ENISA to operate the EU Cybersecurity Reserve with EUR 36 million
ENISA to operate the EU Cybersecurity Reserve with EUR 36 million
Continue ReadingCISO
Multiple Critical Vulnerabilities in Citrix NetScaler ADC/Gateway
Security Advisory: Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway One Actively Exploited in Wild .
Citrix credited Jimi Sebree of Horizon3.ai, Jonathan Hetzer of Schramm & Partnerfor and Francois Hammerli for discovering and reporting the vulnerabilities.
| Severity | Critical |
| CVSS Score | 9.2 |
| CVEs | CVE-2025-7775, CVE-2025-7776, CVE-2025-8424 |
| POC Available | No |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
A critical zero-day vulnerability, tracked as CVE-2025-7775, puts over 28,200 Citrix instances at risk worldwide.
This flaw allows attackers to run malicious code on affected systems without authentication. The issue is actively being exploited in the wild and immediate action is needed to secure systems. Another two flaws were fixed in the latest updates.
| Vulnerability Name | CVE ID | Product Affected | Severity |
| Memory overflow vulnerability leading to RCE | CVE-2025-7775 | NetScaler ADC & Gateway | 9.2 |
| Memory overflow vulnerability leading to unpredictable behavior | CVE-2025-7776 | NetScaler ADC & Gateway | 8.8 |
| Improper access control on the NetScaler Management Interface | CVE-2025-8424 | NetScaler ADC & Gateway | 8.7 |
Technical Summary
The NetScaler ADC and NetScaler Gateway appliances are affected by multiple critical vulnerabilities that pose significant risks ranging from Remote Code Execution (RCE) and Denial of Service (DoS) to improper access control.
These include memory overflow flaws in configurations such as VPN virtual servers, load balancing virtual servers using IPv6 or DBS IPv6 services, and misconfigurations involving PCoIP profiles. Additionally, the management interface is exposed due to weak access control mechanisms, which could allow unauthorized administrative access if attackers reach key management IP addresses like NSIP or SNIP. CISA has added one vulnerability (CVE-2025-7775) to its Known Exploited Vulnerabilities (KEV) Catalog and strongly urges organizations to apply patches immediately to prevent active exploitation.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-7775 | NetScaler ADC & Gateway | A critical memory overflow vulnerability in NetScaler ADC and Gateway that can lead to Remote Code Execution or DoS when configured as a Gateway (e.g., VPN, ICA Proxy, CVPN, RDP Proxy), AAA virtual server, or LB virtual server using IPv6 or DBS IPv6 services including CR virtual servers of type HDX. | Remote Code Execution or DoS |
| CVE-2025-7776 | NetScaler ADC & Gateway | A memory overflow vulnerability under analysis, currently known to cause unpredictable system behavior and potential DoS when a PCoIP Profile is bound to a Gateway-configured NetScaler instance (VPN, ICA Proxy, CVPN, RDP Proxy), | Erroneous behavior and DoS |
| CVE-2025-8424 | NetScaler ADC & Gateway | An improper access control vulnerability on the NetScaler Management Interface, allowing unauthorized access when attackers can reach management IPs (NSIP, Cluster Management IP, local GSLB Site IP, or SNIP with Management Access), affecting NetScaler ADC and Gateway appliances. | Unauthorized access |
Recommendations
NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible.
- NetScaler ADC and NetScaler Gateway 14.1-47.48 and later releases
- NetScaler ADC and NetScaler Gateway 13.1-59.22 and later releases of 13.1
- NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later releases of 13.1-FIPS and 13.1-NDcPP
- NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later releases of 12.1-FIPS and 12.1-NDcPP
Here are some other recommendations below
- Monitor systems for unusual activity or unauthorized changes.
- Limit access to Citrix instances from untrusted networks.
- Use firewalls to block suspicious traffic targeting Citrix instances.
Conclusion:
Combined with additional high-severity vulnerabilities the overall threat landscape demands immediate attention. Organizations are strongly urged to apply the latest patches, restrict access to management interfaces and closely monitor for signs of compromise. Delayed action could result in significant operational and security impacts.
The active exploitation of CVE-2025-7775 highlights a critical security threat affecting multiple NetScaler ADC and Gateway instances globally. This zero-day confirmed exploitation in the wild poses a severe risk of Remote Code Execution and service disruption.
References:
NIST Wrapped Up ‘Lightweight Cryptography’ Algorithm to protect small devices, as IoT & Embedded Devices being prime Target of cybercriminals
The National Institute of Standards and Technology (NIST) has finalized four lightweight cryptographic algorithms designed to safeguard data generated and transmitted by the Internet of Things (IoT) and other small-scale technologies.
The four lightweight cryptographic algorithms that NIST has finalized the standard after a multiyear public review process followed by extensive interaction with the design community.
In the wake of IoT and embedded devices increasingly targeted by cybercriminals, the lightweight cryptography standard ensures strong security without overburdening limited hardware, paving the way for safer adoption in critical sectors like healthcare, transportation, and smart infrastructure.
There are many connected device such as smart home systems, fitness tracker and other IoT applications that lack the processing power and memory to run conventional encryption methods.
NIST’s new lightweight cryptography standard addresses this challenge by offering algorithms that require significantly less computing power and time, while still providing strong protection against cyberattacks.
The new framework, Ascon-Based Lightweight Cryptography Standards for Constrained Devices (NIST SP 800-232), provides tools for authenticated encryption and hashing while minimizing energy, time, and memory usage.
Selected in 2023 after a global review, the Ascon algorithm family forms the core of the standard. Originally developed in 2014 by researchers at Graz University of Technology, Infineon Technologies, and Radboud University, Ascon has already proven its resilience through the CAESAR competition, where it was recognized as a leading lightweight encryption solution.
Key Features of the Standard
The standard is the result of a multiyear public review and extensive collaboration with the cryptographic design community. Its adoption will help ensure that even resource-constrained devices can securely protect sensitive information.
As NIST emphasizes, “it’s the little things that matter most.” With this new standard in place, even the smallest of networked electronics now have robust defenses against cyber threats.
Four related algorithms are now ready for use to protect data created and transmitted by the Internet of Things and other electronics.
Many networked devices do not possess the electronic resources that larger computers do, but they still need protection from cyberattacks. NIST’s lightweight cryptography standard will help.
The four algorithms in the standard require less computing power and time than more conventional cryptographic methods do, making them useful for securing data from resource-constrained devices such as those making up the Internet of Things.
In the standard are four variants from the Ascon family that give designers different options for different use cases. The variants focus on two of the main tasks of lightweight cryptography: authenticated encryption with associated data (AEAD) and hashing.
ASCON-128 AEAD – Enables secure data encryption and integrity checks while resisting side-channel attacks.
ASCON-Hash 256 – Provides lightweight integrity verification for firmware updates, passwords, and digital signatures.
ASCON-XOF 128 / ASCON-CXOF 128 – Flexible hash functions with customizable lengths for efficiency and collision resistance.
The CXOF variant also adds the ability to attach a customized “label” a few characters long to the hash. If many small devices perform the same encryption operation, there is a small but significant chance that two of them could output the same hash, which would offer attackers a clue about how to defeat the encryption. Adding customized labels would allow users to sidestep this potential problem.
McKay said the NIST team intends the standard not only to be of immediate use, but also to be expandable to meet future needs.
NIST researchers emphasize the standard’s immediate applicability across industries, from smart appliances to healthcare. Future updates may expand functionalities, including a dedicated message authentication code.
In India, regulatory bodies have issued frameworks such as TEC’s Code of Practice for Securing Consumer IoT Devices and the IoT System Certification Scheme to enforce baseline security.
These measures focus on secure boot, encrypted communications, and safe software updates for connected devices.
Sources: ‘Lightweight cryptography’ standard to protect small devices finalized
Docker Desktop Vulnerability Allows Full Host Compromise via Exposed API
A critical vulnerability has been discovered in Docker Desktop for Windows, macOS and Linux distributions.
The vulnerability allows malicious containers to gain full access to the host system by misusing an exposed Docker Engine API endpoint.
Docker Desktop
Docker a must to have in modern enterprise infrastructure, as a strong foundation pillar that powers cloud-native applications including CI/CD pipelines and microservices at massive scale. Any vulnerabilities in Docker images and runtimes are particularly dangerous as they can open the door to severe supply-chain attacks, container escapes, data leaks, and even full host compromise.
| OEM | Docker |
| Severity | Critical |
| CVSS Score | 9.3 |
| CVEs | CVE-2025-9074 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
The vulnerability, considered as CVE-2025-9074, which affects Docker Desktop versions prior to 4.44.3. This exploitation requires no special configuration and can be triggered with minimal interaction. Docker has addressed this issue in version 4.44.3, administrator or user are suggested to upgrade to the latest version.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Docker Engine API Exposure / Container Escape | CVE-2025-9074 | Docker Desktop (Windows, macOS, Linux) | Critical | v4.44.3 |
Technical Summary
The vulnerability comes from Docker Desktop’s internal API endpoint (http://192.168.65.7:2375) being accessible from any container running locally. The endpoint with lack of authentication allows privileged API commands such as creating new containers, mounting host directories, and controlling images.
On Windows with WSL, this becomes riskier because attackers could mount your C: drive with the same rights, giving them full access to the machine. With the safety settings like Enhanced Container Isolation (ECI) or disabling TCP exposure, don’t fully block this problem.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-9074 | v4.25 before v4.44.3 | An internal HTTP API is automatically open to containers on the default network. This could allow us to run powerful commands – creating containers, managing images or accessing the host system | Full host compromise, including file system and resource access |
Remediation:
- Upgrade to Docker Desktop version 4.44.3 or later across all supported platforms.
Recommendations:
Here are some recommendations below
- Don’t depend only on container isolation, treat development tools as part of the security perimeter.
- Use network segmentation and zero-trust controls to protect container workloads.
- Monitor container traffic for unauthorized API access attempts.
- Apply strict IAM rules and give users only the permissions they really need on Docker hosts.
Conclusion:
CVE-2025-9074 is a critical container escape vulnerability exposing host systems to complete compromise. While no active exploitation has been reported, the weakness is easy to exploit. Immediate patching and environment hardening are strongly recommended for all Docker Desktop users.
References:
WhatsApp Privacy Advisory: Protect Your Conversations
Overview Security Advisory:
WhatsApp provides end-to-end encryption by default, ensuring that only you and your intended recipient can read messages. However, encryption alone does not guarantee complete privacy. Misconfigured or disabled privacy settings may still expose user information, media or allow unauthorized access.
These advisory highlights the most important privacy features that should be enabled, along with a checklist for additional protections.
Critical Privacy Features to Enable
- Advanced Chat Privacy
This feature strengthens the security of your conversations by limiting how chats and media can be shared outside WhatsApp.
Benefits:
- Prevents chat exports that could expose sensitive data.
- Restricts unauthorized forwarding or third-party use of your conversations.
- Protects against data mining and AI-driven scanning, ensuring personal and business chats remain confidential.
- Gives you greater control over how your messages are handled beyond WhatsApp.
- Enabling this feature is highly recommended, especially for users discussing sensitive financial, personal, or corporate information.
- End-to-End Encrypted Backups
While chats are encrypted in transit, backups stored on Google Drive or iCloud are not encrypted by default. Activating encrypted backups ensures:
- Only you can access backup data, using your chosen password or encryption key.
- Neither WhatsApp, Google, nor Apple can read your chat history.
- Added protection if your cloud account is compromised.
- Disappearing Messages
This feature allows messages to auto-delete after 24 hours, 7 days, or 90 days.
Benefits:
- Reduces digital footprint and limits data exposure over time.
- Ensure sensitive conversations do not remain accessible indefinitely.
- Useful for both personal privacy and business confidentiality.
Quick Setup Checklist
| Step | Action |
| 1 | Enable Advanced Chat Privacy in all important chats |
| 2 | Turn on End-to-End Encrypted Backup |
| 3 | Run Privacy Checkup: review visibility and group settings |
| 4 | Activate Disappearing Messages where appropriate |
| 5 | Enable App/Chat Locks (biometric/PIN) |
| 6 | Set up Two-Factor Authentication |
| 7 | Disable Media Auto-Saving |
| 8 | Check Linked Devices and log out extras |
| 9 | Restrict visibility of Last Seen, Profile Photo, About, and disable Read Receipts if desired |
Recommendations
- Enable Advanced Chat Privacy immediately to prevent misuse of conversations.
- Activate encrypted backups for long-term data security.
- Use disappearing messages for sensitive discussions.
- Regularly review privacy settings and update WhatsApp to the latest version.
Conclusion:
Strengthening WhatsApp privacy settings is critical for protecting both personal and professional communication. Enabling key features like Advanced Chat Privacy, Encrypted Backups, and Disappearing Messages provides stronger control over data security and reduces risks of unauthorized access or misuse.
PostgreSQL High-Severity RCE Flaws in pg_dump Utilities Allow Remote Code Execution
Summary : Security advisory: The PostgreSQL Global Development Group has issued a security update addressing 3 security vulnerabilities and over 55 bugs, including two high-severity remote code execution (RCE) flaws in core utilities. The update applies to PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22, as well as the third beta release of PostgreSQL 18.
| Severity | High |
| CVSS Score | 8.8 |
| CVEs | CVE-2025-8715, CVE-2025-8714, CVE-2025-8713 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
These issues affect all PostgreSQL versions 13 through 17. All the administrators & users are urged to update immediately to prevent potential exploitation.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Object Name Newline Injection | CVE-2025-8715 | PostgreSQL version 13-17 | High | 17.6, 16.10, 15.14, 14.19, 13.22 |
| pg_dump Restore-Time Arbitrary Code Execution | CVE-2025-8714 | PostgreSQL version 13-17 | High | 17.6, 16.10, 15.14, 14.19, 13.22 |
| View Access Policy Bypass via Statistics Leak | CVE-2025-8713 | PostgreSQL version 13-17 | Low | 17.6, 16.10, 15.14, 14.19, 13.22 |
Technical Summary
The PostgreSQL security update addresses three critical vulnerabilities that primarily impact its core utilities, specifically pg_dump, pg_dumpall and pg_restore. The most severe flaws, CVE-2025-8714 and CVE-2025-8715, enable remote code execution during database restoration.
These arise from improper handling of untrusted data and newline characters in dump outputs, allowing a malicious superuser from the origin server to inject arbitrary code via crafted meta-commands or object names.
When such a dump file is restored, the injected code executes on the client system as the operating system user running psql, leading to potential full system compromise. In some cases, the attack can even lead to SQL injection on the target server. The third issue, CVE-2025-8713, is lower in severity but still notable, allowing unauthorized users to infer sensitive data from optimizer statistics due to insufficient enforcement of row-level security policies. This can lead to leakage of histogram data and most common value lists from views or partitioned tables. These vulnerabilities collectively threaten data confidentiality, system integrity and operational security, especially in environments where backups are frequently restored or shared.
| CVE ID | CVSS Score | System Affected | Vulnerability Details | Impact |
| CVE-2025-8715 | 8.8 | PostgreSQL version 13-17 | Due to improper neutralization of newline characters in object names. A user with access to the origin server can craft object names containing newlines that inject psql meta-commands into the dump output. Upon restoration, these commands are interpreted and executed, leading to arbitrary code execution or even SQL injection on the restore target server. This issue was previously addressed in CVE-2012-0868 but was inadvertently reintroduced in version 11.20. | Arbitrary code execution |
| CVE-2025-8714 | 8.8 | PostgreSQL version 13-17 | A malicious superuser on the origin server can inject arbitrary code into a plain-format database dump via meta-commands or object definitions. When this dump is restored, the malicious code is executed by the psql client under the privileges of the system account running the restore operation. This flaw occurs due to insufficient validation of input data included in dump files. | Arbitrary code execution |
| CVE-2025-8713 | 3.1 | PostgreSQL version 13-17 | This allows unauthorized users to infer sensitive data by exploiting PostgreSQL’s optimizer statistics. A user can craft a leaky operator or query that bypasses access control mechanisms within views or partitioned tables. This permits access to internal statistics, such as histograms or most-common-values lists, which can expose data that row security policies are meant to hide. | Unauthorized access |
Recommendations:
Here are some recommendations below
- Upgrade to PostgreSQL versions 17.6, 16.10, 15.14, 14.19, 13.22, or the latest.
- Ensure pg_dump/restore operations are performed only with trusted data sources.
- Limit superuser privileges on database systems.
- Sanitize and audit database objects used in dumps or restores.
- Check for unusual meta-commands or object names in restore logs.
Conclusion:
Two of the vulnerabilities (CVE-2025-8714 and CVE-2025-8715) allow for arbitrary code execution. It’s the threats to system integrity and confidentiality. While not publicly exploited at the time of release, the potential severity of these flaws makes immediate patching critical.
PostgreSQL administrators should update all affected systems and review internal restore processes to avoid compromise.
References:
Microsoft IIS Web Deploy RCE Vulnerability Allows Authenticated Remote Code Execution
Summary of Vulnerability in Microsoft Web Deploy 4.0 (CVE-2025-53772) revels critical security flaw that could be exploited by authenticated attackers to execute code on affected systems. This is the bug disclosed on August 12, 2025, with a CVSS score of 8.8, indicating high severity.
| Severity | High |
| CVSS Score | 8.8 |
| CVEs | CVE-2025-53772 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
A vulnerability in Microsoft Web Deploy 4.0 (CVE-2025-53772) allows authenticated attackers to remotely execute arbitrary code on affected systems.
The issue arises from the insecure deserialization of untrusted data. Due to its low privilege requirements and lack of user interaction, this flaw poses a significant threat, especially in enterprise deployment environments.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Web Deploy Remote Code Execution via Deserialization | CVE-2025-53772 | Microsoft Web Deploy 4.0 | High | 10.0.2001 or later |
Technical Summary
The vulnerability stems from insecure deserialization of untrusted data (CWE-502), allowing remote attackers to craft malicious HTTP requests that trigger code execution on the web server. This flaw enables remote code execution (RCE) under specific conditions, where the attacker must have authenticated access and network connectivity.
The attack is network-based, requires only low-privilege access and does not rely on user interaction. Successful exploitation can result in a high impact on confidentiality, integrity and availability of the affected system. As of the time of publication, no public exploit has been reported and the exploit maturity is considered unproven.
| CVE ID | CVSS Score | System Affected | Vulnerability Details | Impact |
| CVE-2025-53772 | 8.8 | Microsoft Web Deploy 4.0 | Web Deploy deserializes untrusted input, allowing remote attackers to execute arbitrary code. | Remote Code Execution |
Recommendations:
Here are some recommendations below
- Apply Microsoft Web Deploy version 10.0.2001 or latest version.
- Limit access to Web Deploy endpoints to trusted IP ranges or internal networks only.
- Audit logs for unusual HTTP POST activity to Web Deploy endpoints.
Conclusion:
While CVE-2025-53772 has not yet been publicly exploited, the nature of the flaw and the ease of attack (low privileges, no user interaction) significantly increases the risk of widespread exploitation, particularly in enterprise deployment environments.
Organizations using Microsoft Web Deploy 4.0 should update and apply the latest patch without delay.
This vulnerability affects Web Deploy 4.0 and requires low privileges to exploit, making it particularly concerning for organizations that use this deployment tool in their infrastructure. The vulnerability allows an authenticated attacker to exploit the system via low-complexity network-based attacks.
References:
Microsoft Patch Tuesday August Patches 119 Vulnerabilities; Publicly Disclosed Kerberos Zero‑Day
Microsoft Patch Tuesday : Key points:
119 vulnerabilities discovered & 13 are classified as Critical rating meaning as per Microsoft’ they could be abused by malware or malcontents to gain remote access to a Windows system with little or no help from users.
CVE-2025-53779 is Windows Kerberos Elevation of Privilege Vulnerability
The vulnerabilities fall into multiple categories, including Remote Code Execution (RCE), Elevation of Privilege (EoP), Information Disclosure, Spoofing, Denial of Service (DoS), and Tampering. Below is a detailed breakdown of the vulnerabilities by category, along with key insights for organizations to prioritize their patching efforts.
| OEM | Microsoft |
| Severity | Critical |
| Date of Announcement | 2025-08-12 |
| No. of Patches | 119 |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
Microsoft has released security updates addressing 119 vulnerabilities in the August 2025 Patch Tuesday cycle, including one publicly disclosed zero-day in Windows Kerberos. Of these, 13 are classified as Critical, covering a wide range of products such as Windows components, Office, Azure, Exchange and SharePoint.
- 111 Microsoft CVEs addressed
- 8 non-Microsoft CVEs addressed
Breakdown of August 2025 Vulnerabilities
- 44 Elevation of Privilege Vulnerabilities
- 35 Remote Code Execution Vulnerabilities
- 18 Information Disclosure Vulnerabilities
- 9 Spoofing Vulnerabilities
- 4 Denial of Service Vulnerabilities
- 1 Tampering vulnerabilities
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| Windows Kerberos Elevation of Privilege Vulnerability | CVE-2025-53779 | Windows Server 2025 | High | 7.2 |
Technical Summary
The August 2025 Patch Tuesday addresses a publicly disclosed zero-day vulnerability CVE-2025-53779 in Windows Kerberos.
This elevation of privilege flaw, related to improper path handling in domain-managed service accounts (dMSA), could allow a local attacker to gain domain administrator privileges.
Microsoft also patched several critical Remote Code Execution (RCE) vulnerabilities across Windows Graphics, GDI+, Office, DirectX, and Hyper-V. Many of these vulnerabilities require minimal or no user interaction, such as simply opening a file in the preview pane or processing crafted image or network messages, making them high-risk for enterprise environments.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-53779 | Microsoft Windows Server 2025 | Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | Privilege escalation |
Source: Microsoft and NVD
In addition to the publicly disclosed vulnerability, several other critical and high-severity issues were addressed:
- CVE‑2025‑50165 and CVE‑2025‑53766: Graphics-related RCEs, particularly vulnerable due to their ability to execute code without user interaction and potential wormable behavior.
- CVE‑2025‑53792: Azure Portal, privilege escalation vulnerability, critical impact on cloud administration surface.
- CVE‑2025‑50171: Remote Desktop Server, allows remote code execution over RDP.
- CVE‑2025‑53778: Windows NTLM, elevation of privilege exploitation includes lateral movement across enterprise networks.
- CVE‑2025‑53786: Microsoft Exchange Server, hybrid environment vulnerability with potential for cloud environment hijacking.
Key Affected Products and Services
The vulnerabilities addressed in August 2025 impact a wide range of Microsoft products and services, including:
- Windows Core and Authentication Systems
Includes fixes in Windows Server (Kerberos), Windows Graphics Component, GDI+, DirectX Graphics Kernel, NTLM, Hyper‑V, MSMQ, Remote Desktop and more.
- Microsoft Office Suite and Productivity Tools
Microsoft Office and Word, notably through Preview Pane RCE flaws, as well as SharePoint (RCE and EoP), Exchange Server (Privilege Escalation in hybrid setups) and Teams.
- Cloud and Azure Ecosystem
Critical issues in Azure Virtual Machines (spoofing and info disclosure), Azure Stack Hub and potentially Azure Portal.
- Virtualization and Hypervisor Technologies
Updates include vulnerabilities in Hyper‑V (RCE and privilege escalation) and DirectX graphics kernel components relevant to virtualization.
- Development Tools
Fixes include vulnerabilities affecting Visual Studio and GitHub Copilot, reinforcing development environments.
- Messaging and Queuing Services
Includes a critical RCE in Microsoft Message Queuing (MSMQ).
- Browsers:
Microsoft Edge (Chromium-based).
Remediation:
- Apply Patches Promptly: Install the August 2025 security updates immediately to mitigate risks.
Conclusion:
Microsoft’s August 2025 Patch Tuesday, disclosed zero-day CVE-2025-53779 is another privilege escalation flaw in Windows Kerberos that stems from a case of relative path traversal. Akamai researcher Yuval Gordon has been credited with discovering and reporting the bug.
Aside from the vulnerabilities patched and disclosed in the regular monthly patch release for August, it is worth noting that one week ahead of the monthly update, Microsoft disclosed 4 vulnerabilities affecting Microsoft cloud services.
References:
7-Zip Security Flaw Allows Malicious File Writes and Potential Exploits
Summary Security Advisory: 7-Zip Security Flaw
A vulnerability in 7-Zip (versions before 25.01) allows attackers to abuse symbolic links in archive files to write files outside the intended extraction directory.
| Severity | Low |
| CVSS Score | 3.6 |
| CVEs | CVE-2025-55188 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
This can lead to overwriting sensitive files, potentially enabling code execution or privilege escalation. The flaw is primarily exploitable on Linux systems due to common file permission models but can also impact Windows under specific conditions. Affected archive formats include ZIP, TAR, 7Z and RAR.
The security flaw was reported and discoverd by security researcher lunbun, who identified that 7-Zip fails to properly validate symbolic links when extracting certain archive formats.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| 7-Zip Arbitrary File Write via Symbolic Link Flaw | CVE-2025-55188 | 7-Zip | Low | 25.01 and later. |
Technical Summary
Cause: Improper validation of symbolic links during archive extraction.
Attack Vector: Malicious archives can contain symlinks pointing outside the extraction directory.
Impact: Overwrites arbitrary files on the system. On Linux, this can replace startup scripts, configuration files, or binaries to gain elevated privileges. On Windows, exploitation requires write access to target paths.
Affected Formats: ZIP, TAR, 7Z, RAR.
| CVE ID | CVSS Score | System Affected | Vulnerability Details | Impact |
| CVE-2025-55188 | 3.6 | Linux, Windows 7-Zip versions | 7-Zip mishandles symbolic links in archives, letting attackers write files anywhere on the system during extraction. | Code execution, Privilege escalation |
Recommendations:
Here are some recommendations below
- Update 7-Zip to version 25.01 or latest one.
- Avoid extracting archives from untrusted sources.
- Always consider using sandboxed environments for unknown files extraction.
Conclusion:
While CVE-2025-55188 carries a low CVSS score, the real-world impact can be severe in certain environments, especially on Linux systems with high-privilege extraction processes.
Immediate patching to 7-Zip 25.01 or later is strongly advised to mitigate the risk of arbitrary file overwrite attacks.
The researcher has submitted a request for reevaluation of the CVSS score and offered to provide proof-of-concept demonstrations to package repository maintainers who require additional verification.
References:
WinRAR Zero-Day Path Traversal Flaw Actively Exploited to Code Execution
Security advisory: A zero-day path traversal vulnerability has been discovered in the Windows version of a popular file archiver utility, WinRAR. The vulnerability tracked as CVE-2025-8088, affects multiple Windows-based WinRAR an components, which has already been exploited in the wild.
| Severity | High |
| CVSS Score | 8.4 |
| CVEs | CVE-2025-8088 |
| POC Available | Yes |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
This flaw allows attackers to manipulate the extraction path of files from a malicious archive, enabling them to place arbitrary code file in sensitive system folders, overwrite important files and even execute malicious code immediately upon extraction.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Path Traversal Vulnerability | CVE-2025-8088 | WinRAR (Windows versions), RAR, UnRAR, portable UnRAR (Windows), UnRAR.dll | 8.4 | WinRAR 7.13 |
Technical Summary
When extracting files, vulnerable versions of WinRAR could be tricked into using a maliciously crafted file path embedded inside an archive rather than the user’s intended extraction directory. This occurs when the extraction process fails to properly validate and sanitize file paths before writing them to disk.
As a result, attackers can:
- Place malicious files in protected system directories.
- Overwrite critical system/application files.
- Trigger automatic execution of malware without further user action.
Most common attack vector involves sending a malicious archive via phishing or other social engineering techniques. When opened with a vulnerable WinRAR version, the malware is silently deployed and executed.
Unix versions of RAR, UnRAR, UnRAR library, RAR for Android are not affected for this vulnerability.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-8088 | WinRAR and related components on Windows version (RAR, UnRAR, portable UnRAR, UnRAR.dll) | Flawed extraction path handling allows files to be placed outside the intended extraction directory. | Allows arbitrary file placement, overwriting critical files, and executing malicious code without user interaction. |
Recommendations:
Here are the recommendations below you can follow
- Update immediately to WinRAR 7.13 or newer version from the official WinRAR website.
- Avoid extracting archives from untrusted or unknown sources.
- Enable endpoint protection and ensure it scans archives before extraction.
- Audit your system for unusual or unauthorized files in system directories.
Conclusion:
CVE-2025-8088 shows that even widely trusted tools like WinRAR can become high-risk targets when flaws allow silent malware deployment during normal usage. Given that this zero-day has already been exploited, updating to WinRAR 7.13 immediately is crucial. Additionally, users should avoid extracting files from unknown sources and maintain strong endpoint protection.
References:
Recent Comments