CyberSecurity news

FlagThis - #patchmanagement

@cert.europa.eu //
A number of critical security vulnerabilities have been identified and addressed in several software products, highlighting the persistent need for vigilance and timely updates. One of the most severe issues is a critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-23121, in Veeam Backup & Replication. This flaw, which received a CVSS score of 9.9, allows an authenticated domain user to execute code remotely on the Backup Server, specifically impacting domain-joined backup servers. Veeam has released security updates to fix this and other vulnerabilities, urging users to upgrade to the latest version, 12.3.2 (build 12.3.2.3617), as soon as possible.

Affected products include Veeam Backup & Replication versions 12, 12.1, 12.2, 12.3, and 12.3.1, along with Veeam Agent for Microsoft Windows versions 6.0, 6.1, 6.2, 6.3, and 6.3.1. In addition to the critical RCE in Veeam, a high severity Arbitrary Code Execution (ACE) vulnerability (CVE-2025-24286) in Veeam Backup & Replication was also addressed, allowing an authenticated user with the Backup Operator role to modify backup jobs, potentially leading to arbitrary code execution. Further more, a medium severity local privilege escalation bug (CVE-2025-24287) was identified affecting the Windows Veeam agent, which allows local system users to execute arbitrary code with elevated permissions by modifying specific directory contents.

Users are strongly advised to update their software to the latest versions to mitigate the risks associated with these vulnerabilities. For Veeam users, it is recommended to implement best practices provided by the vendor, such as using a separate management workgroup or domain for Veeam components. The discovery of an undocumented root shell access (CVE-2025-26412) in the SIMCom SIM7600G modem, highlighting the dangers of backdoors and undocumented features in embedded devices. Furthermore, a critical vulnerability (CVE-2025-3464) in Asus Armoury Crate allows attackers to gain SYSTEM privileges via hard link manipulation, advising users to update or disable the software.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • cert.europa.eu: On June 17, 2025, Veeam released an advisory addressing several vulnerabilities in Veeam Backup & Replication, one of which is rated as critical. It is recommended updating as soon as possible.
  • research.kudelskisecurity.com: Summary On June 1 7, data resilience vendor Veeam released security updates to fix three vulnerabilities: one critical severity RCE and one high severity ACE
  • The Register - Security: Veeam patches third critical RCE bug in Backup & Replication in space of a year
  • securityaffairs.com: Veeam addressed a new critical flaw in Backup & Replication product that could potentially result in remote code execution.
  • www.cybersecuritydive.com: Researchers urge vigilance as Veeam releases patch to address critical flaw
  • Security Risk Advisors: Critical Remote Code Execution Vulnerability Patched in Veeam Backup & Replication 12.3.2
  • research.kudelskisecurity.com: Veeam Backup & Replication: Critical RCE Patched
  • www.veeam.com: Critical Remote Code Execution Vulnerability Patched in Veeam Backup & Replication 12.3.2 . CVE-2025-23121 & CVE-2025-24286 & CVE-2025-24287 The post appeared first on .
  • Blog: On June 17, Veeam released , tracked as CVE-2025-23121, CVE-2025-24286, and CVE-2025-24287. The fixes were applied in and .
  • The Hacker News: Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication
  • thecyberexpress.com: This article discusses various vulnerabilities and recommends applying patches.
  • www.veeam.com: Veeam KB 4696
Classification:
  • HashTags: #Vulnerability #PatchManagement #SoftwareSecurity
  • Target: Users of Affected Software
  • Product: Veeam Backup & Replication, ONLYOFFICE Docs, SIMCom SIM7600G Modem, Asus Armoury Crate
  • Type: Vulnerability
  • Severity: Critical
Bill Toulas@BleepingComputer //
Critical vulnerabilities have been disclosed in several software products, raising concerns about potential security breaches. Two significant flaws have been identified in vBulletin forum software, tracked as CVE-2025-48827 and CVE-2025-48828. These vulnerabilities, with CVSS v3 scores of 10.0 and 9.0 respectively, enable API abuse and remote code execution. One of the flaws is reportedly being actively exploited in the wild, posing an immediate threat to vBulletin users. The vulnerabilities affect vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 when running on PHP 8.1 or later, however the vulnerabilities were likely patched last year in Patch Level 1 of the 6.* release branch.

Exploit details for a serious vulnerability in Cisco IOS XE Wireless Controller, designated CVE-2025-20188, have been publicly released, increasing the risk of exploitation. This vulnerability allows an attacker to take over devices by uploading files, performing path manipulation, and executing arbitrary commands with root privileges. The issue stems from a hardcoded JSON Web Token (JWT) which allows unauthenticated, remote attackers to generate valid tokens without knowing any secret information. Cisco has advised affected users to take immediate action to secure their systems.

Horizon3's analysis shows the Cisco IOS XE WLC vulnerability is caused by a hardcoded JWT fallback secret ('notfound'). If the file ‘/tmp/nginx_jwt_key’ is missing, the script uses ‘notfound’ as the secret key to verify JWTs, allowing attackers to generate valid tokens without knowing any secret information. They can then send an HTTP POST request with a file upload to the ‘/ap_spec_rec/upload/’ endpoint via port 8443 using path manipulation in the file name to place an innocent file (foo.txt) outside the intended directory. To escalate the file upload vulnerability to remote code execution, an attacker can overwrite configuration files loaded by backend services, place web shells, or abuse monitored files to perform unauthorized actions. Users are advised to upgrade to a patched version (17.12.04 or newer) as soon as possible.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • securityaffairs.com: Security Affairs reports on two critical vBulletin flaws, tracked as CVE-2025-48827 and CVE-2025-48828, that enable API abuse and remote code execution.
  • BleepingComputer: BleepingComputer reports on hackers exploiting a critical flaw in vBulletin forum software.
  • Techzine Global: Techzine.eu reports on the public release of exploit details for a serious Cisco IOS XE vulnerability.
Classification: