Oracle released its second quarterly edition of this year’s Critical Patch Update. The update received patches for 309 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products. In this quarterly Oracle Critical Patch Update, Oracle … Continue reading “Oracle Critical Patch Update, July 2025 Security Update Review”
VMware ESXi, Workstation, Fusion, and Tools Multiple Vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, & CVE-2025-41239)
Multiple vulnerabilities impact VMware ESXi, Workstation, Fusion, and Tools. Tracked as CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, & CVE-2025-41239, successful exploitation of the vulnerabilities leads to remote code execution.
Google Addresses Fifth Zero-day Vulnerability impacting Chrome Browser (CVE-2025-6558)
Google addressed six vulnerabilities impacting the Chrome browser. One of the vulnerabilities tracked as CVE-2025-6558 is being exploited in the wild. Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group discovered and reported the vulnerability to Google.
Fortinet FortiWeb Unauthenticated SQL Injection Vulnerability (CVE-2025-25257)
Kentaro Kawane from GMO Cybersecurity discovered a vulnerability of critical severity impacting FortiWeb. Tracked as CVE-2025-25257, the vulnerability has a CVSS score of 9.6. Upon successful exploitation of the vulnerability, an unauthenticated attacker can execute unauthorized SQL code via crafted HTTP or HTTPS requests. FortiWeb is a web application firewall (WAF) designed to protect web … Continue reading “Fortinet FortiWeb Unauthenticated SQL Injection Vulnerability (CVE-2025-25257)”
Microsoft Patch Tuesday, July 2025 Security Update Review
With cybersecurity threats continuing to evolve, Microsoft’s July 2025 Patch Tuesday highlights the need for consistent patching — this month’s release includes key fixes for actively exploited vulnerabilities. Here’s a quick breakdown of what you need to know. In this month’s Patch Tuesday, the July 2025 edition, Microsoft addressed 140 vulnerabilities. The updates include 14 … Continue reading “Microsoft Patch Tuesday, July 2025 Security Update Review”
Anthropic Model Context Protocol (MCP) Inspector Remote Code Execution Vulnerability (CVE-2025-49596)
A critical remote code execution vulnerability has been discovered in Anthropic’s open‑source tool, MCP Inspector, which is widely used by AI developers for debugging Model Context Protocol (MCP) servers. Tracked as CVE-2025-49596, the vulnerability has a CVSS score of 9.4. Successful exploitation of the vulnerability may allow a remote unauthenticated attacker to execute arbitrary code … Continue reading “Anthropic Model Context Protocol (MCP) Inspector Remote Code Execution Vulnerability (CVE-2025-49596)”
Cisco Unified Communications Manager Static SSH Credentials Vulnerability (CVE-2025-20309)
Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) are vulnerable to a hardcoded root SSH credential vulnerability tracked as CVE-2025-20309. The vulnerability has a critical severity rating with a CVSS score of 10. An attacker may exploit the vulnerability to log in to the affected system and … Continue reading “Cisco Unified Communications Manager Static SSH Credentials Vulnerability (CVE-2025-20309)”
WingFTP Critical Remote Code Execution Vulnerability (CVE-2025-47812)
Julien Ahrens from RCE Security discovered a critical security vulnerability impacting WingFTP. Tracked as CVE-2025-47812, the vulnerability has a CVSS score of 10. Successful exploitation of the vulnerability may allow a remote unauthenticated attacker to execute arbitrary code, leading to complete system compromise.
Google Addresses Zero-day Vulnerability impacting Chrome Browser (CVE-2025-6554)
Chrome browser is vulnerable to a security vulnerability being exploited in the wild. Tracked as CVE-205-6554, this is a type confusion vulnerability in V8. Clément Lecigne of Google’s Threat Analysis Group discovered and reported the vulnerability to Google.
Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-20281 & CVE-2025-20282)
Cisco addresses two critical severity vulnerabilities impacting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). Tracked as CVE-2025-20281 & CVE-2025-20282, both vulnerabilities have a CVSS score of 10. Successful exploitation of the vulnerabilities may allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user.
