Emergency Patch Issued by Fortinet in Latest FortiClient Vulnerabilities
Emergency Patch Issued by Fortinet for FortiClient for Vulnerability
Continue ReadingZero-Day
Grafana Rolls out Updates on Critical Chromium Vulnerabilities; CVE-2025-6554 a Zero day Vulnerability
Summary : Grafana has issued urgent patches to address multiple high-severity vulnerabilities stemming from underlying flaws in the Chromium V8 JavaScript engine.
| OEM | |
| Severity | High |
| CVSS Score | 8.1 |
| CVEs | CVE-2025-6554, CVE-2025-5959, CVE-2025-6191 CVE-2025-6192 |
| POC Available | No |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
The most critical of these, CVE-2025-6554, is a zero-day vulnerability that was actively exploited in the wild. Several of these bugs, if unpatched, could allow attackers to execute arbitrary code, perform memory corruption or bypass sandbox protections via malicious HTML content.
Grafana users running affected versions of Image Renderer and Synthetic Monitoring Agent are strongly advised to update immediately.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Type Confusion in V8 Engine vulnerability | CVE-2025-6554 | Google Chrome | High | 138.0.7204.96/.97 (Windows) 138.0.7204.92/.93 (Mac) 138.0.7204.96 (Linux) |
| Type Confusion in V8 Engine vulnerability | CVE-2025-5959 | Google Chrome | High | 137.0.7151.103/.104 (Windows & Mac) 137.0.7151.103 (Linux) |
| Integer overflow in V8 Engine vulnerability | CVE-2025-6191 | Google- Chrome | High | 137.0.7151.119/.120 (Windows & Mac) 137.0.7151.119 (Linux) |
| Use-after-free in Metrics (Profiler) in Google Chrome | CVE-2025-6192 | Google- Chrome | High | 137.0.7151.119/.120 (Windows & Mac) 137.0.7151.119 (Linux) |
Technical Summary
Grafana has patched four high-severity Chromium V8 vulnerabilities in its Image Renderer and Synthetic Monitoring Agent. The most critical, CVE-2025-6554 is a zero-day type confusion bug that was actively exploited. Other flaws include CVE-2025-5959 (remote code execution), CVE-2025-6191 (integer overflow) and CVE-2025-6192 (use-after-free).
Affected versions are Image Renderer < 3.12.9 and Synthetic Monitoring Agent < 0.38.3. Users should update immediately to stay protected.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-6554 | Chrome on Windows, macOS, Linux | Type confusion in the V8 JavaScript engine allows improper memory handling, leading to code execution | Remote code execution. Potential system compromise. |
| CVE-2025-5959 | Chrome on Windows, macOS, Linux | Type Confusion in V8 in Google Chrome prior to allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | Remote code execution. Potential system compromise. |
| CVE-2025-6191 | Chrome on Windows, macOS, Linux | Integer overflows in V8 in Google Chrome prior to allowing a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | Arbitrary code execution. Memory Corruption. |
| CVE-2025-6192 | Chrome on Windows, macOS, Linux | Use after free in Metrics in Google Chrome prior to allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Arbitrary code execution. |
Remediation:
- Users should immediately update Google Chrome to the latest patched version:
- Windows: 138.0.7204.96/.97, 137.0.7151.103/.104, 137.0.7151.119/.120
- macOS: 138.0.7204.92/.93, 137.0.7151.103/.104, 137.0.7151.119/.120
- Linux: 138.0.7204.96, 137.0.7151.103, 137.0.7151.119
Other Chromium-based browsers (Edge, Brave, Opera etc.) should also be updated as patches become available from their respective vendors.
Conclusion:
The criticality of CVE-2025-6554, CVE-2025-5959, CVE-2025-6191, CVE-2025-6192 in the wild highlights the urgency of applying the latest Chrome security update.
Type confusion vulnerabilities like this can lead to full system compromise and are highly sought-after by cybercriminals. Users and organizations should take immediate action to mitigate potential risks.
References:
Microsoft June 2025 Patch Tuesday – 67 Vulnerabilities Fixed Including 2 Zero-Days
Summary : Microsoft’s June 2025 Patch Tuesday addresses a total of 67 vulnerabilities across its product ecosystem. Critical flaws in WebDAV, SMB, SharePoint and Remote Desktop Services highlight the urgency of installing this month’s updates.
| OEM | Microsoft |
| Severity | Critical |
| Date of Announcement | 2025-06-10 |
| No. of Vulnerabilities Patched | 67 |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
These include multiple high-risk flaws and two zero-day vulnerabilities one actively exploited and one publicly disclosed affecting core components like Windows WebDAV and the SMB Client.
- 67 Microsoft CVEs addressed
- 3 non-Microsoft CVEs addressed
Breakdown of May 2025 Vulnerabilities
- 25 Remote Code Execution (RCE)
- 17 Information Disclosure
- 14 Elevation of Privilege (EoP)
- 6 Denial of Service (DoS)
- 3 Security Feature Bypass
- 2 Spoofing
- 2 Chromium (Edge) Vulnerabilities
- 1 Windows Secure Boot
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| WebDAV Remote Code Execution (Exploited in the wild) | CVE-2025-33053 | Windows | High | 8.8 |
| SMB Client Elevation of Privilege (Publicly disclosed) | CVE-2025-33073 | Windows | High | 8.8 |
Technical Summary
Two zero-day vulnerabilities in Microsoft’s ecosystem were addressed in June 2025. One of these, CVE-2025-33053, has been exploited in the wild and affects the deprecated but still present WebDAV component in Windows. The other, CVE-2025-33073, was publicly disclosed and affects the Windows SMB client, enabling attackers to elevate privileges.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-33053 | Windows 10,11 and Windows Server | WebDAV RCE triggered when a user clicks a malicious link. Exploited by APT group “Stealth Falcon.” Exploitation complexity is low. | Remote Code Execution |
| CVE-2025-33073 | Windows 10,11 and Windows Server | EoP flaw in SMB Client. Exploitation may occur by connecting to a malicious SMB server. Privilege elevation to SYSTEM is possible. | Elevation of Privilege |
Source: Microsoft and NVD
In addition to the zero-day vulnerabilities, several other critical and high-severity issues were addressed:
- CVE-2025-47162, CVE-2025-47164, CVE-2025-47167: Microsoft Office, Preview Pane-based RCE vulnerabilities, exploitation more likely (CVSS 8.4)
- CVE-2025-47172: Microsoft SharePoint Server, SQL injection-based RCE (CVSS 8.8)
- CVE-2025-29828: Windows Cryptographic Services, memory release issue (CVSS 8.1)
- CVE-2025-32710: Windows Remote Desktop Services, use-after-free vulnerability (CVSS 8.1)
- CVE-2025-29976: Microsoft SharePoint, Local privilege escalation (CVSS 7.8)
- CVE-2025-30393: Microsoft Excel, RCE via malicious Excel file (CVSS 7.8)
- CVE-2025-24063: Windows Kernel, Local privilege escalation, marked “Exploitation More Likely” (CVSS 7.8)
- CVE-2025-32702: Visual Studio, Command injection RCE via malicious project file (CVSS 7.8)
- CVE-2025-26685: Microsoft Defender for Identity, Spoofing via NTLM fallback, exploitable in adjacent networks (CVSS 6.5)
Remediation:
- Apply Patches Promptly: Install the June 2025 security updates immediately to mitigate risks.
General Recommendations:
- Prioritize Zero-Days: Focus on patching the two confirmed zero-day vulnerabilities, especially those allowing Elevation of Privilege and remote code execution.
- Disable Deprecated Services: If not required, disable WebDAV (WebClient service) and SMBv1 to reduce exposure.
- Enforce SMB Signing: Use Group Policy to mandate SMB signing, reducing the risk from CVE-2025-33073.
- Monitor for Exploitation Attempts: Watch for suspicious SMB or WebDAV traffic in logs and endpoint detection systems.
- Enable Auto Updates Where Feasible: For individual endpoints and less tightly controlled systems, enable automatic updates to maintain regular patch schedule.
Conclusion:
Microsoft’s June 2025 Patch Tuesday addresses two important zero-day vulnerabilities, including an actively exploited RCE in WebDAV tracked as CVE-2025-33053.
Organizations should prioritize these patches to mitigate risk from real-world threats. The CVE-2025-33053 vulnerability has also been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, emphasizing its urgency.
References:
April Zero-Day Threats Addressed in Microsoft’s Patch Tuesday
Summary of Microsoft April Patch Tuesday
Microsoft released April 2025 Patch Tuesday, addressed 135 security vulnerabilities, including a critical zero-day vulnerability (CVE-2025-29824) already being actively exploited.
- 126 Microsoft CVEs addressed
- 9 non-Microsoft CVEs included
Microsoft April Patch Tuesday is released every month on priority basis so that organization can address the vulnerabilities as advised by security analysts
| OEM | Microsoft |
| Severity | Critical |
| Date of Announcement | 2025-04-08 |
| No. of Vulnerabilities Patched | 135 |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
Key updates focus on core Windows components like the CLFS driver, Windows Kernel, and multiple remote code execution (RCE) vulnerabilities across many services including Remote Desktop Gateway, LDap, and TCP/IP.
The update addresses both Microsoft and non-Microsoft vulnerabilities, with a significant emphasis on fixing issues that allow attackers to elevate privileges, execute remote code, or bypass security features.
On a similar note publication of 11 critical remote code execution (RCE) vulnerabilities. 13 browser vulnerabilities have already been published separately this month, and are not included in the total.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| Microsoft Windows CLFS Driver Use-After-Free Vulnerability [zero-day vulnerability] | CVE-2025-29824 | Windows | High | 7.8 |
| Remote Desktop Gateway Service RCE Vulnerability | CVE-2025-27480 CVE-2025-27482 | Windows | High | 8.1 |
| LDAP Service RCE Vulnerability | CVE-2025-26663 | Windows | High | 8.1 |
| LDAP Client RCE Vulnerability | CVE-2025-26670 | Windows | High | 8.1 |
Technical Summary
The April 2025 update fixes several high-severity vulnerabilities in Microsoft products, here are some vulnerabilities details:
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-29824 | Windows 10/11, Windows Server | An elevation of privilege vulnerability in the Windows Kernel caused by improper object access. Attackers with local access could exploit this to gain SYSTEM privileges. | Elevation of Privilege |
| CVE-2025-27480 CVE-2025-27482 | Windows RDS | Race condition in Remote Desktop Gateway; triggers use-after-free allowing code execution | Remote Code Execution |
| CVE-2025-26663 | Windows LDAP | Crafted LDAP call causes use-after-free, leading to arbitrary code execution | Remote Code Execution |
| CVE-2025-26670 | Windows TCP/IP | Memory mismanagement during DHCPv6 handling, complex exploit chain. | Remote Code Execution |
Source: Microsoft & NVD
In addition to the actively exploited vulnerabilities, several other Vulnerabilities were also addressed:
- CVE-2025-27745, CVE-2025-27748, CVE-2025-27749 – Office Use-After-Free RCE Vulnerability
These vulnerabilities allow attackers to execute arbitrary code remotely by exploiting use-after-free conditions when opening malicious Office files, potentially leading to system compromise.
- CVE-2025-27752 – Excel Heap Overflow RCE Vulnerability
An attacker could bypass security features via improper neutralization in the Microsoft Management Console, leading to remote code execution and potential full system compromise.
- CVE-2025-29791 – Excel Type Confusion RCE Vulnerability
This vulnerability allows local attackers to exploit improper logging in NTFS, potentially granting unauthorized access to sensitive memory areas, which could lead to arbitrary code execution.
- CVE-2025-26686 – Windows TCP/IP RCE Vulnerability
Memory mismanagement during DHCPv6 handling could allow remote attackers to execute arbitrary code, requiring a complex exploit chain to be effective.
- CVE-2025-27491 – Windows Hyper-V RCE Vulnerability
This vulnerability can be exploited by guest users through social engineering, enabling remote code execution on the host system, with a high complexity for successful exploitation.
Remediation:
- Apply Patches Promptly: Install the April 2025 security updates immediately to mitigate risks.
General Recommendations:
- Prioritize Zero-Day & Critical Vulnerabilities: Focus on patching actively exploited vulnerabilities, especially those affecting Windows CLFS, RDS, LDAP, Excel, and SharePoint-related CVEs.
- Secure File System Access: Implement security controls to prevent unauthorized access to NTFS and FAT file systems, particularly against USB-based attack vectors.
- Educate Employees: Train users in phishing risks to reduce the chances of executing malicious Microsoft Access files.
- Monitor for Exploitation: Continuously monitor systems for any signs of exploitation or suspicious activity.
“Microsoft highly recommends that organizations prioritize applying security updates for elevation of privilege vulnerabilities to add a layer of defense against ransomware attacks if threat actors are able to gain an initial foothold,” the company said in a blog post.
Conclusion:
The April 2025 Patch Tuesday release underscores the critical need for timely patching of Microsoft systems to protect against actively exploited vulnerabilities, including a zero-day privilege escalation flaw.
Microsoft has addressed multiple high-severity vulnerabilities, many of which could result in remote code execution, unauthorized system access, or privilege escalation.
IT teams and users are urged to promptly install the security updates and implement recommended security controls to mitigate these risks. As these vulnerabilities are actively exploited, immediate action is crucial to safeguarding systems from potential compromise.
References:
Recent Comments