VARIoT latest news about IoT security

What is Cyber Infrastructure? Safeguarding Digital Assets \| SentinelOne Trust: 3.5 Fetched: July 25, 2025, 10:01 a.m., Published: July 21, 2025, 8:23 a.m.	Vulnerabilities: denial of service

Affected products	External IDs

CVE-2025-49724: Windows Devices Vulnerability - DEC Solutions Group Trust: 5.25 Fetched: July 25, 2025, 10:01 a.m., Published: July 8, 2025, 6:05 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2025-49724

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog Related entries in the VARIoT vulnerabilities database: VAR-202401-1629, VAR-202401-2573 Trust: 5.75 Fetched: July 25, 2025, 10 a.m., Published: June 30, 2025, 6:49 p.m.	Vulnerabilities: code injection, denial of service, buffer overflow

Affected products

External IDs

vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler
vendor:	citrix	model:	netscaler adc
vendor:	citrix	model:	netscaler gateway

db:

NVD

ids:

CVE-2023-6549, CVE-2023-6548, CVE-2025-6543

Schneider Electric EcoStruxure (Update B) \| CISA Trust: 5.25 Fetched: July 25, 2025, 9:59 a.m., Published: July 15, 2025, midnight	Vulnerabilities: uncontrolled search path, privilege escalation

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	schneider	model:	vijeo designer
vendor:	schneider	model:	zelio soft 2
vendor:	schneider	model:	ecostruxure machine expert
vendor:	schneider	model:	ecostruxure control expert
vendor:	schneider	model:	zelio soft
vendor:	schneider	model:	control expert
vendor:	schneider electric	model:	vijeo designer
vendor:	schneider electric	model:	zelio soft 2
vendor:	schneider electric	model:	ecostruxure machine expert
vendor:	schneider electric	model:	ecostruxure control expert
vendor:	schneider electric	model:	zelio soft
vendor:	schneider electric	model:	control expert
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2024-2658

Update Canonical Ubuntu Desktop: USN-7628-1: Linux kernel (Azure) vulnerabilities Trust: 3.75 Fetched: July 25, 2025, 9:59 a.m., Published: Jan. 25, 7628, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	acrn	model:	acrn
vendor:	alsa	model:	alsa
vendor:	canonical	model:	ubuntu

db:

NVD

ids:

CVE-2025-2312

Technical Advisory: Critical Remote Code Execution Vulnerability in Microsoft SharePoint Server (CVE-2025-53770) Trust: 3.75 Fetched: July 25, 2025, 9:58 a.m., Published: July 21, 2025, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2025-49704, CVE-2025-49706, CVE-2025-53770

RondoDox Unveiled: Breaking Down a New Botnet Threat \| FortiGuard Labs Trust: 4.5 Fetched: July 25, 2025, 9:56 a.m., Published: July 3, 2025, 1 p.m.	Vulnerabilities: command execution

Affected products

External IDs

vendor:	wireshark	model:	wireshark
vendor:	four-faith	model:	f3x24
vendor:	four-faith	model:	four-faith router
vendor:	four-faith	model:	four-faith

db:

NVD

ids:

CVE-2024-12856, CVE-2024-3721

CVE-2025-4395 : User Account Vulnerability in Medtronic MyCareLink Patient Monitor Devices Trust: 4.25 Fetched: July 25, 2025, 9:56 a.m., Published: July 24, 2025, 3:30 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

medtronic

model:

mycarelink patient monitor

db:

NVD

ids:

CVE-2025-4395

Update Canonical Ubuntu Server: USN-7629-1: Protocol Buffers vulnerabilities Trust: 6.25 Fetched: July 25, 2025, 9:54 a.m., Published: Jan. 25, 7629, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2024-7254, CVE-2025-4565

Critical Sophos Firewall Vulnerabilities Enables pre-auth Remote Code Execution Trust: 5.5 Fetched: July 25, 2025, 9:52 a.m., Published: July 22, 2025, 1:06 p.m.	Vulnerabilities: command injection, code execution, sql injection

Affected products

External IDs

vendor:

sophos

model:

firewall

db:

NVD

ids:

CVE-2025-7382, CVE-2024-13974, CVE-2025-6704, CVE-2024-13973, CVE-2025-7624

CVE-2025-5777, CVE-2025-6543: Frequently Asked Questions About CitrixBleed 2 and Citrix NetScaler Exploitation - Blog \| Tenable® Trust: 4.5 Fetched: July 25, 2025, 9:51 a.m., Published: June 27, 2025, 9:11 p.m.	Vulnerabilities: denial of service, improper access control, access control vulnerability

Affected products

External IDs

vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler
vendor:	citrix	model:	netscaler adc

db:

NVD

ids:

CVE-2025-5349, CVE-2025-6543, CVE-2025-5777, CVE-2023-4966

Mobile Device Security: Strategies Against Cyber Threats. Trust: 3.75 Fetched: July 25, 2025, 9:50 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

essential

model:

phone

Cisco ISE maximum severity flaw lets hackers execute root code \| TechRadar Trust: 4.0 Fetched: July 25, 2025, 9:50 a.m., Published: July 17, 2025, 5 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	identity services engine

db:

NVD

ids:

CVE-2025-20337

Critical Arbitrary File Upload Vulnerability in SonicWall SMA 100 Series Devices Trust: 5.25 Fetched: July 25, 2025, 9:43 a.m., Published: July 23, 2025, 2:59 p.m.	Vulnerabilities: file upload vulnerability

Affected products

External IDs

vendor:

sonicwall

model:

sma 100

TP-Link Network Video Recorder Vulnerability Let Attackers Execute Arbitrary Commands - HEAL Security Inc. - Cyber Threat Intelligence for the Healthcare Sector Trust: 5.0 Fetched: July 25, 2025, 9:42 a.m., Published: July 24, 2025, 5:31 p.m.	Vulnerabilities: command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2025-7723, CVE-2025-7724

CVE-2025-27210: Node.js Vulnerability in Path API for Windows Device Names Trust: 3.75 Fetched: July 25, 2025, 9:41 a.m., Published: July 22, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

node.js

model:

node.js

db:

NVD

ids:

CVE-2025-23084, CVE-2025-27210

Update Canonical Ubuntu Desktop: USN-7651-2: Linux kernel vulnerabilities Trust: 3.0 Fetched: July 25, 2025, 9:41 a.m., Published: Feb. 25, 7651, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity Trust: 4.75 Fetched: July 25, 2025, 9:40 a.m., Published: July 17, 2025, 10:29 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco identity services engine

db:

NVD

ids:

CVE-2025-203373, CVE-2025-20282, CVE-2025-20337, CVE-2025-20281

CVE-2025-7433: Local Privilege Escalation Vulnerability in Sophos Intercept X for Windows - Cybersecurity Exploit Tracker by Ameeba Trust: 5.0 Fetched: July 25, 2025, 9:40 a.m., Published: Nov. 30, 0001, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:

sophos

model:

firewall

db:

NVD

ids:

CVE-2025-7433

CVE-2025-7794: Remote Stack-based Buffer Overflow Vulnerability in Tenda FH451 - Cybersecurity Exploit Tracker by Ameeba Related entries in the VARIoT vulnerabilities database: VAR-202507-2364 Trust: 5.75 Fetched: July 25, 2025, 9:39 a.m., Published: Nov. 30, 0001, midnight	Vulnerabilities: denial of service, buffer overflow, code execution

Affected products

External IDs

vendor:

essential

model:

phone

db:

NVD

ids:

CVE-2025-7794

VARIoT news about IoT security