VARIoT latest news about IoT security

Update your Android! Google patches 111 vulnerabilities, 2 are critical \| Malwarebytes Trust: 6.0 Fetched: Sept. 9, 2025, 9:36 a.m., Published: Sept. 3, 2025, 9:24 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2025-38352, CVE-2025-48543, CVE-2025-48539

A vulnerability in the RADIUS subsystem implementation of... · CVE-2025-20265 · GitHub Advisory Database · GitHub Trust: 3.25 Fetched: Sept. 9, 2025, 9:34 a.m., Published: Aug. 14, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-20265

CVE-2025-57766 - Fides's Admin UI User Password Change Does Not Invalidate Current Session - SecAlerts Trust: 3.75 Fetched: Sept. 9, 2025, 9:34 a.m., Published: -	Vulnerabilities: session hijacking, cross-site scripting

Affected products

External IDs

db:

NVD

ids:

CVE-2025-57766

CVE-2025-58756 - MONAI's unsafe torch usage may lead to arbitrary code execution - SecAlerts Trust: 4.75 Fetched: Sept. 9, 2025, 9:34 a.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2025-58756

The NRF52810 Hack: How A Single Chip Vulnerability Exposes Billions Of IoT Devices - Undercode Testing Trust: 3.75 Fetched: Sept. 9, 2025, 9:33 a.m., Published: Sept. 6, 2025, 8:06 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-9709

25,000 IPs Scanned Cisco ASA Devices - New Vulnerability Potentially Incoming Related entries in the VARIoT vulnerabilities database: VAR-202007-1057 Trust: 3.5 Fetched: Sept. 9, 2025, 9:32 a.m., Published: Sept. 4, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	asa software
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	cisco adaptive security appliance

db:

NVD

ids:

CVE-2020-3452

⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More Trust: 4.25 Fetched: Sept. 9, 2025, 9:31 a.m., Published: Sept. 1, 2025, 1:02 p.m.	Vulnerabilities: command execution, code execution

Affected products

External IDs

vendor:	apple	model:	installer
vendor:	apple	model:	macos
vendor:	zoom	model:	client
vendor:	cisco	model:	series switches
vendor:	cisco	model:	series
vendor:	cisco	model:	meeting
vendor:	cisco	model:	cisco integrated management controller
vendor:	cisco	model:	integrated management controller
vendor:	cisco	model:	nexus
vendor:	cisco	model:	guard
vendor:	cisco	model:	nexus 3000
vendor:	cisco	model:	cisco unified computing system
vendor:	cisco	model:	unified computing system
vendor:	cisco	model:	unified computing system manager
vendor:	sonicwall	model:	ssl vpn
vendor:	sonicwall	model:	remote access
vendor:	sonicwall	model:	switch
vendor:	hikvision	model:	hikvision
vendor:	litespeed	model:	litespeed web server
vendor:	tableau	model:	tableau server
vendor:	tableau	model:	server
vendor:	lite	model:	litespeed web server
vendor:	google	model:	nexus
vendor:	google	model:	chrome
vendor:	google	model:	google chrome

db:

NVD

ids:

CVE-2025-34511, CVE-2025-9478, CVE-2025-39247, CVE-2025-20241, CVE-2025-20295, CVE-2025-26496, CVE-2025-34510, CVE-2025-8067, CVE-2025-39246, CVE-2025-50975, CVE-2025-52520, CVE-2025-53118, CVE-2025-39245, CVE-2025-34158, CVE-2025-23307, CVE-2025-54370, CVE-2025-20317, CVE-2025-53506, CVE-2025-49146, CVE-2025-9074, CVE-2025-43300, CVE-2025-54939, CVE-2025-48976, CVE-2025-34509, CVE-2025-20294, CVE-2025-50979, CVE-2025-55177, CVE-2025-9118, CVE-2025-57819

Siemens COMOS \| CISA Trust: 4.75 Fetched: Sept. 9, 2025, 9:30 a.m., Published: Jan. 10, 2023, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:

siemens

model:

comos

db:

NVD

ids:

CVE-2024-8894

GovCERT.HK - High Threat Security Alert (A25-08-18): Vulnerability in Apple Products Trust: 4.75 Fetched: Sept. 9, 2025, 9:30 a.m., Published: Aug. 25, 2018, midnight	Vulnerabilities: denial of service, code execution

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	ipad
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2025-43300

Salt Typhoon Exploits Flaws in Edge Network Devices to Breach 600 Organizations Worldwide Related entries in the VARIoT vulnerabilities database: VAR-201803-1387 Trust: 3.75 Fetched: Sept. 9, 2025, 9:29 a.m., Published: Aug. 28, 2025, 2:04 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	cisco ios xr
vendor:	palo alto networks	model:	networks
vendor:	palo	model:	networks

db:

NVD

ids:

CVE-2023-20273, CVE-2024-3400, CVE-2024-21887, CVE-2018-0171, CVE-2023-20198, CVE-2023-46805

Configure a Vulnerability Protection Profile (PAN-OS & Panorama) Trust: 3.25 Fetched: Sept. 9, 2025, 9:29 a.m., Published: Sept. 2, 2025, 3:14 p.m.	Vulnerabilities: command injection, sql injection

Affected products

External IDs

vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	pan-os
vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	palo	model:	pan-os

CVE-2025-24322: Unsafe Default Authentication Vulnerability in Tenda AC6 - Cybersecurity Exploit Tracker by Ameeba Related entries in the VARIoT vulnerabilities database: VAR-202508-2012 Trust: 4.75 Fetched: Sept. 9, 2025, 9:28 a.m., Published: Sept. 6, 2025, 8:04 p.m.	Vulnerabilities: authentication vulnerability, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2025-24322

Update now! Apple issues iOS, iPadOS, and macOS updates to fix a critical flaw \| Macworld Trust: 4.0 Fetched: Sept. 9, 2025, 9:23 a.m., Published: Aug. 20, 2025, midnight	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	software update

FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available Trust: 5.75 Fetched: Sept. 9, 2025, 9:23 a.m., Published: Aug. 29, 2025, 9:44 a.m.	Vulnerabilities: authentication bypass, code execution

Affected products

External IDs

vendor:

sangoma

model:

asterisk

db:

NVD

ids:

CVE-2025-57819

CVE-2025-39690 \| Armis Vulnerability Intelligence Database Trust: 3.0 Fetched: Sept. 9, 2025, 9:21 a.m., Published: Sept. 5, 2025, 6:15 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-39690

CISA Alerts On Critical SunPower Vulnerability Allowing Full Device Takeover - Cybernoz - Cybersecurity News Trust: 3.0 Fetched: Sept. 9, 2025, 9:21 a.m., Published: Sept. 3, 2025, 10:18 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-9696

UAE Cyber Security Council warns of smart home device vulnerabilities \| News Minimalist Trust: 3.25 Fetched: Sept. 9, 2025, 9:20 a.m., Published: Sept. 7, 2025, 11:01 a.m.	Vulnerabilities: -

Affected products	External IDs

SinoTrack GPS Devices Exposed: Default Passwords Allow Remote Vehicle Control June 11, 2025 IoT Security / Vulnerability Recent security vulnerabilities in SinoTrack GPS devices could enable unauthorized remote control of specific functions in connected vehicles, including location tracking. According to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), "Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface." This access may enable attackers to execute functions such as tracking vehicle location and, where applicable, disconnecting the fuel pump. The vulnerabilities impact all versions of the SinoTrack IoT PC Platform. Below is a brief overview of the identified flaws: CVE-2025-5484 (CVSS score: 8.3) - Weak authentication in the central SinoTrack device management interface due to the reliance on a default password and a username that serves as an identifier. - Breach Spot Trust: 4.0 Fetched: Sept. 9, 2025, 9:20 a.m., Published: Aug. 21, 2025, 6:45 p.m.	Vulnerabilities: default password

Affected products

External IDs

db:

NVD

ids:

CVE-2025-5484

CVE-2025-39721 \| Armis Vulnerability Intelligence Database Trust: 5.25 Fetched: Sept. 9, 2025, 9:19 a.m., Published: Sept. 5, 2025, 6:15 p.m.	Vulnerabilities: kernel crash

Affected products

External IDs

db:

NVD

ids:

CVE-2025-39721

FirmVulLinker: Leveraging Multi-Dimensional Firmware Profiling for Identifying Homologous Vulnerabilities in Internet of Things Devices Trust: 3.25 Fetched: Sept. 9, 2025, 9:15 a.m., Published: Jan. 9, 2025, midnight	Vulnerabilities: memory corruption, information leakage, command execution...

Affected products

External IDs

vendor:	axis	model:	axis
vendor:	canonical	model:	ubuntu

VARIoT news about IoT security