VARIoT latest news about IoT security

Samsung Spyware Attacks - Critical LandFall 0-Day Was Exploited Trust: 3.75 Fetched: Nov. 9, 2025, 11:14 a.m., Published: Nov. 8, 2025, 5:22 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	note
vendor:	samsung	model:	samsung
vendor:	palo alto networks	model:	networks
vendor:	google	model:	android
vendor:	google	model:	google chrome
vendor:	google	model:	chrome
vendor:	palo	model:	networks

db:

NVD

ids:

CVE-2025-21042

Product Notice: Improper Access Control Vulnerability in SonicOS Trust: 3.5 Fetched: Nov. 7, 2025, 9:30 a.m., Published: -	Vulnerabilities: improper access control, access control vulnerability

Affected products

External IDs

vendor:	sonicwall	model:	ssl-vpn
vendor:	sonicwall	model:	soho
vendor:	sonicwall	model:	ssl vpn
vendor:	sonicwall	model:	sonicos

Zero Day Exploit: All You Need to Know Trust: 4.5 Fetched: Nov. 7, 2025, 9:29 a.m., Published: Oct. 16, 2025, 10:49 a.m.	Vulnerabilities: memory corruption, privilege escalation, code execution...

Affected products

External IDs

vendor:

sophos

model:

anti-virus

Windows Server WSUS bug exploits underway, Microsoft's mum • The Register Trust: 5.0 Fetched: Nov. 7, 2025, 9:29 a.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2025-59287

Adobe Magento Improper Input Validation Vulnerability Exploited in Attack (CVE-2025-54236) - Qualys ThreatPROTECT Trust: 5.0 Fetched: Nov. 7, 2025, 9:27 a.m., Published: -	Vulnerabilities: input validation vulnerability

Affected products

External IDs

db:

NVD

ids:

CVE-2024-34102, CVE-2025-54236

CVE-2025-64433 - Path Traversal - SecAlerts Trust: 4.75 Fetched: Nov. 7, 2025, 9:26 a.m., Published: -	Vulnerabilities: path traversal

Affected products

External IDs

vendor:

google

model:

home

db:

NVD

ids:

CVE-2025-64433

Multiple Vulnerabilities in Cisco Products Could Allow for Remote Code Execution Trust: 3.0 Fetched: Nov. 7, 2025, 9:24 a.m., Published: Nov. 6, 2025, midnight	Vulnerabilities: code execution

Affected products	External IDs

Top 20+ Network Security Audit Tools Trust: 3.75 Fetched: Nov. 7, 2025, 9:23 a.m., Published: Oct. 31, 2025, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	manageengine	model:	firewall analyzer
vendor:	snort	model:	snort
vendor:	wireshark	model:	wireshark
vendor:	zabbix	model:	zabbix
vendor:	cisco	model:	routers

CVE-2025-59396 : SSH Administrative Access Vulnerability in WatchGuard Firebox Devices Trust: 4.25 Fetched: Nov. 7, 2025, 9:22 a.m., Published: Nov. 6, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

watchguard

model:

firebox

db:

NVD

ids:

CVE-2025-59396

Cisco Warns of New Attack Variant Exploiting Secure Firewall ASA and FTD Vulnerabilities - CVE Vulnerability Alerts Trust: 4.5 Fetched: Nov. 7, 2025, 9:22 a.m., Published: Nov. 7, 2025, 7:36 a.m.	Vulnerabilities: memory corruption, improper validation, code execution

Affected products

External IDs

vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower threat defense
vendor:	snort	model:	snort
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2025-20333, CVE-2025-20362

No Fix for Advantech’s DeviceOn/iEdge - ISSSource Trust: 4.5 Fetched: Nov. 7, 2025, 9:21 a.m., Published: Nov. 6, 2025, 8:53 p.m.	Vulnerabilities: information disclosure, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2025-59171, CVE-2025-64302, CVE-2025-62630, CVE-2025-58423

Australian Signals Directorate Warns of Attacks Exploiting Cisco Vulnerability - TheCyberThrone Trust: 4.75 Fetched: Nov. 7, 2025, 9:21 a.m., Published: Nov. 7, 2025, 2:28 a.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xe software

db:

NVD

ids:

CVE-2023-20273, CVE-2023-20198

Cisco Secure Firewall Adaptive Security Appliance Software And Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution Vulnerability Trust: 4.0 Fetched: Nov. 7, 2025, 9:19 a.m., Published: Nov. 6, 2025, 8:18 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	adaptive security appliance software

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices Trust: 5.75 Fetched: Nov. 7, 2025, 9:18 a.m., Published: Nov. 6, 2025, 6:26 p.m.	Vulnerabilities: denial of service, authorization vulnerability, buffer overflow...

Affected products

External IDs

vendor:	cisco	model:	asa 5500
vendor:	cisco	model:	asa software

db:

NVD

ids:

CVE-2025-20333, CVE-2025-20362

A dangerous zero-day zero-click exploit threatens billions of Android devices Trust: 6.0 Fetched: Nov. 7, 2025, 9:13 a.m., Published: Nov. 5, 2025, 3:52 p.m.	Vulnerabilities: memory corruption, code execution, code injection

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2025-48593, CVE-2025-48581

Badcandy: Old Cisco IOS XE vulnerability still misused thousands of times \| heise online Trust: 3.5 Fetched: Nov. 7, 2025, 9:13 a.m., Published: Nov. 5, 2025, 3:44 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xe

db:

NVD

ids:

CVE-2023-20198

Hackers targeting Cisco IOS XE devices with BadCandy implant \| Cybersecurity Dive Trust: 3.75 Fetched: Nov. 7, 2025, 9:13 a.m., Published: Nov. 5, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xe software

db:

NVD

ids:

CVE-2023-20198

About the security content of iOS 26.1 and iPadOS 26.1 - Apple Support Trust: 5.25 Fetched: Nov. 7, 2025, 9:11 a.m., Published: Nov. 26, 2025, midnight	Vulnerabilities: memory corruption, bounds access issue, buffer overflow...

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	trend	model:	security
vendor:	apple	model:	safari
vendor:	apple	model:	ipad air
vendor:	apple	model:	ipad
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2025-43433, CVE-2025-43386, CVE-2025-43454, CVE-2025-43455, CVE-2025-43389, CVE-2025-43432, CVE-2025-43496, CVE-2025-43442, CVE-2025-43407, CVE-2025-43498, CVE-2025-43449, CVE-2025-43422, CVE-2025-43444, CVE-2025-43440, CVE-2025-43413, CVE-2025-43379, CVE-2025-43495, CVE-2025-43431, CVE-2025-43439, CVE-2025-43503, CVE-2025-43427, CVE-2025-43384, CVE-2025-43443, CVE-2025-43391, CVE-2025-43447, CVE-2025-43448, CVE-2025-43435, CVE-2025-43457, CVE-2025-43480, CVE-2025-43500, CVE-2025-43438, CVE-2025-43350, CVE-2025-43445, CVE-2025-43421, CVE-2025-43436, CVE-2025-43429, CVE-2025-43392, CVE-2025-43398, CVE-2025-43502, CVE-2025-43460, CVE-2025-43426, CVE-2025-43423, CVE-2025-43385, CVE-2025-43450, CVE-2025-43441, CVE-2025-43462, CVE-2025-43493, CVE-2025-43452, CVE-2025-43434, CVE-2025-43383, CVE-2025-43424, CVE-2025-43430, CVE-2025-43507, CVE-2025-43294, CVE-2025-43458, CVE-2025-43425

CVE-2025-43493 : Address Bar Spoofing Vulnerability in Apple iOS and Safari Products Trust: 4.0 Fetched: Nov. 5, 2025, 12:19 p.m., Published: Nov. 4, 2025, 1:17 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

safari

db:

NVD

ids:

CVE-2025-43493

October 23, 2025-KB5070883 (OS Build 17763.7922) Out-of-band - Microsoft Support Trust: 3.0 Fetched: Nov. 5, 2025, 12:19 p.m., Published: Oct. 23, 2025, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2025-59287

VARIoT news about IoT security