Zeroday

Security Advisory

Chrome Security Update Fixed Active Zero-Day Exploit & Multiple High-Severity Vulnerabilities 

Security advisory : Google has issued a Stable Channel Update for Chrome to address 4 high-severity vulnerabilities, including one zero-day vulnerability (CVE-2025-10585) actively exploited in the wild.

OEM Google 
Severity High 
CVSS Score N/A 
CVEs CVE-2025-10585, CVE-2025-10500, CVE-2025-10501, CVE-2025-10502 
POC Available No 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

This flaw, a Type Confusion in the V8 JavaScript and WebAssembly engine, can allow remote attackers to execute arbitrary code outside of Chrome’s security sandbox when users visit maliciously crafted web pages. Users and administrators are urged to update to the latest Chrome version immediately to mitigate potential exploitation 

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
​ Type Confusion in V8 Engine  CVE-2025-10585 Chrome (Windows, Mac, Linux)  High  140.0.7339.185/.186 

Technical Summary 

The zero-day vulnerability in Chrome’s V8 engine arises from a type of confusion flaw, where object types are misinterpreted, leading to logical errors and memory corruption.

Attackers can exploit this issue when users visit maliciously crafted websites, enabling arbitrary code execution and possible sandbox escape.

This flaw has been confirmed as actively exploited in the wild. In addition to this zero-day, the update also fixes three other high-severity issues, a use-after-free in the Dawn graphics abstraction layer that could lead to memory corruption, a use-after-free in WebRTC that may enable remote code execution, and a heap buffer overflow in ANGLE that could result in program crashes or arbitrary code execution. 

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025-10585 Google Chrome (Windows, Mac, Linux) Type confusion in the V8 JavaScript engine could allow memory corruption, arbitrary code execution, and potential sandbox escape Remote Code Execution / Sandbox Escape 

Other Vulnerabilities  

In addition to the zero-day, Google patched three other high-severity vulnerabilities in the same stable channel release. 

Vulnerability Name CVE ID Affected Component Severity 
​Use-after-free in Dawn CVE-2025-10500 Chrome GPU Renderer Component (Dawn)  High 
Use-after-free in WebRTC CVE-2025-10501 Chrome WebRTC Audio/Video Communication Module High 
Heap Buffer Overflow in ANGLE CVE-2025-10502 Chrome Graphics Translation Engine (ANGLE) High 

Recommendations

Update Chrome immediately to the following versions: 

  • Windows/Mac: Chrome 140.0.7339.185/.186 
  • Linux: Chrome 140.0.7339.185 

Here are some Recommendations below 

  • Manual Update Check: Navigate to “Settings → Help → About Google Chrome” to trigger the update. 
  • Patch Management: Ensure enterprise update policies enforce Chrome auto-updates. 
  • Threat Monitoring: Keep monitoring logs for any signs of exploitation 

Conclusion: 
There are high vulnerabilities in Google Chrome, including an actively exploited zero-day flaw in the V8 JavaScript engine that poses a significant risk of remote code execution and sandbox escape.

Given the severity and confirmed exploitation in the wild, it is imperative that all users and administrators promptly update to the latest Chrome versions to mitigate potential attacks. Immediate action is essential to safeguard systems, data, and user privacy in light of these emerging threats. 

References

  • https://cybersecuritynews.com/google-chrome-0-day-vulnerability-exploited/  

Security Advisory

Multiple Critical Vulnerabilities in Citrix NetScaler ADC/Gateway 

Security Advisory: Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway One Actively Exploited in Wild .

Citrix credited Jimi Sebree of Horizon3.ai, Jonathan Hetzer of Schramm & Partnerfor and Francois Hammerli for discovering and reporting the vulnerabilities.

Severity Critical 
CVSS Score 9.2 
CVEs CVE-2025-7775, CVE-2025-7776, CVE-2025-8424 
POC Available No 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 
A critical zero-day vulnerability, tracked as CVE-2025-7775, puts over 28,200 Citrix instances at risk worldwide.

This flaw allows attackers to run malicious code on affected systems without authentication. The issue is actively being exploited in the wild and immediate action is needed to secure systems.  Another two flaws were fixed in the latest updates.  

Vulnerability Name CVE ID Product Affected Severity 
Memory overflow vulnerability leading to RCE CVE-2025-7775 NetScaler ADC & Gateway 9.2 
Memory overflow vulnerability leading to unpredictable behavior CVE-2025-7776 NetScaler ADC & Gateway 8.8 
Improper access control on the NetScaler Management Interface CVE-2025-8424 NetScaler ADC & Gateway 8.7 

Technical Summary 

The NetScaler ADC and NetScaler Gateway appliances are affected by multiple critical vulnerabilities that pose significant risks ranging from Remote Code Execution (RCE) and Denial of Service (DoS) to improper access control.

These include memory overflow flaws in configurations such as VPN virtual servers, load balancing virtual servers using IPv6 or DBS IPv6 services, and misconfigurations involving PCoIP profiles. Additionally, the management interface is exposed due to weak access control mechanisms, which could allow unauthorized administrative access if attackers reach key management IP addresses like NSIP or SNIP. CISA has added one vulnerability (CVE-2025-7775) to its Known Exploited Vulnerabilities (KEV) Catalog and strongly urges organizations to apply patches immediately to prevent active exploitation. 

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025-7775  NetScaler ADC & Gateway  A critical memory overflow vulnerability in NetScaler ADC and Gateway that can lead to Remote Code Execution or DoS when configured as a Gateway (e.g., VPN, ICA Proxy, CVPN, RDP Proxy), AAA virtual server, or LB virtual server using IPv6 or DBS IPv6 services including CR virtual servers of type HDX. Remote Code Execution or DoS  
CVE-2025-7776  NetScaler ADC & Gateway A memory overflow vulnerability under analysis, currently known to cause unpredictable system behavior and potential DoS when a PCoIP Profile is bound to a Gateway-configured NetScaler instance (VPN, ICA Proxy, CVPN, RDP Proxy), Erroneous behavior and DoS 
CVE-2025-8424 NetScaler ADC & Gateway An improper access control vulnerability on the NetScaler Management Interface, allowing unauthorized access when attackers can reach management IPs (NSIP, Cluster Management IP, local GSLB Site IP, or SNIP with Management Access), affecting NetScaler ADC and Gateway appliances. Unauthorized access 

Recommendations 

NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible.  

  • NetScaler ADC and NetScaler Gateway 14.1-47.48 and later releases 
  • NetScaler ADC and NetScaler Gateway 13.1-59.22 and later releases of 13.1 
  • NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later releases of 13.1-FIPS and 13.1-NDcPP 
  • NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later releases of 12.1-FIPS and 12.1-NDcPP 

Here are some other recommendations below 

  • Monitor systems for unusual activity or unauthorized changes. 
  • Limit access to Citrix instances from untrusted networks. 
  • Use firewalls to block suspicious traffic targeting Citrix instances. 

Conclusion: 

Combined with additional high-severity vulnerabilities the overall threat landscape demands immediate attention. Organizations are strongly urged to apply the latest patches, restrict access to management interfaces and closely monitor for signs of compromise. Delayed action could result in significant operational and security impacts. 

The active exploitation of CVE-2025-7775 highlights a critical security threat affecting multiple NetScaler ADC and Gateway instances globally. This zero-day confirmed exploitation in the wild poses a severe risk of Remote Code Execution and service disruption.

References

  

Security Advisory

Apple Patches Zero-Day Vulnerability Exploited in Targeted Attacks (CVE-2025-43300) 

Security Advisory : Apple has released critical security patches to address a newly discovered zero-day vulnerability, CVE-2025-43300, that was found to be actively exploited in targeted attacks.

To protect users, Apple has issued patches in iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10 and the latest macOS versions.

OEM Apple 
Severity High 
CVSS Score 8.8 
CVEs CVE-2025-43300 
POC Available No 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview  The vulnerability resides in Apple’s ImageIO framework, which is used for handling image files across iOS, iPadOS, and macOS platforms. According to Apple, the flaw may have been used in sophisticated, targeted attacks, although exact details have not been disclosed.

The vulnerability affects a wide range of devices, including iPhones starting from the XS, multiple iPad models and Macs running macOS Ventura, Sonoma and Sequoia. This marks the seventh zero-day exploited in the wild that Apple has addressed in 2025, underscoring the increasing frequency and severity of threats targeting Apple users. 

                Vulnerability Name CVE ID Product Affected Severity Fixed Version 
An out-of-bounds write issue   CVE-2025-43300 iPhone, iPad, macOS  High iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS 13.7.8, macOS 14.7.8, macOS 15.6.1 

Technical Summary 

The vulnerability, CVE-2025-43300, is classified as an out-of-bounds write issue within the ImageIO framework.

It can be exploited when a specially crafted image file is processed, causing memory corruption that could allow an attacker to execute arbitrary code on the affected device.

This makes it a critical security flaw, particularly because the attack vector image files are common and often considered low risk. Apple has mitigated vulnerability by improving bounds by checking in the affected code.

The exploitation of this bug in the wild indicates a high level of sophistication, likely by advanced persistent threat actors targeting specific individuals. The technical nature of the bug aligns with a broader trend in which attackers exploit flaws in media-handling components to achieve remote code execution. As such, this patch not only fixes a critical issue but also highlights the need for continued vigilance and timely system updates. 

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025-43300 iPhones, iPads, Macs. Critical out-of-bounds write vulnerability in Apple’s ImageIO framework that allows remote code execution by processing a malicious image. It has been actively exploited in highly targeted attacks on iOS, iPadOS, and macOS devices, prompting urgent patches.  Remote code execution via malicious image zero-click attack surface 

Apple has so far fixed a total of seven zero-day vulnerabilities in 2025 that were actively exploited in real-world attacks, including CVE-2025-43300, reflecting an ongoing effort to patch critical security flaws across iOS, iPadOS, and macOS platforms. 

  • CVE-2025-24085: A memory corruption flaw in WebKit that could allow remote code execution via malicious web content. 
  • CVE-2025-24200: An elevation of privilege vulnerability in the kernel, enabling attackers to gain higher system privileges. 
  • CVE-2025-2420: A logic issue in the kernel that could lead to arbitrary code execution by a malicious app. 
  • CVE-2025-31200: A vulnerability in the CoreGraphics framework allowing remote code execution when processing malicious PDF files. 
  • CVE-2025-31201: An issue in the IOMobileFrameBuffer kernel extension that could permit a local attacker to escalate privileges. 
  • CVE-2025-43200: A flaw in the AppleAVD driver leading to a potential kernel privilege escalation. 
  • CVE-2025-43300: An out-of-bounds write vulnerability in the ImageIO framework actively exploited through malicious images, enabling remote code execution. 

Remediation

Update your Apple devices immediately to the latest patched versions: 

  • iPhone – iOS 18.6.2 
  • iPad – iPadOS 18.6.2/17.7.10 
  • macOS – macOS Ventura 13.7.8, Sonoma 14.7.8 or Sequoia 15.6.1. 

Conclusion: 
Apple has urgently patched seven critical zero-day vulnerabilities in 2025, including CVE-2025-43300, that were actively exploited in targeted attacks.

Users are strongly advised to update their devices immediately to stay protected against these serious threats. 

In addition, CISA has added CVE-2025-43300 to its Known Exploited Vulnerabilities (KEV) Catalog under BOD 22-01, requiring federal agencies to remediate the flaw within specified timelines.

While the directive is mandatory for federal agencies, CISA strongly urges all organizations to prioritize remediation of KEV-listed vulnerabilities to reduce their exposure to active threats. 

References

Security Advisory

Microsoft Patch Tuesday August Patches 119 Vulnerabilities; Publicly Disclosed Kerberos Zero‑Day

Microsoft Patch Tuesday : Key points:

119 vulnerabilities discovered & 13 are classified as Critical rating meaning as per Microsoft’ they could be abused by malware or malcontents to gain remote access to a Windows system with little or no help from users.

CVE-2025-53779 is Windows Kerberos Elevation of Privilege Vulnerability

The vulnerabilities fall into multiple categories, including Remote Code Execution (RCE), Elevation of Privilege (EoP), Information Disclosure, Spoofing, Denial of Service (DoS), and Tampering. Below is a detailed breakdown of the vulnerabilities by category, along with key insights for organizations to prioritize their patching efforts.

OEM Microsoft 
Severity Critical 
Date of Announcement 2025-08-12 
No. of Patches  119 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

Microsoft has released security updates addressing 119 vulnerabilities in the August 2025 Patch Tuesday cycle, including one publicly disclosed zero-day in Windows Kerberos. Of these, 13 are classified as Critical, covering a wide range of products such as Windows components, Office, Azure, Exchange and SharePoint. 

  • 111 Microsoft CVEs addressed 
  • 8 non-Microsoft CVEs addressed 

Breakdown of August 2025 Vulnerabilities 

  • 44 Elevation of Privilege Vulnerabilities 
  • 35 Remote Code Execution Vulnerabilities 
  • 18 Information Disclosure Vulnerabilities 
  • 9 Spoofing Vulnerabilities 
  • 4 Denial of Service Vulnerabilities 
  • 1 Tampering vulnerabilities 
Vulnerability Name CVE ID Product Affected Severity CVSS Score 
Windows Kerberos Elevation of Privilege Vulnerability CVE-2025-53779 Windows Server 2025 High 7.2 

Technical Summary 

The August 2025 Patch Tuesday addresses a publicly disclosed zero-day vulnerability CVE-2025-53779 in Windows Kerberos.

This elevation of privilege flaw, related to improper path handling in domain-managed service accounts (dMSA), could allow a local attacker to gain domain administrator privileges.

Microsoft also patched several critical Remote Code Execution (RCE) vulnerabilities across Windows Graphics, GDI+, Office, DirectX, and Hyper-V. Many of these vulnerabilities require minimal or no user interaction, such as simply opening a file in the preview pane or processing crafted image or network messages, making them high-risk for enterprise environments. 

CVE ID System Affected Vulnerability Details Impact 
CVE-2025-53779 Microsoft Windows Server 2025 Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. Privilege escalation 

Source: Microsoft and NVD 

In addition to the publicly disclosed vulnerability, several other critical and high-severity issues were addressed: 

  • CVE202550165 and CVE202553766: Graphics-related RCEs, particularly vulnerable due to their ability to execute code without user interaction and potential wormable behavior. 
  • CVE202553792: Azure Portal, privilege escalation vulnerability, critical impact on cloud administration surface. 
  • CVE202550171: Remote Desktop Server, allows remote code execution over RDP. 
  • CVE202553778: Windows NTLM, elevation of privilege exploitation includes lateral movement across enterprise networks. 
  • CVE202553786: Microsoft Exchange Server, hybrid environment vulnerability with potential for cloud environment hijacking. 

Key Affected Products and Services 

The vulnerabilities addressed in August 2025 impact a wide range of Microsoft products and services, including: 

  • Windows Core and Authentication Systems 

Includes fixes in Windows Server (Kerberos), Windows Graphics Component, GDI+, DirectX Graphics Kernel, NTLM, Hyper‑V, MSMQ, Remote Desktop and more. 

  • Microsoft Office Suite and Productivity Tools 

Microsoft Office and Word, notably through Preview Pane RCE flaws, as well as SharePoint (RCE and EoP), Exchange Server (Privilege Escalation in hybrid setups) and Teams. 

  • Cloud and Azure Ecosystem 

Critical issues in Azure Virtual Machines (spoofing and info disclosure), Azure Stack Hub and potentially Azure Portal. 

  • Virtualization and Hypervisor Technologies 

Updates include vulnerabilities in Hyper‑V (RCE and privilege escalation) and DirectX graphics kernel components relevant to virtualization. 

  • Development Tools 

Fixes include vulnerabilities affecting Visual Studio and GitHub Copilot, reinforcing development environments. 

  • Messaging and Queuing Services 

Includes a critical RCE in Microsoft Message Queuing (MSMQ). 

  • Browsers: 
    Microsoft Edge (Chromium-based). 

Remediation

  • Apply Patches Promptly: Install the August 2025 security updates immediately to mitigate risks. 

Conclusion: 

Microsoft’s August 2025 Patch Tuesday, disclosed zero-day CVE-2025-53779 is another privilege escalation flaw in Windows Kerberos that stems from a case of relative path traversal. Akamai researcher Yuval Gordon has been credited with discovering and reporting the bug.

Aside from the vulnerabilities patched and disclosed in the regular monthly patch release for August, it is worth noting that one week ahead of the monthly update, Microsoft disclosed 4 vulnerabilities affecting Microsoft cloud services.

References

Security Advisory

WinRAR Zero-Day Path Traversal Flaw Actively Exploited to Code Execution 

Security advisory: A zero-day path traversal vulnerability has been discovered in the Windows version of a popular file archiver utility, WinRAR. The vulnerability tracked as CVE-2025-8088, affects multiple Windows-based WinRAR an components, which has already been exploited in the wild.

Severity High 
CVSS Score 8.4 
CVEs CVE-2025-8088 
POC Available Yes 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 
This flaw allows attackers to manipulate the extraction path of files from a malicious archive, enabling them to place arbitrary code file in sensitive system folders, overwrite important files and even execute malicious code immediately upon extraction. 

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
Path Traversal Vulnerability   CVE-2025-8088  WinRAR (Windows versions), RAR, UnRAR, portable UnRAR (Windows), UnRAR.dll 8.4  WinRAR 7.13 

Technical Summary 

When extracting files, vulnerable versions of WinRAR could be tricked into using a maliciously crafted file path embedded inside an archive rather than the user’s intended extraction directory. This occurs when the extraction process fails to properly validate and sanitize file paths before writing them to disk. 
As a result, attackers can: 

  • Place malicious files in protected system directories. 
  • Overwrite critical system/application files. 
  • Trigger automatic execution of malware without further user action. 

Most common attack vector involves sending a malicious archive via phishing or other social engineering techniques. When opened with a vulnerable WinRAR version, the malware is silently deployed and executed. 

Unix versions of RAR, UnRAR, UnRAR library, RAR for Android are not affected for this vulnerability. 

CVE ID System Affected  Vulnerability Details Impact 
CVE-2025-8088 WinRAR and related components on Windows version (RAR, UnRAR, portable UnRAR, UnRAR.dll) Flawed extraction path handling allows files to be placed outside the intended extraction directory. Allows arbitrary file placement, overwriting critical files, and executing malicious code without user interaction. 

Recommendations

Here are the recommendations below you can follow 

  • Update immediately to WinRAR 7.13 or newer version from the official WinRAR website. 
  • Avoid extracting archives from untrusted or unknown sources. 
  • Enable endpoint protection and ensure it scans archives before extraction. 
  • Audit your system for unusual or unauthorized files in system directories. 

Conclusion: 
CVE-2025-8088 shows that even widely trusted tools like WinRAR can become high-risk targets when flaws allow silent malware deployment during normal usage. Given that this zero-day has already been exploited, updating to WinRAR 7.13 immediately is crucial. Additionally, users should avoid extracting files from unknown sources and maintain strong endpoint protection. 

References

Blogs Security Advisory

Kaspersky reveals SharePoint ToolShell vulnerabilities stem from incomplete 2020 fix.

Kaspersky’s Global Research and Analysis Team (GReAT) discovered that the recently exploited ToolShell vulnerabilities in Microsoft SharePoint originate from an incomplete fix for CVE-2020-1147, first reported in 2020.

IntruceptLabs have published the security advisory https://intruceptlabs.com/2025/07/toolshell-zero-day-exploits-in-microsoft-sharepoint-enable-full-remote-takeover/ on 21st July 2025.

The SharePoint vulnerabilities have emerged as a major cybersecurity threat this year amid active exploitation. Kaspersky Security Network showed exploitation attempts worldwide, including in Egypt, Jordan, Russia, Vietnam and Zambia.

The attacks target organizations across government, finance, manufacturing, forestry and agriculture sectors. 

Two newly discovered zero-day vulnerabilities (CVE-2025-53770 and CVE-2025-53771) in Microsoft SharePoint Server are being actively exploited in the wild.

There is currently no patch available to plug this security hole, but Microsoft says that customers running on-premises SharePoint Servers can stop attackers from exploiting the vulnerability by configuring Antimalware Scan Interface (AMSI) integration in SharePoint and deploying Defender AV on all SharePoint servers.

Share point Vulnerabilities a major cyber threat

The SharePoint vulnerabilities have emerged as a major cybersecurity threat this year amid
active exploitation. Kaspersky Security Network showed exploitation attempts worldwide,
including in Egypt, Jordan, Russia, Vietnam and Zambia.

The attacks target organizations across government, finance, manufacturing, forestry and agriculture sectors. Kaspersky solutions proactively detected and blocked ToolShell attacks before the vulnerabilities were publicly disclosed.

Kaspersky GReAT researchers analyzed the published ToolShell exploit and found it alarmingly similar to the 2020 CVE-2020-1147 exploit.

This suggests that the CVE-2025- 53770 patch is, in fact, an effective fix for the vulnerability that CVE-2020-1147 attempted to address five years ago.
The connection to CVE-2020-1147 became evident following the discovery of CVE-2025- 49704 and CVE-2025-49706, patched on July 8. However, these fixes could be bypassed by adding a single forward slash to the exploit payload.

Once Microsoft learned of active exploitation of these vulnerabilities, they responded with comprehensive patches that addressed potential bypass methods, designating the vulnerabilities as CVE-2025-53770 and CVE-2025-53771.

The surge in attacks against SharePoint servers worldwide occurred during the window between initial exploitation and full patch deployment. Despite patches now being available for the ToolShell vulnerabilities, Kaspersky expects attackers will continue exploiting this chain for years to come.

“Many high-profile vulnerabilities remain actively exploited years after discovery —
ProxyLogon, PrintNightmare and EternalBlue still compromise unpatched systems today.

We expect ToolShell to follow the same pattern: its ease of exploitation means the public exploit
will soon appear in popular penetration testing tools, ensuring prolonged use by attackers,”
said Boris Larin, principal security researcher at Kaspersky GReAT.

Do connect with us for any queries https://intruceptlabs.com/contact/

(Source: Read full report on Read the full report on Securelist.com)

Security Advisory

Microsoft Plug 140 Vulnerabilities in July Patch Tuesday; SQL Server Zero-Day Disclosed 

Summary : July Patch Tuesday

The July 2025 Patch Tuesday addresses a publicly disclosed zero-day vulnerability CVE-2025-49719 in Microsoft SQL Server.

OEM Microsoft 
Severity Critical 
Date of Announcement 2025-07-08 
No. of Patches  140 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview 

Microsoft has released security updates addressing 140 vulnerabilities as part of July 2025 Patch Tuesday, including one publicly disclosed zero-day vulnerability affecting Microsoft SQL Server. Fourteen(14) of the vulnerabilities are classified as Critical, with ten(10) enabling Remote Code Execution (RCE).

Microsoft products impacted span across Windows, SQL Server, Microsoft Office, SharePoint, Hyper-V, Visual Studio and Azure services 

  • 130 Microsoft CVEs addressed 
  • 10 non-Microsoft CVEs addressed 

Breakdown of July 2025 Vulnerabilities 

  • 41 Remote Code Execution (RCE) 
  • 18 Information Disclosure 
  • 53 Elevation of Privilege (EoP) 
  • 5 Denial of Service (DoS)  
  • 8 Security Feature Bypass 
  • 4 Spoofing 
  • 1 Data Tampering 
Vulnerability Name CVE ID Product Affected Severity CVSS Score 
SQL Server Information Disclosure CVE-2025-49719 Microsoft SQL Server High 7.5 

Technical Summary 

The information disclosure flaw arises from improper input validation, enabling a remote unauthenticated attacker to access data from uninitialized memory.

Microsoft also resolved a significant number of critical RCE vulnerabilities, particularly in Microsoft Office, SharePoint and Windows core components like Hyper-V and KDC Proxy. Several vulnerabilities can be triggered through minimal user interaction, such as viewing a document in the preview pane or interacting with network services. 

CVE ID System Affected Vulnerability Details Impact 
CVE-2025-49719 Microsoft SQL Server Publicly disclosed information disclosure via improper input validation; attackers may access uninitialized memory Unauthorized data disclosure 

Source: Microsoft and NVD 

In addition to the publicly disclosed vulnerability, several other critical and high-severity issues were addressed: 

  • CVE-2025-49701 and CVE-2025-49704: Microsoft SharePoint, RCE over the Internet via authenticated access (CVSS 8.8) 
  • CVE-2025-49735: Windows KDC Proxy Service, Use-after-free vulnerability allowing unauthenticated RCE (CVSS 8.1) 
  • CVE-2025-47981: SPNEGO Extended Negotiation, Heap buffer overflow enabling RCE through crafted messages (CVSS 9.8) 
  • CVE-2025-48822: Hyper-V Discrete Device Assignment (DDA), RCE via PCI passthrough flaw in virtual environments (CVSS 8.6) 
  • CVE-2025-49717: Microsoft SQL Server, Heap-based buffer overflow enabling authenticated RCE (CVSS 8.5) 
  • CVE-2025-49695 to CVE-2025-49703: Microsoft Office/Word, Multiple RCEs via heap overflow, out-of-bounds read, type confusion (CVSS 8.4 & 7.8) 
  • CVE-2025-36357: AMD L1 Data Queue, Side-channel transient execution attack. 
  • CVE-2025-36350: AMD Store Queue, Speculative execution side-channel leak. 

Key Affected Products and Services 

The vulnerabilities addressed in July 2025 impact a wide range of Microsoft products and services, including: 

  • Windows Components: 
    Windows Kernel, BitLocker, SSDP Service, Hyper-V, KDC Proxy and Routing and Remote Access Service (RRAS). 
  • Microsoft Office Suite: 
    Excel, Word, PowerPoint, and SharePoint with several vulnerabilities enabling Remote Code Execution (RCE) or Elevation of Privilege (EoP). 
  • Cloud and Enterprise Services: 
    Azure Monitor Agent, Microsoft Intune and Microsoft SQL Server. 
  • Development Tools: 
    Visual Studio and the Python extension for Visual Studio Code. 
  • Browsers: 
    Microsoft Edge (Chromium-based). 

Remediation

  • Apply Patches Promptly: Install the July 2025 security updates immediately to mitigate risks. 

Conclusion: 

The July 2025 Patch Tuesday reflects a large-scale update effort from Microsoft, addressing both known and undisclosed security risks. The zero-day (CVE-2025-49719) highlights ongoing concerns with SQL Server, while critical vulnerabilities in Office, SharePoint and core Windows services demand urgent patching.

Organizations should prioritize deployment of these patches and remain vigilant for any post-patch exploitation attempts, especially in externally facing applications. 

References

Security Advisory

Google Chrome Zero-Day CVE-2025-2783 Exploited in APT Group TaxOff Campaigns 

Summary 

A newly-patched zero-day vulnerability in Google Chrome CVE-2025-2783 which was exploited in the wild by a threat actor TaxOff, leading to the deployment of Trinper which an advanced backdoor.

The CVE-2025-2783 exploited a sandbox escape vulnerability within Google Chrome’s Mojo IPC (Inter-Process Communication) framework, which allowed attackers to bypass the browser’s security sandbox and lead to RCE. 

TaxOff Threat Actor 

TaxOff is a highly sophisticated Advanced Persistent Threat (APT) group primarily targeting government organizations which is known for its use of advanced social engineering tactics, often involving phishing campaigns that exploit themed around financial reporting and regulatory compliance. 

The CVE-2025-2783 vulnerability was first detected in March 2025 after Kaspersky reported real-world exploitation.

TaxOff used a phishing-based delivery method, which involved embedding a malicious link in emails masquerading as invitations to legitimate events like the Primakov Readings forum.

Once the link was clicked, the CVE-2025-2783 exploit was triggered, leading to the deployment of the Trinper backdoor. It was a one-click compromise that delivered a highly tailored payload with surgical precision. 

Trinper Backdoor 

This is a multi-threaded C++ backdoor that collected host data, logged keystrokes, exfiltrated targeted documents like document, excel or pdf files and maintained remote access.

But this wasn’t just a “plug-and-play” backdoor. Trinper’s loader employed five layers of encryption, utilizing ChaCha20, modified BLAKE2b hashes, and even machine-specific environmental checks. It was decrypted only on intended systems, using unique hardware identifiers like firmware UUIDs and PEB structures. 

Source: global.ptsecurity.com 

Interestingly, researchers found that Team46, a different APT group shares many similarities with TaxOff in terms of TTPs. This overlap raises the possibility that TaxOff and Team46 are the same group operating under different aliases.

Both groups have used PowerShell-based loaders and Cobalt Strike as their primary exploitation vectors. 

This flaw allows threat actors to:

  • Execute arbitrary code
  • Bypass Chrome’s built-in security sandbox
  • Potentially gain remote control over the system

Recommendation 

The rapid exploitation of CVE-2025-2783 highlights the critical importance of timely patch management. Google released a fix for this vulnerability in March 2025, and all users are strongly advised to update their Chrome browsers to the latest version immediately. 

In addition to patching, organizations should implement the following defensive measures 

  • Enhance email filtering systems and provide regular phishing awareness training for employees. 
  • Continuously monitor systems for unusual or suspicious behavior related to script execution or network anomalies. 
  • Restrict the execution of unsigned or obfuscated scripts and macros, particularly in email attachments or downloaded files, using tools like AppLocker or Microsoft Defender ASR. 

References

Security Advisory

Google Chrome Patches Actively Exploited Zero-Day Vulnerability 

Summary : Security Advisory

Google has released a critical out-of-band security update for its Chrome browser to address CVE-2025-5419.

Rated as high-severity zero-day vulnerability in the V8 JavaScript engine that is currently being actively exploited in the wild.

OEM Google 
Severity HIGH 
CVSS Score 8.8 
CVEs CVE-2025-5419 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

This vulnerability allows attackers to execute arbitrary code on users’ systems through specially crafted web content, making it a serious threat requiring immediate attention. 

In addition to the zero-day fix, this update also includes a patch for CVE-2025-5068, a medium severity use-after-free vulnerability in Blink, chrome’s rendering engine.

While less critical, such flaws can still result in memory corruption and possible code execution. 

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
​Out-of-bounds memory access vulnerability  CVE-2025-5419 Google Chrome  High  137.0.7151.68/.69 (Win/Mac), 137.0.7151.68 (Linux) 

Technical Summary 

This high-severity vulnerability is caused by an out-of-bounds read and write weakness in Chrome’s V8 JavaScript engine, reported one week ago by Clement Lecigne and Benoît Sevens of Google’s Threat Analysis Group.

This flaw affects the V8 JavaScript engine and allows attackers to execute arbitrary code via crafted web content.

CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-5419  Chrome (all platforms) Out-of-bounds read and write in the V8 JavaScript engine; triggered via malicious HTML   Arbitrary code execution, memory compromise, remote attack 

Remediation

Apply Patches Promptly: Upgrade to Chrome version 137.0.7151.68/.69 or later for Windows and macOS, and 137.0.7151.68 or later for Linux to mitigate the vulnerabilities. 

General Recommendation: 

  • Prioritize Zero-Day Fixes: Treat this patch as high priority due to confirmed in-the-wild exploitation. Immediate action is critical to prevent potential system compromise. 
  • Update Chromium-Based Browsers: Ensure Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are updated as soon as vendor-specific patches are released. 
  • Automate Browser Updates: Enable automatic updates in Chrome and Chromium environments to maintain timely patching against emerging threats. 
  • Enterprise Patch Rollout: Administrators should fast-track deployment of the fixed version across all endpoints, particularly in high-risk or externally exposed environments. 
  • Monitor for Threat Activity: Continuously monitor browser and network activity for signs of exploitation attempts targeting vulnerable versions. 

Conclusion: 
CVE-2025-5419 poses a significant security risk with confirmed active exploitation in the wild.

Google’s swift action highlights the urgency of this threat. All users are strongly advised to update their Chrome browsers immediately. Delaying this update could expose systems to compromise through malicious web content exploiting this zero-day vulnerability. 

While Chrome will automatically update when new security patches are available, users can speed up the process by going to the Chrome menu > Help > About Google Chrome, letting the update finish, and clicking the ‘Relaunch’ button to install it immediately.

References

Blogs Cybersecurity News Security Advisory

Cyber Security News at a Glance; May 2025

For the month of May 2025 here are the Top News including Security Advisory & Blogs

Tesla Model 3 VCSEC Vulnerability Allows Remote Code Execution via TPMS Exploit

A high-severity vulnerability (CVE-2025-2082) in Tesla Model 3’s Vehicle Controller Security (VCSEC) module allows attackers within wireless range to remotely execute arbitrary code by exploiting a flaw in the Tire Pressure Monitoring System (TPMS)

Tesla Model 3 VCSEC Vulnerability Allows Remote Code Execution via TPMS Exploit 

The FBI issued an alert warning of ongoing exploitation of 13 EOL Linksys/Cisco routers by cybercriminal groups operating the 5Socks and Anyproxy services.

FBI Warns  End-of-Life Routers Exploited in Active Botnet and Proxy Campaigns 

Microsoft May 2025 Patch Tuesday Released; Fixed 83 Vulnerabilities, Including 5 Zero-Days

Microsoft addressed 83 vulnerabilities across its product suite. Among them are 5 zero-day vulnerabilities have been confirmed as actively exploited in the wild. The updates span Windows components, Office, Visual Studio, and other core services.

11 vulnerabilities were rated critical, emphasizing the importance of timely remediation especially for enterprise environments.

5 non-Microsoft CVEs included

78 Microsoft CVEs addressed

Microsoft May 2025 Patch Tuesday Released; Fixed 83 Vulnerabilities, Including 5 Zero-Days

Critical SAP NetWeaver Vulnerabilities Addressed in May 2025 Patch – Immediate Action Required 

SAP has released critical security updates for its May 2025 patch, including fixes for two actively exploited zero-day vulnerabilities in SAP NetWeaver Visual Composer.

SAP Visual Composer is not installed by default, however it is enabled because it was a core component used by business process specialists to develop business application components without coding.

Critical SAP NetWeaver Vulnerabilities Addressed in May 2025 Patch – Immediate Action Required 

CISA is officially changing the way it disseminates online security updates and guidance.

CISA says the enhanced information dissemination system will from now on use social media and email only to disperse cybersecurity alerts and advisories, saving its landing page for more critical warnings on May 12.

Updates on May 13

Just a day after announcing it was changing the way it sent out alerts, CISA has changed its mind and reverted back to its old system of putting everything on its website.

“We recognize this has caused some confusion in the cyber community,” the site now reads. “As such, we have paused immediate changes while we re-assess the best approach to sharing with our stakeholders.”

Social Media & emails as Medium to disperse Cybersecurity alerts; CISA

Zero-Day Threat in Chrome’s Loader Component (CVE-2025-4664) – CISA Flags Urgent Risk 

A zero-day vulnerability (CVE-2025-4664) in Google Chrome’s Loader component has been actively exploited in the wild.This flaw allows attackers to bypass security policies, leak cross-origin data, and potentially execute unauthorized code. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, urging immediate patching. 

Zero-Day Threat in Chrome’s Loader Component (CVE-2025-4664) – CISA Flags Urgent Risk 
Scroll to top