The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high-severity vulnerability to its Known Exploitable Vulnerabilities Catalog, urging users to patch it before August 18, 2025. Tracked as CVE-2023-2533, the vulnerability in PaperCut NG/MF may allow an attacker to alter security settings or execute arbitrary code.
Tag: CISA Known Exploitable Vulnerabilities Catalog
Microsoft SharePoint Server Zero-day Vulnerability Exploited in the Wild (CVE-2025-53770)
Microsoft released patches for an actively exploited vulnerability impacting SharePoint Server. Tracked as CVE-2025-53770, the vulnerability was part of an “active, large-scale” exploitation campaign. Successful exploitation of the vulnerability may allow a remote unauthenticated attacker to execute arbitrary code, leading to critical data loss and possible system compromise. Viettel Cyber Security with Trend Zero Day … Continue reading “Microsoft SharePoint Server Zero-day Vulnerability Exploited in the Wild (CVE-2025-53770)”
Fortinet FortiWeb Unauthenticated SQL Injection Vulnerability (CVE-2025-25257)
Kentaro Kawane from GMO Cybersecurity discovered a vulnerability of critical severity impacting FortiWeb. Tracked as CVE-2025-25257, the vulnerability has a CVSS score of 9.6. Upon successful exploitation of the vulnerability, an unauthenticated attacker can execute unauthorized SQL code via crafted HTTP or HTTPS requests. FortiWeb is a web application firewall (WAF) designed to protect web … Continue reading “Fortinet FortiWeb Unauthenticated SQL Injection Vulnerability (CVE-2025-25257)”
WingFTP Critical Remote Code Execution Vulnerability (CVE-2025-47812)
Julien Ahrens from RCE Security discovered a critical security vulnerability impacting WingFTP. Tracked as CVE-2025-47812, the vulnerability has a CVSS score of 10. Successful exploitation of the vulnerability may allow a remote unauthenticated attacker to execute arbitrary code, leading to complete system compromise.
Google Addresses Zero-day Vulnerability impacting Chrome Browser (CVE-2025-6554)
Chrome browser is vulnerable to a security vulnerability being exploited in the wild. Tracked as CVE-205-6554, this is a type confusion vulnerability in V8. Clément Lecigne of Google’s Threat Analysis Group discovered and reported the vulnerability to Google.
Citrix NetScaler ADC and NetScaler Gateway Vulnerability Exploited in Denial-of-Service Attacks (CVE-2025-6543)
Citrix released a security update to address the vulnerability impacting NetScaler appliances. Tracked as CVE-2025-6543, successfully exploiting the memory overflow vulnerability may lead to unintended control flow and Denial of Service. Citrix mentioned in the advisory that they have reports suggesting exploitation of this vulnerability on unmitigated appliances. CISA acknowledged the vulnerability’s active exploitation by … Continue reading “Citrix NetScaler ADC and NetScaler Gateway Vulnerability Exploited in Denial-of-Service Attacks (CVE-2025-6543)”
Microsoft Patch Tuesday, June 2025 Security Update Review
Microsoft’s June 2025 Patch Tuesday has landed, addressing a new batch of critical and important vulnerabilities across Windows and enterprise products. Here’s a quick breakdown of what you need to know. In this month’s Patch Tuesday, June 2025 edition, Microsoft addressed 69 vulnerabilities. The updates include 10 critical and 57 important severity vulnerabilities. In this … Continue reading “Microsoft Patch Tuesday, June 2025 Security Update Review”
ConnectWise ScreenConnect Command Injection Vulnerability Added to CISA KEV (CVE-2025-3935)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned users about a high-severity vulnerability impacting ConnectWise ScreenConnect, tracked as CVE-2025-3935. Successful exploitation of the vulnerabilities could allow an attacker to execute arbitrary code remotely or directly impact confidential data, leading to complete system compromise.
Google Fixes Third Zero-day Vulnerability of 2025 in Chrome (CVE-2025-5419)
Clement Lecigne and Benoît Sevens of Google Threat Analysis Group discovered a high-severity vulnerability impacting the Chrome browser. Tracked as CVE-2025-5419, this is an out-of-bounds read and write vulnerability in V8. Google mentioned in the advisory that they are aware of the active exploitation of vulnerability in the wild. Google addressed the vulnerability with a … Continue reading “Google Fixes Third Zero-day Vulnerability of 2025 in Chrome (CVE-2025-5419)”
CISA Warns of Ivanti EPMM Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-4427 & CVE-2025-4428)
Ivanti released security updates to address two high security vulnerabilities impacting its Endpoint Manager Mobile (EPMM). Tracked as CVE-2025-4427 and CVE-2025-4428, the vulnerabilities are being exploited in the wild. The advisory states, “When chained together, successful exploitation could lead to unauthenticated remote code execution.” CISA added the CVEs to its Known Exploited Vulnerabilities Catalog and … Continue reading “CISA Warns of Ivanti EPMM Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-4427 & CVE-2025-4428)”