Table of Contents
In this week’s Security Advisory
- SonicWall SSL VPN Access Control Vulnerability Again Under Exploitation
- Samsung Patches Zero-Day Exploited Against Android Devices
- Cisco Releases Fixes for Critical IOS XR Security Flaws
- Apple Backports Zero-Day Patches to Older iPhones and iPads
SonicWall SSL VPN Access Control Vulnerability Again Under Exploitation
Last year, SonicWall released a patch for CVE-2024-40766 (CVSS 9.3/10), which allowed attackers to gain unauthorized access to SonicWall devices. This vulnerability was widely exploited at the time and is once again being exploited by ransomware operators. This vulnerability is remotely exploitable with no privileges or user interaction required. The complexity of the attack required to exploit the flaw is considered “low.” If you have not implemented this patch, CyberMaxx highly recommends that you do so.
Affected Versions
- Gen 5: SOHO devices running version 5.9.2.14-12o and older.
- Gen 6: Various TZ, NSA, and SM models running versions 6.5.4.14-109n and older.
- Gen 7: TZ and NSA models running SonicOS build version 7.0.1-5035 and older.
Recommendations
- Update to firmware version 7.3.0 or later.
- Rotate SonicWall account passwords.
- Enforce multi-factor authentication (MFA).
- Restrict Virtual Office Portal access to trusted/internal networks.
More Reading / Information
- https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430
- https://www.bleepingcomputer.com/news/security/akira-ransomware-exploiting-critical-sonicwall-sslvpn-bug-again/
Samsung Patches Zero-Day Exploited Against Android Devices
Samsung’s September 2025 security updates for Android devices include a patch for a vulnerability that is being actively exploited in the wild. The vulnerability known as CVE-2025-21043 (CVSS 8.8/10) is defined as an out-of-bounds write problem in the libimagecodec.quram.so image parsing library, which is used by applications that process images on Samsung devices. Samsung says successful exploitation of the security flaw could allow remote attackers to execute arbitrary code on vulnerable devices.
Affected Versions
- Android Versions: 13,14,15, & 16.
Recommendations
- Apply Samsung’s September 2025 Security Updates ASAP.
More Reading / Information
- https://www.securityweek.com/samsung-patches-zero-day-exploited-against-android-users/
- https://security.samsungmobile.com/securityUpdate.smsb
- https://thehackernews.com/2025/09/samsung-fixes-critical-zero-day-cve.html
Cisco Releases Fixes for Critical IOS XR Security Flaws
Cisco has released security patches for three vulnerabilities in its IOS XR network operating system, two of which are classified as high-severity and one as medium. The most critical vulnerability, CVE-2025-20340 (CVSS 7.4/10), affects the ARP (Address Resolution Protocol) implementation and could allow an unauthenticated attacker to trigger a denial-of-service (DoS) condition by flooding the management interface with traffic. Another high-severity issue CVE-2025-20248 (CVSS 6/10) involves the installation process, where attackers with root privileges could bypass image signature verification and install unauthorized software. The third vulnerability, CVE-2025-20159 (CVSS 5.3/10), allows remote attackers to bypass access control lists (ACLs) for management protocols like SSH, NetConf, and gRPC. Cisco has confirmed that none of these vulnerabilities has been exploited in the wild.
Affected Versions
- Full list can be found here.
Recommendations
- Apply the latest patches.
More Reading / Information
- https://www.scworld.com/brief/trio-of-severe-cisco-ios-xr-flaws-fixed
- https://www.securityweek.com/cisco-patches-high-severity-ios-xr-vulnerabilities/
Apple Backports Zero-Day Patches to Older iPhones and iPads
Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in “extremely sophisticated” attacks. This security flaw (CVE-2025-43300) is the same one Apple has patched for devices running iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, and macOS (Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8) on August 20. This vulnerability was discovered by Apple security researchers and is caused by an out-of-bounds write weakness in the Image I/O framework, which enables apps to read and write image file formats.
Affected Versions
- For a full list of affected devices, click here.
Recommendations
- Apply the latest patches.
More Reading / Information
- https://support.apple.com/en-us/100100
- https://www.bleepingcomputer.com/news/security/apple-backports-zero-day-patches-to-older-iphones-and-ipads/
- https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-new-actively-exploited-zero-day/
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is a security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities will have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.
