VARIoT latest news about IoT security

OnePlus OxygenOS Vulnerability Allows Any App to Read SMS Data Without Trust: 3.5 Fetched: Sept. 26, 2025, 11:17 a.m., Published: Sept. 25, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	android
vendor:	oneplus	model:	oneplus
vendor:	oneplus	model:	one
vendor:	oneplus	model:	oxygenos
vendor:	essential	model:	phone

db:

NVD

ids:

CVE-2025-10184

OnePlus OxygenOS Vulnerability Lets Apps Access SMS Data Without User Permission Trust: 4.75 Fetched: Sept. 26, 2025, 11:16 a.m., Published: Sept. 24, 2025, 11:41 a.m.	Vulnerabilities: sql injection

Affected products

External IDs

vendor:	oneplus	model:	oneplus
vendor:	oneplus	model:	one
vendor:	oneplus	model:	oxygenos
vendor:	google	model:	android

db:

NVD

ids:

CVE-2025-10184

CVE-2025-20364 - Cisco Wireless Access Point Software Device Analytics Action Frame Injection Vulnerability - SecAlerts Trust: 4.0 Fetched: Sept. 26, 2025, 11:15 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

cisco

model:

wireless access point

db:

NVD

ids:

CVE-2025-20364

Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions Trust: 3.75 Fetched: Sept. 26, 2025, 11:15 a.m., Published: Sept. 18, 2025, 5:49 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	google	model:	google chrome
vendor:	google	model:	chrome

db:

NVD

ids:

CVE-2025-6558, CVE-2025-5419, CVE-2025-10585, CVE-2025-6554, CVE-2025-4664, CVE-2025-2783

Cisco uncovers new SNMP vulnerability used in attacks on IOS devices \| CyberScoop Trust: 5.5 Fetched: Sept. 26, 2025, 11:14 a.m., Published: Sept. 25, 2025, 2:57 p.m.	Vulnerabilities: code execution, buffer overflow, denial of service...

Affected products

External IDs

vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xr
vendor:	cisco systems	model:	ios xe software
vendor:	cisco systems	model:	cisco ios xe
vendor:	cisco systems	model:	ios xe
vendor:	cisco systems	model:	nx-os
vendor:	cisco systems	model:	catalyst
vendor:	cisco systems	model:	cisco ios
vendor:	cisco systems	model:	ios xr

db:

NVD

ids:

CVE-2025-20149, CVE-2025-20240, CVE-2025-20352

Security Vulnerability Testing Architecture in IoT Based on a Honeypot \| SpringerLink Trust: 3.0 Fetched: Sept. 26, 2025, 11:14 a.m., Published: Sept. 26, 2026, midnight	Vulnerabilities: denial of service

Affected products	External IDs

cisco-sa-ios-invalid-url-dos-Nvxszf6u - Cisco IOS Software Industrial Ethernet Switch Device Manager Denial of Service Vulnerability - SecAlerts Trust: 4.75 Fetched: Sept. 26, 2025, 11:12 a.m., Published: -	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	device manager
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios software
vendor:	cisco	model:	industrial ethernet

Cisco IOS XE Software Secure Boot Bypass Vulnerabilities Trust: 4.0 Fetched: Sept. 26, 2025, 11:10 a.m., Published: Sept. 24, 2025, 4:11 p.m.	Vulnerabilities: improper validation

Affected products

External IDs

vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe

Multiple Vulnerabilities in Cisco Products Could Allow for Remote Code Execution Trust: 3.0 Fetched: Sept. 26, 2025, 11:07 a.m., Published: Sept. 25, 2025, midnight	Vulnerabilities: code execution

Affected products	External IDs

www.cyber.gov.au Trust: 3.25 Fetched: Sept. 26, 2025, 11:01 a.m., Published: Sept. 26, 5500, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

cisco

model:

series

OnePlus exploit lets apps access your texts, but a fix is on the way Trust: 3.5 Fetched: Sept. 26, 2025, 11:01 a.m., Published: Sept. 25, 2025, 6:55 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	oneplus	model:	oxygenos
vendor:	oneplus	model:	oneplus

db:

NVD

ids:

CVE-2025-10184

CVE-2025-54807: Critical Authentication Bypass Vulnerability in Device Firmware - Cybersecurity Exploit Tracker by Ameeba Trust: 5.0 Fetched: Sept. 26, 2025, 11:01 a.m., Published: Nov. 30, 0001, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2025-54807

Cisco IOS RCE Vulnerability CVE-2025-20352 Exploited Trust: 5.75 Fetched: Sept. 26, 2025, 11 a.m., Published: Sept. 25, 2025, 9:53 a.m.	Vulnerabilities: code execution, denial of service

Affected products

External IDs

vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	series
vendor:	cisco	model:	series switches
vendor:	cisco	model:	cisco nx-os
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xr

db:

NVD

ids:

CVE-2025-20352

Approximately 2 Million Cisco Devices Vulnerable to Exploited Zero-Day Threat Trust: 4.75 Fetched: Sept. 26, 2025, 11 a.m., Published: Sept. 2, 2025, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe

db:

NVD

ids:

CVE-2025-20352

CVE-2025-20333, CVE-2025-20362: Frequently Asked Questions About Zero-Day Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) Vulnerabilities - Security Boulevard Trust: 4.0 Fetched: Sept. 26, 2025, 11 a.m., Published: Sept. 25, 2025, 9:47 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	adaptive security appliance

db:

NVD

ids:

CVE-2025-20333, CVE-2025-20362

Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software Trust: 6.0 Fetched: Sept. 26, 2025, 10:59 a.m., Published: Sept. 25, 2025, 6:30 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	series
vendor:	cisco	model:	series switches
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	ios software

db:

NVD

ids:

CVE-2025-20352

Cisco IOS 0-Day RCE Vulnerability Actively Exploited in the Wild Trust: 5.75 Fetched: Sept. 26, 2025, 10:59 a.m., Published: Sept. 24, 2025, 5:59 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	cisco	model:	series
vendor:	cisco	model:	series switches
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2025-20352

Cisco admins urged to patch IOS, IOS XE devices \| Network World Trust: 5.0 Fetched: Sept. 26, 2025, 10:56 a.m., Published: Sept. 25, 2025, midnight	Vulnerabilities: code execution, denial of service, default credentials

Affected products

External IDs

vendor:

cisco

model:

ios xe

CISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco Devices \| CISA Trust: 4.25 Fetched: Sept. 26, 2025, 10:56 a.m., Published: Sept. 27, 2025, 4:59 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

cisco

model:

firepower

db:

NVD

ids:

CVE-2025-20333, CVE-2025-20362

NCSC warns of persistent malware campaign targeting Cisco... - NCSC.GOV.UK Trust: 3.0 Fetched: Sept. 26, 2025, 10:55 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	asa 5500
vendor:	cisco	model:	series

VARIoT news about IoT security