@csoonline.com
//
Broadcom has issued urgent security patches to address three actively exploited vulnerabilities affecting VMware ESXi, Workstation, and Fusion products. These flaws, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, could enable attackers to execute code and disclose sensitive information. VMware ESXi is under active exploitation in the wild, making timely patching crucial to prevent potential attacks. The vulnerabilities impact various versions of VMware ESXi 8.0, 7.0, Workstation 17.x, Fusion 13.x, Cloud Foundation 5.x and 4.x, and Telco Cloud Platform.
The most critical flaw, CVE-2025-22224, boasts a CVSS score of 9.3 and is a heap-overflow vulnerability leading to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine could exploit this to execute code as the virtual machine's VMX process running on the host. Broadcom credited Microsoft's MSTIC security team with discovering and reporting these vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these zero-day vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal civilian agencies to patch them by March 25, 2025. Recommended read:
References :
MSSP Alert@MSSP feed for Latest
//
Apple has issued critical security updates for iOS 18.3.2 and iPadOS 18.3.2, addressing a actively exploited WebKit vulnerability identified as CVE-2025-24201. This flaw allowed cybercriminals to use maliciously crafted web content to bypass the Web Content sandbox. The update is available for iPhone XS and later, multiple iPad Pro models, iPad Air (3rd generation and later) and iPad mini (5th generation and later).
Users are urged to update their devices promptly by navigating to Settings > General > Software Update. Security experts emphasize the importance of these patches, noting that failure to update leaves devices vulnerable to compromise. According to Adam Boynton, senior security strategy manager EMEIA at Jamf, keeping devices up to date is essential. He also stated that this particular flaw allowed attackers to access data in other parts of the operating system. Recommended read:
References :
@The DefendOps Diaries
//
Mozilla has issued an urgent security update for its Firefox browser on Windows to address a critical sandbox escape vulnerability, identified as CVE-2025-2857. This flaw allows attackers to bypass the browser's security sandbox, posing significant risks to Windows users. Mozilla is releasing security updates for Firefox versions 136.0.4 and Firefox ESR versions 128.8.1 and 115.21.1 to patch this vulnerability.
The vulnerability, reported by Mozilla developer Andrew McCreight, involves an incorrect handle that could lead to sandbox escapes, potentially enabling attackers to execute arbitrary code on affected systems. This comes after a similar exploit, CVE-2025-2783, was identified in Google Chrome. Windows users are advised to update their browsers to the latest version as soon as possible to mitigate this risk. Recommended read:
References :
Bill Toulas@BleepingComputer
//
GitLab has released critical security updates to address multiple vulnerabilities in its Community Edition (CE) and Enterprise Edition (EE) platforms. The updates, included in versions 17.9.2, 17.8.5, and 17.7.7, fix nine vulnerabilities. Two of these are critical authentication bypass flaws (CVE-2025-25291 and CVE-2025-25292) within the ruby-saml library, used when SAML SSO authentication is enabled at the instance or group level. GitLab has already patched GitLab.com and will update GitLab Dedicated customers, but self-managed installations require immediate manual updates.
Exploitation of these flaws could allow attackers with access to a legitimate signed SAML document from an identity provider to impersonate any valid user, potentially leading to unauthorized access to sensitive repositories and data breaches. The issue stems from differences in XML parsing between REXML and Nokogiri. GitLab strongly advises all affected installations to upgrade to the latest versions as soon as possible to mitigate potential risks. Other vulnerabilities that were addressed are CVE-2025-27407, a high severity Ruby graphql vulnerability. Recommended read:
References :
openwall.com via lattera@Lobsters
//
Multiple vulnerabilities have been discovered in rsync, a widely used file transfer program, totaling six distinct security flaws. The most severe of these is a critical remote code execution (RCE) vulnerability identified as CVE-2024-12084. This flaw allows an attacker with only anonymous read access to an rsync server, often found in public mirrors, to execute arbitrary code on the server. This highlights the serious risk facing systems running vulnerable versions of rsync, particularly those with exposed rsync servers. The vulnerability stems from improper handling of checksum lengths.
Other discovered vulnerabilities include information leaks and symlink issues. There is also the potential for an attacker to enumerate the contents of arbitrary files on a client's machine when copying files to a server. To mitigate all six vulnerabilities, users and administrators are strongly advised to upgrade to rsync version 3.4.0, released on January 14th. However, a regression was found in 3.4.0, so version 3.4.1 is now available. It's crucial to apply this patch, especially for systems running the rsyncd daemon. Recommended read:
References :
do son@Cybersecurity News
//
A use-after-free vulnerability, tracked as CVE-2025-30232, has been discovered in the Exim mail transfer agent (MTA), a popular choice for Unix systems. The vulnerability affects Exim versions 4.96 through 4.98.1 and could allow attackers with command-line access to escalate privileges on affected systems. This could potentially lead to unauthorized access to system resources and the execution of arbitrary commands with elevated privileges, compromising the entire server.
It's crucial that systems run one of the vulnerable versions (4.96, 4.97, 4.98, or 4.98.1) and that the attacker has command-line access for exploitation. The Exim project has already released a patch in version 4.98.2 to address this flaw. System administrators are strongly advised to update to this latest version as soon as possible. The vulnerability was reported to Exim on March 13, 2025, by Trend Micro, with a security release made available to distribution maintainers on March 21 and public notification on March 25. Recommended read:
References :
Bill Toulas@BleepingComputer
//
GitLab has released critical security updates for versions 17.9.2, 17.8.5, and 17.7.7 of both its Community Edition (CE) and Enterprise Edition (EE) to address multiple vulnerabilities. The updates are aimed at rectifying authentication bypass risks and a Remote Code Execution (RCE) threat. Users with self-managed GitLab installations are strongly encouraged to upgrade immediately to one of these patched versions to mitigate potential exploits. GitLab.com is already running the patched version, and GitLab Dedicated customers will be notified once their instances have been updated.
Patches address critical vulnerabilities, most notably authentication bypasses in the SAML single sign-on (SSO) authentication mechanism. Specifically, CVE-2025-25291 and CVE-2025-25292 involve authentication bypass issues in the SAML SSO mechanism due to discrepancies in XML parsing within the ruby-saml library. The vulnerability could allow an attacker with a valid signed SAML document to authenticate as another user. Mitigation includes enabling two-factor authentication, disabling SAML two-factor bypass, and mandating admin approval for new users. Another significant high-severity vulnerability, CVE-2025-27407, involves remote code execution via the Ruby graphql library when transferring a malicious project. Recommended read:
References :
info@thehackernews.com (The Hacker News)@The Hacker News
//
Google has released the February 2025 Android security updates, patching a total of 48 vulnerabilities. Among these fixes is a critical zero-day kernel vulnerability, identified as CVE-2024-53104, which Google has confirmed is being actively exploited in the wild. This particular flaw is a privilege escalation issue found within the USB Video Class (UVC) driver, potentially allowing attackers to gain elevated permissions on affected devices.
The vulnerability, with a CVSS score of 7.8, stems from an out-of-bounds write condition within the "uvc_parse_format()" function of the "uvc_driver.c" program, specifically when parsing UVC_VS_UNDEFINED frames. This flaw, present since Linux kernel version 2.6.26 released in mid-2008, could lead to memory corruption, program crashes, or even arbitrary code execution. While the specific actors behind the exploitation remain unclear, the potential for "physical" privilege escalation raises concerns about misuse by forensic data extraction tools. Recommended read:
References :
Ashish Khaitan@The Cyber Express
//
Multiple critical vulnerabilities have been identified in several Apache software products, posing significant risks to users. The Cyber Security Agency of Singapore has issued alerts regarding these flaws, urging immediate updates. CVE-2024-43441 affects Apache HugeGraph-Server, allowing for authentication bypass, potentially granting unauthorized access to systems. Another critical issue, CVE-2024-45387, has been discovered in Apache Traffic Control and is a SQL injection vulnerability that can be exploited by privileged users to execute arbitrary SQL commands, risking data manipulation or exfiltration.
Apache MINA is also affected by CVE-2024-52046 which allows remote code execution through deserialization flaws. It is crucial that users apply security patches promptly. For Apache MINA, additional configuration is required to restrict class deserialization further mitigating the risk. Furthermore, a high-risk vulnerability, CVE-2024-56512, has been found in Apache NiFi, a data processing and distribution system, which can expose sensitive information to unauthorized users, especially if using component-based authorization policies. A patch for NiFi has been issued in version 2.1.0, users should upgrade immediately. Recommended read:
References :
@securityonline.info
//
TeamViewer has released patches to address a high-severity privilege escalation vulnerability affecting its Windows client and host applications. The vulnerability, identified as CVE-2025-0065, has a CVSS score of 7.8, indicating a significant risk. The flaw stems from improper handling of argument delimiters in the "TeamViewer_service.exe" component. This could allow a local, unprivileged attacker to inject malicious arguments, thereby gaining elevated privileges on the compromised system potentially granting full control. The vulnerability affects TeamViewer clients for Windows prior to version 15.62.
While there is no evidence that this vulnerability is being exploited in the wild, TeamViewer is strongly urging all Windows users to update to the latest available versions of the client, specifically version 15.62 or later, to mitigate any potential risk. The vulnerability was discovered by an anonymous researcher working with Trend Micro Zero Day Initiative. TeamViewer has released updated packages for TeamViewer Remote and TeamViewer Tensor including versions 11.0.259318, 12.0.259319, 13.2.36226, 14.7.48799 and 15.62 for both full client and host versions, available for download on their website. Recommended read:
References :
@ciso2ciso.com
//
References:
securityaffairs.com
, ciso2ciso.com
,
Atlassian has released security patches to address 12 critical and high-severity vulnerabilities affecting multiple products, including Bamboo, Bitbucket, Confluence, Crowd, and Jira. The patches address five critical-severity issues in Confluence Data Center and Server and Crowd Data Center and Server that were discovered in third-party dependencies used within the two products.
Updates released for Confluence Data Center and Server address two critical flaws in Apache Tomcat, tracked as CVE-2024-50379 and CVE-2024-56337 (CVSS score of 9.8). These issues could be exploited by unauthenticated attackers to achieve remote code execution. Atlassian urges customers to update their installations as soon as possible. Recommended read:
References :
|