Scribd
Upload
48 views18 pages

Vulnerability Digest July 9 2025

Vulnerability digest

Uploaded by

eastmothon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
48 views18 pages

Vulnerability Digest July 9 2025

Vulnerability digest

Uploaded by

eastmothon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

Vulnerability Digest

July 2025

Gene Moody William Busler


Field CTO Technical Product Engineer
Agenda
1 Top Attacks of the Month 3 Software Updates
▪ MOVEit Transfer Scanning Surge
▪ Salt Typhoon Breaches Canadian Telecom ▪ Google Chrome ▪ GitHub

▪ Record-Breaking DDoS at 7.3 Tbps ▪ Call of Duty ▪ Teleport


▪ Linux ▪ Veeam

2 Microsoft Patch Tuesday ▪ CitrixBleed2 ▪ Grafana

▪ Cisco ▪ Palo Alto


▪ Overview
▪ WordPress ▪ Trend Micro
▪ Zero-day Vulnerabilities
▪ WinRAR
▪ Critical Vulnerabilities
▪ Brother Printers

Demo and Q&A!


Housekeeping

You’ll get the Feel free to ask Take a short poll You’ll get the
slides via email questions during and survey; we recording within
the ppt via chat appreciate your 24h
or Q&A feedback!

© Action1 Corporation. All rights reserved.


Top Attacks of the Month
MOVEit Transfer Scanning Surge

• Mass scanning of MOVEit systems indicates imminent attacks


• Organizations urged to patch immediately

Salt Typhoon Breaches Canadian Telecom

• Exploitation of unpatched Cisco vulnerability leads to breach


• Edge devices remain high-risk targets

Record-Breaking DDoS at 7.3 Tbps

• Largest DDoS attack recorded at 7.3 Tbps


• Compromised IoT devices fueled the assault

Zero-Click iPhone Exploits Target Journalists

• Zero-click iOS exploit used to spy on journalists


• Spyware deployed without user interaction

© Action1 Corporation. All rights reserved.


Microsoft Patch Tuesday Overview

137 14 0
Fixed Critical Zero-day
Vulnerabilities Vulnerabilities Fixed Vulnerabilities

© Action1 Corporation. All rights reserved.


JULY 2025
Microsoft Vulnerabilities & Patch Prioritization
Exploited in Priority
CVE ID Product / Component CVSS
Wild Recommendation
SharePoint Server 2019/2016 – code-injection (site-owner →
CVE-2025-49704 8.8 No High
RCE)
CVE-2025-49695, Microsoft Office – Preview-Pane no-click RCEs (use-after-
8.4 No High
49696 free & heap overflow)
CVE-2025-49697,
Office & Word – file-open RCEs (heap overflow, type
49702, 49698, 8.4 / 7.8 No Medium
confusion, use-after-free)
49703
SQL Server 2016-2022 – heap-overflow RCE with host-
CVE-2025-49717 8.5 No Medium
escape potential
SQL Server / OLE DB – un-initialised-memory information
CVE-2025-49719 7.5 No Medium
leak (public PoC)

= Exploited in the wild = Public PoC or suspected = Patch available, no known exploitation

Prioritize patching High-risk CVEs within the next 72 hours!


High Priority Software Updates
(Actively Exploited Threats)

**Google Chrome
(CVE-2025-6554 [High])**

-Type confusion in V8 JavaScript engine allows ***Call of Duty WWII**


arbitrary read/write
-Exploited in the wild via malicious HTML pages -RCE via multiplayer P2P protocol and crafted
-Fixed in Chrome 138.0.7204.96/.97 packets
(Win/macOS/Linux) -Users report system reboots, file downloads
during live play
-No official fix; ongoing maintenance
**Citrix NetScaler (CVE-2025-5777 [N/A])** acknowledged by Activision
-Out-of-bounds memory read exposes
session cookies and credentials
-Signs of MFA bypass, session reuse,
LDAP queries observed
-Patch to 14.1-43.56, 13.1-58.32+, or
newer; terminate active sessions
Medium Priority Software Updates
(PoC Available – High Risk, Not Yet Exploited)

**Cisco ISE / ISE-PIC (CVE-2025-20281, CVE- **Veeam Backup & Replication (CVE-2025-23121)**
2025-20282 [CVSS 10.0])** -Authenticated domain users can RCE on backup
-Remote command execution via public/internal servers
API endpointsT -Domain-joined servers at high risk; PoC expected soon
-Full system takeover with no auth; no PoC yet -Patched in v12.3.2.3617; follow domain separation best
-Fixed in ISE 3.4 Patch 2 / 3.3 Patch 6 practices

**Linux Sudo (CVE-2025-32463 [CVSS 9.3])** **Teleport (CVE-2025-49825 [CVSS 9.8])**


-Local root escalation using --chroot and crafted -SSH authentication bypass in multiple
config paths agents/configs
-No in-the-wild cases yet; patch released in -No PoC yet; affects self-hosted and OpenSSH/Git
v1.9.17p1 proxy setups
-Developers to deprecate chroot feature entirely -Update to 17.5.2 or backported secure versions
Software Updates: Low Priority
(Watchlist, No Exploitation Yet, But Worth Action)

**WinRAR (CVE-2025-6218 [CVSS 7.8]) ***Grafana (CVE-2025-4123)**

-Directory traversal allows silent drop of -Open redirect for session hijack/plugin
malicious files injection
-Requires user interaction (e.g., open archive) -36% of exposed instances remain unpatched
-Fixed in WinRAR 7.12 beta 1 -Fixes issued across multiple versions (10.4.18+,
11.x, 12.x)

**WordPress Forminator (CVE-2025-6463 ***GitHub Enterprise Server (CVE-2025-3509


[CVSS 8.8])** [CVSS 7.1])**
-Arbitrary file deletion through -RCE via pre-receive functionality under rare
manipulated form inputs hotpatching conditions
-Possible site takeover by deleting wp- -Requires elevated privileges (admin or repo
config.php control)
-Patched in version 1.44.3 -Patched in 3.13.16+ and later versions
Software Updates: Low Priority
(Watchlist, No Exploitation Yet, But Worth Action)

**Brother Printers (CVE-2024-51978)

-Default admin password retrievable via serial


number ***Trend Micro (CVE-2025-49212–49220
-Affects over 700 device models [CVSS 9.8])**
-Most issues fixed; core bug mitigated via
-Pre-auth RCE in Apex Central and TMEE
hardware changes
PolicyServer
-No current exploitation, but flaws pose serious
**Palo Alto PAN-OS (CVE-2025-4232 [CVSS risk
7.1])** -Patches issued for both products; no
workarounds available
-Code injection in GlobalProtect log
collection on macOS
-Requires authenticated user; no
exploitation observed
-Patched with multiple other CVEs in
latest PAN-OS releases
Recommendations & Takeaways
• Patch critical third-party software urgently (Chrome, Citrix, Cisco, Teleport,
Veeam)
• Review network exposure for NetScaler, Veeam, Teleport, Grafana
• Remove domain joins from backup servers where possible
• Disable risky plugin use and confirm CSP settings post-update
• Monitor for signs of session hijack, especially in Citrix environments
• Review legacy protocols (P2P, hotpatching) and segment affected
systems
Take a short poll!

© Action1 Corporation. All rights reserved.


Thank you! Questions?

Sign up to Action1 Switch to Action1 for Free


action1.com/signup action1.com/switch

Patching That Just Free for all your endpoints until


Works your current contract expires
Useful Links

Action1 – GitHub Action1 – Discord Action1 – Reddit


action1.com/github action1.com/discord action1.com/reddit
Download Software
Vulnerability Ratings
Report 2025

action1.com/software-vulnerability-
ratings-report-2025/
LEARN MORE

Thursday, July 10
Embassy Suites by Hilton Anaheim-South https://rb.gy/wcsfs2

Meet Action1 at FutureCon Orange


County – In Person or Online!

WHY VISIT US? Live Demos I Giveaways & Prize Draw I Meet the Team
Love Action1? Spread the word!

Reddit: r/sysadmin, r/msp


Love Action1? Spread the word!
Review us on G2 and get
a $25 gift card of your choice!

Scan the code, or visit:


on.action1.com/G2review

Check out what others say about Action1 LINK

You might also like