Sign-up

VARIoT news about IoT security

October 23, 2025-KB5070882 (OS Build 14393.8524) Out-of-band - Microsoft Support

Trust: 3.0

Fetched: Oct. 31, 2025, 9:47 a.m., Published: Oct. 23, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-59287

Update Canonical Ubuntu Desktop: USN-7847-1: GNU binutils vulnerabilities

Trust: 5.0

Fetched: Oct. 31, 2025, 9:47 a.m., Published: Jan. 31, 7847, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-7554, CVE-2025-7546, CVE-2025-11082, CVE-2025-5244, CVE-2025-11083, CVE-2025-8225, CVE-2025-5245, CVE-2025-1147, CVE-2025-1148, CVE-2025-3198, CVE-2025-1182

PolarEdge Botnet Infected 25,000+ Devices and 140 C2 Servers Exploiting IoT Vulnerabilities

Trust: 4.75

Fetched: Oct. 31, 2025, 9:46 a.m., Published: Oct. 30, 2025, 10:05 a.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: asus model: asus
vendor: asus model: router
vendor: d-link model: router
vendor: cisco model: router

Kaspersky Threats - KLA89279

Trust: 4.75

Fetched: Oct. 31, 2025, 9:45 a.m., Published: Oct. 30, 2025, midnight
 Vulnerabilities: denial of service, security feature bypass, security bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2025-59201, CVE-2025-55698, CVE-2025-47979, CVE-2025-59203, CVE-2025-48813, CVE-2025-59261, CVE-2025-55697, CVE-2025-55689, CVE-2025-55325, CVE-2025-59185, CVE-2025-59242, CVE-2025-59202, CVE-2025-55694, CVE-2025-58733, CVE-2025-53139, CVE-2025-55695, CVE-2025-58720, CVE-2025-24990, CVE-2025-59290, CVE-2025-59188, CVE-2025-55328, CVE-2025-55338, CVE-2025-55685, CVE-2025-59191, CVE-2025-59258, CVE-2025-50152, CVE-2025-55680, CVE-2025-59214, CVE-2025-59204, CVE-2025-58736, CVE-2025-55334, CVE-2025-53717, CVE-2025-55331, CVE-2025-55339, CVE-2025-58731, CVE-2025-48004, CVE-2025-58726, CVE-2025-55691, CVE-2025-59206, CVE-2025-55686, CVE-2025-55678, CVE-2025-59194, CVE-2025-55681, CVE-2025-59190, CVE-2025-55330, CVE-2025-55692, CVE-2025-58727, CVE-2025-58717, CVE-2025-59198, CVE-2025-59207, CVE-2025-59260, CVE-2025-59197, CVE-2025-58719, CVE-2025-59259, CVE-2025-55336, CVE-2025-58729, CVE-2025-55693, CVE-2025-58718, CVE-2025-55679, CVE-2025-59205, CVE-2025-59193, CVE-2025-59208, CVE-2025-24052, CVE-2025-59257, CVE-2025-58734, CVE-2025-55688, CVE-2025-59253, CVE-2025-59294, CVE-2025-58722, CVE-2025-58732, CVE-2025-55684, CVE-2025-55699, CVE-2025-59255, CVE-2025-2884, CVE-2025-50175, CVE-2025-55687, CVE-2025-58714, CVE-2025-59241, CVE-2025-25004, CVE-2025-58735, CVE-2025-55696, CVE-2025-59200, CVE-2025-58728, CVE-2025-59254, CVE-2025-59187, CVE-2025-59195, CVE-2025-59210, CVE-2025-55337, CVE-2025-58716, CVE-2025-53150, CVE-2025-59280, CVE-2025-58738, CVE-2025-55677, CVE-2025-59196, CVE-2025-59287, CVE-2025-55340, CVE-2025-59502, CVE-2025-59211, CVE-2025-58739, CVE-2025-59275, CVE-2025-55332, CVE-2025-54957, CVE-2025-55682, CVE-2025-59184, CVE-2025-58715, CVE-2025-58725, CVE-2025-55326, CVE-2025-55676, CVE-2025-59189, CVE-2025-59199, CVE-2025-47827, CVE-2025-59295, CVE-2025-55335, CVE-2025-58730, CVE-2025-59289, CVE-2025-55690, CVE-2025-55683, CVE-2025-59209, CVE-2025-59282, CVE-2025-49708, CVE-2025-55333, CVE-2025-59192, CVE-2025-55700, CVE-2025-59284, CVE-2025-59278, CVE-2016-9535, CVE-2025-59186, CVE-2025-55701, CVE-2025-53768, CVE-2025-50174, CVE-2025-58737, CVE-2025-59230, CVE-2025-59244, CVE-2025-59277

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287) - Help Net Security

Trust: 5.5

Fetched: Oct. 31, 2025, 9:45 a.m., Published: Oct. 24, 2025, 11:50 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2025-59287

CVE-2018-25120 : Command Injection Vulnerability in D-Link DNS-343 ShareCenter Devices

Trust: 5.25

Fetched: Oct. 31, 2025, 9:44 a.m., Published: Oct. 29, 2025, 6:39 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2018-25120

Towards an Efficient Framework for Risk Assessment of Personal Data Protection in Mobile IoT | SpringerLink

Trust: 3.75

Fetched: Oct. 31, 2025, 9:43 a.m., Published: Oct. 31, 2025, midnight
 Vulnerabilities: -

How to Improve Mobile App Data Security? - Aglowid IT Solutions

Trust: 4.25

Fetched: Oct. 31, 2025, 9:42 a.m., Published: Sept. 29, 2021, 2:34 p.m.
 Vulnerabilities: script injection, privilege escalation, buffer overflow...
Affected productsExternal IDs
vendor: google model: wifi
vendor: google model: android
vendor: essential model: phone

Synology Issues Urgent Patch for Major Zero-Click RCE Vulnerability Impacting Millions of NAS Devices - Breach Spot

Trust: 4.75

Fetched: Oct. 31, 2025, 9:41 a.m., Published: Oct. 29, 2025, 5:30 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: synology model: diskstation
db: NVD ids: CVE-2024-10443

Plundervolt attack: A novel simulation-based fault injection attack against embedded systems for accelerating dependability analysis process | The Journal of Supercomputing

Trust: 3.75

Fetched: Oct. 31, 2025, 9:40 a.m., Published: Oct. 1, 2025, midnight
 Vulnerabilities: injection attack

IoT Security Challenges That Every Organization Should Be Aware Of - Kratikal Blogs

Trust: 3.5

Fetched: Oct. 31, 2025, 9:40 a.m., Published: Oct. 31, 2025, 6:41 a.m.
 Vulnerabilities: code injection
Affected productsExternal IDs

CVE-2025-55677 - Windows Device Association Broker Service Elevation of Privilege Vulnerability

Trust: 3.0

Fetched: Oct. 31, 2025, 9:39 a.m., Published: Oct. 14, 2025, 5:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-55677

Smart home cyber attacks surge in Australia | Insurance Business Australia

Trust: 3.25

Fetched: Oct. 31, 2025, 9:39 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs

Siemens Fixes RUGGEDCOM ROS Devices - ISSSource

Trust: 4.5

Fetched: Oct. 31, 2025, 9:38 a.m., Published: Oct. 21, 2025, 10:15 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: siemens model: rsl910
vendor: siemens model: ruggedcom ros
vendor: siemens model: ruggedcom
db: NVD ids: CVE-2025-41223, CVE-2025-41222, CVE-2023-52236, CVE-2025-41224

A Global Cyber Threat Landscape: The Rise of Automated Botnet Attacks Targeting PHP Servers and IoT Devices

Related entries in the VARIoT vulnerabilities database: VAR-202203-0233

Trust: 5.5

Fetched: Oct. 31, 2025, 9:37 a.m., Published: Oct. 30, 2025, midnight
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-3721, CVE-2021-3129, CVE-2022-22947, CVE-2017-9841, CVE-2022-47945

Inside the Surge of PHP and IoT Exploits with Qualys TRU | Qualys

Related entries in the VARIoT vulnerabilities database: VAR-202203-0233

Trust: 6.5

Fetched: Oct. 31, 2025, 9:34 a.m., Published: Oct. 30, 2025, 12:35 p.m.
 Vulnerabilities: command injection, file inclusion, local file inclusion...
Affected productsExternal IDs
vendor: google model: home
db: NVD ids: CVE-2024-3721, CVE-2021-3129, CVE-2022-22947, CVE-2017-9841, CVE-2022-47945

CISA Expands KEV Catalogue with 5 New Vulnerabilities - Cyber Warriors Middle East

Related entries in the VARIoT vulnerabilities database: VAR-201409-1154, VAR-201512-0518, VAR-201409-1155, VAR-201409-1156, VAR-201409-0366

Trust: 5.25

Fetched: Oct. 31, 2025, 9:33 a.m., Published: Oct. 5, 2025, 7:24 a.m.
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
vendor: samsung model: mobile devices
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: samsung model: samsung mobile
db: NVD ids: CVE-2014-6278, CVE-2025-4008, CVE-2015-7755, CVE-2025-21043, CVE-2014-7169, CVE-2014-6271, CVE-2014-6277, CVE-2017-1000353

Google Wear OS Vulnerability Allows Apps to Send SMS Without User Consent

Trust: 3.5

Fetched: Oct. 31, 2025, 9:33 a.m., Published: Oct. 29, 2025, 1:10 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: essential model: phone
db: NVD ids: CVE-2025-12080

Google Wear OS Message App Vulnerability Let Any Installed App To Send SMS

Trust: 3.75

Fetched: Oct. 31, 2025, 9:31 a.m., Published: Oct. 30, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: check point model: check point
vendor: essential model: phone
db: NVD ids: CVE-2025-12080

Apache Tomcat Security Vulnerabilities Expose Servers to Remote Code Execution Attacks

Trust: 3.75

Fetched: Oct. 31, 2025, 9:31 a.m., Published: Oct. 28, 2025, 2:39 a.m.
 Vulnerabilities: directory traversal, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-55754, CVE-2025-24813, CVE-2025-55752