All news with #advisory tag

📌 The CVE-2025-59374 record documents the 2018–2019 ShadowHammer supply‑chain compromise of ASUS Live Update, a client that reached End‑of‑Support in October 2021. The entry, now rated 9.3, formalizes a historical incident and does not indicate current active exploitation for supported devices. Security teams should verify systems are running the latest supported software but avoid treating the KEV listing as an immediate, new threat.

🔍 The SEC’s Nov. 30 decision to drop its civil action against SolarWinds and CISO Tim Brown produced widespread relief among security leaders after five years of investigation tied to the SUNBURST supply‑chain compromise. While many celebrated, experts warn this outcome is not permanent closure: it exposed persistent organizational tensions where CISOs carry responsibility without full authority. Security leaders should confirm indemnification and D&O protections, clarify governance for cyber disclosures, and improve executive-level communication so cyber risk becomes an explicit company decision.

🛡️ WatchGuard has released emergency patches for a critical zero-day (CVE-2025-14733) in its Firebox appliances that allows remote, unauthenticated attackers to execute arbitrary code via the iked process handling IKEv2. The flaw, rated 9.3 CVSS, was exploited in the wild before a December 18 patch, making it a confirmed zero-day. Administrators should urgently check appliances for indicators of compromise, apply the fixed Fireware OS versions, and rotate any locally stored secrets if compromise is confirmed.

🔒 Kaspersky outlines eight practical cybersecurity resolutions to take into 2026 after a transformative 2025 marked by sweeping internet laws and widespread AI adoption. The guidance covers legal awareness, safer access methods, and mitigation against document-leak risks. It also warns about new scam tactics, urges cautious AI use, subscription audits, longevity practices for devices, and strengthened smart‑home security.

🔒 Researchers disclosed a UEFI firmware flaw affecting some ASUS, Gigabyte, MSI, and ASRock motherboards that can falsely report DMA protections as active even when the IOMMU has not initialized, enabling pre-boot DMA attacks. The issue, tracked under multiple CVEs, allows a malicious PCIe device with physical access to read or modify system memory before the operating system loads and before security tooling can detect anything. Vendors have published advisories and firmware updates; users should verify affected models, back up important data, and apply vendor patches promptly.

🔔 CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-14733, an Out-of-Bounds Write vulnerability affecting WatchGuard Firebox. The agency says there is evidence of active exploitation and highlights that BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate KEV entries by their due dates. CISA also urges all organizations to prioritize timely remediation to reduce exposure to active threats.

🔴 HPE has issued an urgent advisory for HPE OneView after disclosure of a maximum-severity remote code execution flaw, CVE-2025-37164, that can be triggered by unauthenticated remote actors. The vulnerability affects OneView versions 5.20 through 10.20 and requires an immediate security hotfix. HPE provides separate hotfixes for the virtual appliance and for HPE Synergy Composer; administrators should apply the fixes promptly and, until remediation, restrict management-interface access to trusted administrative networks.

🔔 CISA published nine Industrial Control Systems (ICS) advisories on 2025-12-18 that detail current security issues, vulnerabilities, and known exploits affecting a range of vendors and products. The advisories cover Inductive Automation Ignition, Schneider Electric EcoStruxure Foxboro DCS Advisor, National Instruments LabView, Mitsubishi Electric components, Siemens IP-Stack, Advantech WebAccess/SCADA, Rockwell Automation Micro controllers, Axis Communications Camera Station offerings, and an updated notice for Mitsubishi Electric CNC Series (Update C). Each advisory provides technical details, impact assessments, and recommended mitigations for administrators and asset owners. CISA urges users to review the advisories promptly and implement the suggested mitigations to reduce operational risk.

⚠️ The JumpCloud Remote Assist for Windows agent contains a critical local privilege escalation vulnerability (CVE-2025-34352) that can be exploited during uninstall or update flows. The uninstaller runs with NT AUTHORITY\SYSTEM and performs file operations in a user-writable %TEMP% subdirectory without validating or securing the path. Attackers with a local foothold can abuse link-following techniques (mount points and symlinks) to overwrite or delete protected files, yielding full system compromise or denial-of-service. Systems running Remote Assist before version 0.317.0 should be updated immediately.

🛡️ CISA has published seven new Industrial Control Systems advisories detailing vulnerabilities and guidance for affected products. The advisories cover Güralp Systems, Johnson Controls, Hitachi Energy, Mitsubishi Electric, and Fuji Electric, including updates to previously released notices. Administrators are urged to review technical details, apply vendor mitigations, and implement compensating controls to reduce operational risk.

🔒 Mitsubishi Electric's GT Designer3 (Version1 for GOT2000 and GOT1000) stores project credentials in cleartext (CVE-2025-11009), allowing an attacker with access to a project file to recover plaintext credentials and illegitimately operate affected GOT devices. The issue is classified as Cleartext Storage of Sensitive Information (CWE-312) and has a CVSS v3.1 base score of 5.1 (Medium). Mitsubishi recommends limiting use to trusted LANs, blocking remote logins, using firewalls, VPNs, and antivirus, and avoiding untrusted files or links; CISA advises isolating control networks and minimizing internet exposure.

🔒 CISA warns that multiple vulnerabilities in Johnson Controls PowerG implementations could let attackers read, modify, or replay encrypted wireless traffic. Affected devices include IQPanel 4, legacy IQPanel 2/2+, and IQHub with referenced CVEs CVE-2025-61738, CVE-2025-61739, CVE-2025-26379, and CVE-2025-61740. Vendor fixes (IQPanel 4.6.1, PowerG v53.05+) and secure enrollment practices are recommended, and end-of-life hardware should be replaced.

🛡️ CISA added a high‑severity XML External Entity (XXE) flaw, CVE-2025-58360 (CVSS 8.2), affecting OSGeo GeoServer to its Known Exploited Vulnerabilities catalog after evidence of in‑the‑wild exploitation. The unauthenticated vulnerability impacts releases up to and including 2.25.5 and versions 2.26.0–2.26.1 and was reported by the AI platform XBOW. GeoServer has published patches (2.25.6, 2.26.2, 2.27.0, 2.28.0, 2.28.1); operators should upgrade or apply vendor mitigations and review the /geoserver/wms GetMap endpoint and XML processing to mitigate XXE, SSRF, and DoS risks.

⚠️ An unpatched zero-day in Gogs enables remote code execution on Internet-facing instances by exploiting a path traversal weakness in the PutContents API (CVE-2025-8110). Attackers abuse symbolic links to overwrite files outside repositories and modify Git configuration values such as sshCommand, forcing arbitrary command execution. Researchers found over 1,400 exposed servers and more than 700 with compromise indicators. Administrators should disable open registration and restrict access immediately.

🔒 Siemens' Building X - Security Manager Edge Controller (ACC-AP) contains an improper verification of cryptographic signature in its firmware update process that could permit installation of maliciously modified firmware. Tracked as CVE-2022-31807 and affecting all ACC-AP versions, the flaw may be exploited by a local attacker or by an adversary able to intercept firmware transfers. Siemens reports no planned fix for this product; operators should use the ACC Firmware App, validate firmware hashes, restrict controller access, and isolate devices from untrusted networks as compensating controls.

🔒 Siemens Gridscale X Prepay versions prior to 4.2.1 contain two remotely exploitable authentication-related vulnerabilities that present low attack complexity. CVE-2025-40806 enables user enumeration via observable response discrepancies, and CVE-2025-40807 permits capture-replay authentication bypass allowing locked-out users to re-establish sessions. Siemens advises contacting local representatives and following SSA-356310 guidance; CISA recommends isolating devices, minimizing network exposure, and using secure remote access methods such as updated VPNs.

🛡️ CISA warns of multiple memory-corruption vulnerabilities in AzeoTech DAQFactory (release 20.7 and prior) that can be triggered by specially crafted .ctl files. The flaws include out-of-bounds read/write, heap and stack overflows, use-after-free, type confusion, and access of uninitialized pointers; several have CVSS v4 scores up to 8.4. DAQFactory 21.1 addresses these issues and AzeoTech advises avoiding untrusted documents, restricting .ctl file permissions, and using Safe Mode when loading unverified files.

⚠️ The Siemens IAM client used across several engineering products contains an improper certificate validation flaw (CVE-2025-40800) that can enable unauthenticated remote man-in-the-middle attacks. CISA lists a CVSS v4 score of 9.1, indicating severe impact and remote exploitability, and also reports a CVSS v3.1 score of 7.4. Affected products include COMOS V10.6, NX (pre-2412.8700 / pre-2506.6000), Simcenter 3D, Simcenter Femap, and Solid Edge SE2025/SE2026; Siemens has issued patched versions for most items, though COMOS V10.6 currently has no fix. CISA and Siemens recommend applying available updates, isolating control networks, and minimizing direct internet exposure.

🔒The Siemens SALT SDK used by multiple engineering and simulation products fails to validate server TLS certificates, creating a risk of man-in-the-middle attacks by unauthenticated remote actors. Assigned CVE-2025-40801 with a CVSS v4 base score of 9.2, the issue affects COMOS, NX, Simcenter, Tecnomatix and others. Siemens has published updates for some versions while several products currently have no available fix; affected systems should be isolated, patched where possible, and protected behind properly configured firewalls and secure remote access solutions.

⚠️ Siemens has released a security advisory for SINEMA Remote Connect Server, affecting all versions prior to V3.2 SP4. Two vulnerabilities allow authenticated users with local or network access to read private TLS keys (incorrect permission assignment) and to bypass license enforcement via direct database modification (incorrect authorization). CISA lists CVE-2025-40818 (CVSS 3.3) and CVE-2025-40819 (CVSS 4.3). Apply the vendor update to V3.2 SP4 or later and follow recommended network-hardening measures.