Vulnearbilitymanagement

Microsoft IIS Web Deploy RCE Vulnerability Allows Authenticated Remote Code Execution

Summary of Vulnerability in Microsoft Web Deploy 4.0 (CVE-2025-53772) revels critical security flaw that could be exploited by authenticated attackers to execute code on affected systems. This is the bug disclosed on August 12, 2025, with a CVSS score of 8.8, indicating high severity.

Severity	High
CVSS Score	8.8
CVEs	CVE-2025-53772
POC Available	No
Actively Exploited	No
Exploited in Wild	No
Advisory Version	1.0

Overview

A vulnerability in Microsoft Web Deploy 4.0 (CVE-2025-53772) allows authenticated attackers to remotely execute arbitrary code on affected systems.

The issue arises from the insecure deserialization of untrusted data. Due to its low privilege requirements and lack of user interaction, this flaw poses a significant threat, especially in enterprise deployment environments.

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
Web Deploy Remote Code Execution via Deserialization	CVE-2025-53772	Microsoft Web Deploy 4.0	High	10.0.2001 or later

Technical Summary

The vulnerability stems from insecure deserialization of untrusted data (CWE-502), allowing remote attackers to craft malicious HTTP requests that trigger code execution on the web server. This flaw enables remote code execution (RCE) under specific conditions, where the attacker must have authenticated access and network connectivity.

The attack is network-based, requires only low-privilege access and does not rely on user interaction. Successful exploitation can result in a high impact on confidentiality, integrity and availability of the affected system. As of the time of publication, no public exploit has been reported and the exploit maturity is considered unproven.

CVE ID	CVSS Score	System Affected	Vulnerability Details	Impact
CVE-2025-53772	8.8	Microsoft Web Deploy 4.0	Web Deploy deserializes untrusted input, allowing remote attackers to execute arbitrary code.	Remote Code Execution

Recommendations:

Here are some recommendations below

Apply Microsoft Web Deploy version 10.0.2001 or latest version.

Limit access to Web Deploy endpoints to trusted IP ranges or internal networks only.

Audit logs for unusual HTTP POST activity to Web Deploy endpoints.

Conclusion:
While CVE-2025-53772 has not yet been publicly exploited, the nature of the flaw and the ease of attack (low privileges, no user interaction) significantly increases the risk of widespread exploitation, particularly in enterprise deployment environments.

Organizations using Microsoft Web Deploy 4.0 should update and apply the latest patch without delay.

This vulnerability affects Web Deploy 4.0 and requires low privileges to exploit, making it particularly concerning for organizations that use this deployment tool in their infrastructure. The vulnerability allows an authenticated attacker to exploit the system via low-complexity network-based attacks.

References:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53772

https://www.microsoft.com/en-us/download/details.aspx?id=106070

https://cybersecuritynews.com/microsoft-iis-web-deploy-vulnerability/

Zero-Day Threat in Chrome’s Loader Component (CVE-2025-4664) – CISA Flags Urgent Risk

Summary : A zero-day vulnerability (CVE-2025-4664) in Google Chrome’s Loader component has been actively exploited in the wild.

OEM	Google
Severity	Medium
CVSS Score	4.3
CVEs	CVE-2025-4664
Actively Exploited	Yes
Exploited in Wild	Yes
Advisory Version	1.0

Overview

This flaw allows attackers to bypass security policies, leak cross-origin data, and potentially execute unauthorized code. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, urging immediate patching.

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
Insufficient Policy Enforcement vulnerability	CVE-2025-4664	Google Chrome	Medium	136.0.7103.113/.114 (Win/Mac), 136.0.7103.113 (Linux)

Technical Summary

CVE-2025-4664 is a zero-day vulnerability found in the Chrome Loader component due to insufficient policy enforcement.

It enables remote attackers to bypass browser security controls using crafted HTML content, possibly leaking cross-origin data or achieving sandbox escape. The bug has been actively exploited in the wild.

A second high-severity flaw, CVE-2025-4609, was also addressed in this update, involving an incorrect handle in the Mojo IPC layer, which can lead to memory corruption or privilege escalation.

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2025-4664	Chrome (Windows, Mac, Linux)	Insufficient policy enforcement in Loader enables cross-origin data leaks via crafted HTML.	Data leakage, sandbox escape, potential code execution

Remediation:

Update Chrome: Google has released security updates to address these vulnerabilities. Users and administrators must apply the latest Chrome versions:

Windows/macOS: Chrome 136.0.7103.113 /136.0.7103.114 or later

Linux: Chrome 136.0.7103.113 or later

Conclusion:
The active exploitation of CVE-2025-4664 highlights the urgent need for rapid security response and patch management. With acknowledgment from CISA and public disclosure by @slonser_, this zero-day poses a real and present threat to users of Chrome and other Chromium-based browsers.

Organizations should take immediate action to patch affected systems and monitor for signs of compromise.

Regular browser updates and proactive vulnerability management are essential to mitigating such critical security risks.

References:

https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html

https://www.zero-day.cz/database/?set_filter=Y&arrFilter_pf%5BYEAR_FROM%5D=2006&arrFilter_pf%5BYEAR_TO%5D=2025&arrFilter_pf%5BSEARCH%5D=CVE-2025-4664#item_-1

https://cybersecuritynews.com/cisa-warns-of-google-chromium-vulnerability-actively-exploited-in-the-wild/

Critical Flaw in FortiSwitch of Fortinet Allows Attackers to Change Admin Password

An unverified password change vulnerability [CWE-620] in FortiSwitch GUI discovered.

This may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request as per Fortinet advisory released.

Summary

OEM	Fortinet
Severity	CRITICAL
CVSS Score	9.8
CVEs	CVE-2024-48887
Actively Exploited	Yes
Exploited in Wild	Yes
Advisory Version	1.0

Overview

Fortinet’s FortiSwitch product line has revealed a significant vulnerability noted as CVE-2024-48887. This flaw allows unauthenticated remote attackers to change administrative passwords by sending specially crafted requests to the device’s password management endpoint. With a CVSS score of 9.8, the vulnerability is classified as Critical and is actively being exploited in the wild.

Vulnerability Name	CVE ID	Product Affected	Severity	CVSS Score
A unverified password change vulnerability	CVE-2024-48887	Fortinet	CRITICAL	9.8

Technical Summary

A critical vulnerability (CVE-2024-48887) has been identified in Fortinet FortiSwitch devices, affecting versions 6.4.0 through 7.6.0. This flaw resides in the web-based management interface and allows remote, unauthenticated attackers to change administrator passwords by sending a specially crafted HTTP request to the set_password endpoint.

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2024-48887	FortiSwitch v7.6, 7.4, 7.2, 7.0, 6.4	CVE-2024-48887 is an unauthenticated password change vulnerability in FortiSwitch web GUI. It enables remote unauthenticated attackers to modify admin passwords through crafted requests to the set_password endpoint.	Unverified Password Change

Remediation:

Apply Security Patches: Install the latest security update for your FortiSwitch version. Fortinet has fixed the issue in 6.4.15 and above,7.0.11 and above,7.2.9 and above,7.4.5 and above,7.6.1 and above versions.

General Recommendations

Update Devices Regularly always install the latest firmware and security patches from Fortinet to fix known vulnerabilities.
Limit access to the FortiSwitch web GUI to trusted IP addresses and disable HTTP/HTTPS access if it is not required.
Set strong and unique passwords and change them regularly to prevent unauthorized access.
Monitor unusual Activity for suspicious logins or configuration changes.

Conclusion:

The CVE-2024-48887 vulnerability poses a serious security risk to organizations using affected FortiSwitch devices. Its ease of exploitation and the lack of authentication required make it particularly dangerous.

Organizations must act immediately by applying the relevant security patches, limiting administrative access, and monitoring for unusual activity.

References:

Critical VMware Vulnerabilities Exploited in the Wild – Patch Immediately

Broadcom released a security alert on Tuesday morning to warn VMware customers about three zero-days that have been exploited in the wild.

High-Severity DoS Vulnerability in Cisco NX-OS Software

MPLS Encapsulated IPv6 Denial of Service Vulnerability

OEM	CISCO
Severity	High
CVSS score	7.4
CVEs	CVE-2025-20111
Exploited in Wild	No
Patch/Remediation Available	Yes
Advisory Version	1.0

Overview

A high-severity vulnerability (CVE-2025-20111) in Cisco Nexus 3000 and 9000 Series Switches operating in standalone NX-OS mode could allow unauthenticated attackers to trigger a denial-of-service (DoS) condition by sending crafted ethernet frames, leading to unexpected device reloads.

Vulnerability Name	CVE ID	Product Affected	Severity
Denial of service vulnerability	CVE-2025-20111	Cisco Nexus	High

Technical Summary

The vulnerability originates from improper handling of specific Ethernet frames within the health monitoring diagnostics of Cisco Nexus switches.

An unauthenticated, adjacent attacker can exploit this flaw by sending a sustained rate of crafted Ethernet frames to a vulnerable device. Successful exploitation results in repeated device reloads, disrupting network operations and potentially impacting high-availability environments.

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2025-20111	Nexus 3000 Series: 3100, 3200, 3400, and 3600 models Nexus 9000 Series: 9200, 9300, and 9400 switches running standalone NX-OS	Improper handling of specific Ethernet frames in health monitoring diagnostics	Repeated device reboots, potential network downtime

Remediation:

Apply Software Updates: Cisco has released patched software versions to address the vulnerability. Network administrators should upgrade affected devices immediately.

Use Cisco Software Checker: Organizations should verify their exposure using Cisco’s Software Checker tool to identify the earliest fixed release.

Implement Workarounds: If immediate patching is not feasible, organizations can mitigate risks using Access Control Lists (ACLs) to filter anomalous Ethernet frames targeting the health monitoring subsystem.

Conclusion:

CVE-2025-20111 presents a significant risk to enterprise and data center networks relying on Cisco Nexus switches. While there is no known active exploitation, organizations should prioritize patching and mitigation strategies to prevent service disruptions. Proactive monitoring and adherence to Cisco’s security advisories will help ensure network resilience against potential exploitation.

References:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k-healthdos-eOqSWK4g

https://cybersecuritynews.com/cisco-nexus-switches-vulnerability-dos/

https://nvd.nist.gov/vuln/detail/CVE-2025-20111

Vulnearbilitymanagement

Microsoft IIS Web Deploy RCE Vulnerability Allows Authenticated Remote Code Execution

Zero-Day Threat in Chrome’s Loader Component (CVE-2025-4664) – CISA Flags Urgent Risk

Critical Flaw in FortiSwitch of Fortinet Allows Attackers to Change Admin Password

Critical VMware Vulnerabilities Exploited in the Wild – Patch Immediately

High-Severity DoS Vulnerability in Cisco NX-OS Software

Recent Posts

Recent Comments

Search

Recent Comments

Recent Posts

Archives