All news with #security advisory tag

Raisecomm RAX701-GC SSH Authentication Bypass Vulnerability

🔒 A critical authentication bypass in Raisecomm RAX701-GC devices permits SSH sessions without completing user authentication, potentially granting unauthenticated root shell access. The flaw is tracked as CVE-2025-11534 with a CVSS v3.1 score of 9.8 and CVSS v4 score of 9.3, exploitable remotely with low attack complexity. Affected firmware versions include 5.5.27_20190111, 5.5.13_20180720, and 5.5.36_20190709. CISA recommends isolating affected devices from the internet, placing control networks behind firewalls, and using secure remote access methods such as updated VPNs while contacting vendor support.

Siemens SIMATIC S7-1200 Vulnerabilities and Patches Updates

⚠️ Siemens has published an advisory for SIMATIC S7-1200 CPU V1/V2 devices describing two high-severity vulnerabilities: an Improper Input Validation flaw (CVE-2011-20001) that can force a controller into a stop/defect state via malformed HTTP traffic, and an Authentication Bypass by Capture-Replay (CVE-2011-20002) that allows replay of engineering commands. CVSS v4 scores are high (up to 8.7); Siemens recommends updating firmware (V2.0.3/V2.0.2) and disabling the web server where possible, while CISA advises network segmentation, firewalling, and avoiding direct Internet exposure.

Rockwell Automation 1783-NATR: Critical Remote Flaws

⚠️ Rockwell Automation's 1783-NATR network adapter contains multiple high-severity vulnerabilities, including missing authentication for critical functions, stored XSS, and CSRF. CISA assigns CVSS v4 9.9 for the most severe issue and warns these flaws can be exploited remotely with low complexity to cause denial-of-service, data modification, or credential compromise. Rockwell Automation recommends upgrading to 1.007 or later; CISA advises minimizing network exposure and isolating control networks.

Rockwell Compact GuardLogix 5370 Uncaught Exception

⚠️ Rockwell Automation has disclosed an uncaught exception vulnerability in Compact GuardLogix 5370 controllers that can be triggered by a crafted CIP unconnected explicit message and may cause a non‑recoverable fault resulting in denial-of-service. The issue is tracked as CVE-2025-9124 and carries a CVSS v4 base score of 8.7, indicating remote exploitability with low complexity. Rockwell recommends upgrading affected devices to firmware 30.14 or later; organizations unable to upgrade should follow vendor security best practices and apply network isolation measures.

CloudEdge Online Cameras/App—MQTT Wildcard Credential Risk

🔒 The CloudEdge mobile app (v4.4.2) and associated online cameras contain a credential exposure flaw assigned CVE-2025-11757 that stems from improper MQTT topic handling (CWE-155). Unsanitized topic input allows an attacker to use MQTT wildcards to subscribe to other users' messages and extract credentials and key material, enabling remote access to live feeds and camera controls. CISA calculated a CVSS v4 base score of 8.7 and highlights low attack complexity and remote exploitability. Users are advised to minimize network exposure, isolate devices behind firewalls, employ secure remote access methods such as VPNs with caution, and contact Meari Technologies support at support@mearitek.com.

Critical MinKNOW Vulnerabilities Allow Remote Access and DoS

⚠️ Oxford Nanopore Technologies MinKNOW sequencing software contains multiple remotely exploitable vulnerabilities (highest CVSS v4 8.3) that can permit unauthorized access, data manipulation, and denial-of-service on affected devices. Attackers can discover devices via network scanning, exploit authentication that trusts host IPs, and reuse tokens stored in world-readable temporary files to gain persistent access or redirect sequencing output. Oxford Nanopore advises upgrading to versions later than 24.11; CISA recommends minimizing network exposure, isolating control networks, and using secure remote access methods while applying other mitigations.

Critical WatchGuard Fireware OS RCE via IKEv2 VPN Exploit

🔴 A critical out-of-bounds write vulnerability (CVE-2025-9242) in WatchGuard Fireware OS could allow remote code execution via IKEv2 mobile VPN and Branch Office VPN when configured with dynamic gateway peers. Affected releases include Fireware OS 11.10.2 through 11.12.4_Update1, 12.0 through 12.11.3 and 2025.1, and WatchGuard warns devices previously configured with these peers may remain vulnerable. Shadowserver estimates over 71,000 potentially exposed devices; WatchGuard and the US NVD have published advisories and guidance, and a temporary workaround plus narrower BOVPN access policies are recommended if immediate upgrades are not possible.

Reducing Abuse of Microsoft 365 Exchange Online Direct Send

🛡️ Cisco Talos warns that Microsoft 365 Exchange Online’s Direct Send feature, intended for legacy devices and line‑of‑business appliances, is being abused to bypass standard authentication and content inspection. Attackers are leveraging these unauthenticated SMTP flows in phishing and BEC campaigns by impersonating internal users and embedding obfuscated lures such as QR codes and empty‑body messages. Talos recommends a phased approach — inventorying dependencies, migrating devices to authenticated SMTP or partner connectors, and validating mailflows before enabling RejectDirectSend — to reduce risk without disrupting critical workflows.

Microsoft fixes USB input bug that broke WinRE access

🔧 Microsoft released an out-of-band cumulative update, KB5070773, to restore USB mouse and keyboard functionality in the Windows Recovery Environment (WinRE) after October 2025 security updates disabled USB input in recovery on affected client and server builds. The patch began rolling out on October 20, 2025 and Microsoft recommends installing the latest updates. If a device cannot boot to install the patch, workarounds include using a touchscreen’s touch keyboard, connecting PS/2 peripherals, or booting from a previously created USB recovery drive.

Microsoft October update disables USB input in WinRE

⚠ After installing the October 14, 2025 security update KB5066835, USB-wired mice and keyboards do not function in the Windows Recovery Environment (WinRE), Microsoft confirmed. The devices continue to operate normally inside the Windows OS, but WinRE navigation is blocked, affecting Windows 11 (24H2, 25H2) and Windows Server 2025. Microsoft is working on a fix expected in the coming days; meanwhile users can rely on Bluetooth peripherals or legacy PS/2 input devices as a workaround.

75,000+ WatchGuard Firebox Devices Vulnerable to RCE

⚠️ Nearly 76,000 WatchGuard Firebox network appliances exposed on the public internet remain vulnerable to CVE-2025-9242, a critical (9.3) out-of-bounds write in the iked process that handles IKEv2 VPN negotiations. The flaw can be exploited without authentication by sending specially crafted IKEv2 packets to devices configured with dynamic gateway peers, potentially enabling remote code execution. WatchGuard has published patched releases and urges administrators to upgrade to supported versions immediately; 11.x is end-of-support and will not receive fixes.

CISA: Windows SMB Privilege Escalation Actively Exploited

🔒 CISA warns that threat actors are actively exploiting a high-severity Windows SMB vulnerability tracked as CVE-2025-33073, which can allow elevation to SYSTEM on unpatched machines. Microsoft patched the flaw in its June 2025 Patch Tuesday release, citing an improper access control weakness that can be abused over a network. The bug affects Windows Server, Windows 10 and Windows 11 up to 24H2. Federal agencies must remediate within three weeks under BOD 22-01, and all organizations are urged to apply the update immediately.

Microsoft October Windows Updates Break Smart Card Auth

🔒 Microsoft warns the October 2025 Windows security updates are causing smart card authentication and certificate failures by switching RSA-based smart card certificates to use KSP instead of CSP. Affected systems may report errors such as "invalid provider type specified" or "CryptAcquireCertificatePrivateKey error" and Event ID 624 in the Smart Card Service log. Microsoft provides a manual workaround: set the DisableCapiOverrideForRSA registry value to 0, back up the registry first, then restart. This impacts Windows 10, Windows 11 and Windows Server releases; the company says the key will be removed in April 2026 and urges customers to work with application vendors to resolve compatibility.

CISA Adds Five CVEs to Known Exploited Vulnerabilities

🚨 CISA added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation: CVE-2022-48503 (Apple), CVE-2025-2746 and CVE-2025-2747 (Kentico Xperience Staging Sync Server), CVE-2025-33073 (Microsoft Windows SMB Client), and CVE-2025-61884 (Oracle E-Business Suite SSRF). These flaws include authentication bypasses, improper access control, and SSRF, which are frequent attack vectors and pose significant risks. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate identified KEV items by the required due dates; CISA strongly urges all organizations to prioritize timely remediation as part of their vulnerability management practice.

Microsoft Revokes 200+ Fraudulent Code-Signing Certificates

🔒 Microsoft Threat Intelligence has revoked more than 200 code-signing certificates that were fraudulently used to sign counterfeit Microsoft Teams installers delivering a persistent backdoor and ransomware. The campaign, tracked as Vanilla Tempest (also known as Vice Spider/Vice Society), employed SEO poisoning and malvertising to lure users to spoofed download sites hosting fake MSTeamsSetup.exe files that deployed the Oyster backdoor and ultimately Rhysida ransomware. Microsoft says the actor abused Trusted Signing and services such as SSL.com, DigiCert and GlobalSign to sign malicious binaries. A fully enabled Microsoft Defender Antivirus detects and blocks these threats, and Microsoft provides guidance through Microsoft Defender for Endpoint for mitigation and investigation.

ConnectWise fixes Automate AiTM update attack vulnerability

🔒 ConnectWise released a security update for Automate to fix two vulnerabilities including a critical 9.6-severity flaw (CVE-2025-11492) that can cause agents to use cleartext HTTP, enabling adversary-in-the-middle (AiTM) interception or modification of commands, credentials, and update payloads. A second 8.8-severity issue (CVE-2025-11493) omits integrity verification for update packages, allowing substituted malicious files. Cloud instances are patched to release 2025.9; on-premise administrators are urged to install the update within days.

Microsoft Removes Additional Safeguard Holds for Windows 11

✅ Microsoft removed two safeguard holds blocking Windows 11 24H2 installs. The April hold affecting systems using SenseShield's sprotect.sys driver—which could trigger BSODs—was lifted after a security.sys driver update; the feature update will be offered within 48 hours. The September 2024 hold for wallpaper customization apps that caused display and virtual-desktop issues was removed on October 15, 2025; affected devices may see a warning and must confirm before upgrading. Microsoft advises updating or uninstalling problematic apps or contacting their developers for support.

Microsoft fixes highest-severity ASP.NET Core flaw

🔒 Microsoft patched a critical HTTP request smuggling vulnerability (CVE-2025-55315) in the Kestrel ASP.NET Core web server, which Microsoft described as the highest-severity ASP.NET Core flaw ever. An authenticated attacker could smuggle an additional HTTP request to hijack other users' credentials, bypass front-end security controls, or impact integrity and availability. Microsoft released updates for Visual Studio 2022, ASP.NET Core 2.3, 8.0 and 9.0 and advised developers to apply updates, recompile where required, and restart or redeploy affected applications.

Microsoft fixes Windows localhost HTTP/2 connection bug

🔧 Microsoft has fixed a known issue that broke HTTP/2 connections to localhost (127.0.0.1) and caused IIS sites to fail after recent Windows security updates. Affected systems included Windows 11 and Windows Server 2025, producing errors like “ERR_CONNECTION_RESET” and “ERR_HTTP2_PROTOCOL_ERROR”. Microsoft recommends checking Windows Update and restarting; it also enabled a Known Issue Rollback (KIR) for most home and non-managed devices, while enterprise admins can deploy a KIR group policy until a permanent update ships.

Over 266,978 F5 BIG-IP Instances Exposed to Remote Attacks

⚠️ Shadowserver Foundation reports 266,978 internet-exposed F5 BIG-IP instances after F5 disclosed a breach in which nation-state actors stole source code and information on undisclosed BIG-IP flaws. F5 issued patches addressing 44 vulnerabilities and urged immediate updates for BIG-IP, F5OS, BIG-IQ, and related products. CISA issued an emergency directive requiring federal agencies to patch or mitigate affected devices by set deadlines. Nearly half of the detected instances are in the United States, with most others across Europe and Asia.