Kibana released a security advisory to address a critical severity tracked as CVE-2025-25014. Successful exploitation of the prototype pollution vulnerability may lead to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints.
Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability (CVE-2025-20188)
Cisco released a security advisory to address a vulnerability in its IOS XE Wireless Controller that could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. Tracked as CVE-2025-20188, the vulnerability has a critical severity rating with a CVSS score of 10.
FreeType Out-of-Bounds Write Vulnerability Added to CISA Known Exploited Vulnerabilities Catalog (CVE-2025-27363)
Google released its May 2025 security updates for Android, addressing 45 security vulnerabilities. One of the 45 vulnerabilities is an actively exploited zero-click FreeType 2 code execution vulnerability. CISA acknowledged the vulnerability’s active exploitation by adding it to its Known Exploited Vulnerabilities Catalog. CISA urged users to patch the flaw before May 27, 2025.
CISA Warns of Actively Exploited Langflow Remote Code Execution Vulnerability (CVE-2025-3248)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned users about a critical severity vulnerability (CVE-2025-3248) impacting Langflow, a tool designed for building agentic AI workflows. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary system commands, leading to complete system compromise. CISA added the vulnerability to its Known Exploited … Continue reading “CISA Warns of Actively Exploited Langflow Remote Code Execution Vulnerability (CVE-2025-3248)”
CISA Warns of Actively Exploited Brocade, Commvault, and Qualitia Active! Mail Vulnerabilities (CVE-2025-1976, CVE-2025-3928, and CVE-2025-42599)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned users about three high-severity vulnerabilities impacting Broadcom Brocade Fabric OS, Commvault Web server, and Qualitia Active! Mail. CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, urging users to patch them before May 19, 2025.
SAP NetWeaver Zero-day Remote Code Execution Vulnerability (CVE-2025-31324)
SAP released an out-of-band emergency update to address a remote code execution zero-day vulnerability impacting NetWeaver. Tracked as CVE-2025-31324, the vulnerability has a critical severity rating with a CVSS score of 10. Threat actors are exploiting the vulnerability to hijack servers. CISA added CVE-2025-31324 to its Known Exploited Vulnerabilities Catalog, urging users to patch it … Continue reading “SAP NetWeaver Zero-day Remote Code Execution Vulnerability (CVE-2025-31324)”
Commvault Command Center Remote Code Execution Vulnerability (CVE-2025-34028)
A security researcher at watchTowr Labs discovered a critical vulnerability in Commvault Command Center that may allow an attacker to execute arbitrary code without authentication. Tracked as CVE-2025-34028, the vulnerability has a CVSS score of 9.0. CISA added CVE-2025-34028 to its Known Exploited Vulnerabilities Catalog, urging users to patch it before May 23, 2025.
Erlang/OTP SSH Server Remote Code Execution Vulnerability (CVE-2025-32433)
Security researchers at Ruhr University Bochum discovered a security vulnerability in the Erlang/Open Telecom Platform (OTP) SSH implementation. Tracked as CVE-2025-32433, the vulnerability has a critical severity rating with a CVSS score of 10. Successful exploitation of the vulnerability may allow an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code … Continue reading “Erlang/OTP SSH Server Remote Code Execution Vulnerability (CVE-2025-32433)”
Apple Releases Fixes for iOS Zero-day Vulnerabilities (CVE-2025-31200 & CVE-2025-31201)
Apple and Google Threat Analysis Group discovered two security vulnerabilities impacting iOS devices. Tracked as CVE-2025-31200 and CVE-2025-31201, the vulnerabilities could allow an attacker to execute code. The Apple security advisory states that they are aware of a report that the vulnerabilities may have been exploited in an extremely sophisticated attack against specific targeted individuals on … Continue reading “Apple Releases Fixes for iOS Zero-day Vulnerabilities (CVE-2025-31200 & CVE-2025-31201)”
Oracle Critical Patch Update, April 2025 Security Update Review
Oracle released its first quarterly edition of this year’s Critical Patch Update. The update received patches for 378 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products. In this quarterly Oracle Critical Patch Update, Oracle … Continue reading “Oracle Critical Patch Update, April 2025 Security Update Review”
