CyberSecurity news

FlagThis - #patchnow

@securityonline.info //

Critical Planet Technology Product Flaws Allow Takeover - CISA warns of critical vulnerabilities in Planet Technology’s network management and switch products, advising organizations to apply patches to prevent system takeovers.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning to organizations globally regarding severe vulnerabilities in Planet Technology's network management and industrial switch products. These products are commonly used in critical manufacturing and industrial environments worldwide. The vulnerabilities, discovered by security researcher Kev Breen of Immersive Labs, affect several widely deployed Planet Technology products, including UNI-NMS-Lite, NMS-500, NMS-1000V, WGS-804HPT-V2, and WGS-4215-8T2S.

These critical flaws could allow remote attackers to take full control of affected devices, manipulate sensitive data, and compromise industrial networks. CISA's advisory highlights five major vulnerabilities, each with a CVSS v4 base score of 9.3 or higher. These include OS Command Injection (CVE-2025-46271, CVE-2025-46272), Hard-Coded Credentials (CVE-2025-46273, CVE-2025-46274), and Missing Authentication for Critical Functions (CVE-2025-46275). Exploitation of these vulnerabilities could enable attackers to execute arbitrary commands, gain administrative privileges, manipulate sensitive data, create unauthorized administrator accounts, and corrupt managed databases.

Planet Technology has released patches for all affected products, and CISA strongly urges organizations to apply these updates immediately. It is also recommended to minimize network exposure by keeping devices off the public internet and to segregate control system networks from business networks. Security researchers warn that internet-exposed devices are particularly at risk, and tools like Shodan and Censys have already identified many potentially vulnerable systems online. CISA advises organizations to place critical devices behind firewalls, separate them from business networks and use VPNs for remote access, ensuring they are fully updated.

Recommended read:
References :
  • Cyber Security News: CISA Issues Warning Over Planet Technology Network Product Flaws
  • hackread.com: Immersive security researchers discovered critical vulnerabilities in Planet Technology network management and switch products, allowing full device control.
  • securityonline.info: CISA warns of critical vulnerabilities in Planet Technology products
  • Talkback Resources: Critical vulnerabilities in industrial switches and network management products by Planet Technology, allowing remote attackers to gain admin privileges, have been disclosed by CISA and patched by the company.
  • cyberpress.org: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning organizations worldwide of severe vulnerabilities affecting a range of network management and industrial switch products from Taiwan-based Planet Technology.
  • securityonline.info: CISA Warns of Critical Vulnerabilities in Planet Technology Products
  • hackread.com: Planet Technology Industrial Switch Flaws Risk Full Takeover - Patch Now
@documentation.commvault.com //

Critical RCE Vulnerability in Commvault Command Center - A critical RCE vulnerability (CVE-2025-34028) in Commvault Command Center allows unauthenticated remote attackers to execute arbitrary code, potentially compromising the system.
A critical remote code execution (RCE) vulnerability, identified as CVE-2025-34028, has been discovered in Commvault Command Center. This security flaw, rated a severity of 9.0 out of 10, allows unauthenticated remote attackers to execute arbitrary code on affected installations. The vulnerability stems from a path traversal issue that can lead to a complete compromise of the Command Center environment. Commvault acknowledged the flaw in an advisory released on April 17, 2025, highlighting the potential for attackers to gain control of the system without requiring authentication.

Commvault Command Center versions 11.38.0 through 11.38.19 of the 11.38 Innovation Release are impacted by this vulnerability. The root cause lies within the "deployWebpackage.do" endpoint, which is susceptible to a pre-authenticated Server-Side Request Forgery (SSRF) attack. This is because there is no filtering as to what hosts can be communicated with. Attackers can exploit this by sending an HTTP request to the vulnerable endpoint, causing the Commvault instance to retrieve a malicious ZIP file from an external server. Once retrieved, the contents of the ZIP file are unzipped into a temporary directory under the attacker's control.

The vulnerability was discovered and reported by Sonny Macdonald, a researcher at watchTowr Labs, on April 7, 2025. watchTowr published technical details and a proof-of-concept (PoC) exploit on April 24, 2025, increasing the urgency for users to apply the necessary patches. Commvault has addressed the vulnerability in versions 11.38.20 and 11.38.25, urging all users to upgrade immediately. The vulnerability was last modified by NIST’s National Vulnerability Database on April 23. watchTowr has also created a Detection Artefact Generator that organizations can use to determine if their instance is vulnerable to the vulnerability.

Recommended read:
References :
  • Open Source Security: Posted by Fabian Bäumer on Apr 19 Hi Alexander, We used a technique called state machine learning to infer the state machine of the Erlang/OTP SSH server by interaction. With the state machine at hand, we noticed unexpected state transitions during the handshake caused by SSH_MSG_CHANNEL_OPEN messages. In particular, sending SSH_MSG_CHANNEL_REQUEST without SSH_MSG_CHANNEL_OPEN caused the connection to terminate, while sending SSH_MSG_CHANNEL_OPEN first changed this...
  • Resources-2: On April 16th, 2025, Erlang/OTP team disclosed a critical vulnerability affecting their SSH server implementation [1]. CVE-2025-32433 is an unauthenticated remote code execution vulnerability with a CVSS score of 10.0 (Critical) that allows adversaries to run arbitrary code on vulnerable systems with elevated privileges.
  • Tenable Blog: Proof-of-concept code has been released after researchers disclosed a maximum severity remote code execution vulnerability in Erlang/OTP SSH. Successful exploitation could allow for complete takeover of affected devices. Background On April 16, Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk of the Ruhr University Bochum in Germany disclosed a critical vulnerability in Erlang/OTP SSH to the vulnerability mailing list.
  • arcticwolf.com: On April 24, 2025, watchTowr published technical details and a proof-of-concept (PoC) exploit for a critical vulnerability in Commvault Command Center, CVE-2025-34028, which had been disclosed earlier in April.
  • The Hacker News: A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations.
  • www.scworld.com: CVE-2025-34028 could lead to a complete compromise of the Command Center.
  • Arctic Wolf: CVE-2025-34028: PoC Released for Critical RCE Vulnerability in Commvault Command Center
  • labs.watchtowr.com: Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) - watchTowr Labs
  • Help Net Security: Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)
  • Anonymous ???????? :af:: Critical Exploit Alert! A 9.0 CVSS flaw in Commvault Command Center lets hackers run code without logging in. 🯠Targets versions 11.38.0–11.38.19
  • SOC Prime Blog: SocPrime blog post on detecting CVE-2025-34028 exploitation
  • thecyberexpress.com: The Cyber Express article on the Commvault vulnerability
  • arcticwolf.com: CVE-2025-34028: PoC Released for Critical RCE Vulnerability in Commvault Command Center
  • Arctic Wolf: CVE-2025-34028: PoC Released for Critical RCE Vulnerability in Commvault Command Center
  • hackread.com: Critical Commvault Flaw Allows Full System Takeover – Update NOW
  • socprime.com: CVE-2025-34028 Detection: A Maximum-Severity Vulnerability in the Commvault Command Center Enables RCE
  • fortiguard.fortinet.com: What is the Vulnerability?A critical path traversal vulnerability has been identified in Commvault's Command Center Innovation Release.
  • watchTowr Labs: Fire In The Hole, We’re Breaching The Vault
  • www.csoonline.com: Critical Commvault SSRF could allow attackers to execute code remotely
  • : Critical Commvault Flaw Allows Full System Takeover.
  • hackread.com: Enterprises using Commvault Innovation Release are urged to patch immediately against CVE-2025-34028. This critical flaw allows attackers to…
  • hackread.com: Critical Commvault Flaw Allows Full System Takeover – Update NOW
info@thehackernews.com (The@The Hacker News //

Critical Erlang/OTP SSH Vulnerability Allows Code Execution - A critical unauthenticated remote code execution vulnerability (CVE-2025-32433) has been discovered in Erlang/OTP SSH servers, allowing attackers to execute arbitrary code on vulnerable systems with elevated privileges, and organizations are urged to patch vulnerable SSH servers without delay.
A critical security vulnerability, CVE-2025-32433, has been discovered in the Erlang/OTP SSH implementation, potentially allowing unauthenticated remote code execution (RCE). The flaw, which has been assigned a maximum CVSS score of 10.0, could enable attackers to execute arbitrary code on affected systems without providing any credentials. Researchers at Ruhr University Bochum, including Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk, identified the vulnerability. It stems from improper handling of SSH protocol messages, allowing attackers to send connection protocol messages prior to authentication, leading to a complete system compromise if the SSH daemon is running with root privileges.

The vulnerability affects all users running an SSH server based on the Erlang/OTP SSH library. According to the official Ericsson security advisory, any application providing SSH access using the Erlang/OTP SSH library should be considered affected. This vulnerability poses a significant risk, especially to critical infrastructure and high-availability systems where Erlang/OTP is widely used, such as in telecommunications equipment, industrial control systems, and connected devices. Expert Mayuresh Dani of Qualys emphasizes the critical nature, noting Erlang's frequent installation on high-availability systems. This vulnerability could allow actions such as installing ransomware or siphoning off sensitive data.

Proof-of-concept (PoC) exploits for CVE-2025-32433 have already been released, increasing the urgency for organizations to take immediate action. SecurityOnline reported the release of PoC code, and the Horizon3 Attack Team confirmed they had developed their own exploit, describing it as "surprisingly easy" to reproduce. Mitigation strategies include immediately updating to the patched versions: OTP-27.3.3, OTP-26.2.5.11, or OTP-25.3.2.20. As a temporary workaround, it is recommended to disable the SSH server or restrict access via firewall rules until the updates can be applied. Organizations should evaluate their systems for potential compromise.

Recommended read:
References :
  • darkwebinformer.com: CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH
  • hackread.com: Researchers Find CVSS 10.0 Severity RCE Vulnerability in Erlang/OTP SSH
  • Open Source Security: CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH
  • Ubuntu security notices: USN-7443-1: Erlang vulnerability
  • BleepingComputer: Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now
  • Open Source Security: CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH
  • The Hacker News: TheHackerNews Article about CVSS 10.0 in Erlang/OTP SSH
  • The DefendOps Diaries: Explore the critical CVE-2025-32433 vulnerability in Erlang/OTP SSH, its impact, and mitigation strategies.
  • hackread.com: Researchers Find CVSS 10.0 Severity RCE Vulnerability in Erlang/OTP SSH
  • github.com: Unauthenticated Remote Code Execution in Erlang/OTP SSH
  • www.bleepingcomputer.com: Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now
  • securityonline.info: CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH
  • www.openwall.com: CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH
  • securityonline.info: CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH
  • Resources-2: Picus Security Blog on Erlang/OTP SSH RCE
  • Tenable Blog: Details about CVE-2025-32433: Erlang/OTP SSH Unauthenticated Remote Code Execution Vulnerability.
  • securityonline.info: SecurityOnline article on Erlang/OTP CVE-2025-32433 (CVSS 10): Critical SSH Flaw Allows Unauthenticated RCE
  • Security Risk Advisors: Unauthenticated Remote Code Execution in Erlang/OTP SSH (CVE-2025-32433).
  • securityonline.info: Erlang/OTP SSH Vulnerability (CVE-2025-32433).
  • Open Source Security: Re: CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH
  • www.runzero.com: Discusses an SSHamble with remote code execution in Erlang/OTP SSH.
  • Open Source Security: Re: CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH
  • Cyber Security News: Cybersecurity News also reported this vulnerability.
  • securityboulevard.com: Vulnerability in Erlang/OTP SSH allows for unauthenticated remote code execution on vulnerable devices.
  • The DefendOps Diaries: Understanding and Mitigating CVE-2025-32433: A Critical Erlang/OTP Vulnerability
  • www.scworld.com: Maximum severity flaw impacts Erlang/OTP SSH Widely used library Erlang/OTP SSH was discovered to be affected by a maximum severity flaw, tracked as CVE-2025-32433, which could be leveraged to allow code execution without required logins, according to Hackread.
  • Open Source Security: Seclists Details on SSH execution in Erlang
  • Blog: CyberReason article on Erlang/OTP RCE Vulnerability.
  • infosecwriteups.com: InfoSec Writeups: Erlang/OTP SSH CVSS 10 RCE
  • securityboulevard.com: CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH
  • www.bleepingcomputer.com: Critical Erlang/OTP SSH RCE bug now has public exploits, patch now
  • industrialcyber.co: Frenos warns OT sector of critical Erlang vulnerability enabling remote code execution affecting millions of devices
  • www.cybersecuritydive.com: Researchers warn of critical flaw found in Erlang OTP SSH
  • Arctic Wolf: CVE-2025-32433: Maximum Severity Unauthenticated RCE Vulnerability in Erlang/OTP SSH
  • arcticwolf.com: CVE-2025-32433: Maximum Severity Unauthenticated RCE Vulnerability in Erlang/OTP SSH
  • Industrial Cyber: Frenos warns OT sector of critical Erlang vulnerability enabling remote code execution affecting millions of devices
  • www.csoonline.com: Public exploits already available for a severity 10 Erlang SSH vulnerability; patch now
  • arcticwolf.com: CVE-2025-32433: Maximum Severity Unauthenticated RCE Vulnerability in Erlang/OTP SSH
  • Security Risk Advisors: TheHackerNews post on Erlang/OTP SSH vulnerability.
  • securityonline.info: Critical RCE Vulnerability in Erlang/OTP SSH Server Impacts Multiple Cisco Products
Bill Mann@CyberInsider //

Apple Releases Security Updates Patching Zero Day Exploits - Apple released iOS 18.4, macOS Sequoia 15.4, and other updates addressing multiple vulnerabilities, including exploited zero-day flaws in WebKit and Accessibility.
References: bsky.app , CyberInsider , The Apple Post ...
Apple has released a series of critical security updates for its operating systems, including iOS 18.4 and macOS Sequoia 15.4. These updates address a total of 145 vulnerabilities, including several zero-day exploits that may have been actively exploited. Users of iOS, iPadOS, macOS, tvOS, visionOS, Safari, and Xcode are urged to update their devices immediately to safeguard against potential security threats. Notably, watchOS was missing from this patch lineup.

Apple pushed emergency updates targeting three zero-day vulnerabilities identified as CVE-2025-24200 (Accessibility) and CVE-2025-24201 (WebKit). These patches have been backported to older iOS and iPadOS versions, specifically 15.8.4 and 16.7.11, ensuring that users on older devices are also protected from these actively exploited flaws. The updates include fixes for bugs in WebKit, Siri, Safari, and libxpc, along with numerous other security enhancements, underscoring Apple's commitment to addressing security vulnerabilities across its product ecosystem.

Recommended read:
References :
  • bsky.app: EMERGENCY UPDATES Apple pushed additional updates for 3 zero-days that may have been actively exploited. CVE-2025-24200 (Accessibility) additional patches, CVE-2025-24201 (WebKit) additional patches: - iOS and iPadOS 15.8.4 - iOS and iPadOS 16.7.11
  • CyberInsider: Apple has issued a wide set of security updates, patching multiple zero-day vulnerabilities across its operating systems — including iOS, macOS, iPadOS, and Safari — and notably extended critical fixes to older software versions, addressing previously exploited flaws.
  • isc.sans.edu: Apple Patches Everything: March 31st 2025 Edition, (Mon, Mar 31st)
  • The Apple Post: Apple releases iOS 18.4 with Priority Notifications feature, Control Center updates, new emoji, more
  • bsky.app: NEW SECURITY CONTENT - macOS Sequoia 15.4 - 131 bugs fixed macOS Sonoma 14.7.5 - 91 bugs fixed macOS Ventura 13.7.5 - 85 bugs fixed iOS and iPadOS 18.4 - 62 bugs fixed visionOS 2.4 - 38 bugs fixed iPadOS 17.7.6 - 38 bugs fixed tvOS 18.4 - 36 bugs fixed
  • securityaffairs.com: Apple has backported fixes for three actively exploited vulnerabilities to older devices and OS versions. The three vulnerabilities are: Apple released the following updates: that are available for the following devices:
  • The Register - Security: Apple belatedly patches actively exploited bugs in older OSes
  • thecyberexpress.com: Apple Backports Zero-Day Patches to Older Devices in Latest Security Update
  • The Hacker News: Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices
Pierluigi Paganini@Security Affairs //

Apple Backports Fixes for Actively Exploited Zero Days - Apple released security updates with backported fixes for three actively exploited zero-day vulnerabilities, including one bypassing USB Restricted Mode and another affecting the WebKit engine.
Apple released a substantial set of security updates on March 31st, 2025, addressing a total of 145 vulnerabilities across its product ecosystem, including iOS, iPadOS, macOS, tvOS, visionOS, Safari, and Xcode. Notably absent from this update was watchOS. The updates included backported fixes for three actively exploited zero-day vulnerabilities, specifically targeting older iOS and iPadOS versions. These vulnerabilities had already been addressed in more recent versions a few weeks prior.

The most critical fix is for CVE-2025-24200, a vulnerability that allowed attackers to bypass USB Restricted Mode. This feature, introduced in 2018 to protect locked iDevices, could be disabled, potentially exposing user data. Another significant fix addresses CVE-2025-24201, a flaw in the WebKit engine that allowed malicious web content to escape Safari's sandbox. Additionally, macOS Ventura received a patch for CVE-2025-24085, a privilege escalation vulnerability in CoreMedia. These updates are now available for iOS versions 16.7.11 and 15.8.4, iPadOS versions 16.7.11 and 15.8.4, and macOS Ventura 13.7.5.

Recommended read:
References :
Pierluigi Paganini@Security Affairs //

Apple Patches Exploited Zero-Days for Older Devices - Apple released security updates for older iPhones and Macs, patching actively exploited zero-day vulnerabilities that could allow privilege elevation or arbitrary code execution.
Apple has released security updates to address actively exploited zero-day vulnerabilities impacting older iPhones and Macs. The patches aim to fix flaws that could allow malicious actors to elevate privileges or execute arbitrary code on affected devices. These updates address CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085, and are now available for iOS 15.8.4, iPadOS 15.8.4, iOS 16.7.11, iPadOS 16.7.11, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5.

The vulnerabilities include a use-after-free bug in the Core Media component (CVE-2025-24085), an authorization issue in the Accessibility component (CVE-2025-24200), and an out-of-bounds write issue in the WebKit component (CVE-2025-24201). Apple addressed the flaw in iOS 18.3.1, iPadOS 18.3.1, and 17.7.5, released on February 10, 2025. CVE-2025-24200 specifically allowed attackers with physical access to locked devices to disable USB Restricted Mode. Users of older devices, including iPhone 6s, iPhone 7, iPhone 8, iPhone X, iPad Air 2, and various iPad Pro models, are urged to update their systems to safeguard against potential threats.

Recommended read:
References :
@csoonline.com //

VMware Zero-Day Exploits Lead to Hypervisor Escape - Three zero-day vulnerabilities in VMware ESXi, Workstation, and Fusion products are under active exploitation, allowing attackers to escape the VM and gain access to the ESXi hypervisor.
Three critical zero-day vulnerabilities have been discovered in VMware products, including ESXi, Workstation, and Fusion. Tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, these flaws are actively being exploited in the wild. Microsoft's Threat Intelligence Center (MSTIC) uncovered these vulnerabilities on March 4th. Chaining these three vulnerabilities together allows an attacker to escape a virtual machine and gain access to the ESXi hypervisor.

These vulnerabilities impact a wide range of VMware products, including VMware ESXi, Workstation Pro/Player, Fusion, Cloud Foundation, and Telco Cloud Platform. Successful exploitation could grant attackers unauthorized access to systems, enabling them to execute arbitrary code remotely and escalate privileges. VMware has released patches to address these issues, and CISA has added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, urging immediate patching.

Recommended read:
References :
  • Arctic Wolf: Three VMware Zero-Days Exploited in the Wild Patched by Broadcom.
  • securityaffairs.com: VMware fixed three actively exploited zero-days in ESX products
  • www.csoonline.com: VMware ESXi gets critical patches for in-the-wild virtual machine escape attack.
  • research.kudelskisecurity.com: Summary On March 4th, Microsoft’s Threat Intelligence Center (MSTIC) uncovered three critical vulnerabilities in VMware products that are being actively exploited in the wild. Affected
  • www.tenable.com: CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited
  • fortiguard.fortinet.com: Multiple zero-day vulnerabilities have been identified in VMware's ESXi, Workstation, and Fusion products. VMware has confirmed that these vulnerabilities are being actively exploited in the wild, and the Cybersecurity and Infrastructure Security Agency (CISA) has included them in its Known Exploited Vulnerabilities Catalog due to evidence of such exploitation.
  • The Register - Software: VMware splats guest-to-hypervisor escape bugs already exploited in wild The heap overflow zero-day in the memory unsafe code by Miss Creant Broadcom today pushed out patches for three VMware hypervisor-hijacking bugs, including one rated critical, that have already been found and exploited by criminals.…
  • Blog: Key Takeaways Three zero-day vulnerabilities have been discovered in VMware products, tracked as CVE-2025-22224 , CVE-2025-22225 , and CVE-2025-22226 . Nearly all supported and unsupported VMware products are impacted, including VMware ESXi, VMware Workstation Pro / Player (Workstation), VMware Fusion, VMware Cloud Foundation, and VMware Telco Cloud Platform. Chaining these 3 vulnerabilities together allows an attacker to escape or “break outâ€� of a “childâ€� Virtual Machine (VM), gain access to the “parentâ€� ESXi Hypervisor, and potentially access any other accessible VM as well as gain access to the management network of the exposed VMware cluster.
@csoonline.com //

VMware ESXi Patches Address Actively Exploited Flaws - Broadcom released urgent security patches for VMware ESXi, Workstation, and Fusion products due to actively exploited vulnerabilities allowing code execution and information disclosure.
Broadcom has issued urgent security patches to address three actively exploited vulnerabilities affecting VMware ESXi, Workstation, and Fusion products. These flaws, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, could enable attackers to execute code and disclose sensitive information. VMware ESXi is under active exploitation in the wild, making timely patching crucial to prevent potential attacks. The vulnerabilities impact various versions of VMware ESXi 8.0, 7.0, Workstation 17.x, Fusion 13.x, Cloud Foundation 5.x and 4.x, and Telco Cloud Platform.

The most critical flaw, CVE-2025-22224, boasts a CVSS score of 9.3 and is a heap-overflow vulnerability leading to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine could exploit this to execute code as the virtual machine's VMX process running on the host. Broadcom credited Microsoft's MSTIC security team with discovering and reporting these vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these zero-day vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal civilian agencies to patch them by March 25, 2025.

Recommended read:
References :
  • bsky.app: Broadcom released security patches to patch an actively exploited zero-day in its VMware ESXi products. Broadcom credited Microsoft's MSTIC security team with spotting and reporting the attacks.
  • The Hacker News: Broadcom Releases Urgent Patches
  • The Register - Software: VMware splats guest-to-hypervisor escape bugs already exploited in wild
  • www.csoonline.com: VMware ESXi gets critical patches for in-the-wild virtual machine escape attack
  • securityaffairs.com: VMware fixed three actively exploited zero-days in ESX products
  • Arctic Wolf: Three VMware Zero-Days Exploited in the Wild Patched by Broadcom
  • bsky.app: BleepingComputer article on VMware zero-days.
  • Vulnerability-Lookup: A new bundle, VMSA-2025-0004: VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226), has been published on Vulnerability-Lookup:
  • The Record: Three product lines from technology giant VMware — ESXI, Workstation and Fusion — have patches for vulnerabilities that the company and the federal government have said are being exploited by hackers
  • securityaffairs.com: U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog
  • borncity.com: 0-day vulnerabilities in VMWare ESXi, Workstation and Fusion
  • socradar.io: VMware Security Alert: Active Exploitation of Zero-Day Vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226)
  • Arctic Wolf: Three VMware Zero-Days Exploited in the Wild Patched by Broadcom
  • Blog: Multiple zero-days in VMware products actively exploited
  • gbhackers.com: CISA Issues Alert on Actively Exploited VMware Vulnerabilities
  • www.tenable.com: CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited
  • Information Security Buzz: Broadcom warns VMware users of Critical Zero-Day Exploits
  • www.cybersecuritydive.com: 37K+ VMware ESXi instances vulnerable to critical zero-day
  • www.itpro.com: Broadcom issues urgent alert over three VMware zero-days
  • Carly Page: Broadcom is warning that a trio of VMware vulnerabilities are being actively exploited by hackers to compromise the networks of its corporate customers
  • techcrunch.com: Security experts warn of ‘huge impact’ of actively exploited hypervisor flaws that allow sandbox escape
  • Security Risk Advisors: Three Critical VMware Vulnerabilities Exploited in Wild Targeting ESXi, Workstation, and Fusion
  • www.cybersecuritydive.com: Broadcom urges customers to patch 3 zero-day VMware flaws
  • MSSP feed for Latest: Broadcom: VMware Zero-Days Being Exploited in the Wild
  • www.bleepingcomputer.com: Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild.
  • research.kudelskisecurity.com: Critical VMware ESXi, Workstation, Fusion Vulnerabilities Seen Exploited in Wild
  • cyble.com: Three VMware Zero-Days Under Active Exploitation – What You Need to Know
  • Zack Whittaker: VMware emergency hypervisor escape bugs under attack
Bill Mann@CyberInsider //

OpenSSH Vulnerabilities Expose to MitM and DoS Attacks - Qualys Threat Research Unit disclosed two OpenSSH vulnerabilities: CVE-2025-26465 (MitM attack) and CVE-2025-26466 (DoS attack), impacting client and server components.
The Qualys Threat Research Unit (TRU) has revealed two significant vulnerabilities in OpenSSH, impacting both client and server components. The first, CVE-2025-26465, is a machine-in-the-middle (MitM) attack that targets OpenSSH clients when the VerifyHostKeyDNS option is enabled. The second, CVE-2025-26466, involves a pre-authentication denial-of-service (DoS) attack affecting both client and server systems by exhausting resources. These vulnerabilities expose systems to potential interception of communications and resource exhaustion, potentially crippling SSH servers.

The MitM vulnerability, CVE-2025-26465, allows attackers to impersonate a server, bypassing client identity checks even if VerifyHostKeyDNS is set to "yes" or "ask". This flaw was introduced in December 2014 and affects OpenSSH versions 6.8p1 through 9.9p1. The DoS vulnerability, CVE-2025-26466, enables attackers to consume excessive memory and CPU resources, impacting versions 9.5p1 through 9.9p1. While mitigations exist, such as LoginGraceTime and MaxStartups, immediate patching is strongly advised. OpenSSH version 9.9p2 addresses these vulnerabilities, urging administrators to upgrade affected systems promptly.

Recommended read:
References :
  • CyberInsider: OpenSSH Vulnerabilities Exposed Millions to Multi-Year Risks
  • buherator's timeline: Qualys Security Advisory CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enab...
  • Open Source Security: Qualys Security Advisory discussing MitM and DoS attacks against OpenSSH clients and servers.
  • securityonline.info: Securityonline.info article on OpenSSH flaws CVE-2025-26465 and CVE-2025-26466 exposing clients and servers to attacks.
  • www.openwall.com: Qualys Security Advisory CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enab...
  • cyberinsider.com: The Qualys Threat Research Unit (TRU) has disclosed two critical vulnerabilities in OpenSSH affecting both client and server components.
  • securityonline.info: OpenSSH Flaws CVE-2025-26465 & CVE-2025-26466 Expose Clients and Servers to Attacks
  • blog.qualys.com: Qualys TRU Discovers Two Vulnerabilities in OpenSSH (CVE-2025-26465, CVE-2025-26466)
  • hackread.com: Critical OpenSSH Vulnerabilities Expose Users to MITM and DoS Attacks
  • Ubuntu security notices: USN-7270-2: OpenSSH vulnerability
  • The Hacker News: Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions.
  • www.csoonline.com: OpenSSH fixes flaws that enable man-in-the-middle, DoS attacks
  • securityaffairs.com: OpenSSH bugs allows Man-in-the-Middle and DoS Attacks
  • www.scworld.com: OpenSSH flaws could enable man-in-the-middle attacks, denial of service Two vulnerabilities in OpenSSH could enable man-in-the-middle (MitM) attacks or denial of service (DoS), the Qualys Threat Research Unit (TRU) revealed Tuesday.
  • KubikPixel: OpenSSH flaws could enable man-in-the-middle attacks, denial of service Two vulnerabilities in OpenSSH could enable man-in-the-middle (MitM) attacks or denial of service (DoS), the Qualys Threat Research Unit (TRU) revealed Tuesday. â˜�ï¸
  • AAKL: Infosec Exchange Post: Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 More: The Register: FreSSH bugs undiscovered for years threaten OpenSSH security
  • socradar.io: Security Flaws in OpenSSH and Juniper Networks Demand Action (CVE-2025-26465, CVE-2025-26466, and CVE-2025-21589)
  • Information Security Buzz: Qualys Identifies Critical Vulnerabilities that Enable DDoS, MITM Attacks
  • www.theregister.com: FreSSH bugs undiscovered for years threaten OpenSSH security
  • socprime.com: Socprime discusses CVE-2025-26465 & CVE-2025-26466 Vulnerabilities.
  • Full Disclosure: Qualys Security Advisory CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client CVE-2025-26466: DoS attack against OpenSSH's client and server
  • www.scworld.com: The security flaws, tracked as CVE-2025-26465 and CVE-2025-26466, can be used by an attacker to conduct an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled.
  • SOC Prime Blog: CVE-2025-26465 & CVE-2025-26466 Vulnerabilities Expose Systems to Man-in-the-Middle and DoS Attacks
  • Security Risk Advisors: OpenSSH Vulnerabilities Enable MITM Attacks and Denial-of-Service (CVE-2025-26465 & CVE-2025-26466)
info@thehackernews.com (The Hacker News)@The Hacker News //

Ivanti Patches Critical RCE Flaws in Connect Secure - Ivanti has released security updates for Connect Secure, Policy Secure, and Secure Access Client to address multiple vulnerabilities, including critical remote code execution flaws.
Ivanti has released critical security updates for Connect Secure (ICS), Policy Secure (IPS), and Secure Access Client (ISAC) to address multiple vulnerabilities. These include three critical severity problems that could allow remote code execution (RCE), posing a significant risk. The updates aim to patch flaws such as external control of a file name (CVE-2024-38657) and a stack-based buffer overflow (CVE-2025-22467), which can be exploited by authenticated attackers to execute arbitrary code and compromise system integrity.

The specific vulnerabilities addressed include CVE-2024-38657, which allows remote authenticated attackers with admin privileges to write arbitrary files, and CVE-2025-22467, a stack-based buffer overflow that enables remote code execution. Also patched is CVE-2024-10644 which is a code injection vulnerability, and CVE-2024-47908, an operating system command injection flaw in the admin web console of Ivanti CSA. Users are urged to update to the latest versions, Ivanti Connect Secure 22.7R2.6, Ivanti Policy Secure 22.7R1.3, and Ivanti CSA 5.0.5, as soon as possible to mitigate potential exploitation. While Ivanti is not aware of active exploitation, it's imperative to apply the patches due to the history of Ivanti appliances being weaponized.

Recommended read:
References :
  • Vulnerability-Lookup: Security advisory for Ivanti Connect Secure, Policy Secure, and Secure Access Client (multiple CVEs).
  • securityonline.info: Ivanti has disclosed multiple vulnerabilities affecting its Connect Secure, Policy Secure, and Secure Access Client products, with some The post appeared first on .
  • The Hacker News: Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now
  • BleepingComputer: Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems.
  • securityonline.info: CVE-2025-22467 (CVSS 9.9): Ivanti Connect Secure Vulnerability Allows Remote Code Execution
  • www.bleepingcomputer.com: Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems.
  • vulnerability.circl.lu: February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs), has been published on Vulnerability-Lookup
  • research.kudelskisecurity.com: Ivanti ICS, IPS, ISAC, CSA: Multiple Vulnerabilities Disclosed and Patched
  • bsky.app: Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems.
  • socradar.io: Ivanti Security Update Addresses Severe Vulnerabilities in ICS, IPS, and ISAC (CVE-2025-22467, CVE-2024-38657, CVE-2024-10644)
  • research.kudelskisecurity.com: Ivanti ICS, IPS, ISAC, CSA: Multiple Vulnerabilities Disclosed and Patched
  • BleepingComputer: Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems
@securityonline.info //

Progress Software Fixed High Severity LoadMaster Flaws - Progress Software has patched high-severity vulnerabilities in LoadMaster software that could allow remote actors to execute arbitrary system commands due to improper input validation.
Progress Software has released patches for multiple high-severity vulnerabilities affecting its LoadMaster software. The vulnerabilities, identified as CVE-2024-56131, CVE-2024-56132, CVE-2024-56133, CVE-2024-56134, and CVE-2024-56135, could be exploited by remote malicious actors to execute arbitrary system commands or download any file from the system. The flaws stem from improper input validation and affect various LoadMaster versions, including the Multi-Tenant edition.

These vulnerabilities could allow authenticated attackers with access to the LoadMaster management interface to inject malicious commands via crafted HTTP requests. Specifically, successful exploitation could enable remote actors to execute arbitrary system commands after gaining access and authenticating to the management interface. Progress Software has addressed these issues by implementing input sanitization to prevent the execution of arbitrary system commands. While there are no reported cases of these vulnerabilities being exploited, users are strongly urged to apply the latest patches for optimal protection.

Recommended read:
References :
  • community.progress.com: Remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate could issue a carefully crafted HTTP request that allows arbitrary system commands to be executed.
  • securityaffairs.com: Progress Software fixed multiple vulnerabilities in its LoadMaster software, which could be exploited to execute arbitrary system commands.
  • securityonline.info: Progress has issued a security advisory addressing multiple vulnerabilities affecting all current LoadMaster releases and the LoadMaster Multi-Tenant The post appeared first on .
  • The Hacker News: Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system.
@securityonline.info //

Progress Software Patches High-Severity LoadMaster Flaws - Multiple high-severity vulnerabilities in Progress Software's LoadMaster software could allow attackers to execute arbitrary system commands through improper input validation; patches are available and should be applied immediately.
Progress Software has released patches to address multiple high-severity vulnerabilities in its LoadMaster software. These flaws could allow remote, authenticated attackers to execute arbitrary system commands on affected systems. The vulnerabilities stem from improper input validation, where attackers who gain access to the management interface can inject malicious commands via crafted HTTP requests.

The affected software includes LoadMaster versions from 7.2.48.12 and prior, 7.2.49.0 to 7.2.54.12 (inclusive), and 7.2.55.0 to 7.2.60.1 (inclusive), as well as Multi-Tenant LoadMaster version 7.1.35.12 and prior. Progress Software has implemented input sanitization to mitigate these vulnerabilities, preventing arbitrary system commands from being executed. Users are advised to update to the latest patched versions to ensure the security of their systems.

Recommended read:
References :
  • community.progress.com: Progress security advisory "05" February 2024: (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection Remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate could issue a carefully crafted HTTP request that allows arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed.   We have not received any reports that these vulnerabilities have been exploited and we are not aware of any direct impact on customers.
  • securityaffairs.com: Progress Software fixed multiple high-severity LoadMaster flaws - SecurityAffairs
  • securityonline.info: Progress LoadMaster Security Update: Multiple Vulnerabilities Addressed - SecurityOnline
  • The Hacker News: Progress Software Patches High-Severity LoadMaster Flaws Affecting Multiple Versions - The Hacker News
  • securityonline.info: Security Online Article about Progress LoadMaster Security Update
  • : Progress security advisory "05" February 2024: (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection

Posts

Blogs

Research Tools