Sign-up

VARIoT news about IoT security

CVE-2025-10171 : Buffer Overflow Vulnerability in UTT 1250GW Network Device

Trust: 3.5

Fetched: Sept. 10, 2025, 9:20 a.m., Published: Sept. 9, 2025, 9:32 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-10171

Hackers Scanning Cisco ASA Devices to Exploit Vulnerabilities from 25,000

Related entries in the VARIoT vulnerabilities database: VAR-202007-1057, VAR-202005-0685, VAR-201801-1052

Trust: 4.25

Fetched: Sept. 9, 2025, 9:39 a.m., Published: Sept. 5, 2025, 9:59 a.m.
 Vulnerabilities: path traversal, service disruption, code execution
Affected productsExternal IDs
vendor: cisco model: asa software
vendor: cisco model: anyconnect ssl vpn
db: NVD ids: CVE-2020-3452, CVE-2020-3187, CVE-2018-0101

CVE-2025-43983: Multiple Unauthenticated Access Control Vulnerabilities in KuWFi CPF908-CP5 Devices - Cybersecurity Exploit Tracker by Ameeba

Trust: 3.25

Fetched: Sept. 9, 2025, 9:38 a.m., Published: Aug. 21, 2025, 12:14 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-43983

Android 0-Day Use-After-Free Vulnerability Exploited, CISA Warns

Trust: 5.75

Fetched: Sept. 9, 2025, 9:38 a.m., Published: Sept. 5, 2025, 1:13 p.m.
 Vulnerabilities: privilege escalation, service disruption, memory corruption...
Affected productsExternal IDs
vendor: google model: android
vendor: google model: chrome
db: NVD ids: CVE-2025-48543

Siemens Engineering Platforms | CISA

Trust: 3.5

Fetched: Sept. 9, 2025, 9:37 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: simotion
vendor: siemens model: simatic s7-plcsim
vendor: siemens model: simatic step 7
vendor: siemens model: tia portal
vendor: siemens model: wincc
vendor: siemens model: siemens simatic pcs
vendor: siemens model: simatic pcs
vendor: siemens model: simatic step
vendor: siemens model: pcs neo
vendor: siemens model: sinamics
vendor: siemens model: simatic
vendor: siemens model: starter
vendor: siemens model: simotion scout
vendor: siemens model: simatic wincc
vendor: siemens model: siemens simatic step
vendor: siemens model: simatic pcs neo
vendor: siemens model: simocode
db: NVD ids: CVE-2024-54678

Update your Android! Google patches 111 vulnerabilities, 2 are critical | Malwarebytes

Trust: 6.0

Fetched: Sept. 9, 2025, 9:36 a.m., Published: Sept. 3, 2025, 9:24 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-38352, CVE-2025-48543, CVE-2025-48539

A vulnerability in the RADIUS subsystem implementation of... · CVE-2025-20265 · GitHub Advisory Database · GitHub

Trust: 3.25

Fetched: Sept. 9, 2025, 9:34 a.m., Published: Aug. 14, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-20265

CVE-2025-57766 - Fides's Admin UI User Password Change Does Not Invalidate Current Session - SecAlerts

Trust: 3.75

Fetched: Sept. 9, 2025, 9:34 a.m., Published: -
 Vulnerabilities: session hijacking, cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2025-57766

CVE-2025-58756 - MONAI's unsafe torch usage may lead to arbitrary code execution - SecAlerts

Trust: 4.75

Fetched: Sept. 9, 2025, 9:34 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-58756

The NRF52810 Hack: How A Single Chip Vulnerability Exposes Billions Of IoT Devices - Undercode Testing

Trust: 3.75

Fetched: Sept. 9, 2025, 9:33 a.m., Published: Sept. 6, 2025, 8:06 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-9709

25,000 IPs Scanned Cisco ASA Devices - New Vulnerability Potentially Incoming

Related entries in the VARIoT vulnerabilities database: VAR-202007-1057

Trust: 3.5

Fetched: Sept. 9, 2025, 9:32 a.m., Published: Sept. 4, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: asa software
vendor: cisco model: cisco ios
vendor: cisco model: adaptive security appliance
vendor: cisco model: cisco adaptive security appliance
db: NVD ids: CVE-2020-3452

⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More

Trust: 4.25

Fetched: Sept. 9, 2025, 9:31 a.m., Published: Sept. 1, 2025, 1:02 p.m.
 Vulnerabilities: command execution, code execution
Affected productsExternal IDs
vendor: apple model: installer
vendor: apple model: macos
vendor: zoom model: client
vendor: cisco model: series switches
vendor: cisco model: series
vendor: cisco model: meeting
vendor: cisco model: cisco integrated management controller
vendor: cisco model: integrated management controller
vendor: cisco model: nexus
vendor: cisco model: guard
vendor: cisco model: nexus 3000
vendor: cisco model: cisco unified computing system
vendor: cisco model: unified computing system
vendor: cisco model: unified computing system manager
vendor: sonicwall model: ssl vpn
vendor: sonicwall model: remote access
vendor: sonicwall model: switch
vendor: hikvision model: hikvision
vendor: litespeed model: litespeed web server
vendor: tableau model: tableau server
vendor: tableau model: server
vendor: lite model: litespeed web server
vendor: google model: nexus
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2025-34511, CVE-2025-9478, CVE-2025-39247, CVE-2025-20241, CVE-2025-20295, CVE-2025-26496, CVE-2025-34510, CVE-2025-8067, CVE-2025-39246, CVE-2025-50975, CVE-2025-52520, CVE-2025-53118, CVE-2025-39245, CVE-2025-34158, CVE-2025-23307, CVE-2025-54370, CVE-2025-20317, CVE-2025-53506, CVE-2025-49146, CVE-2025-9074, CVE-2025-43300, CVE-2025-54939, CVE-2025-48976, CVE-2025-34509, CVE-2025-20294, CVE-2025-50979, CVE-2025-55177, CVE-2025-9118, CVE-2025-57819

Siemens COMOS | CISA

Trust: 4.75

Fetched: Sept. 9, 2025, 9:30 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: siemens model: comos
db: NVD ids: CVE-2024-8894

GovCERT.HK - High Threat Security Alert (A25-08-18): Vulnerability in Apple Products

Trust: 4.75

Fetched: Sept. 9, 2025, 9:30 a.m., Published: Aug. 25, 2018, midnight
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: iphone
db: NVD ids: CVE-2025-43300

Salt Typhoon Exploits Flaws in Edge Network Devices to Breach 600 Organizations Worldwide

Related entries in the VARIoT vulnerabilities database: VAR-201803-1387

Trust: 3.75

Fetched: Sept. 9, 2025, 9:29 a.m., Published: Aug. 28, 2025, 2:04 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: cisco ios
vendor: cisco model: ios xr
vendor: cisco model: cisco ios xr
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2023-20273, CVE-2024-3400, CVE-2024-21887, CVE-2018-0171, CVE-2023-20198, CVE-2023-46805

Configure a Vulnerability Protection Profile (PAN-OS & Panorama)

Trust: 3.25

Fetched: Sept. 9, 2025, 9:29 a.m., Published: Sept. 2, 2025, 3:14 p.m.
 Vulnerabilities: command injection, sql injection
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os

CVE-2025-24322: Unsafe Default Authentication Vulnerability in Tenda AC6 - Cybersecurity Exploit Tracker by Ameeba

Related entries in the VARIoT vulnerabilities database: VAR-202508-2012

Trust: 4.75

Fetched: Sept. 9, 2025, 9:28 a.m., Published: Sept. 6, 2025, 8:04 p.m.
 Vulnerabilities: authentication vulnerability, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-24322

Update now! Apple issues iOS, iPadOS, and macOS updates to fix a critical flaw | Macworld

Trust: 4.0

Fetched: Sept. 9, 2025, 9:23 a.m., Published: Aug. 20, 2025, midnight
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: software update

FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available

Trust: 5.75

Fetched: Sept. 9, 2025, 9:23 a.m., Published: Aug. 29, 2025, 9:44 a.m.
 Vulnerabilities: authentication bypass, code execution
Affected productsExternal IDs
vendor: sangoma model: asterisk
db: NVD ids: CVE-2025-57819

CVE-2025-39690 | Armis Vulnerability Intelligence Database

Trust: 3.0

Fetched: Sept. 9, 2025, 9:21 a.m., Published: Sept. 5, 2025, 6:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-39690