ZDI: Upcoming Advisories The following is a list of vulnerabilities discovered by Zero Day Initiative researchers that are yet to be publicly disclosed. The affected vendor has been contacted on the specified date and while they work on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by IPS filters delivered ahead of public disclosure. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor’s fixes.
- ZDI-CAN-27286: Appleon June 12, 2025 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘@zlluny’ was reported to the affected vendor on: 2025-06-12, 2 days ago. The vendor is given until 2025-10-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-26687: Delta Electronicson June 12, 2025 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Natnael Samson (@NattiSamson)’ was reported to the affected vendor on: 2025-06-12, 2 days ago. The vendor is given until 2025-10-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-27391: Linuxon June 12, 2025 at 5:00 am
A CVSS score 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by ‘Nicholas Zubrisky (@NZubrisky) of Trend Research’ was reported to the affected vendor on: 2025-06-12, 2 days ago. The vendor is given until 2025-10-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-26770: Santeon June 12, 2025 at 5:00 am
A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by ‘Artur Mattern’ was reported to the affected vendor on: 2025-06-12, 2 days ago. The vendor is given until 2025-10-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-27171: Microsofton June 12, 2025 at 5:00 am
A CVSS score 3.8 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N severity vulnerability discovered by ‘Angelboy (@scwuaptx) from DEVCORE Research Team’ was reported to the affected vendor on: 2025-06-12, 2 days ago. The vendor is given until 2025-10-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-27141: Soda PDFon June 12, 2025 at 5:00 am
A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2025-06-12, 2 days ago. The vendor is given until 2025-10-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-27382: Fortineton June 10, 2025 at 5:00 am
A CVSS score 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘Jason McFadyen of Trend Research’ was reported to the affected vendor on: 2025-06-10, 4 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-27238: X.Orgon June 10, 2025 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Jan-Niklas Sohn’ was reported to the affected vendor on: 2025-06-10, 4 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24013: NetBSDon June 10, 2025 at 5:00 am
A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘p33zy’ was reported to the affected vendor on: 2025-06-10, 4 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-27217: Appleon June 10, 2025 at 5:00 am
A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘shandikri’ was reported to the affected vendor on: 2025-06-10, 4 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-27104: Allegraon June 10, 2025 at 5:00 am
A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Swagat’ was reported to the affected vendor on: 2025-06-10, 4 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-27130: Jaspersofton June 10, 2025 at 5:00 am
A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Swagat’ was reported to the affected vendor on: 2025-06-10, 4 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-27388: Appleon June 10, 2025 at 5:00 am
A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L severity vulnerability discovered by ‘Nikolai Skliarenko of Trend Research’ was reported to the affected vendor on: 2025-06-10, 4 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-27383: Fortineton June 10, 2025 at 5:00 am
A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Jason McFadyen of Trend Research’ was reported to the affected vendor on: 2025-06-10, 4 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-27061: Veeamon June 10, 2025 at 5:00 am
A CVSS score 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Zeze and Sharkkcode with TeamT5’ was reported to the affected vendor on: 2025-06-10, 4 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-27086: Delta Electronicson June 9, 2025 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Guillaume Orlando’ was reported to the affected vendor on: 2025-06-09, 5 days ago. The vendor is given until 2025-10-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-26614: Digilenton June 9, 2025 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘kimiya’ was reported to the affected vendor on: 2025-06-09, 5 days ago. The vendor is given until 2025-10-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-26640: Digilenton June 9, 2025 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘kimiya’ was reported to the affected vendor on: 2025-06-09, 5 days ago. The vendor is given until 2025-10-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-27128: Delta Electronicson June 9, 2025 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Guillaume Orlando’ was reported to the affected vendor on: 2025-06-09, 5 days ago. The vendor is given until 2025-10-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-26615: Digilenton June 9, 2025 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘kimiya’ was reported to the affected vendor on: 2025-06-09, 5 days ago. The vendor is given until 2025-10-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-26612: Digilenton June 9, 2025 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘kimiya’ was reported to the affected vendor on: 2025-06-09, 5 days ago. The vendor is given until 2025-10-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-27081: NIon June 9, 2025 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2025-06-09, 5 days ago. The vendor is given until 2025-10-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-27093: Delta Electronicson June 9, 2025 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-06-09, 5 days ago. The vendor is given until 2025-10-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-26613: Digilenton June 9, 2025 at 5:00 am
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘kimiya’ was reported to the affected vendor on: 2025-06-09, 5 days ago. The vendor is given until 2025-10-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-24915: Marvellon June 5, 2025 at 5:00 am
A CVSS score 9.4 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H severity vulnerability discovered by ‘Andrea Micalizzi aka rgod (@rgod777)’ was reported to the affected vendor on: 2025-06-05, 9 days ago. The vendor is given until 2025-10-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-26861: Ivantion June 5, 2025 at 5:00 am
A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ’06fe5fd2bc53027c4a3b7e395af0b850e7b8a044′ was reported to the affected vendor on: 2025-06-05, 9 days ago. The vendor is given until 2025-10-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-26856: Ivantion June 5, 2025 at 5:00 am
A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ’06fe5fd2bc53027c4a3b7e395af0b850e7b8a044′ was reported to the affected vendor on: 2025-06-05, 9 days ago. The vendor is given until 2025-10-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-26858: Ivantion June 5, 2025 at 5:00 am
A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ’06fe5fd2bc53027c4a3b7e395af0b850e7b8a044′ was reported to the affected vendor on: 2025-06-05, 9 days ago. The vendor is given until 2025-10-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-26616: Appleon June 5, 2025 at 5:00 am
A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Gary Kwong’ was reported to the affected vendor on: 2025-06-05, 9 days ago. The vendor is given until 2025-10-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
- ZDI-CAN-26864: Ivantion June 5, 2025 at 5:00 am
A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ’06fe5fd2bc53027c4a3b7e395af0b850e7b8a044′ was reported to the affected vendor on: 2025-06-05, 9 days ago. The vendor is given until 2025-10-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
