Oracle Critical Patch Update, July 2025 Security Update Review

Oracle released its second quarterly edition of this year’s Critical Patch Update. The update received patches for 309 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products. In this quarterly Oracle Critical Patch Update, Oracle … Continue reading “Oracle Critical Patch Update, July 2025 Security Update Review”

Fortinet FortiWeb Unauthenticated SQL Injection Vulnerability (CVE-2025-25257)

Kentaro Kawane from GMO Cybersecurity discovered a vulnerability of critical severity impacting FortiWeb. Tracked as CVE-2025-25257, the vulnerability has a CVSS score of 9.6. Upon successful exploitation of the vulnerability, an unauthenticated attacker can execute unauthorized SQL code via crafted HTTP or HTTPS requests. FortiWeb is a web application firewall (WAF) designed to protect web … Continue reading “Fortinet FortiWeb Unauthenticated SQL Injection Vulnerability (CVE-2025-25257)”

Microsoft Patch Tuesday, July 2025 Security Update Review

With cybersecurity threats continuing to evolve, Microsoft’s July 2025 Patch Tuesday highlights the need for consistent patching — this month’s release includes key fixes for actively exploited vulnerabilities. Here’s a quick breakdown of what you need to know. In this month’s Patch Tuesday, the July 2025 edition, Microsoft addressed 140 vulnerabilities. The updates include 14 … Continue reading “Microsoft Patch Tuesday, July 2025 Security Update Review”

Anthropic Model Context Protocol (MCP) Inspector Remote Code Execution Vulnerability (CVE-2025-49596)

A critical remote code execution vulnerability has been discovered in Anthropic’s open‑source tool, MCP Inspector, which is widely used by AI developers for debugging Model Context Protocol (MCP) servers. Tracked as CVE-2025-49596, the vulnerability has a CVSS score of 9.4. Successful exploitation of the vulnerability may allow a remote unauthenticated attacker to execute arbitrary code … Continue reading “Anthropic Model Context Protocol (MCP) Inspector Remote Code Execution Vulnerability (CVE-2025-49596)”

Cisco Unified Communications Manager Static SSH Credentials Vulnerability (CVE-2025-20309)

Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) are vulnerable to a hardcoded root SSH credential vulnerability tracked as CVE-2025-20309. The vulnerability has a critical severity rating with a CVSS score of 10. An attacker may exploit the vulnerability to log in to the affected system and … Continue reading “Cisco Unified Communications Manager Static SSH Credentials Vulnerability (CVE-2025-20309)”

WingFTP Critical Remote Code Execution Vulnerability (CVE-2025-47812)

Julien Ahrens from RCE Security discovered a critical security vulnerability impacting WingFTP. Tracked as CVE-2025-47812, the vulnerability has a CVSS score of 10. Successful exploitation of the vulnerability may allow a remote unauthenticated attacker to execute arbitrary code, leading to complete system compromise.

Google Addresses Zero-day Vulnerability impacting Chrome Browser (CVE-2025-6554)

Chrome browser is vulnerable to a security vulnerability being exploited in the wild. Tracked as CVE-205-6554, this is a type confusion vulnerability in V8. Clément Lecigne of Google’s Threat Analysis Group discovered and reported the vulnerability to Google.

Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-20281 & CVE-2025-20282)

Cisco addresses two critical severity vulnerabilities impacting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). Tracked as CVE-2025-20281 & CVE-2025-20282, both vulnerabilities have a CVSS score of 10. Successful exploitation of the vulnerabilities may allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user.