Sign-up

VARIoT news about IoT security

FortiGate Vulnerability Exploited: Update Now to Prevent SSO Attacks

Trust: 4.0

Fetched: Dec. 18, 2025, 11:29 p.m., Published: Dec. 16, 2025, 5:51 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2025-59719, CVE-2025-59718

FortiCloud SSO Login Bypass Vulnerabilities Exploited in the Wild | Blog | VulnCheck

Trust: 3.75

Fetched: Dec. 18, 2025, 11:28 p.m., Published: Dec. 18, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2025-59719, CVE-2025-59718, CVE-2025-55182

CVE-2025-21042 - Out-of-Bounds Write in…

Trust: 5.0

Fetched: Dec. 18, 2025, 11:28 p.m., Published: Dec. 8, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: galaxy
vendor: samsung model: samsung
db: NVD ids: CVE-2025-21042

Exploitation of Critical Vulnerability in React Server Components (Updated December 12)

Trust: 4.25

Fetched: Dec. 18, 2025, 11:27 p.m., Published: Dec. 12, 2025, 9:40 p.m.
 Vulnerabilities: code execution, memory corruption, command execution...
Affected productsExternal IDs
vendor: canary model: canary
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: google model: nexus
vendor: google model: home
vendor: palo model: firewall
vendor: palo model: networks
vendor: mesh model: mesh
vendor: node.js model: node.js
db: NVD ids: CVE-2025-66478, CVE-2025-55182

FortiGate devices targeted with malicious SSO logins | Cybersecurity Dive

Trust: 5.0

Fetched: Dec. 18, 2025, 11:26 p.m., Published: Dec. 17, 2025, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-59719, CVE-2025-59718

Critical Fortinet Flaws Under Active Attack

Trust: 4.25

Fetched: Dec. 18, 2025, 11:24 p.m., Published: Dec. 2, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2025-59719, CVE-2025-59718

IoT Cybersecurity: Cybersecurity for the Internet of Things (IoT)

Trust: 4.5

Fetched: Dec. 18, 2025, 11:23 p.m., Published: Dec. 6, 2025, 2:47 p.m.
 Vulnerabilities: default password, denial of service
Affected productsExternal IDs
vendor: essential model: phone

SSA-912274

Related entries in the VARIoT vulnerabilities database: VAR-202512-0219, VAR-202512-0221, VAR-202512-0223, VAR-202512-0222, VAR-202512-0220, VAR-202512-0224

Trust: 4.75

Fetched: Dec. 18, 2025, 11:23 p.m., Published: Dec. 2, 2025, midnight
 Vulnerabilities: code injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-56836, CVE-2024-56837, CVE-2024-56839, CVE-2024-56840, CVE-2024-56838, CVE-2024-56835

ZnDoor Malware Exploiting React2Shell Vulnerability to Compromise Network

Trust: 5.5

Fetched: Dec. 18, 2025, 11:22 p.m., Published: Dec. 16, 2025, 9:33 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: snort model: snort
vendor: snort.org model: snort
db: NVD ids: CVE-2025-55182

CVE-2025-9315: Unauthenticated Device Registration Vulnerability in MXsecurity Series | Moxa

Trust: 3.0

Fetched: Dec. 18, 2025, 11:22 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-9315

Thousands of Vehicles at Risk: Zero-Day Vulnerabilities Reveal a Critical Blind Spot in Automotive Cybersecurity - VicOne

Trust: 4.25

Fetched: Dec. 18, 2025, 11:22 p.m., Published: Dec. 19, 2025, midnight
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2025-2764, CVE-2025-2762, CVE-2025-2766, CVE-2025-2763, CVE-2025-2765

Technical Advisory: React2Shell Critical Unauthenticated RCE in React (CVE-2025-55182)

Trust: 4.5

Fetched: Dec. 18, 2025, 11:21 p.m., Published: March 18, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: canary model: canary
vendor: trend model: security
vendor: node.js model: node.js
db: NVD ids: CVE-2025-66478, CVE-2025-55182

Critical FortiGate Devices SSO Vulnerabilities Actively Exploited in the

Trust: 4.75

Fetched: Dec. 18, 2025, 11:20 p.m., Published: Dec. 16, 2025, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-59719, CVE-2025-59718

FortiGate firewall credentials being stolen after vulnerabilities discovered | CSO Online

Trust: 5.25

Fetched: Dec. 18, 2025, 11:19 p.m., Published: Dec. 16, 2025, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2025-59719, CVE-2025-59718

Apple users urged to update their device software following security warnings | The Straits Times

Trust: 4.75

Fetched: Dec. 18, 2025, 11:19 p.m., Published: Dec. 26, 2025, midnight
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: webkit
vendor: apple model: ipad
db: NVD ids: CVE-2025-14174, CVE-2025-43529

IoT Security Guide 2024: Threats, Risks & Protection for Smart Devices | The Daily Explainer

Trust: 4.0

Fetched: Dec. 18, 2025, 11:17 p.m., Published: Dec. 2, 2025, 1 p.m.
 Vulnerabilities: default credentials, default password, denial of service
Affected productsExternal IDs
vendor: parallels model: tools
vendor: essential model: phone
vendor: google model: google home
vendor: google model: home
vendor: tesla model: model

Critical FortiGate Vulnarability Under Active Attack - InfoSecBulletin

Trust: 4.75

Fetched: Dec. 18, 2025, 11:16 p.m., Published: Dec. 16, 2025, 3:37 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: asyncos
vendor: cisco model: cisco asyncos
vendor: fortigate model: fortios
db: NVD ids: CVE-2025-55182

Understanding IoT Device Vulnerabilities: What Every User Should Know - Ask.com

Trust: 3.0

Fetched: Dec. 18, 2025, 11:16 p.m., Published: Nov. 26, 2025, 4:24 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs

Microsoft's December Patch fixes three zero-day flaws including one critical exploited vulnerability - update your PC right now | Tom's Guide

Trust: 5.0

Fetched: Dec. 18, 2025, 11:13 p.m., Published: Dec. 9, 2025, 10:18 p.m.
 Vulnerabilities: privilege elevation, privilege escalation, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2025-54100, CVE-2025-64671, CVE-2025-62221

December Patch Tuesday fixes three zero-days, including one that hijacks Windows devices | Malwarebytes

Trust: 3.0

Fetched: Dec. 18, 2025, 11:13 p.m., Published: Dec. 10, 2025, 4:06 p.m.
 Vulnerabilities: script execution, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-64671