a device processes a malicious image file. Apple said the issue was exploited in an extremely sophisticated targeted attack and has added improved bounds checking; affected users should install the updates promptly.

🔒 CISA republished an advisory describing a Siemens-reported OpenSSL bug (CVE-2022-0778) that can cause an infinite loop during certificate parsing in many Siemens products. The issue affects multiple product families and has a CVSS v3.1 base score of 7.5, allowing remote denial-of-service with low attack complexity. Siemens has published firmware and software updates and recommends applying vendor updates, restricting network access to affected interfaces, and following product hardening guidance where fixes are not yet available.

⚠️ Hitachi Energy reported multiple vulnerabilities in the RTU500 series including null pointer dereference, XML parser flaws, heap and stack buffer overflows, integer overflow, and IEC 61850 message validation errors. Several CVEs have been assigned (e.g., CVE-2023-2953, CVE-2024-45490–45492, CVE-2024-28757, CVE-2025-39203, CVE-2025-6021) and the highest CVSS v4 score is 8.2. Exploitation could cause Denial-of-Service conditions such as device reboots or disconnects. Hitachi Energy provides firmware updates for affected 12.7.x–13.7.x releases and CISA recommends patching, minimizing network exposure, applying segmentation, and using secure remote access.

⚠️ Delta Electronics' DIALink contains multiple path traversal vulnerabilities that can be exploited remotely to bypass authentication, including at least one flaw rated CVSS v4 10.0. Affected releases include V1.6.0.0 and prior. An anonymous researcher working with Trend Micro's Zero Day Initiative reported the issues to CISA and Delta has released updates. Organizations should upgrade to v1.8.0.0 or later, segment devices from business networks, avoid exposing control equipment to the Internet, and use secure remote access methods.