Category Archives: Vulnerability

October “In the Trend of VM” (#20): vulnerabilities in Cisco ASA/FTD and sudo

October “In the Trend of VM” (#20): vulnerabilities in Cisco ASA/FTD and sudo. A traditional monthly roundup. This time, once again, no Microsoft vulnerabilities. 😲

🗞 Post on Habr (rus)
🗞 Post on SecurityLab (rus)
🗒 Digest on the PT website (rus)

Only three identifiers in total:

🔻 Remote Code Execution – Cisco ASA/FTD (CVE-2025-20333, CVE-2025-20362). This vulnerability chain has been exploited in attacks since May 2025, but there are no public exploits yet.
🔻 Elevation of Privilege – Sudo (CVE-2025-32463). There are signs of in-the-wild exploitation and many public exploits are available.

На русском

October Microsoft Patch Tuesday

2 Replies

October Microsoft Patch Tuesday. A total of 213 vulnerabilities – twice as many as in September. Of these, 41 vulnerabilities were added between the September and October MSPT. There are four vulnerabilities with evidence of exploitation in the wild:

🔻 SFB – IGEL OS (CVE-2025-47827) – public exploit available
🔻 EoP – Windows Agere Modem Driver (CVE-2025-24990)
🔻 EoP – Windows Remote Access Connection Manager (CVE-2025-59230)
🔻 MemCor – Chromium (CVE-2025-10585)

Another vulnerability with a public PoC exploit:

🔸 RCE – Unity Runtime (CVE-2025-59489)

Among the remaining vulnerabilities with no public exploits or signs of exploitation in the wild, the following stand out:

🔹 RCE – WSUS (CVE-2025-59287), Microsoft Office (CVE-2025-59227, CVE-2025-59234)
🔹 EoP – Windows Agere Modem Driver (CVE-2025-24052), Windows Cloud Files Mini Filter Driver (CVE-2025-55680)

🗒 Full Vulristics Report

На русском

About Elevation of Privilege – Sudo (CVE-2025-32463) vulnerability

Leave a reply

About Elevation of Privilege – Sudo (CVE-2025-32463) vulnerability. Sudo is a utility in Unix-like operating systems that allows a user to run a program with the privileges of another user, by default the superuser (root).

🔻 The vulnerability allows a local attacker to escalate privileges by forcing sudo to load an arbitrary dynamic library when using a root directory specified via the -R (–chroot) option. An attacker can execute arbitrary commands as root on systems that support (Name Service Switch configuration file).

⚙️ The vulnerability was fixed in sudo 1.9.17p1, released on June 30, 2025.

🛠 On the same day, a write-up by researcher Rich Mirch was published with a PoC exploit.

🐧 I noted Linux vendors’ remediation of this vulnerability in July Linux Patch Wednesday. Multiple public exploits for the vulnerability were available.

👾 On September 29, the vulnerability was added to CISA KEV.

На русском

About Remote Code Execution – Cisco ASA/FTD (CVE-2025-20333, CVE-2025-20362) vulnerability

Leave a reply

About Remote Code Execution – Cisco ASA/FTD (CVE-2025-20333, CVE-2025-20362) vulnerability. Cisco ASA and FTD are among the most widely used solutions for perimeter protection and for providing remote access to corporate infrastructure. 🔗 On September 25, Cisco released updates addressing a chain of vulnerabilities that could allow attackers take full control of affected devices:

🔻 Vulnerability CVE-2025-20362 allows an unauthenticated attacker to access a restricted URL.

🔻 Vulnerability CVE-2025-20333 allows an authenticated attacker to execute arbitrary code as root.

👾 Cisco reports that the vulnerability chain has been exploited in attacks since May 2025. The attacks are linked to the ArcaneDoor campaign and use the LINE VIPER and RayInitiator malware.

🛠 There are no public exploits yet.

🌐 Shadowserver shows over 45,000 vulnerable hosts, with more than 2,000 of them in Russia.

На русском

Vulners has added information on exploits

Leave a reply

Vulners has added information on exploits. But wasn’t that already available before? After all, Vulristics takes most of its exploit-related data from Vulners! 🤔

That’s true. ✅ But previously an exploit in Vulners was always a Vulners object from a specific collection. For example, an exploit page from ExploitDB. The centralized, collection-based approach works great for sources like vulnerability databases, security bulletins, and exploit packs.

However, quite often an exploit PoC is found in random places – for example, in a researcher’s blog post or on a vendor’s page. For such cases, Vulners now also stores exploits as sets of links in the vulnerability metadata. 🔗🧩 These links are collected from various sources, including NVD, GitHub, and Gitee.

The number of sources will expand, exploit information in Vulners will become more complete, and tools like Vulristics will be able to prioritize vulnerabilities even better based on that. 🧰📈

На русском

September “In the Trend of VM” (#19): vulnerabilities in the WinRAR and 7-Zip archivers, SAP NetWeaver, and TrueConf Server

1 Reply

September “In the Trend of VM” (#19): vulnerabilities in the WinRAR and 7-Zip archivers, SAP NetWeaver, and TrueConf Server. A traditional monthly roundup – for the first time with NO Microsoft vulnerabilities! 😲🙂

🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)

A total of eight trending vulnerability IDs in four products:

🔻 Remote Code Execution – WinRAR (CVE-2025-6218, CVE-2025-8088). An exploitable RCE during archive extraction.
🔻 Remote Code Execution – SAP NetWeaver (CVE-2025-31324, CVE-2025-42999). An exploitable RCE in a component of a popular ERP system.
🔻 Remote Code Execution – 7-Zip (CVE-2025-55188). Mostly a Linux RCE during archive extraction – a public exploit is available.
🔻 Remote Code Execution – TrueConf Server (BDU:2025-10116, BDU:2025-10115, BDU:2025-10114). Critical flaws in Russian videoconferencing system.

На русском

About Remote Code Execution – TrueConf Server (BDU:2025-10116, BDU:2025-10115, BDU:2025-10114) vulnerability

Leave a reply

About Remote Code Execution – TrueConf Server (BDU:2025-10116, BDU:2025-10115, BDU:2025-10114) vulnerability. TrueConf Server is a popular Russian corporate messenger and video conferencing system. A chain of critical vulnerabilities in TrueConf Server was discovered by PT SWARM expert Nikita Petrov:

🔻 Vulnerability BDU:2025-10114 is related to insufficient access control and allows an attacker to send requests to certain administrative endpoints without permission checks or authentication.

🔻 Vulnerability BDU:2025-10115 allows an attacker to read arbitrary files on the system.

🔻 The most critical – BDU:2025-10116 – allows a potential attacker to inject and execute arbitrary OS commands.

⚙️ Security updates were released on August 27, 2025.

👾🛠 There are currently no signs of exploitation in the wild or public exploits.

🌐 According to Positive Technologies, there are over 7,000 TrueConf Server installations in Russia alone.

На русском

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Category Archives: Vulnerability

October “In the Trend of VM” (#20): vulnerabilities in Cisco ASA/FTD and sudo

October Microsoft Patch Tuesday

About Elevation of Privilege – Sudo (CVE-2025-32463) vulnerability

About Remote Code Execution – Cisco ASA/FTD (CVE-2025-20333, CVE-2025-20362) vulnerability

Vulners has added information on exploits

September “In the Trend of VM” (#19): vulnerabilities in the WinRAR and 7-Zip archivers, SAP NetWeaver, and TrueConf Server

About Remote Code Execution – TrueConf Server (BDU:2025-10116, BDU:2025-10115, BDU:2025-10114) vulnerability