Apache Roller, a widely used Java-based blogging platform, enabling users to create, manage, and publish blog content. It supports features like user authentication, content management, and customizable themes.
OEM
Apache
Severity
Critical
CVSS Score
10.0
CVEs
CVE-2025-24859
Actively Exploited
No
Exploited in Wild
No
Advisory Version
1.0
A critical security vulnerability (CVE-2025-24859) has been discovered in Apache Roller (versions 1.0.0 to 6.1.4), where old sessions are not invalidated after a password change, allowing attackers to maintain unauthorized access if they have stolen a session token. This flaw poses a significant risk of session hijacking and unauthorized access, and users are advised to upgrade to version 6.1.5 to mitigate the issue.
Vulnerability Name
CVE ID
Product Affected
Severity
Insufficient Session Expiration on Password Change
CVE-2025-24859
Apache Roller
Critical
Technical Summary
The vulnerability centers on insufficient session expiration.
When a user or administrator changes a password, Apache Roller versions before 6.1.5 do not properly invalidate existing sessions.
As a result, any session tokens before the password change remain valid.
This means that if an attacker has already compromised a user’s credentials and established a session, they can continue to access the application even after the password is updated, effectively bypassing a key security control.
This can be a big security threat, particularly in systems used by many users or administrators, where it’s important to keep sessions secure.
CVE ID
System Affected
Vulnerability Details
Impact
CVE-2025-24859
Apache Roller 1.0.0 – 6.1.4
Sessions are not invalidated after password change, allowing persistent access through old sessions if compromised.
Unauthorized Access / Session Hijacking
Remediation:
Apply Patches Promptly: Upgrade immediately to Apache Roller version 6.1.5, which implements proper centralized session invalidation.
Conclusion:
CVE-2025-24859 represents a critical access control threat to Apache Roller implementations.
Although no active exploitation has been observed still now, it’s easy for attackers to misuse sessions if they gain access. Its important for organizations using Apache Roller to quickly update to version 6.1.5 to fix this problem.
This is a critical step in maintaining the security of blog sites and protecting user data.
CVE-2025-24859 highlights the importance of robust session management in web applications.
An unverified password change vulnerability [CWE-620] in FortiSwitch GUI discovered.
This may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request as per Fortinet advisory released.
Summary
OEM
Fortinet
Severity
CRITICAL
CVSS Score
9.8
CVEs
CVE-2024-48887
Actively Exploited
Yes
Exploited in Wild
Yes
Advisory Version
1.0
Overview
Fortinet’s FortiSwitch product line has revealed a significant vulnerability noted as CVE-2024-48887. This flaw allows unauthenticated remote attackers to change administrative passwords by sending specially crafted requests to the device’s password management endpoint. With a CVSS score of 9.8, the vulnerability is classified as Critical and is actively being exploited in the wild.
Vulnerability Name
CVE ID
Product Affected
Severity
CVSS Score
A unverified password change vulnerability
CVE-2024-48887
Fortinet
CRITICAL
9.8
Technical Summary
A critical vulnerability (CVE-2024-48887) has been identified in Fortinet FortiSwitch devices, affecting versions 6.4.0 through 7.6.0. This flaw resides in the web-based management interface and allows remote, unauthenticated attackers to change administrator passwords by sending a specially crafted HTTP request to the set_password endpoint.
CVE ID
System Affected
Vulnerability Details
Impact
CVE-2024-48887
FortiSwitch v7.6, 7.4, 7.2, 7.0, 6.4
CVE-2024-48887 is an unauthenticated password change vulnerability in FortiSwitch web GUI. It enables remote unauthenticated attackers to modify admin passwords through crafted requests to the set_password endpoint.
Unverified Password Change
Remediation:
Apply Security Patches: Install the latest security update for your FortiSwitch version. Fortinet has fixed the issue in 6.4.15 and above,7.0.11 and above,7.2.9 and above,7.4.5 and above,7.6.1 and above versions.
General Recommendations
Update Devices Regularly always install the latest firmware and security patches from Fortinet to fix known vulnerabilities.
Limit access to the FortiSwitch web GUI to trusted IP addresses and disable HTTP/HTTPS access if it is not required.
Set strong and unique passwords and change them regularly to prevent unauthorized access.
Monitor unusual Activity for suspicious logins or configuration changes.
Conclusion:
The CVE-2024-48887 vulnerability poses a serious security risk to organizations using affected FortiSwitch devices. Its ease of exploitation and the lack of authentication required make it particularly dangerous.
Organizations must act immediately by applying the relevant security patches, limiting administrative access, and monitoring for unusual activity.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding the critical zero-day vulnerability, CVE-2025-2783, in Google Chrome and other Chromium-based browsers on Windows. This vulnerability is actively exploited in the wild and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, urged immediate patching to prevent security breaches and unauthorized system access.
Vulnerability Name
CVE ID
Product Affected
Severity
Fixed Version
Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2025-2783
Google Chrome
High
134.0.6998.117/.118
Technical Summary
This high-severity vulnerability found in the Mojo framework of Chromium-based browsers including Google Chrome, Microsoft Edge, and Opera, Brave etc. The vulnerability originates from a logic error that results in an incorrect handle being provided under certain conditions. This flaw allows attackers to bypass Chrome’s sandbox protections and potentially execute arbitrary code on the affected system.
Security researchers from Kaspersky discovered this zero-day vulnerability as part of an advanced cyber-espionage campaign dubbed “Operation ForumTroll.” The attack campaign targeted media outlets, educational institutions, and government organizations in Russia through highly personalized phishing emails.
The exploit chain is particularly dangerous because it requires minimal user interaction. Victims only need to click on a malicious link in a phishing email, after which the attack executes automatically without any additional action from the user. Once triggered, the exploit allows attackers to escape Chrome’s sandbox environment, leading to remote code execution and possible system compromise.
CVE ID
System Affected
Vulnerability Details
Impact
CVE-2025-2783
Google Chrome (Windows)
Incorrect handle provided in Mojo, allowing sandbox escape
Remote code execution, System Compromise
Remediation:
Google Chrome Patch Released: Google has released security updates in Chrome versions 134.0.6998.177/.178 to address this vulnerability. Users should update immediately.
General Recommendations:
Enable Automatic Updates: Ensure automatic updates are enabled in Google Chrome and other Chromium-based browsers to receive future security patches promptly.
Phishing Awareness Training: Organizations should educate employees on identifying and avoiding phishing emails to prevent exploitation.
Endpoint Security Measures: Deploy endpoint detection and response (EDR) solutions to monitor and mitigate potential threats.
CISA Compliance for Federal Agencies: Federal agencies must adhere to CISA’s Binding Operational Directive (BOD) 22-01 to address known exploited vulnerabilities promptly.
Conclusion:
The exploitation of CVE-2025-2783 demonstrates the ongoing threat posed by sophisticated cyber-espionage activities. Google has responded swiftly with a patch, and users are strongly advised to update their browsers immediately. Organizations should remain vigilant against phishing attempts and enhance their cybersecurity posture to mitigate similar threats in the future.
Threat actors aimed infiltrating on Orange’s systems; A case of Ransomware cannot be deniedon the data breach that took place.
Orange has confirmed it has recently experienced a cyber-attack, that exposed compromised data. Orange insists it is still investigating the case. The data breach on Orange group when analyzed found it included thousands of internal documents, including sensitive user records and employee data, after infiltrating the company’s infrastructure.
As per reports one of Orange’s non-critical apps breached in an attack aimed at its Romanian operations after HellCat ransomware gang member “Rey” alleged exfiltrating thousands of internal files with user records and employee details, which have been leaked on Tuesday, according to BleepingComputer.
Key Breach details on Orange Group
The data breach aimed at Infiltration of Orange’s systems for more than a month via the exploitation of Jira software and internal portal vulnerabilities.
This facilitated the eventual breach and can be a ransomware case as of almost 6.5 GB of corporate data including about 12,000 files over a nearly three-hour period on Sunday.
The hacker, known by the alias Rey, is a member of the HellCat ransomware group, noted the intrusion to be independent from the HellCat ransomware operation.
The threat actor claims that they have stolen thousands of internal documents of current and former Orange Romania employee, contractor, and partner email addresses, some of which dated from over five years ago, as well as mostly expired partial payment card details.
The hacker claims that they gained access to Orange’s systems by exploiting compromised credentials and vulnerabilities in the company’s Jira software (used for issue tracking) and other internal portals.
The point was getting access to the company’s systems for over a month before executing the data exfiltration as per the hacker. They also stated that they had dropped a ransom note on the compromised system, but Orange did not engage in negotiations.
Orange emphasized that the attack has not impacted operations amid an ongoing investigation into the incident. The company is yet to disclose whether affected individuals will be notified or if additional security measures will be introduced to prevent similar breaches in the future.
CyberSecurity Implications
From cybersecurity point the incident reflected how major organization face cyber threats and what is their strategy for incident response?
How far is the preparedness of enterprises against a ransomware attack?
These are some of the eminent questions organizations must face in order to defend their brand name..Is it proactive, are organizations prepared as Ransomware groups are focusing with advanced techniques.
Cyber security preparedness the next step
It is important that security teams be on their toes to stop any ransomware attack at the source.
AI on the endpoints is the requirement of the day, detecting atypical behavior to predict and block attack advances, at the same time before encryption, having visibility full visibility from the kernel to the cloud enables one to spot signs of compromise .This can also be any ransomware chain or any early indicators of compromise.
Experts keep on warning how to protect assets from getting compromised warning customers and employees to remain vigilant for potential phishing attempts based on the data that has been leaked.
AI Leveraging Ransomware campaigns
Earlier we witnessed cybercriminals would encrypt data and provide the decryption key once payment was received.
Now threats has doubled up with double or triple extortion attacks to expose stolen information on data leak sites in exchange for larger ransoms.
The greater availability of artificial intelligence and machine learning tools has led to these gangs be more sophisticated in their attack methods. Now the attack vectors leverage AI and ML capabilities to evade detection, spread more effectively to reach their final goals.
AI Reshaping Cyber security Roadmap
AI in cybersecurity firstly integrates artificial intelligence technologies that are required to gain critical insights and automate time-consuming processes and this includes machine learning and neural networks, into security frameworks.
These technologies are a must to enable cybersecurity teams and systems to analyze vast amounts of data, recognize attack patterns, and being able to adapt new evolving threats that can be performed with minimal human intervention. Read our blog: AI Reshaping Roadmap for Cyber security
With AI capabilities what is the next scenario we may witness in Ransomware campaigns
Making ransom calls using Voice Cloning
Malware that can target key personnel within the organization
The ability to decipher financial data and demand ransom amounts accordingly
AI-driven systems learn from experiences and AI will empowers organizations, enterprises in future and still doing to enhance their cybersecurity posture and reduce the likelihood of breaches, identify potential risks by acting independently.
