Critical Threat Intelligence & Advisory Summaries

Monthly Vulnerability Roundup - October 2025

Monthly Vulnerability Roundup - October 2025

HackerStorm

October 2025 notable vulnerabilities and related headlines summary.

 

Notable Headlines

  

1. Widespread Zero-Day Exploitation Across Enterprise Software

Attackers are actively exploiting zero-day vulnerabilities in Oracle E-Business Suite (CVE-2025-61882, CVE-2025-61884), Microsoft WSUS (CVE-2025-59287), VMware Aria Operations and VMware Tools (CVE-2025-41244), Dassault Systèmes DELMIA Apriso, XWiki, and Cisco ASA/FTD/IOS/IOS XE. These flaws allow full system compromise, remote code execution, privilege escalation, and data exfiltration, prompting multiple additions to the CISA Known Exploited Vulnerabilities (KEV) catalog.

 

2. Critical Consumer & Enterprise Software Under Attack

Adobe Commerce, Magento, Adobe Experience Manager Forms (CVE-2025-54236, CVE-2025-54253), Microsoft Windows SMB Client (CVE-2025-33073), and LANSCOPE Endpoint Manager (CVE-2025-61932) are being exploited for remote code execution, session hijacking, coinminer delivery, and sensitive data theft. Many of these vulnerabilities have been actively weaponized in ransomware campaigns.

 

3. Mobile and IoT Devices Targeted

Apple macOS, iOS, tvOS, Safari, and watchOS vulnerabilities, along with Samsung mobile devices (CVE-2025-21043), are being exploited for remote code execution and persistent compromise. IoT devices, including Hikvision cameras, TP-Link Omada gateways, and Smartbedded Meteobridge, are under attack for command injection and remote control, demonstrating a growing mobile and IoT espionage trend.

 

4. Ransomware Campaigns Exploiting Enterprise Flaws

Cl0p, Medusa, Akira, and RondoDox ransomware groups are leveraging critical vulnerabilities in Oracle EBS, WSUS, GoAnywhere MFT, and network devices to exfiltrate data, deploy malware, and demand ransom. Exploited CVEs include zero-days and high-severity flaws affecting both Windows and Linux systems.

 

5. Infrastructure Exploitation Escalates via Networking & Remote Management

Cisco SNMP and firewall flaws, WSUS, NTLM, and network management software such as ConnectWise Automate are exploited for privilege escalation, rootkit deployment, and lateral movement. Operation Zero Disco and other campaigns highlight the scale of attacks on enterprise infrastructure.

 

6. Growing Focus on Open-Source and Developer Tools

Grafana, Redis, FreePBX, Sudo, Apache Tomcat, Jenkins, and WordPress vulnerabilities are actively exploited to execute malicious commands, deliver ransomware, and compromise web services. Botnet campaigns like RondoDox are leveraging these flaws to hijack thousands of devices globally.

 

 

Priority CVEs from CISA Known to be Actively Exploited


CVEs identified by CISA which were actively exploited by threat actors during November . These include:

1. Adobe

a) Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability (CVE-2025-54236)

b) Adobe Experience Manager Forms Arbitrary Code Execution Vulnerability (CVE-2025-54253)

 

2. Apple
Apple macOS, iOS, tvOS, Safari, and watchOS JavaScriptCore Arbitrary Code Execution Vulnerability (CVE-2022-48503)

 

3. Broadcom
VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability (CVE-2025-41244)

 

4. Dassault Systèmes
a) DELMIA Apriso Code Injection Vulnerability (CVE-2025-6204)

b) DELMIA Apriso Missing Authorization Vulnerability (CVE-2025-6205)

 

5. GNU
Bash OS Command Injection Vulnerability (CVE-2014-6278)

 

6. Grafana Labs
Grafana Path Traversal Vulnerability (CVE-2021-43798)

 

7. IGEL
IGEL OS Secure Boot Bypass Vulnerability (CVE-2025-47827)

 

8. Jenkins
CLI Remote Code Execution Vulnerability (CVE-2017-1000353)

 

9. Juniper
ScreenOS Improper Authentication Vulnerability (CVE-2015-7755)

 

10. Kentico
Xperience CMS Authentication Bypass Vulnerabilities (CVE-2025-2746, CVE-2025-2747)

 

11. Linux
Kernel Heap Out-of-Bounds Write Vulnerability (CVE-2021-22555)

 

12. Microsoft
a). Windows Server Update Service (WSUS) Deserialization Vulnerability Enabling Remote Code Execution (CVE-2025-59287)
b). Windows SMB Client Improper Access Control Vulnerability (CVE-2025-33073)
c). Windows Agere Modem Driver Untrusted Pointer Dereference Vulnerability (CVE-2025-24990)
d). Windows Remote Access Connection Manager Improper Access Control Vulnerability (CVE-2025-59230)
e). Internet Explorer Uninitialized Memory Corruption Vulnerability (CVE-2010-3962)
f). Windows Common Log File System Driver Privilege Escalation Vulnerability (CVE-2021-43226)
g). Windows ActiveX Out-of-Bounds Write Vulnerability (CVE-2013-3918)
h). Windows Kernel TrueType Font Parsing Engine Vulnerability (CVE-2011-3402)

 

13. Motex
LANSCOPE Endpoint Manager Improper Verification of Communication Source Vulnerability (CVE-2025-61932)

 

14. Oracle
a). E-Business Suite Server-Side Request Forgery Vulnerability (CVE-2025-61884)
b). E-Business Suite BI Publisher Integration Unauthenticated Exploitation Vulnerability (CVE-2025-61882)

 

15. Samsung
Mobile Devices Out-of-Bounds Write Vulnerability (CVE-2025-21043)

 

16. Smartbedded
Meteobridge Command Injection Vulnerability (CVE-2025-4008)

 

17. SKYSEA
Client View Improper Authentication Vulnerability Allowing Remote Code Execution (CVE-2016-7836)

 

18. Synacor
Zimbra Collaboration Suite Cross-Site Scripting Vulnerability (CVE-2025-27915)

 

19. XWiki
Platform Eval Injection Vulnerability Allowing Arbitrary Remote Code Execution (CVE-2025-24893)

 

Priority CVEs Known to be Used in Ransomware Campaigns

Two priority CVEs identified by CISA are also known to be leveraged in ransomware campaigns:

 

1. Oracle E-Business Suite Server-Side Request Forgery Vulnerability (CVE-2025-61884)

 

2. Oracle E-Business Suite BI Publisher Integration Unauthenticated Exploitation Vulnerability (CVE-2025-61882)

 

Author: Hackerstorm.com

 

References:


https://www.cisa.gov/news-events/news

https://nvd.nist.gov

https://www.ncsc.gov.uk/section/keep-up-to-date/reports-advisories

https://cert.europa.eu/publications/security-advisories/2024

https://cert.europa.eu/publications/threat-intelligence/cb24-03

https://www.jpcert.or.jp/english/at/2024.html

https://auscert.org.au/bulletins

https://www.csa.gov.sg/alerts-advisories/security-bulletins

 

 

 
By using this site, you agree to our Terms & Conditions.

COOKIE / PRIVACY POLICY: This website uses essential cookies required for basic site functionality. We also use analytics cookies to understand how the website is used. We do not use cookies for marketing or personalization, and we do not sell or share any personal data with third parties.

Terms & Privacy Policy