Zero Day Initiative Upcoming Advisories

ZDI: Upcoming Advisories The following is a list of vulnerabilities discovered by Zero Day Initiative researchers that are yet to be publicly disclosed. The affected vendor has been contacted on the specified date and while they work on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by IPS filters delivered ahead of public disclosure. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor’s fixes.

  • ZDI-CAN-27286: Apple
    on June 12, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘@zlluny’ was reported to the affected vendor on: 2025-06-12, 2 days ago. The vendor is given until 2025-10-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-26687: Delta Electronics
    on June 12, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Natnael Samson (@NattiSamson)’ was reported to the affected vendor on: 2025-06-12, 2 days ago. The vendor is given until 2025-10-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27391: Linux
    on June 12, 2025 at 5:00 am

    A CVSS score 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by ‘Nicholas Zubrisky (@NZubrisky) of Trend Research’ was reported to the affected vendor on: 2025-06-12, 2 days ago. The vendor is given until 2025-10-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-26770: Sante
    on June 12, 2025 at 5:00 am

    A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by ‘Artur Mattern’ was reported to the affected vendor on: 2025-06-12, 2 days ago. The vendor is given until 2025-10-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27171: Microsoft
    on June 12, 2025 at 5:00 am

    A CVSS score 3.8 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N severity vulnerability discovered by ‘Angelboy (@scwuaptx) from DEVCORE Research Team’ was reported to the affected vendor on: 2025-06-12, 2 days ago. The vendor is given until 2025-10-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27141: Soda PDF
    on June 12, 2025 at 5:00 am

    A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2025-06-12, 2 days ago. The vendor is given until 2025-10-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27382: Fortinet
    on June 10, 2025 at 5:00 am

    A CVSS score 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by ‘Jason McFadyen of Trend Research’ was reported to the affected vendor on: 2025-06-10, 4 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27238: X.Org
    on June 10, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Jan-Niklas Sohn’ was reported to the affected vendor on: 2025-06-10, 4 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24013: NetBSD
    on June 10, 2025 at 5:00 am

    A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by ‘p33zy’ was reported to the affected vendor on: 2025-06-10, 4 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27217: Apple
    on June 10, 2025 at 5:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘shandikri’ was reported to the affected vendor on: 2025-06-10, 4 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27104: Allegra
    on June 10, 2025 at 5:00 am

    A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Swagat’ was reported to the affected vendor on: 2025-06-10, 4 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27130: Jaspersoft
    on June 10, 2025 at 5:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Swagat’ was reported to the affected vendor on: 2025-06-10, 4 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27388: Apple
    on June 10, 2025 at 5:00 am

    A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L severity vulnerability discovered by ‘Nikolai Skliarenko of Trend Research’ was reported to the affected vendor on: 2025-06-10, 4 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27383: Fortinet
    on June 10, 2025 at 5:00 am

    A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Jason McFadyen of Trend Research’ was reported to the affected vendor on: 2025-06-10, 4 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27061: Veeam
    on June 10, 2025 at 5:00 am

    A CVSS score 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Zeze and Sharkkcode with TeamT5’ was reported to the affected vendor on: 2025-06-10, 4 days ago. The vendor is given until 2025-10-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27086: Delta Electronics
    on June 9, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Guillaume Orlando’ was reported to the affected vendor on: 2025-06-09, 5 days ago. The vendor is given until 2025-10-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-26614: Digilent
    on June 9, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘kimiya’ was reported to the affected vendor on: 2025-06-09, 5 days ago. The vendor is given until 2025-10-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-26640: Digilent
    on June 9, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘kimiya’ was reported to the affected vendor on: 2025-06-09, 5 days ago. The vendor is given until 2025-10-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27128: Delta Electronics
    on June 9, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Guillaume Orlando’ was reported to the affected vendor on: 2025-06-09, 5 days ago. The vendor is given until 2025-10-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-26615: Digilent
    on June 9, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘kimiya’ was reported to the affected vendor on: 2025-06-09, 5 days ago. The vendor is given until 2025-10-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-26612: Digilent
    on June 9, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘kimiya’ was reported to the affected vendor on: 2025-06-09, 5 days ago. The vendor is given until 2025-10-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27081: NI
    on June 9, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Rocco Calvi (@TecR0c) with TecSecurity’ was reported to the affected vendor on: 2025-06-09, 5 days ago. The vendor is given until 2025-10-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-27093: Delta Electronics
    on June 9, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Anonymous’ was reported to the affected vendor on: 2025-06-09, 5 days ago. The vendor is given until 2025-10-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-26613: Digilent
    on June 9, 2025 at 5:00 am

    A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘kimiya’ was reported to the affected vendor on: 2025-06-09, 5 days ago. The vendor is given until 2025-10-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-24915: Marvell
    on June 5, 2025 at 5:00 am

    A CVSS score 9.4 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H severity vulnerability discovered by ‘Andrea Micalizzi aka rgod (@rgod777)’ was reported to the affected vendor on: 2025-06-05, 9 days ago. The vendor is given until 2025-10-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-26861: Ivanti
    on June 5, 2025 at 5:00 am

    A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ’06fe5fd2bc53027c4a3b7e395af0b850e7b8a044′ was reported to the affected vendor on: 2025-06-05, 9 days ago. The vendor is given until 2025-10-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-26856: Ivanti
    on June 5, 2025 at 5:00 am

    A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ’06fe5fd2bc53027c4a3b7e395af0b850e7b8a044′ was reported to the affected vendor on: 2025-06-05, 9 days ago. The vendor is given until 2025-10-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-26858: Ivanti
    on June 5, 2025 at 5:00 am

    A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ’06fe5fd2bc53027c4a3b7e395af0b850e7b8a044′ was reported to the affected vendor on: 2025-06-05, 9 days ago. The vendor is given until 2025-10-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-26616: Apple
    on June 5, 2025 at 5:00 am

    A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Gary Kwong’ was reported to the affected vendor on: 2025-06-05, 9 days ago. The vendor is given until 2025-10-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

  • ZDI-CAN-26864: Ivanti
    on June 5, 2025 at 5:00 am

    A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ’06fe5fd2bc53027c4a3b7e395af0b850e7b8a044′ was reported to the affected vendor on: 2025-06-05, 9 days ago. The vendor is given until 2025-10-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Share Websitecyber
We are an ethical website cyber security team and we perform security assessments to protect our clients.