All news with #advisory tag

🔒 Plex reports an unauthorized third party accessed a limited subset of customer authentication data, including email addresses, usernames, and securely hashed passwords. The company says it quickly contained the incident and that no payment card information was stored on its servers. Because Plex did not disclose the hashing algorithm used, it recommends users reset their passwords, enable two‑factor authentication, and use the “Sign out connected devices after password change” option to terminate active sessions. Plex reminded customers it will never request passwords or card details by email.

🔒 Cloudflare reported that Fina CA issued twelve unauthorized TLS certificates for the public DNS IP 1.1.1.1 between February 2024 and August 2025. All certificates have been revoked and Cloudflare found no evidence they were used maliciously, noting that successful impersonation would also require client trust in Fina and interception of traffic. The misissuance was detected via Certificate Transparency logs, and Cloudflare is improving alerts, monitoring, and triage to prevent similar lapses.

⚠️ Honeywell's OneWireless Wireless Device Manager (WDM) contains multiple high‑severity vulnerabilities in the Control Data Access (CDA) component — including buffer overread, sensitive resource reuse, integer underflow, and wrong handler deployment (CVE‑2025‑2521, CVE‑2025‑2522, CVE‑2025‑2523, CVE‑2025‑3946). These issues can enable information disclosure, denial of service, or remote code execution. Honeywell advises updating affected WDM releases to R322.5 or R331.1; CISA recommends minimizing network exposure and isolating control networks to reduce exploitation risk.

🔔 CISA has added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-38352 (Linux kernel TOCTOU race condition), CVE-2025-48543 (Android Runtime unspecified vulnerability), and CVE-2025-53690 (Sitecore multiple-products deserialization). Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate cataloged CVEs by the required due dates. Although the directive applies to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation, patching, and vulnerability management to reduce exposure to active exploitation.

🔐 A coalition of 21 agencies from 15 countries, led by CISA and the NSA, published joint guidance titled A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity on September 3. The document defines SBOM concepts, clarifies roles for producers, choosers and operators, and urges cross-border adoption. It promotes harmonized technical implementations and integration of SBOMs into security workflows to reduce complexity and improve supply chain risk management.

⚠ CISA released five Industrial Control Systems (ICS) advisories on September 4, 2025, detailing vulnerabilities, impacts, and recommended mitigations for multiple OT products and protocols. The advisories address Honeywell OneWireless WDM, Mitsubishi Electric/ICONICS products, Delta Electronics COMMGR, Honeywell Experion PKS, and the End-of-Train/Head-of-Train Remote Linking Protocol. Several notices are updates (A/B) that include revised technical analysis and vendor-supplied mitigations. Administrators are urged to review the advisories promptly and apply recommended controls.

🔐 CISA, in partnership with the NSA and 19 international agencies, released joint guidance titled A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity. The guidance defines an SBOM as a formal record of software components and supply chain relationships and explains how SBOMs provide essential visibility into dependencies. It outlines benefits for producers, purchasers, operators, and national security organizations and urges adoption of aligned technical approaches, standardized metadata, and automation to improve vulnerability management and strengthen global software supply chain resilience.

🔒 CISA, the NSA, and 19 international partners published a joint guide outlining the benefits of adopting software bills of materials (SBOM) to increase software component and supply chain transparency. The guide advises software producers, purchasers, and operators to integrate SBOM generation, analysis, and sharing into security processes to better identify and mitigate component risks. It calls for international alignment of SBOM technical approaches to reduce complexity, improve interoperability, and advance secure-by-design software.

⚠️ CISA has added two TP-Link vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation: CVE-2023-50224 (TL-WR841N authentication bypass) and CVE-2025-9377 (Archer C7(EU) and TL-WR841N/ND(MS) OS command injection). The agency notes these flaw types are frequent attack vectors and impose significant risk to the federal enterprise under BOD 22-01. Although the directive binds Federal Civilian Executive Branch agencies, CISA urges all organizations to prioritize remediation and reduce exposure.

⚠️ CISA added two vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog: CVE-2020-24363 affecting the TP-Link TL-WA855RE (missing authentication for a critical function) and CVE-2025-55177 affecting Meta Platforms' WhatsApp (incorrect authorization). These entries reflect evidence of active exploitation and significant risk to federal networks. Under BOD 22-01, FCEB agencies must remediate listed KEVs by the specified due dates. CISA urges all organizations to prioritize timely remediation.

🛡️ CISA released four Industrial Control Systems (ICS) advisories on September 2, 2025, detailing vulnerabilities and recommended mitigations for Delta Electronics EIP Builder, Fuji Electric FRENIC-Loader 4, SunPower PVS6, and an update to Hitachi Energy Relion 670/650 and SAM600-IO Series. Each advisory includes technical analysis, affected versions, and practical guidance to reduce exploitation risk. Administrators and asset owners are urged to review the notices, prioritize affected systems, and apply vendor-recommended mitigations promptly.

⚠️ CISA added CVE-2025-57819, an authentication bypass in Sangoma FreePBX, to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The vulnerability is a frequent attack vector that poses significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV items by required due dates. CISA urges all organizations to prioritize timely remediation.

⚠️ Google is investigating authentication failures that prevent sign-ins to Clever and ClassLink on affected ChromeOS devices running build 16328.55.0 with Chrome 139.0.7258.137. The problem can disrupt Single Sign‑On and some 2‑Step Verification flows, blocking access to educational platforms. As temporary mitigations, administrators can roll back devices to ChromeOS M138 via the Google Admin console or change LoginAuthenticationBehavior to use the default GAIA authentication flow while Google validates a fix.

⚠️ Mitsubishi Electric's MELSEC iQ-F Series CPU modules are affected by a Missing Authentication for Critical Function vulnerability (CVE-2025-7405) in Modbus/TCP that can allow remote attackers to read and write device values and potentially halt program execution. CISA assigns a CVSS v4 base score of 6.9 and notes the issue is remotely exploitable with low attack complexity. Mitsubishi reports many FX5U/FX5UC/FX5UJ/FX5S variants affected and currently has no fixed version planned. Recommended mitigations include network segmentation, VPNs or firewalls, IP filtering, and restricting physical access.

⚠️ Delta Electronics disclosed an CNCSoft-G2 out‑of‑bounds write vulnerability (CVE-2025-47728) in DPAX file parsing that can cause memory corruption and enable arbitrary code execution in the affected process. CISA assigns a CVSS v4 base score of 8.5 and notes low attack complexity but requires user interaction such as opening a malicious file or visiting a malicious page. Affected versions include v2.1.0.20 and earlier; Delta recommends updating to v2.1.0.27 or later per advisory Delta-PCSA-2025-00007. CISA advises applying the update, isolating control systems, avoiding untrusted attachments, and following ICS recommended practices; no public exploitation has been reported to date.

🔒 Mitsubishi Electric disclosed a MELSEC iQ-F Series CPU module vulnerability (CVE-2025-7731) that transmits sensitive authentication data in cleartext over SLMP, enabling remote attackers to intercept credentials and read or write device values or halt program execution. Assigned CVSS v4 8.7 and described as remotely exploitable with low attack complexity, the issue affects many FX5U/FX5UC/FX5UJ/FX5S variants — Mitsubishi reports no planned patch. Mitsubishi and CISA recommend mitigations such as encrypting SLMP traffic with a VPN, restricting LAN access, isolating control networks behind firewalls, and following ICS hardening best practices.

⚠️ Delta Electronics has identified two critical vulnerabilities in COMMGR (v2.9.0 and earlier) — a stack-based buffer overflow (CVE-2025-53418) and a code injection flaw (CVE-2025-53419) — that can enable arbitrary code execution via crafted .isp files. Delta and CISA rate the combined risk as high (CISA lists CVSS v4 8.8) and recommend upgrading to v2.10.0 or later. Additional mitigations include network segmentation, limiting Internet exposure, and using secure remote access methods. CISA reports no known public exploitation at this time.

⚠️ GE Vernova's CIMPLICITY HMI/SCADA software is affected by an Uncontrolled Search Path Element vulnerability (CVE-2025-7719) in versions 2024, 2023, 2022, and 11.0. CISA reports this flaw could enable a low-privileged local attacker to escalate privileges; a CVSS v4 score of 7.0 and a CVSS v3.1 score of 7.8 were calculated. The issue is not remotely exploitable and no public exploitation has been reported; GE Vernova recommends upgrading to CIMPLICITY 2024 SIM 4 and following the Secure Deployment Guide while CISA advises network isolation and secure remote access.

🔔 On August 28, 2025, CISA released nine Industrial Control Systems (ICS) advisories that detail vulnerabilities, impacts, and recommended mitigations for multiple vendors and product families. The advisories cover Mitsubishi Electric, Schneider Electric, Delta Electronics, GE Vernova, and Hitachi Energy, and include several updates to prior notices. Operators and administrators are encouraged to review each advisory for affected versions, vendor patches, and configuration mitigations, and to prioritize remediation and monitoring to reduce operational risk.

⚠ Schneider Electric disclosed an improper privilege management vulnerability (CVE-2025-8453, CVSS 6.7) affecting Saitel DR and Saitel DP Remote Terminal Units that could allow an authenticated privileged engineer with console access to escalate privileges and potentially execute arbitrary code. Schneider released HUe firmware 11.06.30 for Saitel DR to remediate the issue; a remediation plan for Saitel DP is pending. CISA notes the vulnerability is not remotely exploitable and recommends limiting physical and console access, enforcing root ownership and restrictive permissions on configuration files, and following ICS defensive guidance.