< ciso
brief />
Tag Banner

All news with #advisory tag

373 articles · page 11 of 19

CISA Adds CVE-2025-14847 (MongoDB) to KEV Catalog Now

⚠️ CISA has added CVE-2025-14847, an MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency vulnerability, to the KEV Catalog after evidence of active exploitation. The designation signals a significant risk to the federal enterprise under BOD 22-01, which requires Federal Civilian Executive Branch agencies to remediate listed vulnerabilities by their due dates. Although BOD 22-01 applies to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management and will continue adding qualifying CVEs to the catalog.
read more →

React2Shell: Critical RCE in React Server Components

⚠️ React 19 was hit by React2Shell, a critical unauthenticated RCE in React Server Components. The flaw allows arbitrary code execution on servers via crafted requests and affects default React and Next.js deployments. Multiple vendors, including Google and AWS, reported active exploitation within hours; patches are available. Defenders should validate exposure beyond version checks and hunt for backdoors, tunneling, and unexpected child processes.
read more →

MongoDB 'MongoBleed' Vulnerability Actively Exploited

⚠ A newly disclosed vulnerability, CVE-2025-14847 (dubbed MongoBleed), is being actively exploited to leak sensitive data from MongoDB server memory. The flaw in zlib-based network message decompression lets unauthenticated attackers send malformed compressed packets to read uninitialized heap memory before authentication. Researchers report over 87,000 potentially vulnerable instances worldwide and widespread exposure in cloud environments. Administrators should apply published patches, disable zlib compression as a temporary mitigation, restrict network exposure, and monitor for anomalous pre-auth connections.
read more →

MongoDB zlib Flaw Lets Unauthenticated Clients Read Heap

🔒 A high-severity vulnerability in MongoDB can allow unauthenticated clients to read uninitialized heap memory by exploiting mismatched length fields in zlib-compressed protocol headers. Tracked as CVE-2025-14847 with a CVSS score of 8.7, the flaw stems from improper handling of inconsistent length parameters. It affects a broad set of releases from 3.6 through 8.2, and MongoDB has published fixes (including 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32 and 4.4.30); administrators unable to upgrade immediately are advised to disable zlib compression or restrict compressors to snappy or zstd.
read more →

CISA Issues Mitsubishi Electric ICS Advisory Update

⚠️ CISA has published an updated Industrial Control Systems advisory, ICSA-25-177-01 (Update B), addressing multiple vulnerabilities affecting Mitsubishi Electric air conditioning systems and associated operational components. The advisory outlines technical findings, potential impacts to building automation and HVAC control networks, and prioritized mitigation steps. Administrators and operators should review the guidance promptly, apply vendor updates where available, and implement network segmentation and enhanced monitoring to reduce risk.
read more →

Critical n8n RCE Flaw (CVE-2025-68613) Requires Patch

🔴 A critical vulnerability in the n8n workflow automation platform (CVE-2025-68613, CVSS 9.9) allows expressions supplied by authenticated users to be evaluated in an execution context that is not sufficiently isolated from the runtime. An attacker able to create or edit workflows could abuse this behavior to execute arbitrary code with the privileges of the n8n process, risking full instance compromise, data exposure, and workflow tampering. The flaw affects versions from 0.211.0 up to, but not including, 1.120.4 and has been patched in 1.120.4, 1.121.1, and 1.122.0; apply these updates or restrict workflow editing and harden deployments.
read more →

ASUS Live Update CVE-2025-59374: Historical, Not New

📌 The CVE-2025-59374 record documents the 2018–2019 ShadowHammer supply‑chain compromise of ASUS Live Update, a client that reached End‑of‑Support in October 2021. The entry, now rated 9.3, formalizes a historical incident and does not indicate current active exploitation for supported devices. Security teams should verify systems are running the latest supported software but avoid treating the KEV listing as an immediate, new threat.
read more →

What CISOs Should Know About the SolarWinds Dismissal

🔍 The SEC’s Nov. 30 decision to drop its civil action against SolarWinds and CISO Tim Brown produced widespread relief among security leaders after five years of investigation tied to the SUNBURST supply‑chain compromise. While many celebrated, experts warn this outcome is not permanent closure: it exposed persistent organizational tensions where CISOs carry responsibility without full authority. Security leaders should confirm indemnification and D&O protections, clarify governance for cyber disclosures, and improve executive-level communication so cyber risk becomes an explicit company decision.
read more →

WatchGuard fixes critical zero-day in Firebox appliances

🛡️ WatchGuard has released emergency patches for a critical zero-day (CVE-2025-14733) in its Firebox appliances that allows remote, unauthenticated attackers to execute arbitrary code via the iked process handling IKEv2. The flaw, rated 9.3 CVSS, was exploited in the wild before a December 18 patch, making it a confirmed zero-day. Administrators should urgently check appliances for indicators of compromise, apply the fixed Fireware OS versions, and rotate any locally stored secrets if compromise is confirmed.
read more →

Eight Cybersecurity Resolutions for 2026 Readiness

🔒 Kaspersky outlines eight practical cybersecurity resolutions to take into 2026 after a transformative 2025 marked by sweeping internet laws and widespread AI adoption. The guidance covers legal awareness, safer access methods, and mitigation against document-leak risks. It also warns about new scam tactics, urges cautious AI use, subscription audits, longevity practices for devices, and strengthened smart‑home security.
read more →

UEFI Flaw Enables Pre-boot DMA Attacks on Motherboards

🔒 Researchers disclosed a UEFI firmware flaw affecting some ASUS, Gigabyte, MSI, and ASRock motherboards that can falsely report DMA protections as active even when the IOMMU has not initialized, enabling pre-boot DMA attacks. The issue, tracked under multiple CVEs, allows a malicious PCIe device with physical access to read or modify system memory before the operating system loads and before security tooling can detect anything. Vendors have published advisories and firmware updates; users should verify affected models, back up important data, and apply vendor patches promptly.
read more →

CISA Adds WatchGuard Vulnerability to KEV Catalog List

🔔 CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-14733, an Out-of-Bounds Write vulnerability affecting WatchGuard Firebox. The agency says there is evidence of active exploitation and highlights that BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate KEV entries by their due dates. CISA also urges all organizations to prioritize timely remediation to reduce exposure to active threats.
read more →

HPE OneView RCE Vulnerability Demands Immediate Patch

🔴 HPE has issued an urgent advisory for HPE OneView after disclosure of a maximum-severity remote code execution flaw, CVE-2025-37164, that can be triggered by unauthenticated remote actors. The vulnerability affects OneView versions 5.20 through 10.20 and requires an immediate security hotfix. HPE provides separate hotfixes for the virtual appliance and for HPE Synergy Composer; administrators should apply the fixes promptly and, until remediation, restrict management-interface access to trusted administrative networks.
read more →

CISA Releases Nine ICS Advisories Covering Multiple Vendors

🔔 CISA published nine Industrial Control Systems (ICS) advisories on 2025-12-18 that detail current security issues, vulnerabilities, and known exploits affecting a range of vendors and products. The advisories cover Inductive Automation Ignition, Schneider Electric EcoStruxure Foxboro DCS Advisor, National Instruments LabView, Mitsubishi Electric components, Siemens IP-Stack, Advantech WebAccess/SCADA, Rockwell Automation Micro controllers, Axis Communications Camera Station offerings, and an updated notice for Mitsubishi Electric CNC Series (Update C). Each advisory provides technical details, impact assessments, and recommended mitigations for administrators and asset owners. CISA urges users to review the advisories promptly and implement the suggested mitigations to reduce operational risk.
read more →

JumpCloud Remote Assist flaw allows local SYSTEM takeover

⚠️ The JumpCloud Remote Assist for Windows agent contains a critical local privilege escalation vulnerability (CVE-2025-34352) that can be exploited during uninstall or update flows. The uninstaller runs with NT AUTHORITY\SYSTEM and performs file operations in a user-writable %TEMP% subdirectory without validating or securing the path. Attackers with a local foothold can abuse link-following techniques (mount points and symlinks) to overwrite or delete protected files, yielding full system compromise or denial-of-service. Systems running Remote Assist before version 0.317.0 should be updated immediately.
read more →

CISA Releases Seven ICS Advisories on Multiple Products

🛡️ CISA has published seven new Industrial Control Systems advisories detailing vulnerabilities and guidance for affected products. The advisories cover Güralp Systems, Johnson Controls, Hitachi Energy, Mitsubishi Electric, and Fuji Electric, including updates to previously released notices. Administrators are urged to review technical details, apply vendor mitigations, and implement compensating controls to reduce operational risk.
read more →

Mitsubishi GT Designer3 Cleartext Credential Exposure

🔒 Mitsubishi Electric's GT Designer3 (Version1 for GOT2000 and GOT1000) stores project credentials in cleartext (CVE-2025-11009), allowing an attacker with access to a project file to recover plaintext credentials and illegitimately operate affected GOT devices. The issue is classified as Cleartext Storage of Sensitive Information (CWE-312) and has a CVSS v3.1 base score of 5.1 (Medium). Mitsubishi recommends limiting use to trusted LANs, blocking remote logins, using firewalls, VPNs, and antivirus, and avoiding untrusted files or links; CISA advises isolating control networks and minimizing internet exposure.
read more →

Johnson Controls PowerG Vulnerabilities and Mitigations

🔒 CISA warns that multiple vulnerabilities in Johnson Controls PowerG implementations could let attackers read, modify, or replay encrypted wireless traffic. Affected devices include IQPanel 4, legacy IQPanel 2/2+, and IQHub with referenced CVEs CVE-2025-61738, CVE-2025-61739, CVE-2025-26379, and CVE-2025-61740. Vendor fixes (IQPanel 4.6.1, PowerG v53.05+) and secure enrollment practices are recommended, and end-of-life hardware should be replaced.
read more →

CISA Adds GeoServer XXE Flaw to Known Exploited List

🛡️ CISA added a high‑severity XML External Entity (XXE) flaw, CVE-2025-58360 (CVSS 8.2), affecting OSGeo GeoServer to its Known Exploited Vulnerabilities catalog after evidence of in‑the‑wild exploitation. The unauthenticated vulnerability impacts releases up to and including 2.25.5 and versions 2.26.0–2.26.1 and was reported by the AI platform XBOW. GeoServer has published patches (2.25.6, 2.26.2, 2.27.0, 2.28.0, 2.28.1); operators should upgrade or apply vendor mitigations and review the /geoserver/wms GetMap endpoint and XML processing to mitigate XXE, SSRF, and DoS risks.
read more →

Unpatched Gogs zero-day RCE exploited across servers

⚠️ An unpatched zero-day in Gogs enables remote code execution on Internet-facing instances by exploiting a path traversal weakness in the PutContents API (CVE-2025-8110). Attackers abuse symbolic links to overwrite files outside repositories and modify Git configuration values such as sshCommand, forcing arbitrary command execution. Researchers found over 1,400 exposed servers and more than 700 with compromise indicators. Administrators should disable open registration and restrict access immediately.
read more →