Table of Contents

    Get Our Blogs Directly to Your Inbox, Every Friday

    Additional Resources:

    Extortion Without Encryption: The Next Phase of Ransomware

    Extortion Without Encryption: The Next Phase of Ransomware

    Articles

    5 min read

    The ROI of Response: Why Modern MDR Saves More Than It Costs

    The ROI of Response: Why Modern MDR Saves More Than It Costs

    Articles

    5 min read

    In this week’s Security Advisory

    • Citrix Patches Actively Exploited NetScaler Vulnerability
    • Docker Desktop Allows Unauthenticated Access to Docker Engine API
    • Flaws in Workhorse Software Used by Hundreds of Cities and Towns Exposed Sensitive Data
    • Apple Addresses Critical Zero-Day Used in Targeted Exploits

    Citrix Patches Actively Exploited NetScaler Vulnerability

    Citrix has patched three vulnerabilities affecting its NetScaler ADC and Gateway products. CVE-2025-7775 (CVSS 9.2/10) is described as a memory overflow that can lead to remote code execution and was acknowledged by Citrix to be exploited in the wild, but details have not been made public. The other two vulnerabilities are CVE-2025-7776 (CVSS 8.8/10) and CVE-2025-8424 (CVSS 8.7/10). Please review the Citrix article below for the conditions required for exploitation. As there are credible reports of CVE-2025-7775 under active exploitation, we highly recommend patching as soon as possible. Please note, this does not affect cloud-hosted versions.

    Affected Versions

    • NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.48.
    • NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.22.
    • NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.241-FIPS and NDcPP.
    • NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.330-FIPS and NDcPP.

    Recommendations

    • Apply the latest patches to the affected versions. Details can be found here.

    More Reading / Information

    Docker Desktop Allows Unauthenticated Access to Docker Engine API

    A critical flaw in Docker Desktop for both Windows and macOS enables attackers to compromise the host system by executing a malicious container, even when Enhanced Container Isolation (ECI) is enabled. The vulnerability, CVE-2025-9074 (CVSS 9.3), is a server-side request forgery (SSRF) issue that could allow a malicious actor to launch additional containers, which could lead to unauthorized access to files on the system.

    Affected Versions

    • Docker Desktop versions 4.25 and below.

    Recommendations

    • Update to Docker Desktop version 4.44.3.

    More Reading / Information

    Flaws in Workhorse Software Used by Hundreds of Cities and Towns Exposed Sensitive Data

    Workhorse Software Services has patched two vulnerabilities affecting its accounting software. The vulnerabilities (CVE-2025-9037 and CVE-2025-9040) are issues related to SQL server connection credentials being stored in a plaintext file that is typically in a shared network folder, and the availability of a database backup feature accessible from the login screen that allows the creation of an unencrypted database backup file, which can later be restored on any SQL server without a password.

    Affected Versions

    • Workhorse Software Services, Inc. software prior to version 1.9.4.48019.

    Recommendations

    • Please apply the latest patches to the affected versions.

    More Reading / Information

    Apple Addresses Critical Zero-Day Used in Targeted Exploits

    Apple has released urgent security updates for iOS, iPadOS, and macOS to fix a serious zero-day vulnerability (CVE-2025-43300) in the ImageIO framework, which could allow attackers to corrupt memory through malicious image files. The flaw has been actively exploited in targeted and sophisticated attacks, possibly by commercial spyware vendors, although Apple has not disclosed specific details. Discovered internally, the bug has been addressed through improved bounds checking.

    Affected Versions

    • iOS 18.6.2 and iPadOS 18.6.2.
    • iPadOS 17.7.10.
    • macOS Ventura 13.7.8.
    • macOS Sonoma 14.7.8.
    • macOS Sequoia 15.6.1..

    Recommendations

    • Update to the latest version. Details can be found here.

    More Reading / Information

    Recommendations

    Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.