Sign-up

VARIoT news about IoT security

CVE-2025-5452 : Privilege Escalation Vulnerability in Axis Devices via Malicious ACAP Applications

Trust: 5.0

Fetched: Nov. 12, 2025, 9:32 a.m., Published: Nov. 11, 2025, 7 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: axis model: axis
db: NVD ids: CVE-2025-5452

CVE-2025-6779 : Command Injection Vulnerability in Axis Devices via ACAP Configuration File

Trust: 5.25

Fetched: Nov. 12, 2025, 9:31 a.m., Published: Nov. 11, 2025, 7:05 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: axis model: axis
db: NVD ids: CVE-2025-6779

Update Canonical Ubuntu Desktop: USN-7857-1: OpenStack Keystone vulnerability

Trust: 3.0

Fetched: Nov. 12, 2025, 9:31 a.m., Published: Jan. 12, 7857, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Update Canonical Ubuntu Desktop: USN-7860-5: Linux kernel (HWE) vulnerability

Trust: 3.25

Fetched: Nov. 12, 2025, 9:31 a.m., Published: May 12, 7860, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

CVE-2025-5454 : Path Traversal Vulnerability in Axis Devices - ACAP Configuration Flaw

Trust: 5.0

Fetched: Nov. 12, 2025, 9:30 a.m., Published: Nov. 11, 2025, 6:50 a.m.
 Vulnerabilities: configuration flaw, traversal attack, path traversal
Affected productsExternal IDs
vendor: axis model: axis
db: NVD ids: CVE-2025-5454

How Hackers Target Smart Home Devices - FROMDEV

Trust: 3.0

Fetched: Nov. 12, 2025, 9:28 a.m., Published: Nov. 12, 2025, 8 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Cisco detects new attack variant targeting vulnerable firewalls | Cybersecurity Dive

Trust: 5.0

Fetched: Nov. 12, 2025, 9:28 a.m., Published: Nov. 10, 2025, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: asa software
db: NVD ids: CVE-2025-20333, CVE-2025-20362

What is the Pixnapping vulnerability, and how to protect your Android smartphone? | Kaspersky official blog

Trust: 3.5

Fetched: Nov. 12, 2025, 9:27 a.m., Published: Jan. 12, 2050, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2025-48561

Update Canonical Ubuntu Server: USN-7857-1: OpenStack Keystone vulnerability

Trust: 3.0

Fetched: Nov. 12, 2025, 9:26 a.m., Published: Jan. 12, 7857, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Update Canonical Ubuntu Server: USN-7858-1: poppler vulnerability

Trust: 3.25

Fetched: Nov. 12, 2025, 9:26 a.m., Published: Jan. 12, 7858, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

WatchGuard Firebox Flaw Allows Attackers to Gain Unauthorized SSH Access

Trust: 4.0

Fetched: Nov. 12, 2025, 9:26 a.m., Published: Nov. 11, 2025, 9:28 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: watchguard model: firebox
db: NVD ids: CVE-2025-59396

Major Vulnerability in Microchip ASF Puts IoT Devices at Risk of Remote Code Execution - Breach Spot

Trust: 4.75

Fetched: Nov. 12, 2025, 9:25 a.m., Published: Nov. 12, 2025, 1:45 a.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2024-7490, CVE-2024-20017

CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042) - Help Net Security

Trust: 3.75

Fetched: Nov. 12, 2025, 9:24 a.m., Published: Nov. 11, 2025, 3:27 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks
vendor: samsung model: samsung mobile
vendor: samsung model: mobile devices
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-21042, CVE-2025-21043

Critical Security Vulnerability in Synology BeeStation NAS Patched Following Pwn2Own Discovery

Trust: 5.0

Fetched: Nov. 12, 2025, 9:24 a.m., Published: Nov. 12, 2025, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2025-12686

Google Chrome 142 Fixes RCE Flaws CVE-2025-12725, 12727

Trust: 5.25

Fetched: Nov. 12, 2025, 9:22 a.m., Published: Nov. 6, 2025, 2:28 p.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
vendor: google model: android
db: NVD ids: CVE-2025-12728, CVE-2025-12729, CVE-2025-12726, CVE-2025-12727, CVE-2025-12725

Weekly Threat Landscape Digest - Week 45 - HawkEye

Trust: 4.25

Fetched: Nov. 12, 2025, 9:20 a.m., Published: Nov. 8, 2025, 6:58 a.m.
 Vulnerabilities: command execution, information leak, information disclosure...
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: ios xe
vendor: cisco model: nexus
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
vendor: citrix model: xenserver
vendor: citrix model: hypervisor
vendor: apple model: watch
vendor: apple model: ipad air
vendor: apple model: watchos
vendor: apple model: webkit
vendor: apple model: tvos
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: apple tv
vendor: apple model: java
vendor: apple model: installer
vendor: apple model: iphone
vendor: apple model: safari
vendor: google model: nexus
vendor: google model: chrome
vendor: google model: google chrome
vendor: google model: android
db: NVD ids: CVE-2025-12432, CVE-2025-43442, CVE-2025-64132, CVE-2025-43452, CVE-2025-11749, CVE-2025-64144, CVE-2025-12036, CVE-2025-12433, CVE-2025-5347, CVE-2025-37152, CVE-2025-64148, CVE-2025-37154, CVE-2025-43407, CVE-2025-64137, CVE-2023-20198, CVE-2025-64133, CVE-2025-12430, CVE-2025-37151, CVE-2025-64095, CVE-2025-64149, CVE-2025-64143, CVE-2025-48581, CVE-2025-5343, CVE-2025-43392, CVE-2025-64147, CVE-2025-11705, CVE-2025-64139, CVE-2025-48593, CVE-2025-64140, CVE-2025-43448, CVE-2025-43389, CVE-2025-43462, CVE-2025-10932, CVE-2022-48622, CVE-2025-11833, CVE-2025-43496, CVE-2025-43391, CVE-2025-64146, CVE-2022-3358, CVE-2025-43454, CVE-2025-64141, CVE-2025-37153, CVE-2025-43447, CVE-2025-23358, CVE-2024-45336, CVE-2025-43455, CVE-2025-43503, CVE-2025-48703, CVE-2025-43460, CVE-2025-64136, CVE-2025-58147, CVE-2025-64135, CVE-2025-37736, CVE-2025-37150, CVE-2025-12428, CVE-2025-43426, CVE-2023-38408, CVE-2025-5397, CVE-2025-43422, CVE-2025-64138, CVE-2025-43350, CVE-2025-12429, CVE-2024-6763, CVE-2025-43413, CVE-2025-48976, CVE-2025-64145, CVE-2025-62507, CVE-2024-38197, CVE-2025-8489, CVE-2025-12431, CVE-2024-45159, CVE-2025-22866, CVE-2025-64134, CVE-2025-58148, CVE-2025-64142, CVE-2025-43379, CVE-2025-64150, CVE-2025-43500, CVE-2024-34155, CVE-2024-47875, CVE-2025-64131, CVE-2025-11761, CVE-2025-43398, CVE-2025-43421

What is the Pixnapping vulnerability, and how to protect your Android smartphone? | Kaspersky official blog

Trust: 3.5

Fetched: Nov. 12, 2025, 9:20 a.m., Published: Jan. 12, 2050, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2025-48561

CISA Adds Zero-Day Bug Used in Spyware Attacks to KEV - Infosecurity Magazine

Trust: 4.75

Fetched: Nov. 12, 2025, 9:18 a.m., Published: Nov. 11, 2025, 10:30 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: samsung model: galaxy
vendor: samsung model: samsung
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-21042, CVE-2025-21043

Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware

Trust: 3.5

Fetched: Nov. 12, 2025, 9:17 a.m., Published: Nov. 7, 2025, 6 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks
vendor: samsung model: samsung mobile
vendor: samsung model: mobile devices
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: apple model: iphone
vendor: apple model: macos
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-43300, CVE-2025-21042, CVE-2025-21043, CVE-2025-55177

Patch now: Samsung zero-day lets attackers take over your phone | Malwarebytes

Trust: 5.5

Fetched: Nov. 12, 2025, 9:17 a.m., Published: Nov. 11, 2025, 2:28 p.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: trend model: security
vendor: samsung model: samsung mobile
vendor: samsung model: mobile devices
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: samsung model: galaxy
db: NVD ids: CVE-2025-21042, CVE-2025-21043