Sign-up

VARIoT news about IoT security

Top 8 Endpoint Security Threats

Trust: 3.5

Fetched: June 27, 2025, 11:11 a.m., Published: June 5, 2025, 12:23 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: trend model: antivirus
vendor: trend model: security
vendor: trend model: data loss prevention

CVE-2025-5777: Critical Information Disclosure Vulnerability “Citrix Bleed 2” in Citrix NetScaler ADC and Gateway - Arctic Wolf

Trust: 5.5

Fetched: June 27, 2025, 11:10 a.m., Published: June 25, 2025, 9:27 p.m.
 Vulnerabilities: improper access control, information disclosure, denial of service
Affected productsExternal IDs
vendor: citrix model: netscaler gateway
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
vendor: citrix model: gateway
db: NVD ids: CVE-2025-5777, CVE-2023-4966, CVE-2025-5349, CVE-2025-6543

CVE-2025-5777 | Arctic Wolf

Trust: 5.5

Fetched: June 27, 2025, 11:10 a.m., Published: June 25, 2025, 9:22 p.m.
 Vulnerabilities: improper access control, information disclosure, denial of service
Affected productsExternal IDs
vendor: citrix model: netscaler gateway
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
vendor: citrix model: gateway
db: NVD ids: CVE-2025-5777, CVE-2023-4966, CVE-2025-5349, CVE-2025-6543

CISA Flags Actively Exploited Flaws in AMI, D-Link, and Fortinet Devices

Related entries in the VARIoT vulnerabilities database: VAR-202401-0919, VAR-201911-0300

Trust: 6.0

Fetched: June 27, 2025, 11:09 a.m., Published: -
 Vulnerabilities: path traversal, authentication bypass, privilege escalation
Affected productsExternal IDs
vendor: d-link model: dir-859
db: NVD ids: CVE-2024-54085, CVE-2024-0769, CVE-2019-6693

CVE-2022-50190 : Linux Kernel Device Management Vulnerability in SPI Controller

Trust: 3.25

Fetched: June 27, 2025, 11:09 a.m., Published: June 18, 2025, 11:03 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-50190

Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities

Trust: 4.75

Fetched: June 27, 2025, 11:03 a.m., Published: June 2, 2025, 2:22 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: meraki mx
db: NVD ids: CVE-2024-20501, CVE-2024-20499, CVE-2024-20513, CVE-2024-20500, CVE-2024-20502, CVE-2024-20498

Specific Ricoh MFP and Printer Products - Multiple vulnerabilities (CVE-2017-9765, CVE-2024-2169, CVE-2024-51977, CVE-2024-51979, CVE-2024-51980, CVE-2024-51981, CVE-2024-51982, CVE-2024-51983, CVE-2024-51984) | Ricoh Europe

Trust: 3.25

Fetched: June 27, 2025, 10:56 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-51979, CVE-2024-51981, CVE-2024-51977, CVE-2017-9765, CVE-2024-51984, CVE-2024-51982, CVE-2024-51980, CVE-2024-2169, CVE-2024-51983

New Linux PAM and Udisks Vulnerabilities (CVE-2025-6018 & CVE-2025-6019) Allow Full Root Access Across Major Distributions - Web Asha Technologies

Trust: 4.0

Fetched: June 27, 2025, 10:55 a.m., Published: June 27, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2025-6019, CVE-2025-6020, CVE-2025-6018

CVE-2025-49603 - Improper access control of device groups in Mender Server

Trust: 5.0

Fetched: June 27, 2025, 10:55 a.m., Published: March 7, 2011, midnight
 Vulnerabilities: improper access control
Affected productsExternal IDs
db: NVD ids: CVE-2025-49603

Multiple Vulnerabilities in Cisco ISE and ISE-PIC Could Allow for Remote Code Execution

Trust: 4.0

Fetched: June 27, 2025, 10:54 a.m., Published: June 25, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Cisco Identity Services Engine Authorization Bypass Vulnerability - Cisco

Trust: 3.0

Fetched: June 27, 2025, 10:54 a.m., Published: June 25, 2025, 11:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco identity services engine
vendor: cisco model: identity services engine

Threat Spotlight: CVE-2025-5777: Citrix Bleed 2 Opens Old Wounds - ReliaQuest

Trust: 4.75

Fetched: June 27, 2025, 10:53 a.m., Published: June 26, 2025, 8:27 p.m.
 Vulnerabilities: session hijacking
Affected productsExternal IDs
vendor: citrix model: netscaler gateway
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
vendor: citrix model: gateway
db: NVD ids: CVE-2025-5777, CVE-2023-4966, CVE-2025-6543

Citrix NetScaler ADC/Gateway Vulnerability Exploited in the Wild (CVE-2025-6543) - Intrucept

Trust: 5.0

Fetched: June 27, 2025, 10:53 a.m., Published: June 26, 2025, 8:48 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: citrix model: netscaler gateway
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
vendor: citrix model: gateway
db: NVD ids: CVE-2025-6543, CVE-2025-5777

Zero-day: Bluetooth gap turns millions of headphones into listening stations | heise online

Trust: 3.75

Fetched: June 27, 2025, 10:51 a.m., Published: June 26, 2025, 10:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: xiaomi model: redmi
db: NVD ids: CVE-2025-20700, CVE-2025-20702, CVE-2025-20701

Decrement by one to rule them all: AsIO3.sys driver exploitation

Trust: 4.25

Fetched: June 27, 2025, 10:51 a.m., Published: June 26, 2025, 10 a.m.
 Vulnerabilities: buffer overflow, memory leak, privilege escalation
Affected productsExternal IDs
vendor: asustek computer inc. model: asus
vendor: asus model: asus
vendor: asustek model: asus
db: NVD ids: CVE-2025-1533

Cisco Catalyst Center User Guide, Release 2.3.7.x - Identify Network Security Advisories [Cisco Catalyst Center] - Cisco

Trust: 3.25

Fetched: June 27, 2025, 10:50 a.m., Published: June 24, 2025, 4:23 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: catalyst

Privacy and Cybersecurity in Smart Devices: Challenges and Opportunity

Trust: 4.0

Fetched: June 27, 2025, 10:49 a.m., Published: June 22, 2025, midnight
 Vulnerabilities: sql injection, buffer overflow, cross-site scripting
Affected productsExternal IDs
vendor: google model: home
vendor: schneider model: monitor

Cisco Meraki MX and Z Series AnyConnect VPN with Client Certificate Authentication Denial of Service Vulnerability

Trust: 5.0

Fetched: June 27, 2025, 10:49 a.m., Published: June 18, 2025, 3:56 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: anyconnect vpn client
vendor: cisco model: vpn client
vendor: cisco model: meraki mx
vendor: cisco model: meraki mx firmware

Security Advisory: Airoha-based Bluetooth Headphones and Earbuds - Insinuator.net

Trust: 3.75

Fetched: June 27, 2025, 10:48 a.m., Published: June 27, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-20700, CVE-2025-20702, CVE-2025-20701

Latest Citrix vulnerability could be every bit as bad as Citrix Bleed | Computer Weekly

Trust: 4.5

Fetched: June 27, 2025, 10:47 a.m., Published: June 25, 2025, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: citrix model: netscaler gateway
vendor: citrix model: application delivery controller
vendor: citrix model: netscaler application delivery controller
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
vendor: citrix model: gateway
db: NVD ids: CVE-2025-5777, CVE-2025-5349, CVE-2025-577, CVE-2023-4966