Advisories, Articles, Attacks, Government, Infrastructure, News, Reports, Security Strategy, Threat Research, Vulnerabilities, , , , , , , , , ,
cyber security

Canadian Centre for Cyber Security Alerts & Advisories

Canadian Centre for Cyber Security Alerts & Advisories.

The Canadian Cyber Centre issues alerts and advisories on potential, imminent or actual cyber threats, vulnerabilities or incidents affecting Canada’s critical infrastructure.

  • Splunk security advisory (AV25-787)
    by Canadian Centre for Cyber Security on November 26, 2025 at 7:06 pm

    <article data-history-node-id="7038" about="/en/alerts-advisories/splunk-security-advisory-av25-787" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><!–{C}%3C!%2D%2D***************************************************%20START%20ADVISORY%20-English-%20******************************************************%2D%2D%3E–></p> <p><strong>Serial number: </strong>AV25-787<br /><!–{C}%3C!%2D%2D%20DATES%20Pick%20one%20update%20the%20day%20xx%2C%20delete%20the%20rest%20%2D%2D%3E–><strong>Date: </strong>November 26, 2025</p> <p>On November 26, 2025, Splunk published security advisories to address vulnerabilities in the following products:</p> <ul><li>Splunk SOAR – versions prior to 7.0.0</li> <li>Splunk Add-on for Palo Alto Networks – versions prior to 2.0.2</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://advisory.splunk.com/advisories/SVD-2025-1104 ">Third-Party Package Updates in Splunk SOAR – November 2025</a></li> <li><a href="https://advisory.splunk.com/advisories/SVD-2025-1105 ">Sensitive Information Disclosure in “_internal“ index through Splunk Add-On for Palo Alto Networks</a></li> <li><a href="https://advisory.splunk.com/">Splunk Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

  • GitLab security advisory (AV25-786)
    by Canadian Centre for Cyber Security on November 26, 2025 at 6:24 pm

    <article data-history-node-id="7037" about="/en/alerts-advisories/gitlab-security-advisory-av25-786" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><!–{C}%3C!%2D%2D***************************************************%20START%20ADVISORY%20-English-%20******************************************************%2D%2D%3E–></p> <p><strong>Serial number: </strong>AV25-786<br /><!–{C}%3C!%2D%2D%20DATES%20Pick%20one%20update%20the%20day%20xx%2C%20delete%20the%20rest%20%2D%2D%3E–><strong>Date: </strong>November 26, 2025</p> <p>On November 26, 2025, GitLab published a security advisory to address vulnerabilities in the following products:</p> <ul><li>GitLab Community Edition (CE) – versions prior to 18.6.1, 18.5.3 and 18.4.5</li> <li>GitLab Enterprise Edition (EE) – versions prior to 18.6.1, 18.5.3 and 18.4.5</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/ ">GitLab Patch Release: 18.6.1, 18.5.3, 18.4.5</a></li> <li><a href="https://about.gitlab.com/releases/categories/releases/ ">GitLab Releases</a></li> </ul></div> </div> </div> </div> </div> </article>

  • HashiCorp security advisory (AV25-785)
    by Canadian Centre for Cyber Security on November 25, 2025 at 1:02 pm

    <article data-history-node-id="7036" about="/en/alerts-advisories/hashicorp-security-advisory-av25-785" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><!–{C}%3C!%2D%2D***************************************************%20START%20ADVISORY%20-English-%20******************************************************%2D%2D%3E–></p> <p><strong>Serial number: </strong>AV25-785<br /><!–{C}%3C!%2D%2D%20DATES%20Pick%20one%20update%20the%20day%20xx%2C%20delete%20the%20rest%20%2D%2D%3E–><strong>Date: </strong>November 25, 2025</p> <p>On November 21, 2025, HashiCorp published a security advisory to address a vulnerability in the following product:</p> <ul><li>Vault Terraform Provider – versions v4.2.0 to v5.4.0</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://discuss.hashicorp.com/t/hcsec-2025-33-vault-terraform-provider-applied-incorrect-defaults-for-ldap-auth-method/76822 ">HCSEC-2025-33 – Vault Terraform Provider Applied Incorrect Defaults for LDAP Auth Method</a></li> </ul></div> </div> </div> </div> </div> </article>

  • Red Hat security advisory (AV25-783)
    by Canadian Centre for Cyber Security on November 24, 2025 at 6:22 pm

    <article data-history-node-id="7035" about="/en/alerts-advisories/red-hat-security-advisory-av25-783" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV25-738<br /><!–{C}%3C!%2D%2D%20DATES%20Pick%20one%20update%20the%20day%20xx%2C%20delete%20the%20rest%20%2D%2D%3E–><strong>Date: </strong>November 24, 2025</p> <p>Between November 17 and 23, 2025, <span lang="en" xml:lang="en" xml:lang="en">Red Hat</span> published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:</p> <ul><li>Red Hat CodeReady Linux Builder – multiple versions and platforms</li> <li>Red Hat Enterprise Linux – multiple versions and platforms</li> <li>Red Hat Enterprise Linux Server – multiple versions and platforms</li> <li>Red Hat Enterprise Linux for Real Time – multiple versions and platforms</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://access.redhat.com/security/security-updates/security-advisories">Red Hat Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

  • VMware security advisory (AV25-784)
    by Canadian Centre for Cyber Security on November 24, 2025 at 6:18 pm

    <article data-history-node-id="7034" about="/en/alerts-advisories/vmware-security-advisory-av25-784" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><!–{C}%3C!%2D%2D***************************************************%20START%20ADVISORY%20-English-%20******************************************************%2D%2D%3E–></p> <p><strong>Serial number: </strong>AV25-784<br /><!–{C}%3C!%2D%2D%20DATES%20Pick%20one%20update%20the%20day%20xx%2C%20delete%20the%20rest%20%2D%2D%3E–><strong>Date: </strong>November 24, 2025</p> <p>Between November 23 and 24, 2025, VMware published security advisories to address vulnerabilities in multiple products</p> <p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://support.broadcom.com/web/ecx/security-advisory ">Security Advisories – VMware Cloud Foundation</a></li> </ul></div> </div> </div> </div> </div> </article>

  • [Control systems] CISA ICS security advisories (AV25-782)
    by Canadian Centre for Cyber Security on November 24, 2025 at 5:10 pm

    <article data-history-node-id="7033" about="/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av25-782" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV25-782<br /><strong>Date: </strong>November 24, 2025</p> <p>Between November 17 and 23, 2025, CISA published ICS advisories to address vulnerabilities in the following products:</p> <ul><li>Automated Logic Carrier i-Vu – multiple versions</li> <li>Automated Logic SiteScan Web – multiple versions</li> <li>Automated Logic WebCTRL Server – multiple versions</li> <li>Automated Logic WebCTRL for OEMs – multiple versions</li> <li>Emerson Appleton UPSMON-PRO – versions 2.6 and prior</li> <li>Festo Didactic Siemens TIA-Portal V15/V18 prior to V17/V18 Update 6/1 installed on Festo Hardware MES PC – all versions</li> <li>Festo Didactic Siemens TIA-Portal V15/V18 prior to V17/V18 Update 6/1 installed on Festo Hardware TP260 (&lt;June2023) – all versions</li> <li>Festo MSE6-C2M/D2M/E2M (multiple models) – all versions</li> <li>ICAM365 Night Vision Camera QC021 – versions 43.4.0.0 and prior</li> <li>ICAM365 ROBOT PT Camera P201 – versions 43.4.0.0 and prior</li> <li>METZ CONNECT EWIO2 (multiple models) – all versions</li> <li>Opto 22 GRV-EPIC-PR1/GRV-EPIC-PR2 Firmware – versions prior to 4.0.3</li> <li>Opto 22 groov RIO GRV-R7-MM1001-10/ GRV-R7-MM2001-10/GRV-R7-I1VAPM-3 Firmware – versions prior to 4.0.3</li> <li>Schneider Electric EcoStruxure Machine SCADA Expert – versions prior to 2023.1 Patch 1</li> <li>Schneider Electric PowerChute Serial Shutdown – versions 1.3 and prior</li> <li>Schneider Electric Pro-face BLUE Open Studio – versions prior to 2023.1 Patch 1</li> <li>Shelly Pro 3EM – all versions</li> <li>Shelly Pro 4PM – version prior to v1.6</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.</p> <ul class="list-unstyled"><li><a href="https://www.cisa.gov/news-events/cybersecurity-advisories">CISA ICS Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

  • Ubuntu security advisory (AV25-781)
    by Canadian Centre for Cyber Security on November 24, 2025 at 4:56 pm

    <article data-history-node-id="7032" about="/en/alerts-advisories/ubuntu-security-advisory-av25-781" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV25-781<br /><strong>Date: </strong>November 24, 2025</p> <p>Between November 17 and 23, 2025, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products:</p> <ul><li>Ubuntu 14.04 LTS</li> <li>Ubuntu 16.04 LTS</li> <li>Ubuntu 18.04 LTS</li> <li>Ubuntu 20.04 LTS</li> <li>Ubuntu 22.04 LTS</li> <li>Ubuntu 24.04 LTS</li> <li>Ubuntu 25.04</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://ubuntu.com/security/notices">Ubuntu Security Notices</a></li> </ul></div> </div> </div> </div> </div> </article>

  • IBM security advisory (AV25-780)
    by Canadian Centre for Cyber Security on November 24, 2025 at 4:42 pm

    <article data-history-node-id="7031" about="/en/alerts-advisories/ibm-security-advisory-av25-780" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV25-780<br /><!–{C}%3C!%2D%2D%20DATES%20Pick%20one%20update%20the%20day%20xx%2C%20delete%20the%20rest%20%2D%2D%3E–><strong>Date: </strong>November 24, 2025</p> <p>Between November 17 and 23, 2025, IBM published security advisories to address vulnerabilities in multiple products.</p> <p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.ibm.com/support/pages/bulletin/">IBM Product Security Incident Response</a></li> </ul></div> </div> </div> </div> </div> </article>

  • Dell security advisory (AV25-779)
    by Canadian Centre for Cyber Security on November 24, 2025 at 4:31 pm

    <article data-history-node-id="7030" about="/en/alerts-advisories/dell-security-advisory-av25-779" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV25-779<br /><!–{C}%3C!%2D%2D%20DATES%20Pick%20one%20update%20the%20day%20xx%2C%20delete%20the%20rest%20%2D%2D%3E–><strong>Date: </strong>November 24, 2025</p> <p>Between November 17 and 23, 2025, Dell published security advisories to address vulnerabilities in the following products:</p> <ul><li>Dell ObjectScale – versions prior to 4.1.0.1</li> <li>Dell PowerProtect Cyber Recovery – version 19.21.0.1 and prior</li> <li>Dell PowerProtect Cyber Recovery SLES – versions prior to 15.4.0-10</li> <li>Dell PowerProtect Data Manager – versions prior to 19.22</li> <li>Dell Storage Monitoring and Reporting – versions prior to 5.1.1.1 and versions prior to 6.0.0.0</li> <li>Dell Storage Resource Manager – versions prior to 5.1.1.1 and versions prior to 6.0.0.0</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.dell.com/support/security/en-ca/">Dell Security advisories and notices</a></li> </ul></div> </div> </div> </div> </div> </article>

  • Oracle security advisory – October 2025 quarterly rollup (AV25-688) – Update 2
    by Canadian Centre for Cyber Security on November 21, 2025 at 9:38 pm

    <article data-history-node-id="6916" about="/en/alerts-advisories/oracle-security-advisory-october-2025-quarterly-rollup-av25-688" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV25-688<br /><strong>Date: </strong>October 22, 2025<br /><strong>Updated:</strong> November 21, 2025</p> <p>On October 21, 2025, Oracle published a security advisory to address vulnerabilities in multiple products.</p> <p>Included were security advisories for critical vulnerabilities CVE-2025-53072 and CVE-2025-62481 affecting Oracle E-Business products.</p> <p><strong>Update 1</strong><br /> On November 20, 2025, a proof of concept (PoC) for CVE-2025-61757 has been made available and open-source reporting indicated that exploitation has been observed since August 30, 2025.</p> <p><strong>Update 2</strong><br /> On November 21, 2025, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-61757 to their Known Exploited Vulnerabilities (KEV) Database.</p> <p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.cisa.gov/news-events/alerts/2025/11/21/cisa-adds-one-known-exploited-vulnerability-catalog">CISA Adds One Known Exploited Vulnerability to Catalog</a></li> <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61757">CVE-2025-61757</a></li> <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-53072">CVE-2025-53072</a></li> <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-62481">CVE-2025-62481</a></li> <li><a href="https://www.oracle.com/security-alerts/cpuoct2025.html">Oracle Critical Patch Update Advisory – October 2025</a></li> </ul></div> </div> </div> </div> </div> </article>

  • Grafana security advisory (AV25-778)
    by Canadian Centre for Cyber Security on November 21, 2025 at 3:30 pm

    <article data-history-node-id="7029" about="/en/alerts-advisories/grafana-security-advisory-av25-778" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV25-778<br /><strong>Date: </strong>November 21, 2025</p> <p>On November 19, 2025, Grafana published a security advisory to address a critical vulnerability in the following product:</p> <ul><li>Grafana Enterprise – versions prior to 12.3.0, 12.2.1, 12.1.3 and 12.0.6</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://grafana.com/blog/2025/11/19/grafana-enterprise-security-update-critical-severity-security-fix-for-cve-2025-41115/">Grafana Enterprise security update: critical severity security fix for CVE-2025-41115</a></li> </ul></div> </div> </div> </div> </div> </article>

  • HPE security advisory (AV25-777)
    by Canadian Centre for Cyber Security on November 21, 2025 at 3:08 pm

    <article data-history-node-id="7028" about="/en/alerts-advisories/hpe-security-advisory-av25-777" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV25-777<br /><!–{C}%3C!%2D%2D%20DATES%20Pick%20one%20update%20the%20day%20xx%2C%20delete%20the%20rest%20%2D%2D%3E–><strong>Date: </strong>November 21, 2025</p> <p>On November 20, 2025, HPE published a security advisory to address vulnerabilities in the following product :</p> <ul><li>HPE Telco Service Activator – versions 10.3.3 and prior</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04973en_us&amp;&amp;docLocale=en_US">HPESBNW04973 rev.1 – HPE Telco Service Activator, Multiple Vulnerabilities</a></li> <li><a href="https://support.hpe.com/connect/s/securitybulletinlibrary?language=en_US">HPE Security Bulletin Library</a></li> </ul></div> </div> </div> </div> </div> </article>

  • [Control systems] ABB security advisory (AV25-776)
    by Canadian Centre for Cyber Security on November 21, 2025 at 2:32 pm

    <article data-history-node-id="7027" about="/en/alerts-advisories/control-systems-abb-security-advisory-av25-776" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV25-776<br /><!–{C}%3C!%2D%2D%20DATES%20Pick%20one%20update%20the%20day%20xx%2C%20delete%20the%20rest%20%2D%2D%3E–><strong>Date: </strong>November 21, 2025</p> <p>On November 20, 2025, ABB published a security advisory to address a vulnerability in the following product:</p> <ul><li>ABB Ability Edgenius – versions 3.2.0.0 and 3.2.1.1</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.</p> <ul class="list-unstyled"><li><a href="https://search.abb.com/library/Download.aspx?DocumentID=7PAA022088&amp;LanguageCode=en&amp;DocumentPartId=&amp;Action=Launch">Edgenius Management Portal Authentication Bypass ABB Ability Edgenius – CVE ID: CVE-2025-10571</a></li> <li><a href="https://global.abb/group/en/technology/cyber-security/alerts-and-notifications">ABB Cyber security alerts and notifications</a></li> </ul></div> </div> </div> </div> </div> </article>

  • VMware security advisory (AV25-775)
    by Canadian Centre for Cyber Security on November 20, 2025 at 4:11 pm

    <article data-history-node-id="7026" about="/en/alerts-advisories/vmware-security-advisory-av25-775" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV25-775<br /><!–{C}%3C!%2D%2D%20DATES%20Pick%20one%20update%20the%20day%20xx%2C%20delete%20the%20rest%20%2D%2D%3E–><strong>Date: </strong>November 20, 2025</p> <p>On November 20, 2025, VMware published security advisories to address vulnerabilities in multiple products.</p> <p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://support.broadcom.com/web/ecx/security-advisory">Security Advisories – VMware Cloud Foundation</a></li> </ul><!–{C}%3C!%2D%2D***************************************************%20END%20ADVISORY%20-English-******************************************************%2D%2D%3E–></div> </div> </div> </div> </div> </article>

  • SonicWall security advisory (AV25-774)
    by Canadian Centre for Cyber Security on November 20, 2025 at 1:40 pm

    <article data-history-node-id="7025" about="/en/alerts-advisories/sonicwall-security-advisory-av25-774" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV25-774<br /><!–{C}%3C!%2D%2D%20DATES%20Pick%20one%20update%20the%20day%20xx%2C%20delete%20the%20rest%20%2D%2D%3E–><strong>Date: </strong>November 20, 2025</p> <p>On November 19, 2025, SonicWall published security advisories to address vulnerabilities in the following products:</p> <ul><li>Email Security (multiple models) – version 10.0.33.8195 and prior</li> <li>Gen7 hardware Firewalls (multiple models) – version 7.3.0-7012 and prior</li> <li>Gen7 virtual Firewalls (NSv) (multiple models) – version 7.3.0-7012 and prior</li> <li>Gen8 Firewalls (multiple models) – version 8.0.2-8011 and prior</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018">SonicWall Email Security Affected By Multiple Vulnerabilities 7.2</a></li> <li><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0016">SonicOS SSLVPN Pre-Auth Stack-Based Buffer Overflow Vulnerability 7.5</a></li> <li><a href="https://psirt.global.sonicwall.com/vuln-list">SonicWall Security Advisories</a></li> </ul><!–{C}%3C!%2D%2D***************************************************%20END%20ADVISORY%20-English-******************************************************%2D%2D%3E–></div> </div> </div> </div> </div> </article>

  • Google Chrome security advisory (AV25-766) – Update 1
    by Canadian Centre for Cyber Security on November 19, 2025 at 8:19 pm

    <article data-history-node-id="7015" about="/en/alerts-advisories/google-chrome-security-advisory-av25-766" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV25-766<br /><!–{C}%3C!%2D%2D%20DATES%20Pick%20one%20update%20the%20day%20xx%2C%20delete%20the%20rest%20%2D%2D%3E–><strong>Date: </strong>November 18, 2025<br /><strong>Updated: </strong>November 19, 2025</p> <p>On November 17, 2025, Google published a security advisory to address a vulnerability in the following product:</p> <ul><li>Stable Channel Chrome for Desktop – versions prior to 142.0.7444.175/.176 (Windows/Mac) and 142.0.7444.175 (Linux)</li> </ul><p>Google is aware that an exploit for CVE-2025-13223 exists in the wild.</p> <p><strong>Update 1</strong><br /> On November 19, 2025, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-13223 to their Known Exploited Vulnerabilities (KEV) Database.</p> <p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.</p> <ul class="list-unstyled"><li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities Catalog | CISA</a></li> <li><a href="https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html">Google Chrome Security Advisory</a></li> </ul></div> </div> </div> </div> </div> </article>

  • VMware security advisory (AV25-773)
    by Canadian Centre for Cyber Security on November 19, 2025 at 7:45 pm

    <article data-history-node-id="7024" about="/en/alerts-advisories/vmware-security-advisory-av25-773" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV25-773<br /><!–{C}%3C!%2D%2D%20DATES%20Pick%20one%20update%20the%20day%20xx%2C%20delete%20the%20rest%20%2D%2D%3E–><strong>Date: </strong>November 19, 2025</p> <p>Between November 18 and 19, 2025, VMware published security advisories to address critical vulnerabilities in the following products:</p> <ul><li>VMware Tanzu GemFire – versions prior to 10.1.5</li> <li>VMware Tanzu Greenplum – versions prior to 6.31.1</li> <li>VMware Tanzu Greenplum – versions prior to 7.6.1</li> <li>VMware Tanzu Data Flow on Tanzu Platform – versions prior to 2.0.1</li> <li>.NET Core Buildpack – versions prior to 2.4.67</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link and perform the suggested mitigations.</p> <ul class="list-unstyled"><li><a href="https://support.broadcom.com/web/ecx/security-advisory">Security Advisories – VMware Cloud Foundation</a></li> </ul></div> </div> </div> </div> </div> </article>

  • SolarWinds security advisory (AV25-772)
    by Canadian Centre for Cyber Security on November 19, 2025 at 7:42 pm

    <article data-history-node-id="7023" about="/en/alerts-advisories/solarwinds-security-advisory-av25-772" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV25-772<br /><strong>Date: </strong>November 19, 2025</p> <p>On November 18, 2025, SolarWinds published security advisories to address critical vulnerabilities in the following products:</p> <ul><li>SolarWinds Serv-U – version 15.5.2.2.102</li> <li>SolarWinds Serv-U Broken Access Control – version 15.5.2.2.102</li> <li>SolarWinds Observability Self-Hosted – version 2025.4 and prior</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.solarwinds.com/trust-center/security-advisories">SolarWinds Security Vulnerabilities</a></li> </ul></div> </div> </div> </div> </div> </article>

  • Microsoft Edge security advisory (AV25-771)
    by Canadian Centre for Cyber Security on November 19, 2025 at 6:20 pm

    <article data-history-node-id="7022" about="/en/alerts-advisories/microsoft-edge-security-advisory-av25-771" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV25-771<br /><!–{C}%3C!%2D%2D%20DATES%20Pick%20one%20update%20the%20day%20xx%2C%20delete%20the%20rest%20%2D%2D%3E–><strong>Date: </strong>November 19, 2025</p> <p>On November 18, 2025, Microsoft published a security update to address vulnerabilities in the following product:</p> <ul><li>Microsoft Edge Stable Channel – versions prior to 142.0.3595.90</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.</p> <ul class="list-unstyled"><li><a href="https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#november-18-2025">Microsoft Edge Stable Channel Release Notes</a></li> </ul></div> </div> </div> </div> </div> </article>

  • Atlassian security advisory (AV25-770)
    by Canadian Centre for Cyber Security on November 19, 2025 at 4:40 pm

    <article data-history-node-id="7021" about="/en/alerts-advisories/atlassian-security-advisory-av25-770" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV25-770<br /><!–{C}%3C!%2D%2D%20DATES%20Pick%20one%20update%20the%20day%20xx%2C%20delete%20the%20rest%20%2D%2D%3E–><strong>Date: </strong>November 19, 2025</p> <p>On November 18, 2025, Atlassian published a security advisory to address vulnerabilities in the following products:</p> <ul><li>Bitbucket Data Center and Server – multiple versions</li> <li>Confluence Data Center and Server – multiple versions</li> <li>Jira Data Center and Server – multiple versions</li> <li>Jira Service Management Data Center and Server – multiple versions</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html">Security Bulletin – November 18 2025</a></li> <li><a href="https://www.atlassian.com/trust/security/advisories">Atlassian Security Advisories and Bulletins</a></li> </ul></div> </div> </div> </div> </div> </article>

Share Websitecyber

Related Posts:

We are an ethical website cyber security team and we perform security assessments to protect our clients.