Cisco addresses two critical severity vulnerabilities impacting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). Tracked as CVE-2025-20281 & CVE-2025-20282, both vulnerabilities have a CVSS score of 10. Successful exploitation of the vulnerabilities may allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user.
Category: ThreatPROTECT
Citrix NetScaler ADC and NetScaler Gateway Vulnerability Exploited in Denial-of-Service Attacks (CVE-2025-6543)
Citrix released a security update to address the vulnerability impacting NetScaler appliances. Tracked as CVE-2025-6543, successfully exploiting the memory overflow vulnerability may lead to unintended control flow and Denial of Service. Citrix mentioned in the advisory that they have reports suggesting exploitation of this vulnerability on unmitigated appliances.
PoC Released for Notepad++ Privilege Escalation Vulnerability (CVE-2025-49144)
Notepad++ is vulnerable to a privilege escalation vulnerability that may allow unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. Tracked as CVE-2025-49144, the vulnerability exposes millions of users worldwide to complete system compromise. There is proof-of-concept now publicly available.
Veeam Backup and Replication Multiple Vulnerabilities (CVE-2025-23121, CVE-2025-24286, & CVE-2025-24287)
Veeam released a security advisory to address three vulnerabilities impacting its domain-joined Backup and replication systems. Tracked as CVE-2025-23121, CVE-2025-24286, and CVE-2025-24287, the vulnerabilities may lead to code execution upon successful exploitation.
Microsoft Patch Tuesday, June 2025 Security Update Review
Microsoft’s June 2025 Patch Tuesday has landed, addressing a new batch of critical and important vulnerabilities across Windows and enterprise products. Here’s a quick breakdown of what you need to know. In this month’s Patch Tuesday, June 2025 edition, Microsoft addressed 69 vulnerabilities. The updates include 10 critical and 57 important severity vulnerabilities. In this … Continue reading “Microsoft Patch Tuesday, June 2025 Security Update Review”
ConnectWise ScreenConnect Command Injection Vulnerability Added to CISA KEV (CVE-2025-3935)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned users about a high-severity vulnerability impacting ConnectWise ScreenConnect, tracked as CVE-2025-3935. Successful exploitation of the vulnerabilities could allow an attacker to execute arbitrary code remotely or directly impact confidential data, leading to complete system compromise.
Google Fixes Third Zero-day Vulnerability of 2025 in Chrome (CVE-2025-5419)
Clement Lecigne and Benoît Sevens of Google Threat Analysis Group discovered a high-severity vulnerability impacting the Chrome browser. Tracked as CVE-2025-5419, this is an out-of-bounds read and write vulnerability in V8. Google mentioned in the advisory that they are aware of the active exploitation of vulnerability in the wild. Google addressed the vulnerability with a … Continue reading “Google Fixes Third Zero-day Vulnerability of 2025 in Chrome (CVE-2025-5419)”
Invision Community Remote Code Execution Vulnerability (CVE-2025-47916)
A critical remote code execution vulnerability (CVE-2025-47916) in the Invision Community has come to light. The vulnerability may allow attackers to execute arbitrary code on the target system. The vulnerability puts countless forums and online communities at serious risk because of the popularity of the Invision Community.
vBulletin Remote Code Execution Vulnerabilities Exploited in the Wild (CVE-2025-48827 & CVE-2025-48828)
Security researchers at Karma(In)Security discovered two unauthenticated remote code execution vulnerabilities in vBulletin, a popular commercial forum solution. Tracked as CVE-2025-48828, successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, leading to critical data loss and complete system compromise.
Versa Concerto Zero-day Remote Code Execution Vulnerabilities (CVE-2025-34025, CVE-2025-34026, & CVE-2025-34027)
Security researchers at Project Discovery discovered two critical zero-day vulnerabilities in Versa Concerto, a popular SD-WAN and network orchestration platform. When exploited together, the vulnerabilities may allow attackers to fully compromise the application and the underlying host system. The vulnerabilities affect key elements of the platform, which are based on Docker containers, Spring Boot, and … Continue reading “Versa Concerto Zero-day Remote Code Execution Vulnerabilities (CVE-2025-34025, CVE-2025-34026, & CVE-2025-34027)”
