Critical React & Next.js RCE Vulnerabilities identified; Patches released .Attackers can craft malicious requests to trigger arbitrary server-side code execution in unpatched environments using default configurations.
Continue Reading
Summary : Several high severity vulnerabilities were recently identified in Google Chrome, impacting core components such as the V8 JavaScript engine, Chrome Updater, DevTools and Digital Credentials module.
The primary high-severity vulnerability, a Type Confusion bug in the V8 engine (CVE-2025-13630), could allow attackers to achieve memory corruption that may lead to remote code execution via malicious web content. Google says that that it handed out $11,000 for the V8 vulnerability and $3,000 for the Google Updater bug.
| Severity | High |
| CVSS Score | Not Published |
| CVEs | CVE-2025-13630, CVE-2025-13631, CVE-2025-13632, CVE-2025-13633 & 9 other CVEs. |
| POC Available | No public PoC at release time |
| Actively Exploited | No confirmed exploitation |
| Exploited in Wild | Not confirmed for Chrome 143 |
| Advisory Version | 1.0 |
Overview
Other vulnerabilities like privilege escalation, unauthorized actions or browser misuse have been patched in the latest Chrome update. Administrator and users are strongly urged to update to the chrome 143 release immediately.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Type-Confusion Vulnerability in V8 JavaScript Engine | CVE-2025-13630 | Chrome | High | v143.0.7499.40/41 |
| Inappropriate Implementation in Google Updater | CVE-2025-13631 | Chrome | High | v143.0.7499.40/41 |
| Inappropriate Implementation in DevTools | CVE-2025-13632 | Chrome | High | v143.0.7499.40/41 |
| Use-After-Free Vulnerability in Digital Credentials | CVE-2025-13633 | Chrome | High | v143.0.7499.40/41 |
Technical Summary
Several high-severity vulnerabilities were addressed in Google Chrome versions prior to 143.0.7499.40/41. The most critical involves a type of confusion flaw in the V8 JavaScript engine, which permits remote attackers to exploit improper object type handling, causing heap corruption when a user accesses a specially crafted webpage and potentially leading to remote code execution under certain conditions.
Other significant issues include a flawed update mechanism that may trigger unintended actions during updates, a logic error within DevTools that could result in tool misuse or unintended execution paths, and a use-after-free vulnerability in the digital credential processing components that may cause memory corruption and browser instability.
Together, these flaws can be exploited to bypass update protections, escalate privileges, disrupt developer tools, or compromise sensitive credential operations.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-13630 | Chrome 142 and prior | Type Confusion in V8 engine allows crafted JavaScript to trigger memory corruption leading to possible arbitrary code execution | Remote Code Execution |
| CVE-2025-13631 | Chrome 142 and prior | Inappropriate implementation in Chrome Updater may allow unauthorized update-related actions | Privilege Escalation |
| CVE-2025-13632 | Chrome 142 and prior | Inappropriate implementation in DevTools may allow unintended function execution | Unauthorized Code Paths / Sandbox Interaction |
| CVE-2025-13633 | Chrome 142 and prior | Use-after-free in Digital Credentials processing leads to memory corruption | Memory Corruption / Crash |
Remediation:
Here are some recommendations below
Conclusion:
Chrome 143 patches critical flaws in the JavaScript engine, updater, DevTools, and credentials, preventing remote code execution and memory corruption.
Users and administrators are strongly advised to promptly upgrade to the latest Chrome version and implement security best practices such as enforcing automatic updates, enabling endpoint exploit protections and monitoring for any signs of exploitation to maintain a strong defense against potential attacks.
Additionally, Google announced that the browser’s Extended Stable channel has been updated to version 142.0.7499.226 for Windows and macOS.
References:
OpenVPN vulnerabilities
Continue Reading
Japanese Brewing Giant Asahi, Exposed to Cyber-Attack; CAI Cyber-Attack is Lethal, Crafted to Empower Hackers Calls for Cyber Readiness
Continue Reading
Apache Syncope Patched Security Vulnerability Exposes User Password via Hardcoded AES Key
Continue Reading
Shai-Hulud malware campaign, npm Packages
Continue Reading
Summary : Fluent Bit is a widely used opensource tool for collecting and forwarding logs in cloud and containers like Kubernetes environments. A chain of 5 critical vulnerabilities discovered by Oligo Security team and findings reveal that attackers can misuse via Remote code execution putting cloud and container at risk.
| Severity | Critical |
| CVSS Score | 9.1 |
| CVEs | CVE-2025-12969, CVE-2025-12970, CVE-2025-12972, CVE-2025-12977, CVE-2025-12978 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
These vulnerabilities are CVE-2025-12977 CVE-2025-12970, CVE-2025-12969, CVE-2025-12978 , CVE-2025-12972. The vulnerabilities allow attackers to bypass authentication, manipulate log routing, achieve remote code execution, potentially leading to full compromise of cloud and Kubernetes environments using Fluent Bit for logging and observability.
Organizations relying on Fluent Bit must upgrade to the fixed versions and harden configurations to prevent remote takeover and log tampering.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score | Fixed Version |
| Fluent Bit Tag_Key Input Validation Bypass | CVE-2025-12977 | Fluent Bit | Critical | 9.1 | v4.0.12+ , v4.1.1+ , v4.2.0+ |
| Fluent Bit Docker Input Stack Buffer Overflow | CVE-2025-12970 | Fluent Bit | High | 8.8 | v4.0.12+ , v4.1.1+ , v4.2.0+ |
| Fluent Bit Forward Input Authentication Bypass | CVE-2025-12969 | Fluent Bit | Medium | 6.5 | v4.0.12+ , v4.1.1+ , v4.2.0+ |
| Fluent Bit Tag Spoofing via Partial Tag_Key Match | CVE-2025-12978 | Fluent Bit | Medium | 5.4 | v4.0.12+ , v4.1.1+ , v4.2.0+ |
| Fluent Bit File Output Path Traversal | CVE-2025-12972 | Fluent Bit | Medium | 5.3 | v4.0.12+ , v4.1.1+ , v4.2.0+ |
Technical Summary
Fluent Bit vulnerabilities center around unsafe handling of tags and inputs, enabling attackers to manipulate routing, file paths and memory in ways that directly impact host systems and downstream security tooling.
These flaws can allow path traversal and arbitrary file writes, which in many real-world setups may escalate to remote code execution and persistent node compromise.
Additional vulnerabilities include stack buffer overflows and missing authentication checks that let attackers crash agents, execute code and inject false telemetry into trusted logging pipelines.
Source: Oligo.security
| CVE ID | Vulnerability Details | Impact |
| CVE-2025-12977 | Improper input validation allows injection of control chars, newlines, and path traversal sequences in tag values. | Log corruption and output injection. |
| CVE-2025-12970 | Stack buffer overflow on container name copy due to lack of length check. | Crash or RCE. |
| CVE-2025-12969 | Authentication bypass disables user-based auth, allowing unauthenticated log injection. | Unauthorized log injection. |
| CVE-2025-12978 | Partial string comparison on Tag_Key lets attacker spoof tags by guessing first char. | Manipulation of log routing and filtering. |
| CVE-2025-12972 | Path traversal via unsanitized tags causes arbitrary file write and possible remote code execution. | Arbitrary file write and RCE. |
Remediation:
Here are some recommendations below
Conclusion:
The Fluent Bit vulnerabilities enable attackers to hide activity, corrupt evidence and even gain direct control of cloud workloads.
This puts cloud systems at risk because security teams may not see the real activity happening inside their environment.
Organizations using Fluent Bit should patch immediately, restrict network access and enforcing strong authentication and least‑privilege deployment as urgent priorities to reduce the risk of remote takeover and systemic observability compromise.
References:
BISO Analytics from Intrucept ‘A Unified platform to map Business risk with Cyber Risk
Continue Reading
Azure Bastion Elevation of Privilege Vulnerability CVE-2025-49752
Continue Reading
Summary : A security flaw was discovered in SonicWall’s SonicOS SSLVPN component, affecting both hardware and virtual firewall appliances across Gen7 and Gen8 product lines.
| OEM | SonicWall |
| Severity | High |
| CVSS Score | 7.5 |
| CVEs | CVE-2025-40601 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
The SonicWall vulnerability allows remote attackers, without any authentication, to crash into affected firewalls by sending specially crafted traffic to the SSLVPN service. There are no public exploitation in the wild but it is strongly advised customers to apply the available patches immediately to minimize risk.
In simple terms, the component fails to validate the size or structure of certain data before copying it to a stack‐allocated buffer. Under malicious input, the overflow can overwrite the stack, leading the firewall device to crash.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Stack-based buffer overflow in SonicOS SSLVPN service | CVE-2025-40601 | SonicWall SonicOS Firewalls (Gen7 and Gen8 Hardware and Virtual) | High | 7.3.1-7013 (Gen7), 8.0.3-8011 (Gen8) and latest one |
Technical Summary
The vulnerability occurs due to a stack-based buffer overflow affecting the SSLVPN service of SonicOS. Devices with the SSLVPN interface enabled are vulnerable.
This flaw permits remote unauthenticated attackers to trigger a denial-of-service condition, leading to a full firewall crash and service outage.
The problem impacts a wide range of SonicWall firewall models including Gen7 (TZ270, NSa 2700 series etc) and Gen8 (TZ280, NSa 2800 series etc). Administrators are urged to upgrade to the latest versions and restrict SSLVPN access to trusted IPs or disable external-facing SSLVPN portals until remediation is complete.
| CVE ID | Component Affected | Vulnerability Details | Impact |
| CVE-2025-40601 | SonicWall SonicOS SSLVPN service | Stack-based buffer overflow allows remote unauthenticated attackers to send crafted requests causing a denial-of-service crash of the firewall. Only devices with SSLVPN enabled are vulnerable. | Remote denial-of-service |
Recommendations
Update SonicWall immediately to the following fixed versions:
You can follow some below workaround here
Conclusion:
There has no evidence of active exploitation for this vulnerability, but the issue makes unpatched firewalls highly attractive targets for threat actors capable of causing major network outages.
Organizations relying on SonicWall should prioritize applying the latest patches and review their SSLVPN exposure as part of broader incident prevention. For those unable to patch immediately, restricting or disabling external SSLVPN access is strongly recommended until fixes can be deployed.
References: