Sign-up

VARIoT news about IoT security

⚡ Weekly Recap: Fortinet Exploited, China's AI Hacks, PhaaS Empire Falls & More

Trust: 4.25

Fetched: Nov. 23, 2025, 10:07 a.m., Published: Nov. 17, 2025, 12:34 p.m.
 Vulnerabilities: code execution, arbitrary command execution, command execution...
Affected productsExternal IDs
vendor: trend model: security
vendor: synology model: chat
vendor: synology model: drive
vendor: node.js model: node.js
vendor: watchguard model: firebox
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: cisco model: series
vendor: cisco model: catalyst
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: installer
vendor: trend micro model: security
vendor: asus model: asus
vendor: google model: chrome
vendor: google model: android
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: palo model: networks
db: NVD ids: CVE-2025-37734, CVE-2025-62449, CVE-2025-33178, CVE-2025-11224, CVE-2025-42887, CVE-2025-20341, CVE-2025-43515, CVE-2025-64404, CVE-2025-46608, CVE-2025-59396, CVE-2025-64401, CVE-2025-11919, CVE-2025-64403, CVE-2025-52970, CVE-2025-64405, CVE-2025-12121, CVE-2025-10918, CVE-2025-12686, CVE-2025-64739, CVE-2025-42890, CVE-2025-64740, CVE-2025-64738, CVE-2025-12762, CVE-2025-62453, CVE-2025-59367, CVE-2025-23361, CVE-2025-12120, CVE-2025-4619, CVE-2025-64446, CVE-2025-64741, CVE-2025-12485

CVE-2025-8693 - Zyxel DX3300-T0 Command Injection Vulnerability

Trust: 5.0

Fetched: Nov. 23, 2025, 10:06 a.m., Published: Nov. 18, 2025, 2:15 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-8693

Critical Security Vulnerabilities Discovered in Perplexity Comet AI Browser: Hidden MCP API Enables Full Device Takeover and Command Execution - SafetyBis

Trust: 3.25

Fetched: Nov. 23, 2025, 10:05 a.m., Published: Nov. 21, 2025, midnight
 Vulnerabilities: cross-site scripting, script injection, command execution...
Affected productsExternal IDs
vendor: apple model: safari
vendor: google model: chrome
vendor: google model: google chrome

Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts

Trust: 4.5

Fetched: Nov. 23, 2025, 10:04 a.m., Published: Nov. 14, 2025, 9 a.m.
 Vulnerabilities: path traversal, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-64446

Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability

Trust: 4.5

Fetched: Nov. 23, 2025, 10:03 a.m., Published: Nov. 18, 2025, 4:44 a.m.
 Vulnerabilities: heap corruption, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2025-6554, CVE-2025-4664, CVE-2025-10585, CVE-2025-5419, CVE-2025-6558, CVE-2025-13223, CVE-2025-13224, CVE-2025-2783

Update Canonical Ubuntu Desktop: USN-7876-1: ImageMagick vulnerability

Trust: 5.75

Fetched: Nov. 23, 2025, 10:02 a.m., Published: Jan. 23, 7876, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
vendor: imagemagick model: imagemagick
db: NVD ids: CVE-2025-57803

Update Microsoft SQL Server 2019: KB5068404: This hotfix addresses a SQL injection vulnerability

Trust: 3.0

Fetched: Nov. 23, 2025, 10:02 a.m., Published: Nov. 23, 2019, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-59499

CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities - Cyber Security Review

Trust: 3.75

Fetched: Nov. 23, 2025, 10:01 a.m., Published: Nov. 12, 2025, 8:46 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: cisco model: router
vendor: cisco model: routers
vendor: cisco model: nexus
vendor: palo model: networks
db: NVD ids: CVE-2025-53770, CVE-2025-20333, CVE-2025-20362, CVE-2025-41244

How to Hack a MacBook Pro M3 with a USB Device | Luis Oria Seidel posted on the topic | LinkedIn

Trust: 4.5

Fetched: Nov. 23, 2025, 10:01 a.m., Published: -
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: apple model: macbook
vendor: apple model: macos
vendor: apple model: macbook pro

CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities - Cyber Security Review

Trust: 3.75

Fetched: Nov. 23, 2025, 10:01 a.m., Published: Nov. 12, 2025, 8:46 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: cisco model: firepower
db: NVD ids: CVE-2025-20333, CVE-2025-20362

Comet Browser Vulnerability: MCP API Flaw Exposed | Luis Oria Seidel posted on the topic | LinkedIn

Trust: 3.25

Fetched: Nov. 23, 2025, 10 a.m., Published: -
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities - Cyber Security Review

Trust: 3.75

Fetched: Nov. 23, 2025, 9:59 a.m., Published: Nov. 12, 2025, 8:46 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: cisco model: firepower
db: NVD ids: CVE-2025-20333, CVE-2025-20362

CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities - Cyber Security Review

Trust: 3.75

Fetched: Nov. 23, 2025, 9:59 a.m., Published: Nov. 12, 2025, 8:46 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2025-20333, CVE-2025-20362

CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities - Cyber Security Review

Trust: 4.75

Fetched: Nov. 23, 2025, 9:58 a.m., Published: Nov. 12, 2025, 8:46 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: firepower
db: NVD ids: CVE-2025-55241, CVE-2025-20333, CVE-2025-20362, CVE-2024-36401

CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities - Cyber Security Review

Trust: 5.75

Fetched: Nov. 23, 2025, 9:58 a.m., Published: Nov. 12, 2025, 8:46 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: watchguard model: watchguard fireware
vendor: watchguard model: fireware
vendor: watchguard model: firebox
db: NVD ids: CVE-2025-10035, CVE-2025-20333, CVE-2025-20362, CVE-2023-0669

IT Asset Visibility: Reduce Breach Risk & Security Costs

Trust: 3.75

Fetched: Nov. 23, 2025, 9:56 a.m., Published: Nov. 21, 2025, midnight
 Vulnerabilities: audit failure
Affected productsExternal IDs

GHSA-mrw7-hf4f-83pf - Input Validation - SecAlerts

Trust: 4.75

Fetched: Nov. 21, 2025, 9:41 a.m., Published: -
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-62164

Update Canonical Ubuntu Desktop: USN-7877-1: libcupsfilters vulnerabilities

Trust: 6.25

Fetched: Nov. 21, 2025, 9:40 a.m., Published: Jan. 21, 7877, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-64503, CVE-2025-57812

WrtHug Abuse of ASUS WRT Vulnerabilities Exposes Thousands of EoL Routers - SecPod Blog

Related entries in the VARIoT vulnerabilities database: VAR-202504-1580

Trust: 4.75

Fetched: Nov. 21, 2025, 9:40 a.m., Published: Nov. 20, 2025, 9:06 a.m.
 Vulnerabilities: privilege escalation, command injection
Affected productsExternal IDs
vendor: asus model: router
vendor: asus model: rt-ac1300uhp
vendor: asus model: rt-ac1300gplus
vendor: asus model: gt-ac5300
vendor: asus model: gt-ax11000
vendor: asus model: 4g-ac55u
vendor: asus model: wrt firmware
vendor: asus model: routers
vendor: asus model: dsl-ac68u
vendor: asus model: asus
vendor: asus model: rt-ac1200hp
db: NVD ids: CVE-2024-12912, CVE-2023-41346, CVE-2025-2492, CVE-2023-41348, CVE-2023-41345, CVE-2023-41347

Lynx N4 IoT Gateway Vulnerability: Update Now | Luis Oria Seidel posted on the topic | LinkedIn

Trust: 5.25

Fetched: Nov. 21, 2025, 9:39 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-6324