@nvd.nist.gov
//
Two high-severity vulnerabilities, identified as CVE-2025-5349 and CVE-2025-5777, have been discovered in Citrix NetScaler ADC and NetScaler Gateway products. According to a Citrix advisory released on June 17, 2025, these flaws pose a significant risk to organizations using the affected products. It is strongly recommended that users update their systems as soon as possible to mitigate potential exploits. These vulnerabilities affect NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-43.56, 13.1 before 13.1-58.32, 13.1-FIPS and NDcPP before 13.1-37.235-FIPS and NDcPP, and 12.1-FIPS before 12.1-55.328-FIPS. Note that versions 12.1 and 13.0 are End Of Life (EOL) and are also vulnerable.
CVE-2025-5777, which has a CVSS score of 9.3, stems from insufficient input validation, leading to a memory overread. This vulnerability is only exploitable when NetScaler is configured as a Gateway, encompassing VPN virtual servers, ICA Proxy, CVPN, or RDP Proxy, or when configured as an AAA virtual server. CVE-2025-5349, with a CVSS score of 8.7, is attributed to improper access control on the NetScaler Management Interface. Exploitation of this vulnerability requires the attacker to have access to the NSIP address, the Cluster Management IP, or the local GSLB Site IP. The National Vulnerability Database provides additional detail on both CVE-2025-5349 and CVE-2025-5777. To address these vulnerabilities, Citrix advises upgrading to the latest versions of NetScaler ADC and NetScaler Gateway. Additionally, after upgrading all NetScaler appliances in a high availability (HA) pair or cluster to the fixed builds, Citrix recommends executing the following commands to terminate all active ICA and PCoIP sessions: `kill icaconnection -all` and `kill pcoipConnection -all`. CERT-In has also issued an advisory regarding these vulnerabilities. Further information regarding the impact on businesses can be found on Cyberexpress. Recommended read:
References :
@cyberinsider.com
//
References:
cyberinsider.com
, securityonline.info
Mozilla has released Firefox 139 to address a critical security vulnerability within the libvpx video codec encoder. This flaw, identified as a double-free vulnerability, could potentially lead to memory corruption and allow for arbitrary code execution on affected systems. Security experts are urging users to update to the latest version of Firefox immediately to mitigate the risk.
The vulnerability is particularly concerning because it is a zero-interaction exploit, meaning that an attacker could potentially execute malicious code without any user action beyond normal browsing activity. This underscores the importance of applying the patch as soon as possible to prevent potential compromise. The update aims to protect users from remote code execution attacks that could exploit the flaw in the libvpx codec. The Cybersecurity community has highlighted the importance of prioritizing critical patches such as this one to defend against exploitation. This vulnerability demonstrates the persistent threat landscape and the need for constant vigilance in maintaining secure systems. By updating to Firefox 139, users can ensure they are protected against this potentially severe vulnerability. Recommended read:
References :
@sec.cloudapps.cisco.com
//
Cisco has issued a critical security advisory to address CVE-2025-20188, a severe vulnerability affecting its IOS XE Wireless LAN Controllers (WLCs). This flaw, which has been assigned a CVSS score of 10.0, allows an unauthenticated, remote attacker to upload arbitrary files to a vulnerable system. The root cause of this vulnerability lies in a hard-coded JSON Web Token (JWT) present within the affected system, enabling attackers to potentially gain root privileges. The vulnerability impacts several products, including Catalyst 9800-CL Wireless Controllers for Cloud, Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches, Catalyst 9800 Series Wireless Controllers, and Embedded Wireless Controllers on Catalyst APs.
The exploitation requires the Out-of-Band AP Image Download feature to be enabled, which is not enabled by default. An attacker can exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could enable the attacker to perform path traversal and execute arbitrary commands with root privileges, leading to a complete compromise of the affected system. Cisco advises administrators to check if the Out-of-Band AP Image Download feature is enabled by using the `show running-config | include ap upgrade` command. If the command returns `ap upgrade method https`, the feature is enabled, and the device is vulnerable. Currently, there are no direct workarounds available to address this vulnerability. However, as a mitigation measure, administrators can disable the Out-of-Band AP Image Download feature. This will cause AP image downloads to use the CAPWAP method. Cisco strongly recommends implementing this mitigation until an upgrade to a fixed software release can be performed. Cisco has released free software updates to address this vulnerability, advising customers with service contracts to obtain these security fixes through their usual update channels, urging them to upgrade to the fixed release as soon as possible. As of now, the Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of this vulnerability. Recommended read:
References :
Ddos@securityonline.info
//
SonicWall has released critical security updates to address three vulnerabilities affecting its Secure Mobile Access (SMA) 100 series products. The vulnerabilities, discovered by Rapid7 cybersecurity researcher Ryan Emmons, impact SMA 200, 210, 400, 410, and 500v devices running firmware version 10.2.1.14-75sv and earlier. The most severe of these flaws, CVE-2025-32819, has a CVSS score of 8.8 and could allow a remote authenticated attacker with SSL-VPN user privileges to bypass path traversal checks and delete arbitrary files, potentially leading to a reboot to factory default settings. SonicWall urges users to upgrade to the fixed release version 10.2.1.15-81sv and higher immediately.
Additionally, the advisory outlines CVE-2025-32820, a post-authentication SSLVPN user Path Traversal vulnerability with a CVSS score of 8.3. This flaw enables a remote authenticated attacker with SSLVPN user privileges to inject a path traversal sequence, making any directory on the SMA appliance writable. A third vulnerability, CVE-2025-32821, carries a CVSS score of 6.7 and allows a remote authenticated attacker with SSLVPN admin privileges to inject shell command arguments to upload a file on the appliance. Security researchers suggest that these vulnerabilities can be chained together by attackers to gain remote code execution as root and compromise vulnerable instances. As a workaround and additional safety measure, SonicWall recommends enabling multifactor authentication (MFA) on the devices, enabling WAF on SMA100 and resetting the passwords for any users who may have logged into the device via the web interface. The cybersecurity company also noted that CVE-2025-32819 may have been exploited in the wild as a zero-day based on known indicators of compromise. Users are advised to update their instances to the latest version for optimal protection. Recommended read:
References :
@source.android.com
//
Google has released its May 2025 Android security bulletin, addressing a total of 46 vulnerabilities. The update includes a fix for CVE-2025-27363, a critical Remote Code Execution (RCE) flaw that is already being actively exploited in the wild. The RCE flaw exists within the Android System component, enabling local code execution without requiring user interaction or elevated privileges.
This vulnerability stems from FreeType, an open-source font rendering library widely embedded in Android. Google's advisory underscores the severity of this actively exploited bug, prompting the U.S. CISA to add it to its Known Exploited Vulnerabilities Catalog. U.S. federal agencies are now under directive to apply the patch by May 27, 2025. The May 2025 Android security bulletin resolves several other high-impact issues across Android versions 13 through 15. These include multiple Elevation of Privilege (EoP) flaws affecting both the framework and system components. Among them are CVE-2025-0087 and CVE-2025-26426. Users are encouraged to check for updates to ensure their devices are protected from these vulnerabilities. The update is available for Android 13, 14, and 15, with Android vendors notified of the issues at least a month before publication. Recommended read:
References :
Ddos@securityonline.info
//
Cybersecurity firm SonicWall has issued warnings to its customers regarding active exploitation of several vulnerabilities affecting its Secure Mobile Access (SMA) appliances. These vulnerabilities, including CVE-2024-38475, CVE-2023-44221 and CVE-2021-20035 can lead to unauthorized access to files and system compromise. Organizations utilizing SonicWall SMA 100 series appliances are strongly urged to apply the necessary patches immediately to mitigate the risk. The active exploitation highlights the critical need for organizations to maintain up-to-date security measures and promptly address security advisories from vendors.
Specifically, CVE-2024-38475 is a critical severity flaw affecting the mod_rewrite module of Apache HTTP Server, potentially allowing unauthenticated remote attackers to execute code. SonicWall addressed this issue in firmware version 10.2.1.14-75sv and later. CVE-2023-44221, a high-severity command injection flaw, allows attackers with administrative privileges to inject arbitrary commands. CVE-2021-20035, an OS command injection vulnerability, which has been actively exploited in the wild since January 2025. The exploitation of these vulnerabilities has prompted advisories and updates, including CISA adding CVE-2021-20035 to its Known Exploited Vulnerabilities catalog. Security researchers have observed active scanning for CVE-2021-20016. It is paramount that organizations proactively manage and patch vulnerabilities to protect their networks and sensitive data. Recommended read:
References :
@Open Source Security
//
A heap buffer overflow vulnerability, identified as CVE-2024-56406, has been discovered in Perl versions 5.34, 5.36, 5.38, and 5.40. This flaw occurs when the "tr" operator transliterates non-ASCII bytes, potentially leading to denial-of-service (DoS) conditions or, in some cases, arbitrary code execution. The vulnerability was introduced in a commit affecting versions 5.33.1 to 5.41.10. The issue can be triggered by a specially crafted Perl command, potentially causing a segmentation fault and system crash.
The vulnerability, discovered by Nathan Mills, resides in the `S_do_trans_invmap()` function, which can overflow the destination pointer "d" when non-ASCII characters are present on the left-hand side of the "tr" operator. Exploitation of this flaw could allow attackers to crash Perl-based applications or systems, making it a potent denial of service vector. This is especially concerning for shared hosting environments, server-side Perl scripts handling untrusted input, and legacy systems with weak memory protection models. To mitigate this vulnerability, users are strongly advised to update their Perl installations to versions 5.40.2 or 5.38.4, which contain the necessary patches. Ubuntu users can update their systems to the following package versions: perl-5.38.2-5ubuntu0.1 for Ubuntu 24.10, perl-5.38.2-3.2ubuntu0.1 for Ubuntu 24.04, and perl-5.34.0-3ubuntu1.4 for Ubuntu 22.04. The fix is essentially a revert of the commit that introduced the bug. A standard system update should address the issue for most users. Recommended read:
References :
Bill Mann@CyberInsider
//
Apple has released a series of critical security updates for its operating systems, including iOS 18.4 and macOS Sequoia 15.4. These updates address a total of 145 vulnerabilities, including several zero-day exploits that may have been actively exploited. Users of iOS, iPadOS, macOS, tvOS, visionOS, Safari, and Xcode are urged to update their devices immediately to safeguard against potential security threats. Notably, watchOS was missing from this patch lineup.
Apple pushed emergency updates targeting three zero-day vulnerabilities identified as CVE-2025-24200 (Accessibility) and CVE-2025-24201 (WebKit). These patches have been backported to older iOS and iPadOS versions, specifically 15.8.4 and 16.7.11, ensuring that users on older devices are also protected from these actively exploited flaws. The updates include fixes for bugs in WebKit, Siri, Safari, and libxpc, along with numerous other security enhancements, underscoring Apple's commitment to addressing security vulnerabilities across its product ecosystem. Recommended read:
References :
|