< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2057 articles · page 86 of 103

Siemens SiPass integrated vulnerabilities and update

🔒 Siemens released security updates for SiPass integrated to address four vulnerabilities—an Accusoft ImageGear heap-based buffer overflow, stored cross-site scripting, an authorization bypass via user-controlled keys, and recoverable password storage. Exploitation could enable account compromise, data manipulation, impersonation, or arbitrary code execution on affected servers. Siemens recommends updating to V3.0, restricting access to trusted personnel, and avoiding untrusted image uploads; CISA advises isolating devices and using secure remote access.
read more →

SINEC NMS SQL Injection (CVE-2025-40755) — Siemens Advisory

🛡️ This advisory details an SQL injection vulnerability in Siemens SINEC NMS (versions prior to V4.0 SP1) affecting the getTotalAndFilterCounts endpoint. Assigned CVE-2025-40755 with high severity (CVSS v3.1 8.8 / CVSS v4 8.7), an authenticated low-privilege attacker could inject SQL to insert data and escalate privileges. Siemens advises updating to V4.0 SP1 or later and applying network protections such as segmentation and firewalls; CISA reports no known public exploitation.
read more →

Rockwell FactoryTalk Linx MSI Privilege Chaining Flaw

⚠️ Rockwell Automation disclosed two privilege-chaining vulnerabilities in FactoryTalk Linx (versions 6.40 and prior) that allow authenticated Windows users to escalate to SYSTEM privileges by hijacking MSI repair console windows. The issues are tracked as CVE-2025-9067 and CVE-2025-9068 and carry a CVSS v4 base score of 8.5 (CVSS v3.1 7.8). Rockwell recommends applying the Microsoft MSI patch and upgrading to FactoryTalk Linx 6.50 or later; CISA notes these flaws are not remotely exploitable and no public exploitation has been reported.
read more →

Rockwell Automation PanelView and FactoryTalk ME Flaws

🔒 Rockwell Automation disclosed vulnerabilities in FactoryTalk View Machine Edition and PanelView Plus 7 that can allow unauthorized access to device file systems and diagnostic data. CVE-2025-9064 is a network-exploitable path traversal issue; CVE-2025-9063 is an improper-authorization flaw tied to an ActiveX control. Rockwell recommends installing provided firmware and software updates, and CISA advises minimizing network exposure, isolating control networks, and using secure remote access.
read more →

Rockwell ArmorStart AOP: Uncaught Exception Causes DoS

⚠️ A remotely exploitable uncaught exception in Rockwell Automation's ArmorStart AOP for Studio 5000 Logix Designer can trigger a denial-of-service on versions V2.05.07 and earlier. The issue arises from invalid inputs to COM methods and is tracked as CVE-2025-9437 with a CVSS v4 base score of 8.7 (high). Rockwell reports no fix is available; users should apply vendor best practices and minimize network exposure.
read more →

Attackers Use Cisco SNMP Flaw to Deploy Linux Rootkits

🛡️ Researchers disclosed a campaign, Operation Zero Disco, that exploited a recently patched SNMP stack overflow (CVE-2025-20352) in Cisco IOS and IOS XE devices to deploy Linux rootkits on older, unprotected switches. The attackers achieved remote code execution and persistence by installing hooks into IOSd memory and setting universal passwords that include the string "disco." Targets included legacy 3750G and 9300/9400 series devices lacking EDR protections.
read more →

CrowdStrike Falcon Blocks Git Vulnerability CVE-2025-48384

🔒 CrowdStrike has identified active exploitation of Git vulnerability CVE-2025-48384 and confirms that Falcon detections can block the observed attack chain. The vulnerability, which affects macOS and Linux, arises from inconsistent handling of carriage return characters in configuration and submodule path parsing and can enable arbitrary file writes during a recursive clone. Observed attacks combined social engineering with malicious repositories that place crafted .gitmodules entries and submodule hooks to execute post-checkout scripts. CrowdStrike urges organizations to patch Git, enable layered protections, deploy provided detection rules and hunting queries, and use Falcon Insight XDR prevention settings to reduce exposure.
read more →

CISA Adds Adobe AEM Critical RCE Flaw with CVSS 10.0

⚠ Adobe's Experience Manager (AEM) has a critical misconfiguration—CVE-2025-54253—scored 10.0 and added to CISA's KEV after evidence of active exploitation. The flaw exposes the /adminui/debug servlet, which evaluates OGNL expressions without authentication, enabling arbitrary code execution via a single crafted HTTP request. Adobe addressed the issue in 6.5.0-0108; affected organizations should apply updates immediately and FCEB agencies must remediate by November 5, 2025.
read more →

F5 Issues BIG-IP Patches After Stolen Vulnerabilities

🔒 F5 has released security updates for BIG-IP products to address vulnerabilities whose details were stolen during a state-linked breach detected on August 9, 2025. The vendor patched 44 issues across BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients and says it has not seen evidence the flaws were exploited or publicly disclosed. Customers are urged to apply updates immediately and follow F5's guidance to increase logging and monitoring.
read more →

OpenPLC and Planet WGR-500: Multiple Vulnerabilities

⚠️ Cisco Talos disclosed vulnerabilities affecting OpenPLC and the Planet WGR-500 industrial router, including a ModbusTCP denial-of-service and multiple critical flaws in HTTP-handling functions. The OpenPLC issue (TALOS-2025-2223 / CVE-2025-53476) can be triggered by a crafted series of TCP connections to exhaust the ModbusTCP server. Planet WGR-500 vulnerabilities (TALOS-2025-2226–2229 / CVE-2025-54399–54406, CVE-2025-48826) include stack-based buffer overflows, format string, and OS command injection flaws that may lead to memory corruption or arbitrary command execution.
read more →

September 2025 Windows Server Updates Break AD Sync

⚠️ Microsoft confirmed that the September 2025 security updates are causing Active Directory synchronization problems on Windows Server 2025, affecting applications that use the DirSync control such as Microsoft Entra Connect Sync. The issue can result in incomplete synchronization of large AD security groups exceeding 10,000 members. Microsoft recommends a registry workaround (DWORD 2362988687 = 0) while engineers work on a fix, and warns about risks of editing the registry.
read more →

Slider Revolution Arbitrary File Read Affects 4M Sites

⚠ A critical Arbitrary File Read vulnerability (CVE-2025-9217) was found in the widely used Slider Revolution WordPress plugin, affecting versions up to 6.7.36. The bug allowed authenticated users with contributor-level access or higher to read arbitrary files on the server by abusing two export parameters, used_svg and used_images. ThemePunch released a patch (6.7.37) on August 28 after a report to Wordfence; administrators should update immediately to protect site data.
read more →

CISA Orders Federal Agencies to Patch F5 Devices Now

⚠ CISA issued Emergency Directive ED 26-01 directing Federal Civilian Executive Branch agencies to inventory and secure F5 BIG-IP hardware and software, assess public internet exposure of management interfaces, and apply vendor patches. Agencies must update specified F5 products by Oct. 22, 2025 (other devices by Oct. 31) and submit inventories to CISA by Oct. 29, 2025. The directive responds to a nation-state actor compromise that exfiltrated BIG-IP source code and vulnerability data.
read more →

CISA Adds KEV Entry: Adobe Experience Manager Vulnerability

🔔CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-54253, an Adobe Experience Manager Forms code execution vulnerability that CISA says shows evidence of active exploitation. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by their assigned due dates. CISA strongly urges all organizations to prioritize timely remediation and follow vendor guidance and standard patch management practices; the agency will continue updating the catalog as new exploitation evidence emerges.
read more →

Microsoft October Patch Tuesday addresses 172 bugs

🔒 Microsoft’s October Patch Tuesday delivers updates for 172 vulnerabilities, including six classed as zero-days. Three of those zero-days are being actively exploited, affecting the Windows Remote Access Connection Manager (CVE-2025-59230), an Agere modem kernel driver, and a secure-boot bypass in IGEL OS (CVE-2025-47827). Microsoft has removed the legacy Agere driver rather than patch it, citing risks in modifying unsupported code. This release also marks the final free Patch Tuesday for Windows 10; continued updates will require the Extended Security Updates (ESU) program.
read more →

Microsoft Patches 183 Flaws; Two Windows Zero-Days

🔒 Microsoft released updates addressing 183 vulnerabilities across its products, including three flaws now known to be exploited in the wild. Two Windows zero-days — CVE-2025-24990 (Agere modem driver, ltmdm64.sys) and CVE-2025-59230 (RasMan) — can grant local elevation of privilege; Microsoft plans to remove the legacy Agere driver rather than patch it. A third exploited issue bypasses Secure Boot in IGEL OS (CVE-2025-47827). With Windows 10 support ending unless enrolled in ESU, organizations should prioritize these fixes; CISA has added the three to its KEV catalog and set a federal remediation deadline.
read more →

Two Critical CVSS 10.0 Flaws in Red Lion Sixnet RTUs

🔒 Claroty Team82 disclosed two critical vulnerabilities (CVE-2023-40151 and CVE-2023-42770) affecting Red Lion Sixnet SixTRAK and VersaTRAK RTUs, both rated 10.0 on the CVSS scale. One flaw is an authentication bypass that accepts unauthenticated TCP messages on port 1594; the other enables remote shell execution via the Sixnet Universal Driver (UDR), allowing commands to run as root. Chaining the issues permits unauthenticated remote root code execution, creating substantial risk to industrial automation. Users are advised to apply vendor patches, enable and correctly configure authentication, and block TCP access to affected devices immediately.
read more →

Critical ICTBroadcast Cookie Injection Leads to RCE

🔒 Researchers warn of a critical unauthenticated command injection in ICTBroadcast (CVE-2025-2611, CVSS 9.3) that allows attackers to inject shell commands via the BROADCAST session cookie. Exploits observed since October 11 used a time-based probe followed by Base64-encoded payloads to establish reverse shells. Approximately 200 internet-facing instances running versions 7.4 and earlier appear exposed; vendor comment and patch status remain unclear.
read more →

SAP issues patches for NetWeaver deserialization RCE

🔒 SAP has released security updates addressing 13 vulnerabilities, including a maximum-severity insecure deserialization flaw in NetWeaver AS Java (CVE-2025-42944, CVSS 10.0) that can lead to arbitrary OS command execution via the RMI‑P4 module. The vendor's latest patch adds a JVM-wide serial filter (jdk.serialFilter) to block dangerous classes and packages — a list curated with the ORL and recommended by security firm Onapsis — and complements an earlier remediation issued last month. Other critical fixes include a directory traversal in SAP Print Service (CVE-2025-42937, 9.8) and an unrestricted file upload in SAP Supplier Relationship Management (CVE-2025-42910, 9.0); administrators are urged to apply patches and mitigations immediately.
read more →

October 2025 Patch Tuesday: Critical WSUS and Modem Fixes

🔒 Microsoft’s October Patch Tuesday addresses 167 vulnerabilities, including seven rated critical that require immediate CISO attention. Notable fixes include a 9.8 RCE in Windows Server Update Service (WSUS) (CVE-2025-59287) and two Office RCEs exploitable via the Preview Pane. Two legacy Agere modem driver flaws include an in-the-wild zero day and a prior public disclosure, prompting Microsoft to remove ltmdm64.sys from Windows. Administrators should prioritize internet-facing services, kernel-mode drivers, and review WSUS exposure and patch management architecture.
read more →