Trend Micro Releases New Critical Patch for Trend Micro Apex Central
Trend Micro releases Critical patches for ‘Build 7190’ , Patches Multiple Vulnerabilities Including RCE & DoS
Continue ReadingRCE
SAP Dec 2025 Security Patch Released, Critical RCE Fixed & DoS Vulnerabilities
Critical and High severity flaws in SAP business software, includes remote code execution, code injection, DoS and other vulnerabilities
Continue Reading
Critical Vulnerabilities Identified in React Server Components & Next.js; Due to the high severity Patching is Required
Critical React & Next.js RCE Vulnerabilities identified; Patches released .Attackers can craft malicious requests to trigger arbitrary server-side code execution in unpatched environments using default configurations.
Continue Reading
Shai-Hulud’s ‘Second Coming’ npm Malware Infects Popular Developer Packages
Shai-Hulud malware campaign, npm Packages
Continue Reading
Microsoft November Updates- Fixes 63 Vulnerabilities,1 Zero-Day Exploits ; Patch Now
Summary : Microsoft’s November 2025 Patch Tuesday resolves 63 vulnerabilities across multiple Microsoft components. The Microsoft Patch Tuesday also addresses four “Critical” vulnerabilities, two of which are remote code execution vulnerabilities, one is an elevation of privileges and the fourth is an information disclosure flaw.
| OEM | Microsoft |
| Severity | Critical |
| Date of Announcement | 2025-11-11 |
| No. of Patches | 63 |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview : Key Updates on Patch Tuesday
The update includes one actively exploited zero-day vulnerability (CVE-2025-62215) in the Windows Kernel and five additional Critical-rated vulnerabilities affecting Office, DirectX, GDI+, Visual Studio, and Nuance PowerScribe.
This release continues Microsoft’s focus on privilege escalation and remote code execution (RCE) vulnerabilities, highlighting the urgent need for comprehensive patch management across enterprise systems.
Here are the CVE addresses for Microsoft & non-Microsoft:
- 63 Microsoft CVEs addressed
- 5 non-Microsoft CVEs addressed (Republished)
Breakdown of October 2025 Vulnerabilities
- 29 Elevation of Privilege (EoP)
- 16 Remote Code Execution (RCE)
- 11 Information Disclosure
- 3 Denial of Service (DoS)
- 2 Security Feature Bypass
- 2 Spoofing
Source: Microsoft
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| Windows Kernel Elevation of Privilege Vulnerability (Zero-Day, Exploited in Wild) | CVE-2025-62215 | Windows 10, 11, Server 2016–2022 | Critical | 9.0 |
| Microsoft Office Use-After-Free Remote Code Execution Vulnerability | CVE-2025- 62199 | Microsoft Office (Word/Excel/Office Suite) | Critical | 9.8 |
| Nuance PowerScribe Missing Authorization Information Disclosure Vulnerability | CVE-2025-30398 | Nuance PowerScribe 360 | Critical | 9.1 |
| Windows DirectX Graphics Kernel Use-After-Free Vulnerability | CVE-2025-60716 | Windows DirectX Graphics Kernel | Critical | 8.8 |
| Microsoft GDI+ Heap-Based Buffer Overflow RCE Vulnerability | CVE-2025-60724 | Microsoft Graphics Component (GDI+) | Critical | 8.7 |
| Visual Studio Command Injection Remote Code Execution Vulnerability | CVE-2025-62214 | Microsoft Visual Studio / Visual Studio Code | Critical | 8.1 |
Technical Summary
The zero-day is a Windows Kernel bug that lets attackers gain full system control. Other critical & important vulnerabilities include Office and GDI+ vulnerabilities that could allow hackers to run malicious code or steal data.
Microsoft also patched issues in Visual Studio, DirectX, and Azure services. Users and admins are strongly advised to install these updates right away to stay protected.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-62215 | Windows Kernel | Race conditions in shared resource execution enables local attackers to elevate privileges to SYSTEM (Zero-Day; Exploited in Wild) | Elevation of Privilege |
| CVE-2025-62199 | Microsoft Office | Use-after-free vulnerability in Office allows RCE via malicious documents, typically delivered through phishing campaigns | Remote Code Execution |
| CVE-2025-30398 | Nuance PowerScribe 360 | Missing authorization vulnerability allows disclosure of sensitive medical or user data over the network | Information Disclosure |
| CVE-2025-60716 | Windows DirectX Graphics Kernel | Use-after-free conditions allow local attackers to escalate privileges, potentially compromising the entire system | Elevation of Privilege |
| CVE-2025-60724 | Microsoft GDI+ | Heap-based buffer overflow allows attackers to execute arbitrary code remotely via crafted network traffic or malicious files | Remote Code Execution |
| CVE-2025-62214 | Visual Studio | Command injection vulnerability allows attackers to execute arbitrary code locally in developer environments | Remote Code Execution |
Source: Microsoft
In addition to several other Important severity vulnerabilities were addressed below –
- CVE-2025-59505: Windows Smart Card Reader – Double-free memory handling vulnerability enabling privilege escalation.
- CVE-2025-60704: Windows Kerberos – Missing cryptographic validation allows privilege escalation.
- CVE-2025-60719: Windows WinSock Driver – Untrusted pointer dereference enabling SYSTEM-level access.
- CVE-2025-59504: Azure Monitor Agent – Heap-based buffer overflow allowing local code execution.
- CVE-2025-60714: Windows OLE – Buffer overflow permitting local RCE.
- CVE-2025-62452: Windows RRAS – Heap overflow enabling network-based RCE.
- CVE-2025-59509: Windows Speech Recognition – Sensitive data exposure vulnerability.
- CVE-2025-62208 / CVE-2025-62209: Windows License Manager – Sensitive information insertion into logs.
- CVE-2025-62210 / CVE-2025-62211: Dynamics 365 Field Service – Cross-site scripting (XSS) spoofing.
- CVE-2025-62449 / CVE-2025-62453: VS Code / GitHub Copilot – Path traversal and AI output validation bypass & Others more Vulnerabilities.
Source: Microsoft, bleepingcompute, cybersecuritynews
Key Affected Products and Services
The November 2025 security updates address critical and important vulnerabilities across a broad range of Microsoft products and services:
- Windows Core Components
Updates for Kernel, Hyper-V, Kerberos, RRAS, WinSock, Smart Card, Bluetooth subsystems.
- Microsoft Office Suite
Patches for Word, Excel, and related components impacted by RCE and Information Disclosure vulnerabilities.
- Azure & Cloud Services
Fixes for Azure Monitor Agent, Dynamics 365, Entra ID, and related connectors.
- Graphics Components
Patches for GDI+, DirectX, WSL GUI.
- Developer Tools
Updates for Visual Studio, Visual Studio Code, and GitHub Copilot.
- Third-Party Applications
Patches for Nuance PowerScribe (Medical domain).
- Mobile Platform Technologies
Updates for Microsoft OneDrive for Android.
Remediation:
- Install the November 2025 Microsoft security updates immediately across all Windows, Office, and Azure systems.
Here are some recommendations below
- Monitor for Indicators of Compromise (IoCs) for privilege escalation attempts, new SYSTEM-level services, or unusual Office file crashes.
- Ensure Windows 10 ESU enrollment for extended support systems.
- Restrict local admin privileges and enforce least-privilege access.
- Leverage EDR/SIEM solutions to detect suspicious kernel and Office activity.
- Segment critical systems and disable unused network services (RRAS, SMB).
Conclusion:
Microsoft’s November 2025 Patch Tuesday resolves 63 vulnerabilities, including one actively exploited Zero-Day and multiple Critical RCE and EoP vulnerabilities in Office, Windows Kernel, GDI+, and Visual Studio.
Given the confirmed exploitation and the presence of memory corruption vulnerabilities, immediate patch deployment is necessary to prevent potential ransomware and privilege escalation attacks in our modern cyber world.
References:
Gladinet Triofox Patched Critical Unauthenticated Remote Access Vulnerability
Summary : A critical unauthenticated access vulnerability in Triofox is being actively exploited in the wild by threat actor UNC6485. Attackers exploit a Host header spoofing vulnerability to bypass authentication, create native admin accounts and chain abuse of the built-in antivirus feature to execute arbitrary code under SYSTEM privileges.
| OEM | Gladinet |
| Severity | Critical |
| CVSS Score | 9.1 |
| CVEs | CVE-2025-12480 |
| POC Available | YES |
| Actively Exploited | YES |
| Exploited in Wild | YES |
| Advisory Version | 1.0 |
Overview
Triofox is an enterprise file-sharing and remote access platform by Gladinet that enables secure file sync, sharing, and collaboration across on-premises and cloud environments. Immediate upgrade is mandatory to prevent full system compromise, ransomware and persistent remote access.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Unauthenticated Access via Host Header Spoofing & Antivirus RCE Chain | CVE-2025-12480 | Triofox | Critical | v16.7.10368.56560 or later |
Technical Summary
The vulnerability in the CanRunCriticalPage() function within GladPageUILib.dll, which allows access to setup pages, if the Host header is “localhost” – without validating the request origin. Attackers spoof this header externally to initiate the setup process, create a Cluster Admin account, and gain authenticated access.
Once logged in, attackers exploit the antivirus configuration feature, which allows arbitrary executable paths. By uploading a malicious script to a shared folder and setting it as the antivirus scanner, the file executes with SYSTEM-level privileges inherited from the Triofox service.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025- 12480 | Triofox < 16.7.10368.56560 | Host header attack bypasses authentication to AdminDatabase.aspx that enables admin account creation. Chained with antivirus path abuse to run uploaded payloads as SYSTEM | Authentication Bypass, Admin Account Creation, Remote Code Execution, Full System Compromise, Persistent Access, Data Exfiltration, Lateral Movement |
Indicators of Compromise (IOCs)
Host-Based Artifacts
| Artifact | Description | SHA-256 Hash |
| C:\Windows\appcompat\SAgentInst aller_16.7.10368.56560.exe | Installer containing Zoho UEMS Agent | 43c455274d41e58132be7f66139566a941190ceba46082eb 2ad7a6a261bfd63f |
| C:\Windows\temp\sihosts.exe | Plink | 50479953865b30775056441b10fdcb984126ba4f98af4f647 56902a807b453e7 |
| C:\Windows\temp\silcon.exe | PuTTy | 16cbe40fb24ce2d422afddb5a90a5801ced32ef52c22c2fc7 7b25a90837f28ad |
| C:\Windows\temp\file.exe | AnyDesk | ac7f226bdf1c6750afa6a03da2b483eee2ef02cd9c2d6af71e a7c6a9a4eace2f |
| C:\triofox\centre_report.bat | Attacker batch script filename | N/A |
Network-Based Artifacts
| IP Address | ASN | Description |
| 85.239.63[.]37 | AS62240 – Clouvider Limited | IP address of the attacker used to initially exploit CVE-2025-12480 to create the admin account and gain access to the Triofox instance |
| 65.109.204[.]197 | AS24950 – Hetzner Online GmbH | After a dormant period, the threat actor used this IP address to login back into the Triofox instance and carry out subsequent activities |
| 84.200.80[.]252 | AS214036 – Ultahost, Inc. | IP address hosting the installer for the Zoho UEMSAgent remote access tool |
| 216.107.136[.]46 | AS396356 – LATITUDE-SH | Plink C2 |
Source: cloud.google.com
Recommendations:
Upgrade Triofox to version 16.7.10368.56560 or latest from the official Gladinet portal.
Conclusion:
This vulnerability represents a severe supply-chain risk in enterprise file-sharing platforms, enabling zero-authentication RCE through misconfigured access controls and feature abuse. With active in-the-wild exploitation by UNC6485 and rapid post-patch attacks, delayed patching significantly increases breach likelihood.
Immediate upgrade, log monitoring, and network hardening are essential to prevent ransomware deployment, data theft, and network pivoting. This incident reinforces the need for secure-by-design input validation and principle of least privilege in remote access tools.
References:
Critical Brash Vulnerability: Blink Engine Flaw Breaks Chromium Browsers
Overview : Brash Vulnerability works on Google Chrome and all web browsers that run on Chromium.
A newly disclosed vulnerability, Brash, exposed a critical architectural flaw in Chromium’s Blink rendering engine. Blink is Chromium’s open-source rendering engine responsible for parsing HTML, CSS, and JavaScript, building the DOM and render trees, and executing script-driven updates to the browser interface.
It underpins the user experience of all Chromium-based browsers and is a core component of their performance and stability.
The issue allows a malicious web page to crash Chromium-based browsers within seconds, including Chrome, Microsoft Edge, Brave, Opera etc. The attack works by overloading Blink’s main UI thread using a flood of unthrottled DOM operations. A public proof-of-concept (PoC) exploit is available and can be tested on machines, that escalating the urgency for patching across all Chromium-based platforms.
Technical Details
Blink lacks any rate limiting or coalescing on rapid document. title updates, allowing an attacker to flood the browser with millions of DOM mutations per second.
This saturates the browser’s main UI thread, causing extreme CPU usage and blocking event processing, which leads to the browser tab freezing or crashing within 15 to 60 seconds. The exploit can also be use to trigger after a delay or at a precise scheduled time, turning it into a highly controllable logic bomb.
The exploit requires no special permissions beyond navigating to a malicious page, presenting a severe and immediate operational risk until patches are deployed.
Attack Flow
Recommendations
You can follow the recommendations below
- Avoid clicking on suspicious or untrusted links, especially those prompting unexpected redirects or downloads.
- Keep all Chromium-based browsers (Chrome, Edge, Brave etc.) updated with the latest security patches as vendors release fixes.
- Enforce automatic browser updates within organizations to ensure all users receive critical patches promptly.
- Monitor computer endpoints for unusual CPU spikes related to browser processes, which can indicate ongoing exploitation attempts.
- Educate users and employees about the risk of drive-by attacks through malicious websites and the importance of security awareness.
Conclusion:
The Brash vulnerability reveals how a simple architectural oversight. It lets attackers crash browsers by flooding them with too many title updates too fast, causing the browser to freeze or crash. This attack can be scheduled to happen later, making it harder to detect.
Mozilla Firefox and Apple Safari are immune to the attack, as are all third-party browsers on iOS, given that they are all based on WebKit.
The best defense is to keep browsers updated, avoid suspicious links and stay alert for unusual computer slowdowns.
References:
High-severity path traversal vulnerability was identified in Docker Compose
Docker Compose Path Traversal Vulnerability Enables Arbitrary File Write and System Compromise
Summary:
| OEM | Docker |
| Severity | High |
| CVSS Score | 8.9 |
| CVEs | CVE-2025-62725 |
| Date of Announcement | 2025-10-28 |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
A high-severity path traversal vulnerability was identified in Docker Compose, a widely-used tool for defining and managing multi-container Docker applications.
This flaw occurs in the handling of remote OCI-based Compose artifacts, allowing an attacker to craft malicious artifact annotations that bypass directory restrictions. As a result, malicious files can be written outside the intended cache directory on the host system.
This vulnerability can be triggered even by seemingly harmless commands such as docker compose ps or docker compose config that resolve remote artifacts. Organizations should upgrade immediately to avoid possible system compromise.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| Path Traversal in OCI Artifacts Allowing Arbitrary File Write | CVE-2025-62725 | Docker Compose CLI | High | 8.9 |
Technical Summary
Docker Compose added support for fetching Compose files as OCI artifacts from remote registries. These artifacts contain layers with annotations indicating file paths for writing.
The vulnerability exists because Docker Compose did not sanitize or validate these path annotations prior to writing files, allowing path traversal sequences to escape the cache directory.
Attackers can exploit this by publishing malicious OCI artifacts with crafted annotations, leading to arbitrary file writes anywhere the Compose process has permissions, potentially overwriting sensitive files such as SSH authorized_keys, escalating privileges and compromising the host. The flaw affects Docker Compose versions prior to v2.40.2.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-62725 | Docker Compose (Linux, Windows, macOS) | Path traversal via malicious remote OCI artifact annotations allowing arbitrary file write outside the Compose cache directory. | Arbitrary file write, potential system compromise, privilege escalation. |
Remediation
Apply security patches immediately to mitigate risks from privilege escalation and container escape.
- Update Docker-compose to v2.40.2 or the latest one.
Conclusion
Docker Compose vulnerability poses a serious risk of arbitrary file writes and system compromise through malicious OCI artifacts.
Due to the ease of exploitation when using remote Compose files, all users and organizations should upgrade to the patched Docker Compose version immediately, scrutinize remote artifact usage, and enhance their container security hygiene to mitigate this significant threat.
References
Copilot Studio SupplyChain Attack Steals OAuth Tokens via CoPhishing
Summary
The CoPhish attack is a sophisticated phishing technique exploiting Microsoft Copilot Studio to steal OAuth tokens by tricking users into granting attackers unauthorized access to their Microsoft Entra ID accounts.
By Copilot Studio’s customizable AI agents, attackers create chatbots hosted on legitimate Microsoft domains that wrap traditional OAuth consent attacks in an authentic-looking interface, increasing the likelihood of successful deception.
Technical Details
The attackers often use a trial license or compromised tenant to create the agent, backdooring the authentication workflow so that, post-consent, OAuth tokens are exfiltrated via HTTP to attacker infrastructure.
Few Demo links like copilotstudio.microsoft.com add credibility, closely mimicking official Microsoft Copilot services, and victims see familiar branding and login flows.
While Microsoft has implemented consent policy updates including blocking risky permissions by default for most users significant gaps remain: unprivileged users can still approve internal apps and privileged admins retain broad consent authority.
Tokens exfiltrated by CoPhish can be used for impersonation, data theft or sending further phishing emails, often going undetected as the traffic is routed through Microsoft infrastructure.
malicious CopilotStudio page Source: securitylabs.datadoghq.com
Attack Flow
| Step | Description |
| 1. Build Malicious Copilot Agent | Attackers create a customized Copilot Studio chatbot, usually on a trial license within their own or a compromised Microsoft tenant, configuring it to appear as a legitimate assistant. |
| 2. Backdoor Authentication Workflow | The agent’s “Login” topic is modified to include an HTTP request that will exfiltrate any OAuth tokens granted by users during authentication. |
| 3. Share Demo Link | Attackers generate and distribute demo website URL (like, copilotstudio.microsoft.com) pointing to the malicious chatbot, mimicking official Copilot Studio services and passing basic domain trust checks. |
| 4. Victim and Trigger Consent | Victims access the link, interact with the familiar interface, and are prompted to login, beginning an OAuth consent flow that requests broad Microsoft Graph permissions. |
| 5. Token Exfiltration | After the victim consents, the agent collects the issued OAuth token and sends it via HTTP to an attacker-controlled server, often relaying through Microsoft IP addresses to avoid detection in standard traffic logs. |
| 6. Abuse Granted Permissions | Attackers use the stolen token to impersonate the victim, accessing emails, calendars, and files or conducting further malicious actions such as sending phishing emails or stealing sensitive data. |
| 7. Persist and Retarget | Due to policy gaps, attackers can repeat the process targeting both internal and privileged users, tailoring requested app permissions and adapting to Microsoft’s evolving security measures. |
Source: securitylabs.datadoghq.com
Why It’s Effective
- Leverages trusted Microsoft domains and branding with realistic AI chatbot flows, bypassing phishing detection and user suspicion.
- Bypasses multi-factor authentication by stealing fully privileged OAuth tokens that persist until revoked.
- Targets both regular users and privileged admins by adapting requested permissions, making it scalable and versatile.
Recommendations
Here are some recommendations below
- Enforce strict Microsoft Entra ID consent policies to limit user approval of app permissions, especially high-risk scopes.
- Restrict or disable user creation and publishing of Copilot Studio agents unless explicitly authorized by admins.
- Monitor Entra ID audit logs and Microsoft Purview for suspicious app consent, agent creation or modifications in Copilot workflows.
- Apply Azure AD Conditional Access requiring MFA and device compliance for accessing Copilot Studio and related AI services.
- Implement tenant-level Data Loss Prevention (DLP) and sensitivity labeling
- Educate users on phishing risks and regularly reviewing/revoking app permissions and tokens.
Conclusion:
CoPhish highlights how AI-powered low-code platforms like Microsoft Copilot Studio can be exploited for advanced phishing attacks targeting identity systems.
Despite Microsoft’s improvements to consent policies, significant risks remain, requiring organizations to enforce strict consent controls, limit app creation, and monitor Entra ID logs vigilantly. As AI-driven tools grow, proactive security measures are essential to defend against these evolving hybrid threats leveraging trusted cloud services.
References:
Hashtags
#Infosec #CyberSecurity #Microsoft #Copilot #Vulnerabilitymanagement # Patch Management #ThreatIntel CISO #CXO #Intrucept
TP-Link Security Update, Omada Gateway Exploits Fixed in October Release
Summary: TP-Link’s October 2025 security updates fixes 4 vulnerabilities in its Omada Gateway devices, including multiple models commonly used in business networks.
| OEM | TP-Link |
| Severity | Critical |
| CVSS Score | 9.3 |
| CVEs | CVE-2025-6541, CVE-2025-6542, CVE-2025-7850, CVE-2025-7851 |
| Date of Announcement | 2025-10-21 |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview:
The vulnerabilities allow attackers to execute remote commands, even without authentication, potentially compromising systems. Some vulnerabilities also let authenticated users inject commands or gain root access, which could lead to traffic interception, configuration changes or malware installation. Security teams are advised to update firmware immediately, review network configurations and change passwords to reduce the risk of exploitation.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| OS Command Injection Vulnerability | CVE-2025-6542 | TP-Link Omada Gateways | Critical | 9.3 |
| Command Injection Vulnerability | CVE-2025-7850 | TP-Link Omada Gateways | Critical | 9.3 |
Technical Summary:
TP-Link Omada Gateways allows attackers to run arbitrary commands. The most critical one, CVE-2025-6542, a remote attacker can take full control of the device without logging in through the web interface. Another one allows logged-in users to inject commands and gain root access. The issues show the risks of exposed management portals. TP-Link recommends updating firmware, limiting network access and monitoring systems for any signs of attack.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-6542 | TP-Link Omada Gateways (ER605, ER7206, ER8411 & Others) | Unauthenticated remote attackers can execute arbitrary OS commands on the device | Remote Code Execution, System Compromise, Malware Deployment |
| CVE-2025-7850 | TP-Link Omada Gateways (ER7412-M2, ER7212PC, & Others) | Command injection exploitable after admin authentication on the web portal | System Compromise, Root-Level Control |
Additional Vulnerabilities:
The following high-severity vulnerabilities were also addressed in October 2025 TP-Link security updates for Omada Gateways –
| Vulnerability Name | CVE ID | Affected Component | Severity |
| Authenticated Arbitrary OS Command Execution in Omada Gateways | CVE-2025-6541 | TP-Link Omada Gateways | High |
| Root Shell Access Under Restricted Conditions in Omada Gateways | CVE-2025-7851 | TP-Link Omada Gateways | High |
Remediation:
Install the October 2025 firmware updates immediately via the TP-Link support portal to mitigate risks. Here is the below table with the updated version information for the models.
| Model | Affected Versions | Fixed Version |
| ER8411 | < 1.3.3 Build 20251013 Rel.44647 | >= 1.3.3 Build 20251013 Rel.44647 |
| ER7412-M2 | < 1.1.0 Build 20251015 Rel.63594 | >= 1.1.0 Build 20251015 Rel.63594 |
| ER707-M2 | < 1.3.1 Build 20251009 Rel.67687 | >= 1.3.1 Build 20251009 Rel.67687 |
| ER7206 | < 2.2.2 Build 20250724 Rel.11109 | >= 2.2.2 Build 20250724 Rel.11109 |
| ER605 | < 2.3.1 Build 20251015 Rel.78291 | >= 2.3.1 Build 20251015 Rel.78291 |
| ER706W | < 1.2.1 Build 20250821 Rel.80909 | >= 1.2.1 Build 20250821 Rel.80909 |
| ER706W-4G | < 1.2.1 Build 20250821 Rel.82492 | >= 1.2.1 Build 20250821 Rel.82492 |
| ER7212PC | < 2.1.3 Build 20251016 Rel.82571 | >= 2.1.3 Build 20251016 Rel.82571 |
| G36 | < 1.1.4 Build 20251015 Rel.84206 | >= 1.1.4 Build 20251015 Rel.84206 |
| G611 | < 1.2.2 Build 20251017 Rel.45512 | >= 1.2.2 Build 20251017 Rel.45512 |
| FR365 | < 1.1.10 Build 20250626 Rel.81746 | >= 1.1.10 Build 20250626 Rel.81746 |
| FR205 | < 1.0.3 Build 20251016 Rel.61376 | >= 1.0.3 Build 20251016 Rel.61376 |
| FR307-M2 | < 1.2.5 Build 20251015 Rel.76743 | >= 1.2.5 Build 20251015 Rel.76743 |
Here are some recommendations below
- Restrict network access to the management interface and enable trusted networks only.
- Apply least privilege principles and regular security audits for network devices.
- Disable remote management if not required and segment networks to limit lateral movement.
Conclusion:
There is no active exploitation noticed but organizations must prioritize firmware updates to prevent data breaches, malware and intrusions. Security teams should deploy updates immediately, enhance monitoring and implement mitigations to safeguard critical infrastructure.
References: