Month: November 2025

Security Advisory

NVIDIA DGX Spark Security Update Fixed 14 Vulnerabilities

Summary : NVIDIA DGX Spark GB10 firmware vulnerabilities including CVE-2025-33187, CVE-2025-33188, CVE-2025-33189 & 11 more CVEs can Execute Malicious Code and DoS Attacks. Systems running DGX OS versions prior to OTA0 are affected. Immediate upgrade to OTA0 is strongly advised. 

OEM NVIDIA 
Severity Critical 
CVSS Score 7.5 
CVEs CVE-2025-33187, CVE-2025-33188, CVE-2025-33189 & 11 more CVEs 
POC Available No 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

NVIDIA has released a security update addressing 14 vulnerabilities in the NVIDIA DGX Spark firmware, a high-performance AI workstation for machine learning and model training.

These vulnerabilities enable attackers with local access to bypass protections and manipulate firmware and hardware controls. Exploitation could lead to unauthorized code execution, data tampering, system disruption, and exposure of sensitive AI data.

                      Vulnerability Name CVE ID Product Affected Severity CVSS  Fixed Version 
​SoC Access Bypass Vulnerability via SROOT CVE-2025-33187 NVIDIA DGX Spark Critical 9.3 OTAO 
Hardware Control Tampering Vulnerability CVE-2025-33188 NVIDIA DGX Spark High 8.0 OTAO 
Out-of-Bounds Write Vulnerability in SROOT CVE-2025-33189 NVIDIA DGX Spark High 7.8 OTAO 

Technical Summary 

The NVIDIA DGX Spark GB10 firmware vulnerabilities primarily affect SROOT, OSROOT and hardware controls, enabling local attackers to bypass SoC protections for code execution, data tampering, information disclosure, denial of service and privilege escalation.

Critical flaws like out-of-bounds writes and hardware tampering allow memory corruption and system manipulation, while medium/low issues involve improper input handling, memory reads and resource reuse that risk data leaks or crashes.

All versions prior to OTA0 are vulnerable and security patch released fully addresses these risks.  

CVE ID Vulnerability Details Impact 
CVE-2025-33187 SROOT vulnerability allows attackers to access SoC-protected memory regions using privileged access Code execution, privilege escalation 
CVE-2025-33188 Hardware controls can be tampered with due to improper authorization enforcement Information disclosure, DoS 
CVE-2025-33189 Out-of-bounds writing in SROOT firmware enables memory corruption Code execution, privilege escalation 

Other Vulnerabilities: 

These other vulnerabilities are medium & low severity issues that may cause data leaks, system errors or minor disruptions. 

Vulnerability Name CVE ID Description Severity CVSS Impact 
Out-of-Bounds Write Vulnerability CVE-2025-33190 This vulnerability may allow unintended modification of system data Medium 6.7 Code execution, Privilege escalation 
Invalid Memory Read vulnerability in OSROOT CVE-2025-33191 Error in memory handling can crash system Medium 5.7 Denial of service 
Arbitrary Memory Read vulnerability CVE-2025-33192 Unauthorized access to stored information Medium 5.7 Info disclosure, DoS 
Integrity Validation Failure vulnerability CVE-2025-33193 Firmware integrity checks can be bypassed Medium 5.7 Code execution, info leak 
Input Processing Issue CVE-2025-33194 Faulty input handling reveals internal data Medium 5.7 Info disclosure, DoS 
Unexpected Buffer Operations CVE-2025-33195 Memory mishandling leads to data modification Medium 4.4 Data tampering, DoS 
Resource Reuse Exposure CVE-2025-33196 Reused firmware resources reveal sensitive data Medium 4.4 Information disclosure 
NULL Pointer Dereference CVE-2025-33197 System crashes due to improper pointer handling Medium 4.3 DoS, possible code execution 
Resource Reuse vulnerability CVE-2025-33198 Unintended reuse of resources leaks data Low 3.3 Information disclosure 
Incorrect Control vulnerability CVE-2025-33199 System behavior can be manipulated Low 3.2 Data tampering 
Resource Reuse vulnerability CVE-2025-33200 Data exposure due to resource reuse Low 2.3 Information disclosure 

Remediation

  • Upgrade all NVIDIA DGX Spark systems to DGX OS OTA0 or the latest fixed version. 

Conclusion: 

The discovery of 14 critical vulnerabilities in the NVIDIA DGX Spark firmware provides a stark reminder that advanced hardware requires strict security practices round the clock. 


These vulnerabilities pose a significant security risk to organizations using NVIDIA DGX Spark for AI or ML workloads. If exploited, attackers could gain deep hardware-level access, risk confidential AI datasets, system stability and training integrity. Immediate upgrading to OTA0 to  mitigate all the vulnerabilities. 

References

Blogs

AI Cyber-Attack is Lethal, Crafted to Empower Hackers; Calls for Cyber Readiness as Enterprise Security Strategy

Japanese Brewing Giant Asahi, Exposed to Cyber-Attack; CAI Cyber-Attack is Lethal, Crafted to Empower Hackers Calls for Cyber Readiness

Continue Reading
Security Advisory

Apache Syncope Patched Security Vulnerability   that Affected Multiple Versions of the Identity & Access Management Platform

Apache Syncope Patched Security Vulnerability Exposes User Password via Hardcoded AES Key 

Continue Reading
Blogs Security Advisory

Shai-Hulud’s ‘Second Coming’ npm Malware Infects Popular Developer Packages 

Shai-Hulud malware campaign, npm Packages

Continue Reading
Security Advisory

Critical Fluent Bit Vulnerabilities Allow RCE & Cloud Infrastructure at Risk 

Summary : Fluent Bit is a widely used opensource tool for collecting and forwarding logs in cloud and containers like Kubernetes environments. A chain of 5 critical vulnerabilities discovered by Oligo Security team and findings reveal that attackers can misuse via Remote code execution putting cloud and container at risk.

Severity Critical 
CVSS Score 9.1  
CVEs CVE-2025-12969, CVE-2025-12970, CVE-2025-12972, CVE-2025-12977, CVE-2025-12978 
POC Available No 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

These vulnerabilities are CVE-2025-12977  CVE-2025-12970, CVE-2025-12969, CVE-2025-12978 , CVE-2025-12972. The vulnerabilities allow attackers to bypass authentication, manipulate log routing, achieve remote code execution, potentially leading to full compromise of cloud and Kubernetes environments using Fluent Bit for logging and observability.

Organizations relying on Fluent Bit must upgrade to the fixed versions and harden configurations to prevent remote takeover and log tampering. 

                      Vulnerability Name CVE ID Product Affected Severity CVSS Score Fixed Version 
​Fluent Bit Tag_Key Input Validation Bypass CVE-2025-12977 Fluent Bit Critical 9.1 v4.0.12+ , v4.1.1+ , v4.2.0+ 
Fluent Bit Docker Input Stack Buffer Overflow CVE-2025-12970 Fluent Bit High 8.8 v4.0.12+ , v4.1.1+ , v4.2.0+ 
Fluent Bit Forward Input Authentication Bypass CVE-2025-12969 Fluent Bit Medium 6.5 v4.0.12+ , v4.1.1+ , v4.2.0+ 
Fluent Bit Tag Spoofing via Partial Tag_Key Match CVE-2025-12978 Fluent Bit Medium 5.4 v4.0.12+ , v4.1.1+ , v4.2.0+ 
Fluent Bit File Output Path Traversal CVE-2025-12972 Fluent Bit Medium 5.3 v4.0.12+ , v4.1.1+ , v4.2.0+ 

Technical Summary 

Fluent Bit vulnerabilities center around unsafe handling of tags and inputs, enabling attackers to manipulate routing, file paths and memory in ways that directly impact host systems and downstream security tooling.

These flaws can allow path traversal and arbitrary file writes, which in many real-world setups may escalate to remote code execution and persistent node compromise.

Additional vulnerabilities include stack buffer overflows and missing authentication checks that let attackers crash agents, execute code and inject false telemetry into trusted logging pipelines. 

Source: Oligo.security 

CVE ID Vulnerability Details Impact 
CVE-2025-12977 Improper input validation allows injection of control chars, newlines, and path traversal sequences in tag values. Log corruption and output injection. 
CVE-2025-12970 Stack buffer overflow on container name copy due to lack of length check. Crash or RCE. 
CVE-2025-12969 Authentication bypass disables user-based auth, allowing unauthenticated log injection. Unauthorized log injection. 
CVE-2025-12978 Partial string comparison on Tag_Key lets attacker spoof tags by guessing first char. Manipulation of log routing and filtering. 
CVE-2025-12972 Path traversal via unsanitized tags causes arbitrary file write and possible remote code execution. Arbitrary file write and RCE. 

Remediation

  • Upgrade all Fluent Bit deployments to v4.2.0 / v4.1.1 / v4.0.12  or latest version. 

Here are some recommendations below  

  • Avoid using dynamic or untrusted tags in configuration for routing or file naming. 
  • Always set explicit fixed Path or File parameters in out_file outputs to prevent path traversal. 
  • Ensure forward inputs use both Shared_Key and Security.Users for proper authentication enforcement. 
  • Limit network access to Fluent Bit instances to trusted sources only. 
  • Run Fluent Bit with least privilege and restrict filesystem and configuration file write permissions. 
  • Monitor logs and telemetry for abnormal tag values or unexpected log routing changes. 

Conclusion: 
The Fluent Bit vulnerabilities enable attackers to hide activity, corrupt evidence and even gain direct control of cloud workloads.

This puts cloud systems at risk because security teams may not see the real activity happening inside their environment.

Organizations using Fluent Bit should patch immediately, restrict network access and enforcing strong authentication and least‑privilege deployment as urgent priorities to reduce the risk of remote takeover and systemic observability compromise. 

References

Blogs

Indian Org’s to Hire more Dedicated Cyber security professional says Report ; Role of BISO to Gain Traction

BISO Analytics from Intrucept ‘A Unified platform to map Business risk with Cyber Risk

Continue Reading
Security Advisory

Microsoft Patched Critical Azure Bastion Elevation of Privilege Vulnerability 

Azure Bastion Elevation of Privilege Vulnerability CVE-2025-49752

Continue Reading
Security Advisory

SonicWall SSLVPN Vulnerability Allows Remote Attackers to Crash Firewalls  

Summary : A security flaw was discovered in SonicWall’s SonicOS SSLVPN component, affecting both hardware and virtual firewall appliances across Gen7 and Gen8 product lines.

OEM SonicWall 
Severity High 
CVSS Score 7.5 
CVEs CVE-2025-40601 
POC Available No 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

The SonicWall vulnerability allows remote attackers, without any authentication, to crash into affected firewalls by sending specially crafted traffic to the SSLVPN service. There are no public exploitation in the wild but it is strongly advised customers to apply the available patches immediately to minimize risk. 

In simple terms, the component fails to validate the size or structure of certain data before copying it to a stack‐allocated buffer. Under malicious input, the overflow can overwrite the stack, leading the firewall device to crash.

                Vulnerability Name CVE ID Product Affected Severity Fixed Version 
Stack-based buffer overflow in SonicOS SSLVPN service  CVE-2025-40601 SonicWall SonicOS Firewalls (Gen7 and Gen8 Hardware and Virtual)  High 7.3.1-7013 (Gen7), 8.0.3-8011 (Gen8) and latest one 

Technical Summary 

The vulnerability occurs due to a stack-based buffer overflow affecting the SSLVPN service of SonicOS. Devices with the SSLVPN interface enabled are vulnerable.

This flaw permits remote unauthenticated attackers to trigger a denial-of-service condition, leading to a full firewall crash and service outage.

The problem impacts a wide range of SonicWall firewall models including Gen7 (TZ270, NSa 2700 series etc) and Gen8 (TZ280, NSa 2800 series etc). Administrators are urged to upgrade to the latest versions and restrict SSLVPN access to trusted IPs or disable external-facing SSLVPN portals until remediation is complete. 

CVE ID Component Affected  Vulnerability Details Impact 
 CVE-2025-40601 SonicWall SonicOS SSLVPN service Stack-based buffer overflow allows remote unauthenticated attackers to send crafted requests causing a denial-of-service crash of the firewall. Only devices with SSLVPN enabled are vulnerable.  Remote denial-of-service 

Recommendations 

Update SonicWall immediately to the following fixed versions: 

  • Gen7 Hardware Firewalls: 7.3.1-7013 and higher versions 
  • Gen7 Virtual Firewalls : 7.3.1-7013 and higher versions 
  • Gen8 Firewalls: 8.0.3-8011 and higher. 

You can follow some below workaround here 

  • Temporarily disable the SSLVPN service if possible or restrict SSLVPN access only to trusted source IP addresses.  
  • Avoid exposing the SSLVPN service to untrusted internet sources until patched. 
  • Continuously monitor firewall and network logs for unusual SSLVPN activity or connection attempts that might indicate probing or exploitation attempts. 

Conclusion: 
There has no evidence of active exploitation for this vulnerability, but the issue makes unpatched firewalls highly attractive targets for threat actors capable of causing major network outages.

Organizations relying on SonicWall should prioritize applying the latest patches and review their SSLVPN exposure as part of broader incident prevention. For those unable to patch immediately, restricting or disabling external SSLVPN access is strongly recommended until fixes can be deployed. 

References

Blogs

The Digital Personal Data Protection Rule of 2025, Aligns India closely with Global Privacy Norms

The Digital Personal Data Protection Rule of 2025, aligns India closely with Global privacy norms

Continue Reading
Security Advisory

Chrome V8 Type Confusion Vulnerability Actively Exploited In The Wild 

Summary : Security advisory: Google has released an urgent security update to patch two high-severity Type Confusion vulnerabilities in the V8 JavaScript engine. The CVEs vulnerabilities are CVE-2025-13223, CVE-2025-13224 .

OEM Google 
Severity High 
CVSS Score 8.8 
CVEs CVE-2025-13223, CVE-2025-13224 
POC Available No 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

One of these vulnerability (CVE-2025-13223) is already being actively exploited in the wild, allowing attackers to potentially execute arbitrary code through malicious web content. which attackers can bypass Chrome’s sandbox, steal sensitive data, or deploy malware. The fixes have been rolled out for Chrome Stable 142.0.7444.175/.176 across Windows, Mac, and Linux. 

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
​Type Confusion Vulnerability in V8 JavaScript Engine CVE-2025-13223 Google Chrome High v142.0.7444.175 / v142.0.7444.176 
Type Confusion Vulnerability in V8 JavaScript Engine CVE-2025-13224 Google Chrome High v142.0.7444.175 / v142.0.7444.176 

Technical Summary 

Both vulnerabilities occur from Type Confusion vulnerabilities in Chrome’s V8 engine, where incorrect data-type handling leads to memory corruption and possible code execution. The CVE-2025-13223 is already being exploited in the wild and may involve APT-driven activity.

Another vulnerability was found internally through Google’s Big Sleep fuzzing system as part of ongoing proactive defense.

These weaknesses can allow attackers to bypass browser security boundaries and execute malicious actions remotely. Urgent need for users and administrators to apply Chrome’s latest security updates immediately. 

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025-13223 Google Chrome (V8 Engine) Type confusion due to improper type handling in V8 allowing memory corruption.  Remote Code Execution, Sandbox Escape 
CVE-2025-13224 Google Chrome (V8 Engine) Type confusion triggered during script execution, discovered via fuzzing Remote Code Execution, Browser Crash 

Remediation

  • Immediate Action: Users and organization administrators should update Chrome immediately to the following patched versions: 
  • Windows: 142.0.7444.175 / 142.0.7444.176 
  • MacOS: 142.0.7444.176 
  • Linux: 142.0.7444.175 

Here are some recommendations below 

  • Enforce Chrome auto-updates on all endpoints via enterprise policies. 
  • Monitor browser crash logs and unusual behaviors tied to JavaScript execution. 
  • Run updated vulnerability & patch management tools to ensure full endpoint compliance. 
  • Educate users to avoid suspicious links and unknown websites during active exploitation events 

Conclusion: 
With Chrome being the most widely used browser globally, prompt updates are essential for the new security vulnerabilities. Maintaining browsers at the latest versions remains the strongest defenses against modern web-based attacks in modern cyber world. 

References

Scroll to top