All news with #advisory tag

🛡️ CISA added a high‑severity XML External Entity (XXE) flaw, CVE-2025-58360 (CVSS 8.2), affecting OSGeo GeoServer to its Known Exploited Vulnerabilities catalog after evidence of in‑the‑wild exploitation. The unauthenticated vulnerability impacts releases up to and including 2.25.5 and versions 2.26.0–2.26.1 and was reported by the AI platform XBOW. GeoServer has published patches (2.25.6, 2.26.2, 2.27.0, 2.28.0, 2.28.1); operators should upgrade or apply vendor mitigations and review the /geoserver/wms GetMap endpoint and XML processing to mitigate XXE, SSRF, and DoS risks.

⚠️ An unpatched zero-day in Gogs enables remote code execution on Internet-facing instances by exploiting a path traversal weakness in the PutContents API (CVE-2025-8110). Attackers abuse symbolic links to overwrite files outside repositories and modify Git configuration values such as sshCommand, forcing arbitrary command execution. Researchers found over 1,400 exposed servers and more than 700 with compromise indicators. Administrators should disable open registration and restrict access immediately.

🔒The Siemens SALT SDK used by multiple engineering and simulation products fails to validate server TLS certificates, creating a risk of man-in-the-middle attacks by unauthenticated remote actors. Assigned CVE-2025-40801 with a CVSS v4 base score of 9.2, the issue affects COMOS, NX, Simcenter, Tecnomatix and others. Siemens has published updates for some versions while several products currently have no available fix; affected systems should be isolated, patched where possible, and protected behind properly configured firewalls and secure remote access solutions.

⚠️ The Siemens IAM client used across several engineering products contains an improper certificate validation flaw (CVE-2025-40800) that can enable unauthenticated remote man-in-the-middle attacks. CISA lists a CVSS v4 score of 9.1, indicating severe impact and remote exploitability, and also reports a CVSS v3.1 score of 7.4. Affected products include COMOS V10.6, NX (pre-2412.8700 / pre-2506.6000), Simcenter 3D, Simcenter Femap, and Solid Edge SE2025/SE2026; Siemens has issued patched versions for most items, though COMOS V10.6 currently has no fix. CISA and Siemens recommend applying available updates, isolating control networks, and minimizing direct internet exposure.

🛡️ CISA warns of multiple memory-corruption vulnerabilities in AzeoTech DAQFactory (release 20.7 and prior) that can be triggered by specially crafted .ctl files. The flaws include out-of-bounds read/write, heap and stack overflows, use-after-free, type confusion, and access of uninitialized pointers; several have CVSS v4 scores up to 8.4. DAQFactory 21.1 addresses these issues and AzeoTech advises avoiding untrusted documents, restricting .ctl file permissions, and using Safe Mode when loading unverified files.

🔒 Siemens' Building X - Security Manager Edge Controller (ACC-AP) contains an improper verification of cryptographic signature in its firmware update process that could permit installation of maliciously modified firmware. Tracked as CVE-2022-31807 and affecting all ACC-AP versions, the flaw may be exploited by a local attacker or by an adversary able to intercept firmware transfers. Siemens reports no planned fix for this product; operators should use the ACC Firmware App, validate firmware hashes, restrict controller access, and isolate devices from untrusted networks as compensating controls.

⚠️ Siemens has released a security advisory for SINEMA Remote Connect Server, affecting all versions prior to V3.2 SP4. Two vulnerabilities allow authenticated users with local or network access to read private TLS keys (incorrect permission assignment) and to bypass license enforcement via direct database modification (incorrect authorization). CISA lists CVE-2025-40818 (CVSS 3.3) and CVE-2025-40819 (CVSS 4.3). Apply the vendor update to V3.2 SP4 or later and follow recommended network-hardening measures.

🔒 Siemens Gridscale X Prepay versions prior to 4.2.1 contain two remotely exploitable authentication-related vulnerabilities that present low attack complexity. CVE-2025-40806 enables user enumeration via observable response discrepancies, and CVE-2025-40807 permits capture-replay authentication bypass allowing locked-out users to re-establish sessions. Siemens advises contacting local representatives and following SSA-356310 guidance; CISA recommends isolating devices, minimizing network exposure, and using secure remote access methods such as updated VPNs.

⚠️ Ivanti is urging customers to patch a critical vulnerability (CVE-2025-10573) in its Endpoint Manager (EPM) that allows unauthenticated remote actors to execute arbitrary JavaScript via low-complexity cross-site scripting that requires user interaction. Reported by Rapid7, the flaw lets attackers join fake managed endpoints to poison administrator dashboards and hijack admin sessions when viewed. Ivanti released EPM 2024 SU4 SR1 and addressed three other high-severity bugs, while Shadowserver reports hundreds of Internet-facing EPM instances.

🔒 CISA reports a critical authentication bypass (CWE-306, CVE-2025-13607) affecting multiple India-deployed CCTV products, including D-Link DCS-F5614-L1. The flaw permits unauthenticated remote retrieval of device configuration and account credentials with low attack complexity and high impact. D-Link has released a software update for the DCS-F5614-L1; users should install the patch, verify firmware versions, and minimize network exposure while seeking guidance from other vendors.

🔔 CISA published three Industrial Control Systems (ICS) advisories addressing vulnerabilities in Universal Boot Loader (U-Boot) (ICSA-25-343-01), the Festo LX Appliance (ICSA-25-343-02), and several India-based CCTV camera models (ICSA-25-343-03). Each advisory provides technical details, impact assessments, and recommended mitigations. CISA urges system operators, vendors, and administrators to review the advisories promptly and apply available updates or compensating controls to reduce operational risk.

⚠️ U-Boot contains an improper access control vulnerability in volatile memory holding boot code (CVE-2025-24857) affecting all U-Boot versions prior to 2017.11 and several Qualcomm SoCs. Successful exploitation could allow arbitrary code execution; CISA reports a CVSS v4 base score of 8.6 with low attack complexity. Vendors advise upgrading to v2025.4, ensuring physical device security, and contacting Qualcomm support where appropriate.

🔒 CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-6218 (WinRAR path traversal) and CVE-2025-62221 (Microsoft Windows use-after-free). The agency cited evidence of active exploitation and emphasized that these flaws are frequent attack vectors posing significant risk to the federal enterprise. CISA reiterated that BOD 22-01 requires FCEB agencies to remediate cataloged CVEs by the required due dates and urged all organizations to prioritize timely remediation.

⚠️ Festo SE & Co. KG's LX Appliance contains a cross-site scripting (XSS) vulnerability tied to the video.js library (CVE-2021-23414) that can allow crafted course content to execute scripts in high-privilege user sessions. The issue affects LX Appliance versions prior to June 2023 and has a CVSS v3.1 base score of 6.1. Festo coordinated disclosure with CERT@VDE and published advisory FSA-202301. Administrators should update affected appliances and apply recommended network isolation and secure remote access controls.

🔔 Microsoft’s December 2025 Patch Tuesday addresses 57 CVEs, including one actively exploited Important zero‑day in the Windows Cloud Files Mini Filter Driver and two publicly disclosed Important zero‑days impacting GitHub Copilot for JetBrains and PowerShell. Two Critical RCE flaws in Microsoft Office increase urgency for enterprise patching and remediation. Organizations should prioritize applying Microsoft fixes, adopt layered mitigations where patches are delayed, and use CrowdStrike Falcon dashboards to track affected assets and remediation progress.

⚠️ Apache Tika maintainers warn that an XML External Entity (XXE) vulnerability originally disclosed in August (CVE-2025-54988) is broader than first reported and is now covered by a superset CVE (CVE-2025-66516). The issue affects tika-core, tika-parsers and the standalone tika-parser-pdf-module, and could allow attackers to read sensitive data or trigger requests to internal resources. Users are advised to upgrade to the patched releases or disable XML parsing via tika-config.xml to mitigate risk.

⚠️Gartner recommends blocking AI browsers such as ChatGPT Atlas and Perplexity Comet because they transmit active web content, open tabs, and browsing context to cloud services, creating risks of irreversible data loss. Analysts cite prompt-injection, credential exposure, and autonomous agent errors as primary threats. Organizations should block installations with existing network and endpoint controls and restrict any pilots to small, low-risk groups.

🔔 The UK National Cyber Security Centre (NCSC) is piloting Proactive Notifications, a service delivered via Netcraft that scans publicly available internet data to identify exposed software and missing security services. The NCSC will email affected organizations — messages originate from netcraft.com, contain no attachments, and do not request payments or personal data. The pilot covers UK domains and IPs on UK ASNs and focuses on notifying about specific CVEs and general weaknesses like weak encryption.

🚨 Researchers disclosed critical remote code execution vulnerabilities in the Flight protocol for React Server Components (CVE-2025-55182 and CVE-2025-66478). The flaw permits unauthenticated attackers to achieve deterministic RCE via insecure deserialization of malformed HTTP payloads, with near-100% reliability against default deployments. Vendors have issued patched releases; administrators should apply upgrades immediately. Palo Alto Networks Unit 42 published detection guidance and hunting queries to help identify exploitation and post-exploitation activity.

🔒 Cisco Talos disclosed an out‑of‑bounds read in PDF‑XChange Editor (CVE‑2025‑58113) and ten vulnerabilities affecting Socomec DIRIS Digiware M series and Easy Config. The issues range from information disclosure and authentication bypass to multiple denial‑of‑service and buffer overflow flaws. Vendors have released patches; administrators should apply updates and deploy Snort rules to detect exploitation.