How the Vulnerability Worked

The flaw arose from two interacting issues. Security researcher Dirk-Jan Mollema found that an undocumented “Actor” token mechanism used by internal Microsoft services could be requested from a benign tenant and then accepted by a legacy Azure AD Graph API in a different tenant because the API failed to reliably validate the originating tenant claim. That combination lets an attacker present an Actor token from their own tenant and authenticate as arbitrary users in target tenants.

Impact and Exploit Potential

Practical impact was severe. An attacker who obtained and replayed such a token could read and modify directory data, create service principals, change roles, and take control of applications and policies (effectively full tenant compromise in many cases). Because Actor tokens were not subject to Conditional Access controls and, in some paths, generated little or no tenant logging, detection, and containment would have been difficult. Multiple security analyses labelled the vulnerability critical and noted it could have undermined the trust boundary of cloud identity itself.

Microsoft’s Response and Mitigation

Microsoft confirmed it received the vulnerability report in mid-July 2025, rolled out a targeted mitigation to stop cross-tenant acceptance of Actor tokens, and accelerated decommissioning of the legacy Graph API usage paths implicated in the issue. Microsoft and third-party observers reported no evidence of active exploitation prior to the fix. Administrators were advised to ensure their tenants had received Microsoft’s update and to remove or replace any remaining dependencies on Azure AD Graph in favor of Microsoft Graph. No further actions are required at this time.

Recommended Actions for Administrators

Longer term the incident reinforces two operational lessons for cloud identity: reduce your attack surface by retiring legacy APIs, and demand strong, tenant-aware token validation and telemetry from identity providers. For defenders, the immediate actions are straightforward: verify Microsoft’s patch state for your tenant, inventory, and migrate away from Azure AD Graph, and review privileged roles and service principals for unexpected changes. Independent writeups and the original researcher’s technical disclosure provide detailed indicators and exploit mechanics for teams that need to hunt or harden.

The post Critical Entra ID Vulnerability CVE-2025-55241: Microsoft Issues Emergency Fix for Cross-Tenant Token Exploit appeared first on CyberMaxx.

• SonicWall SSL VPN Access Control Vulnerability Again Under Exploitation
• Samsung Patches Zero-Day Exploited Against Android Devices
• Cisco Releases Fixes for Critical IOS XR Security Flaws
• Apple Backports Zero-Day Patches to Older iPhones and iPads

SonicWall SSL VPN Access Control Vulnerability Again Under Exploitation

Last year, SonicWall released a patch for CVE-2024-40766 (CVSS 9.3/10), which allowed attackers to gain unauthorized access to SonicWall devices. This vulnerability was widely exploited at the time and is once again being exploited by ransomware operators. This vulnerability is remotely exploitable with no privileges or user interaction required. The complexity of the attack required to exploit the flaw is considered “low.” If you have not implemented this patch, CyberMaxx highly recommends that you do so.

Affected Versions

• Gen 5: SOHO devices running version 5.9.2.14-12o and older.
• Gen 6: Various TZ, NSA, and SM models running versions 6.5.4.14-109n and older.
• Gen 7: TZ and NSA models running SonicOS build version 7.0.1-5035 and older.

Recommendations

• Update to firmware version 7.3.0 or later.
• Rotate SonicWall account passwords.
• Enforce multi-factor authentication (MFA).
• Restrict Virtual Office Portal access to trusted/internal networks.

More Reading / Information

• https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430
• https://www.bleepingcomputer.com/news/security/akira-ransomware-exploiting-critical-sonicwall-sslvpn-bug-again/

Samsung Patches Zero-Day Exploited Against Android Devices

Samsung’s September 2025 security updates for Android devices include a patch for a vulnerability that is being actively exploited in the wild. The vulnerability known as CVE-2025-21043 (CVSS 8.8/10) is defined as an out-of-bounds write problem in the libimagecodec.quram.so image parsing library, which is used by applications that process images on Samsung devices. Samsung says successful exploitation of the security flaw could allow remote attackers to execute arbitrary code on vulnerable devices.

Affected Versions

• Android Versions: 13,14,15, & 16.

Recommendations

• Apply Samsung’s September 2025 Security Updates ASAP.

More Reading / Information

• https://www.securityweek.com/samsung-patches-zero-day-exploited-against-android-users/
• https://security.samsungmobile.com/securityUpdate.smsb
• https://thehackernews.com/2025/09/samsung-fixes-critical-zero-day-cve.html

Cisco Releases Fixes for Critical IOS XR Security Flaws

Cisco has released security patches for three vulnerabilities in its IOS XR network operating system, two of which are classified as high-severity and one as medium. The most critical vulnerability, CVE-2025-20340 (CVSS 7.4/10), affects the ARP (Address Resolution Protocol) implementation and could allow an unauthenticated attacker to trigger a denial-of-service (DoS) condition by flooding the management interface with traffic. Another high-severity issue CVE-2025-20248 (CVSS 6/10) involves the installation process, where attackers with root privileges could bypass image signature verification and install unauthorized software. The third vulnerability, CVE-2025-20159 (CVSS 5.3/10), allows remote attackers to bypass access control lists (ACLs) for management protocols like SSH, NetConf, and gRPC. Cisco has confirmed that none of these vulnerabilities has been exploited in the wild.

Affected Versions

• Full list can be found here.

Recommendations

• Apply the latest patches.

More Reading / Information

• https://www.scworld.com/brief/trio-of-severe-cisco-ios-xr-flaws-fixed
• https://www.securityweek.com/cisco-patches-high-severity-ios-xr-vulnerabilities/

Apple Backports Zero-Day Patches to Older iPhones and iPads

Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in “extremely sophisticated” attacks. This security flaw (CVE-2025-43300) is the same one Apple has patched for devices running iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, and macOS (Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8) on August 20. This vulnerability was discovered by Apple security researchers and is caused by an out-of-bounds write weakness in the Image I/O framework, which enables apps to read and write image file formats.

Affected Versions

• For a full list of affected devices, click here.

Recommendations

• Apply the latest patches.

More Reading / Information

• https://support.apple.com/en-us/100100
• https://www.bleepingcomputer.com/news/security/apple-backports-zero-day-patches-to-older-iphones-and-ipads/
• https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-new-actively-exploited-zero-day/

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is a security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities will have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.

The post Security Advisory: Weekly Advisory September 17th, 2025 appeared first on CyberMaxx.

• SAP Patches Critical NetWeaver Vulnerabilities
• Cisco Patches DoS Vulnerability
• Adobe Patches Critical Commerce and Magento Vulnerability
• Microsoft’s September Patch Tuesday
• Zoom Workplace for Windows on ARM Missing Authorization Vulnerability

SAP Patches Critical NetWeaver Vulnerabilities

SAP has patched three critical severity vulnerabilities, CVE-2025-42944 (CVSS 10/10), CVE-2025-42922 (CVSS 9.9/10), and CVE-2025-42958 (CVSS 9.1/10), in its NetWeaver product that could lead to remote code execution and arbitrary file upload if exploited. This comes days after CVE-2025-42957 (CVSS 9.9/10) from last month’s patch cycle was confirmed to be exploited in the wild. If those patches have not been applied yet, it is highly recommended to do so.

Affected Versions

• A full list of affected versions can be found here.

Recommendations

• Apply the latest patches.

More Reading / Information

• https://thehackernews.com/2025/09/sap-patches-critical-netweaver-cvss-up.html
• https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2025.html

Cisco Patches DoS Vulnerability

Cisco has released a patch for CVE-2025-20222 (CVSS 8.6/10), which affects the RADIUS Proxy feature in the IPsec VPN feature of its Adaptive Security Appliance (ASA) Software and Firewall Threat Defense (FTD) products. An attacker could exploit this vulnerability by sending IPv6 packets over an IPsec VPN connection to an affected device, which could allow them to restart the device.

Affected Versions

• This vulnerability affects Cisco Firepower 2100 Series Firewalls if they are running a vulnerable release of Cisco Secure Firewall ASA Software or Secure FTD Software and meet all the following conditions:
  • IPsec VPN with Internet Key Exchange version 1 (IKEv1) or IKEv2 is enabled.
  • IPv6 is enabled on the interface that is receiving RADIUS traffic.
  • An access control list (ACL) is configured to permit IP traffic.

Recommendations

Install the latest updates.

More Reading / Information

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp2k-IPsec-dos-tjwgdZCO

Adobe Patches Critical Commerce and Magento Vulnerability

Adobe has patched a critical vulnerability in its Commerce and Magento open source platforms that could allow an attacker to take control of customer accounts. The vulnerability, CVE-2025-54236 (CVSS 9.1/10), combines a malicious session with a nested deserialization bug in Magento’s REST API. Adobe has not seen any exploitation attempts yet, and they have added WAF rules to protect environments against exploitation attempts that may target merchants using Adobe Commerce on Cloud infrastructure.

Affected Versions

• A full list of affected versions can be found here.

Recommendations

• Download the hotfix from the link above.

More Reading / Information

• https://helpx.adobe.com/security/products/magento/apsb25-88.html
• https://thehackernews.com/2025/09/adobe-commerce-flaw-cve-2025-54236-lets.html

Microsoft’s September Patch Tuesday

Microsoft’s September 2025 Patch Tuesday fixed 86 security vulnerabilities across Windows and related products. Eight are considered more likely to be targeted, including major issues like remote code execution, denial-of-service, and privilege escalation in core Windows components. Two of the most critical flaws, CVE-2025-54914 (CVSS 10/10), affect Azure Networking, and CVE-2025-55232 (CVSS 9.8/10) affects the high-performance compute (HPC) pack. Other high-risk vulnerabilities include flaws in SharePoint, Office, SQL Server, and Routing and Remote Access Service, though all are currently rated as unlikely to be exploited. There are no known exploits in the wild.

Affected Versions

• A full list of affected versions can be found here.

Recommendations

• Apply the latest patches.

More Reading / Information

• https://www.securityweek.com/microsoft-patches-86-vulnerabilities/
• https://thehackernews.com/2025/09/microsoft-fixes-80-flaws-including-smb.html

Zoom Workplace for Windows on ARM Missing Authorization Vulnerability

Zoom has released a security update that addresses CVE-2025-49459 (CVSS 7.8/10), a missing authorization vulnerability in Zoom Workplace for Windows ARM. This vulnerability could allow an attacker to perform actions without the required authorization, which may put sensitive data or system integrity at risk.

Affected Versions

• Zoom Workplace for Windows on ARM before version 6.5.0.

Recommendations

• Upgrade to Zoom Workplace for Windows ARM version 6.5.12 found here.

More Reading / Information

• https://cyberpress.org/zoom-releases-security-update/
• https://www.zoom.com/en/trust/security-bulletin/zsb-25032/?lang=null

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.

The post Security Advisory: Weekly Advisory September 10th, 2025 appeared first on CyberMaxx.

• Salesloft Drift OAuth Vulnerability Leads to Data Exfiltration Attacks
• Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Server
• Android September Patch Release
• WhatsApp Zero-Day Exploited in Attacks Targeting iOS Devices

Salesloft Drift OAuth Vulnerability Leads to Data Exfiltration Attacks

Salesloft Drift is a third-party AI chatbot tool used by organizations to convert interactions into Salesforce leads. On August 20th, Salesloft stated that they had found a vulnerability within the Drift application. This vulnerability allows malicious actors to steal OAuth tokens and export large amounts of data from the affected organizations’ Salesforce platform. There has been a wave of these attacks recently, which have been claimed by a group known as “Shiny Hunters.” It is believed that from the steps of recent attacks, one of the goals is to search for AWS access keys, other tokens, VPN login information, and generic keywords like “password.”

Recommendations

• Revoke and rotate authentication keys, credentials, and secrets.
• Review all Drift integrations.
• Search the connected systems for signs of compromise.

More Reading / Information

• https://krebsonsecurity.com/2025/09/the-ongoing-fallout-from-a-breach-at-ai-chatbot-maker-salesloft/
• https://trust.salesloft.com/?uid=Drift%2FSalesforce+Security+Notification

Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers

Sangoma has released patches for a recently exploited vulnerability that affects FreePBX servers with the administrator control panel accessible from the internet. The vulnerability, tracked as CVE-2025-57819 (CVSS 10/10), is described as insufficient sanitization of user-supplied data. Successful exploitation of this vulnerability can allow an attacker to access the FreePBX administrator panel, enabling database manipulation and remote code execution.

Affected Versions

• FreePBX versions 15, 16, and 17.
• Restrict public access to the admin console.

Recommendations

• Please apply the latest patches found here.

More Reading / Information

• https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h
• https://www.securityweek.com/sangoma-patches-critical-zero-day-exploited-to-hack-freepbx-servers/

Android September Patch Release

Android published its September Security Bulletin, which addressed 120 vulnerabilities, two of which have been exploited in the wild. The exploited vulnerabilities are tracked as CVE-2025-38352 (CVSS 7.4/10) and CVE-2025-48543. Google has stated that both vulnerabilities could lead to privilege escalation and that user interaction is not required to exploit.

Affected Versions

• A full list of affected versions can be found here.

Recommendations

• Apply the latest patches.

More Reading / Information

• https://thehackernews.com/2025/09/android-security-alert-google-patches.html
• https://source.android.com/docs/security/bulletin/2025-09-01

WhatsApp Zero-Day Exploited in Attacks Targeting iOS Devices

WhatsApp has disclosed a zero-day vulnerability that was actively exploited in targeted attacks against Apple device users. Tracked as CVE-2025-55177 (CVSS 5.4/10), the flaw stems from insufficient authorization checks during the synchronization of messages between linked devices. According to WhatsApp’s advisory, attackers could exploit this weakness to force the app to process content from unauthorized URLs on the victim’s device.

Affected Versions

• WhatsApp for iOS prior to v2.25.21.73
• WhatsApp Business for iOS v2.25.21.78
• WhatsApp for Mac v2.25.21.78.

Recommendations

• Update to WhatsApp for iOS version 2.25.21.73.
• Update to WhatsApp Business for iOS version 2.25.21.78.
• Update to WhatsApp for Mac version 2.25.21.78.

More Reading / Information

• https://www.securityweek.com/whatsapp-zero-day-exploited-in-attacks-targeting-apple-users/
• https://www.whatsapp.com/security/advisories/2025?lang=en_US
• https://www.cve.org/CVERecord?id=CVE-2025-55177

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.

The post Security Advisory: Weekly Advisory September 3rd, 2025 appeared first on CyberMaxx.

• Citrix Patches Actively Exploited NetScaler Vulnerability
• Docker Desktop Allows Unauthenticated Access to Docker Engine API
• Flaws in Workhorse Software Used by Hundreds of Cities and Towns Exposed Sensitive Data
• Apple Addresses Critical Zero-Day Used in Targeted Exploits

Citrix Patches Actively Exploited NetScaler Vulnerability

Citrix has patched three vulnerabilities affecting its NetScaler ADC and Gateway products. CVE-2025-7775 (CVSS 9.2/10) is described as a memory overflow that can lead to remote code execution and was acknowledged by Citrix to be exploited in the wild, but details have not been made public. The other two vulnerabilities are CVE-2025-7776 (CVSS 8.8/10) and CVE-2025-8424 (CVSS 8.7/10). Please review the Citrix article below for the conditions required for exploitation. As there are credible reports of CVE-2025-7775 under active exploitation, we highly recommend patching as soon as possible. Please note, this does not affect cloud-hosted versions.

Affected Versions

• NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.48.
• NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.22.
• NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.241-FIPS and NDcPP.
• NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.330-FIPS and NDcPP.

Recommendations

• Apply the latest patches to the affected versions. Details can be found here.

More Reading / Information

• https://thehackernews.com/2025/08/citrix-patches-three-netscaler-flaws.html
• https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938

Docker Desktop Allows Unauthenticated Access to Docker Engine API

A critical flaw in Docker Desktop for both Windows and macOS enables attackers to compromise the host system by executing a malicious container, even when Enhanced Container Isolation (ECI) is enabled. The vulnerability, CVE-2025-9074 (CVSS 9.3), is a server-side request forgery (SSRF) issue that could allow a malicious actor to launch additional containers, which could lead to unauthorized access to files on the system.

Affected Versions

• Docker Desktop versions 4.25 and below.

Recommendations

• Update to Docker Desktop version 4.44.3.

More Reading / Information

• https://thehackernews.com/2025/08/docker-fixes-cve-2025-9074-critical.html
• https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/
• https://gbhackers.com/windows-docker-desktop-vulnerability/

Flaws in Workhorse Software Used by Hundreds of Cities and Towns Exposed Sensitive Data

Workhorse Software Services has patched two vulnerabilities affecting its accounting software. The vulnerabilities (CVE-2025-9037 and CVE-2025-9040) are issues related to SQL server connection credentials being stored in a plaintext file that is typically in a shared network folder, and the availability of a database backup feature accessible from the login screen that allows the creation of an unencrypted database backup file, which can later be restored on any SQL server without a password.

Affected Versions

• Workhorse Software Services, Inc. software prior to version 1.9.4.48019.

Recommendations

• Please apply the latest patches to the affected versions.

More Reading / Information

• https://www.securityweek.com/flaws-in-software-used-by-hundreds-of-cities-and-towns-exposed-sensitive-data/
• https://kb.cert.org/vuls/id/706118

Apple Addresses Critical Zero-Day Used in Targeted Exploits

Apple has released urgent security updates for iOS, iPadOS, and macOS to fix a serious zero-day vulnerability (CVE-2025-43300) in the ImageIO framework, which could allow attackers to corrupt memory through malicious image files. The flaw has been actively exploited in targeted and sophisticated attacks, possibly by commercial spyware vendors, although Apple has not disclosed specific details. Discovered internally, the bug has been addressed through improved bounds checking.

Affected Versions

• iOS 18.6.2 and iPadOS 18.6.2.
• iPadOS 17.7.10.
• macOS Ventura 13.7.8.
• macOS Sonoma 14.7.8.
• macOS Sequoia 15.6.1..

Recommendations

• Update to the latest version. Details can be found here.

More Reading / Information

• https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-day.html
• https://www.securityweek.com/apple-patches-zero-day-exploited-in-targeted-attacks/

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.

The post Security Advisory: Weekly Advisory August 27th, 2025 appeared first on CyberMaxx.

• Cisco Patches Critical Vulnerability in Firewall Management Center
• Two Vulnerabilities in N-able’s N-central added to CISA KEV List
• WordPress Scheduling Plugin Vulnerable to Arbitrary File Upload
• WordPress Custom API WP Plugin Vulnerable to SQL Injection

Cisco Patches Critical Actively Exploited Vulnerability in Firewall Management Center

Cisco released patches for more than 20 new vulnerabilities affecting its Secure Firewall Management Center (FMC), Secure Firewall Threat Defense (FTD), and Secure Firewall Adaptive Security Appliance (ASA) products. The most concerning is CVE-2025-20265 (CVSS 10/10), which affects the FMC platform that monitors/manages the FTDs and other tools. If exploited, an unauthenticated attacker can execute code remotely within the platform. Cisco has also stated that this vulnerability is under active exploitation. CyberMaxx strongly recommends patching this urgently.

Affected Versions

• A full list of affected versions can be found here.

Recommendations

• Apply the latest patches.
• CyberMaxx also recommends restricting FMC access to only Private/Trusted IP addresses.

More Reading / Information

• https://sec.cloudapps.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities
• https://thehackernews.com/2025/08/cisco-warns-of-cvss-100-fmc-radius-flaw.html

Two Vulnerabilities in N-able’s N-central added to CISA KEV List

N-Central is a Remote Monitoring and Management tool offered by N-able. Two vulnerabilities in the platform, CVE-2025-8875 and CVE-2025-8876, have been exploited in the wild and added to CISA’s KEV List. The technical details of these vulnerabilities have not been shared yet; however, with reports of ongoing attacks, it is highly recommended to upgrade to the latest version. This affects on-premises versions only.

Affected Versions

• All on-premise versions prior to 2025.3.1.

Recommendations

• Upgrade to N-central 2025.3.1.

More Reading / Information

• https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/
• https://www.bleepingcomputer.com/news/security/cisa-warns-of-n-able-n-central-flaws-exploited-in-zero-day-attacks/

WordPress Scheduling Plugin Vulnerable to Arbitrary File Upload

The plugin WordPress Online Booking & Scheduling Calendar for WordPress by vcita is vulnerable to a file upload vulnerability. When exploited, a malicious actor can upload any type of file to your website, including a backdoor. This vulnerability is being tracked as CVE-2025-54677 (CVSS 9.1/10).

Affected Versions

• Online Booking & Scheduling Calendar for WordPress by vcita Plugin version 4.5.3 or earlier.

Recommendations

• Update to version 4.5.5 or later.

More Reading / Information

• https://www.cve.org/CVERecord?id=CVE-2025-54677
• https://patchstack.com/database/wordpress/plugin/meeting-scheduler-by-vcita/vulnerability/wordpress-online-booking-scheduling-calendar-for-wordpress-by-vcita-plugin-4-5-3-arbitrary-file-upload-vulnerability?_s_id=cve

WordPress Custom API WP Plugin Vulnerable to SQL Injection

The miniOrange Custom API plugin for WordPress contains an SQL Injection vulnerability. This flaw allows attackers to insert malicious SQL commands due to improper handling of special characters. Exploitation could allow a malicious actor full access to the database. This vulnerability is being tracked as CVE-2025-54048 (CVSS 9.3/10).

Affected Versions

• miniOrange Custom API version 4.2.2 or earlier.

Recommendations

• Update to version 4.2.3 or later.

More Reading / Information

• https://www.cve.org/CVERecord?id=CVE-2025-54048
• https://patchstack.com/database/wordpress/plugin/custom-api-for-wp/vulnerability/wordpress-custom-api-for-wp-4-2-2-sql-injection-vulnerability?_s_id=cve

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.

The post Security Advisory: Weekly Advisory August 20th, 2025 appeared first on CyberMaxx.

Fortinet has released patches for a vulnerability in its FortiWeb Web Application Firewall (WAF) tracked as CVE-2025-52970. Exploitation allows an unauthenticated attacker to log in as any existing user on the device via a specially crafted request. Of note, a partial proof of concept and detailed explanation of the vulnerability exists publicly, and exploitation in the wild is expected.

If exploited, an attacker may be granted the opportunity to create persistent access to an environment as well as potentially execute code on the host. CyberMaxx urges upgrading affected versions to their latest patch level to ensure protection against exploitation.

Affected Versions

More Reading / Information

• https://fortiguard.fortinet.com/psirt/FG-IR-25-448

The post Security Advisory: <br>FortiWeb Authentication Bypass, CVE-2025-52970<br> (AKA FortMajeure) appeared first on CyberMaxx.

• Fortinet Patches Multiple Vulnerabilities
• SAP Releases Monthly Patch Update
• Microsoft’s August Patch Tuesday Release
• Adobe Releases Patches to Over 60 Vulnerabilities
• Zoom Patches Critical Severity Vulnerability

Fortinet Patches Multiple Vulnerabilities

Fortinet has released patches for 14 vulnerabilities. The most critical of these is CVE-2025-25256 (CVSS 9.8/10), which affects the FortiSIEM application. This allows an unauthenticated, remote attacker the ability to execute code on the host. Fortinet has warned that an exploit for this vulnerability exists in the wild.

Of note, CyberMaxx has already taken steps to globally mitigate our equipment against these vulnerabilities.

Affected Versions

• A full list of affected versions can be found here.

Recommendations

• Apply the latest patches.

More Reading / Information

• https://www.fortiguard.com/psirt
• https://thehackernews.com/2025/08/fortinet-warns-about-fortisiem.html

SAP Releases Monthly Patch Update

SAP released patches for 15 new vulnerabilities, as well as updates to four previously released patches. There are two new critical vulnerabilities, CVE-2025-42950 (CVSS 9.9/10) affecting the SAP S/4HANA (Private Cloud or On-Premise) application and CVE-2025-42957 (9.9/10) affecting the SAP Landscape Transformation (Analysis Platform). Both of these vulnerabilities can be exploited by code execution and lead to a full system compromise.

Affected Versions

• A full list of affected versions can be found here.

Recommendations

• Apply the latest patches.

More Reading / Information

• https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2025.html
• https://www.securityweek.com/sap-patches-critical-s-4hana-vulnerability/

Microsoft’s August Patch Tuesday Release

Microsoft has released its Patch Tuesday for August. This includes security updates for 111 vulnerabilities. This also fixes 13 critical-severity vulnerabilities, nine of which are remote code execution vulnerabilities, three are information disclosure, and one is elevation of privileges.

This includes CVE-2025-53786 (CVSS 8/10), a vulnerability that allows an attacker to pivot from a compromised Microsoft Exchange Server directly into an organization’s cloud environment, potentially gaining control over Exchange Online and other connected Microsoft Office 365 services.

Affected Versions

• A full list of affected versions can be found here.

Recommendations

• Apply the latest patches.

More Reading / Information

• https://krebsonsecurity.com/2025/08/microsoft-patch-tuesday-august-2025-edition/
• https://www.securityweek.com/microsoft-patches-over-100-vulnerabilities/
• https://thehackernews.com/2025/08/microsoft-august-2025-patch-tuesday.html

Adobe Releases Patches to Over 60 Vulnerabilities

Adobe released patches for over 60 security vulnerabilities across various products used for 3D design, content creation, and publishing. Critical issues mainly involve code execution and memory leaks were patched in tools such as Substance 3D, Photoshop, Illustrator, Animate, and Frame Maker. Commerce and Magento received fixes for privilege escalation, denial of service, and arbitrary file system read flaws, including two security feature bypass issues. Nearly 20 critical vulnerabilities for arbitrary code execution were addressed for InCopy and InDesign updates. Adobe reports no known attacks in the wild.

Affected Versions

• A full list of all affected versions can be found here.

Recommendations

• Apply the latest patches.

More Reading / Information

• https://www.securityweek.com/adobe-patches-over-60-vulnerabilities-across-13-products/
• https://helpx.adobe.com/security.html

Zoom Patches Critical Severity Vulnerability

Zoom released a patch for a new vulnerability, CVE-2025-49457 (CVSS 9.6/10). This is an untrusted search path in Windows Zoom clients that can lead to privilege escalation.

Affected Versions

• Zoom Workplace for Windows before version 6.3.10.
• Zoom Workplace VDI for Windows before version 6.3.10 (except 6.1.16 and 6.2.12).
• Zoom Rooms for Windows before version 6.3.10.
• Zoom Rooms Controller for Windows before version 6.3.10.
• Zoom Meeting SDK for Windows before version 6.3.10.

Recommendations

• Install the latest updates from Zoom’s website.
  • Recent versions of Zoom have auto-update enabled by default. Organizations should confirm that the setting is not disabled, and they are not running any versions where the auto-update setting was not enabled by default. If updates are not set to auto-update, organizations need to ensure that they are communicating the need to update browsers with their users. Follow-up confirmation that the updates have been applied with users is essential. Additionally, browsers must be restarted to apply updates.

More Reading / Information

• https://www.zoom.com/en/trust/security-bulletin/zsb-25030/?lang=null
• https://thehackernews.com/2025/08/zoom-and-xerox-release-critical.html

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities will have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.

The post Security Advisory: Weekly Advisory August 13th, 2025 appeared first on CyberMaxx.

• Fortinet Patches Multiple Vulnerabilities
• SAP Patches Critical Flaws That Could Allow Remote Code Execution
• Microsoft’s July Patch Tuesday Release
• Security Updates for Adobe and Mozilla Thunderbird

Fortinet Patches Multiple Vulnerabilities

Fortinet released patches for eight vulnerabilities. The most severe, CVE-2025-25257 (CVSS 9.6/10), is an SQL injection in FortiWeb that can be exploited without authentication. Fortinet has made no mention of whether any of these are exploited in the wild.

Of note, CyberMaxx has already taken steps to globally mitigate our equipment against these vulnerabilities.

Affected Versions

• A full list of affected versions can be found here.

Recommendations

• Apply the latest patches.

More Reading / Information

• https://www.securityweek.com/ivanti-fortinet-splunk-release-security-updates/
• https://www.fortiguard.com/psirt

SAP Patches Critical Flaws That Could Allow Remote Code Execution

SAP announced the release of 27 new and four updated security notes, including six that address critical vulnerabilities. The most severe vulnerability, CVE-2025-30012 (CVSS updated from 3.9 to 10.0), has been determined to allow abuse by unauthenticated attackers to execute arbitrary OS commands with administrative privileges.

Affected Versions

• A full list of affected versions can be found here.

Recommendations

• Please update to the applicable patched version of the software.

More Reading / Information

• https://www.securityweek.com/sap-patches-critical-flaws-that-could-allow-remote-code-execution-full-system-takeover/
• https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html

Microsoft’s July Patch Tuesday Release

Microsoft has released its Patch Tuesday for the month of July. This includes security updates for 137 vulnerabilities, among them a publicly disclosed zero-day flaw in Microsoft SQL Server (CVE-2025-49719) CVSS 7.5/10. The update also addresses 14 Critical vulnerabilities, including 10 remote code execution flaws, one information disclosure issue, and two AMD side-channel attack vulnerabilities.

Affected Versions

• Windows Components: Windows Kernel, Windows BitLocker, Windows SSDP Service, Windows Hyper-V, and Windows Routing and Remote Access Service (RRAS).
• Microsoft Office Suite: Vulnerabilities in Excel, Word, PowerPoint, and SharePoint, with several allowing RCE or privilege escalation.
• Cloud and Enterprise Services: Azure Monitor Agent, Microsoft Intune, and SQL Server.
• Development Tools: Visual Studio and Visual Studio Code Python extension.
• Browsers: Microsoft Edge (Chromium-based).

Recommendations

• Apply the latest patches.

More Reading / Information

• https://krebsonsecurity.com/2025/07/microsoft-patch-tuesday-july-2025-edition/
• https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2025-patch-tuesday-fixes-one-zero-day-137-flaws/
• https://thehackernews.com/2025/07/microsoft-patches-130-vulnerabilities.html

Security Updates for Adobe and Mozilla Thunderbird

Adobe released patches for 58 vulnerabilities, three of which are rated critical severity affecting its Adobe Connect, ColdFusion, and Experience Manager Forms products. Successful exploitation of these issues could lead to code execution, privilege escalation, security feature bypass, and arbitrary file system read

Mozilla patches multiple vulnerabilities in its Thunderbird product, the most severe of which could lead to remote code execution, crashing, and memory loss.

Recommendations

• Apply the latest patches to any affected Adobe products.
• Upgrade to Mozilla Thunderbird to version 140.

More Reading / Information

• https://helpx.adobe.com/security.html
• https://www.mozilla.org/en-US/security/advisories/

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.

The post Security Advisory: Weekly Advisory July 9th, 2025 appeared first on CyberMaxx.

• Citrix Patches Additional NetScaler Vulnerability
• Critical Microsens Vulnerability
• Emergency Security Updates Released for Chrome
• Nessus Windows Vulnerability

Citrix Patches Additional NetScaler Vulnerability

Update to the original advisory (included below): An additional critical flaw has been made public regarding Citrix NetScaler devices, CVE-2025-6543 (CVSS 9.2/10). The CVE details input validation and memory overflow issues, which can lead to out-of-bounds memory read, unintended control flow, and denial of service (DoS) conditions. There are reports of CVE-2025-6543 being exploited in the wild. CyberMaxx strongly urges patching these vulnerabilities as soon as possible.

Affected Versions

NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0

Recommendations

Patch NetScaler instances as soon as possible.

More Reading / Information

• https://www.securityweek.com/thousands-of-citrix-netscaler-instances-unpatched-against-exploited-vulnerabilities/
• https://nvd.nist.gov/vuln/detail/CVE-2025-5777
• https://nvd.nist.gov/vuln/detail/CVE-2025-6543

Original Advisory:

Citrix has released patches for multiple vulnerabilities affecting its customer-managed NetScaler ADC and NetScaler Gateway. The most severe, CVE-2025-5777 (CVSS 9.3/10), is an insufficient input validation that leads to a memory overread. Citrix warns that NetScaler ADC and Gateway versions 12.1 and 13.0, which have been discontinued, are affected by these vulnerabilities too and it is important to upgrade to a supported iteration as soon as possible.

Affected Versions

• NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-43.56.
• NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-58.32.
• NetScaler ADC 13.1-FIPS and NDcPP  BEFORE 13.1-37.235-FIPS and NDcPP.
• NetScaler ADC 12.1-FIPS BEFORE 12.1-55.328-FIPS.

Recommendations

• Upgrade to NetScaler ADC and NetScaler Gateway 14.1-43.56 and later releases.
• Upgrade to NetScaler ADC and NetScaler Gateway 13.1-58.32 and later releases of 13.1.
• Upgrade to NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.235 and later releases of 13.1-FIPS and 13.1-NDcPP.
• Upgrade to NetScaler ADC 12.1-FIPS 12.1-55.328 and later releases of 12.1-FIPS.

More Reading / Information

• https://www.securityweek.com/critical-vulnerability-patched-in-citrix-netscaler/
• https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420

Critical Microsens Vulnerability

An advisory published by the cybersecurity agency CISA last week, informed organizations that the Microsens NMP Web+ product is affected by two critical vulnerabilities, CVE-2025-49151 (CVSS 9.3/10) and CVE-2025-49153 (CVSS 9.3/10). These vulnerabilities can be used to obtain valid authentication tokens and overwrite critical files on the server, giving them full control over the system on the OS level.

Affected Versions

NMP Web+: Version 3.2.5 and prior

Recommendations

Upgrade to version 3.3.0 for Windows and Linux

More Reading / Information

• https://www.securityweek.com/critical-microsens-product-flaws-allow-hackers-to-go-from-zero-to-hero/
• https://nvd.nist.gov/vuln/detail/CVE-2025-49151
• https://nvd.nist.gov/vuln/detail/CVE-2025-49153

Emergency Security Updates Released for Chrome

Google has released emergency updates to patch a Chrome zero-day vulnerability, CVE-2025-6554, exploited in attacks. This zero-day vulnerability is a high-severity type confusion weakness in the Chrome V8 JavaScript engine. While such flaws generally lead to browser crashes after successful exploitation by reading or writing memory out of buffer bounds, attackers can also exploit them to execute arbitrary code on unpatched devices. Google is aware that an exploit for CVE-2025-6554 exists in the wild.

Recommendations

Upgrade to Google Chrome to version 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for Mac, and 138.0.7204.96 for Linux.

Recent versions of Google Chrome have auto-update enabled by default. Organizations should confirm that the setting is not disabled and that they are not running any versions where the auto-update setting was not enabled by default. If updates are not set to auto-update, organizations need to ensure that they are communicating the need to update browsers with their users. Follow-up confirmation that the updates have been applied to users is essential. Additionally, browsers must be restarted to apply updates.

More Reading / Information

• https://www.bleepingcomputer.com/news/security/google-fixes-fourth-actively-exploited-chrome-zero-day-of-2025/
• https://nvd.nist.gov/vuln/detail/CVE-2025-6554
• https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html

Nessus Windows Vulnerability

Tenable has released Nessus version 10.8.5 to fix several high-severity vulnerabilities affecting versions 10.8.4 and earlier. These flaws—CVE-2025-36630 (CVSS 8.4/10), CVE-2025-6021 (CVSS 6.5/10), and CVE-2025-24855 (CVSS 7.8/10)—could allow attackers to escalate privileges, execute arbitrary code, and overwrite system files on Windows systems. Users are strongly urged to update their Nessus installations immediately.

Affected Versions

Nessus versions 10.8.4 and earlier

Recommendations

Upgrade to Nessus version 10.8.5 or 10.9.0

More Reading / Information

• https://cybersecuritynews.com/nessus-windows-vulnerabilities/
• https://gbhackers.com/nessus-vulnerabilities-on-windows/
• https://cyberpress.org/nessus-windows-vulnerability/

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.

The post Security Advisory: Weekly Advisory July 2nd, 2025 appeared first on CyberMaxx.