Sign-up

VARIoT news about IoT security

Fortinet Patches Critical CVE-2025-25257 SQL Injection Vulnerability in FortiWeb - Thailand Computer Emergency Response Team (ThaiCERT)

Trust: 3.0

Fetched: July 16, 2025, 9:51 a.m., Published: July 14, 2025, 10:30 a.m.
 Vulnerabilities: code execution, sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-25257

Several major Linux distros hit by serious Sudo security flaws - Cyber Security Review

Trust: 4.75

Fetched: July 16, 2025, 9:46 a.m., Published: July 7, 2025, 7:20 a.m.
 Vulnerabilities: certificate validation vulnerability, command execution, path traversal
Affected productsExternal IDs
vendor: mitel model: micollab
db: NVD ids: CVE-2025-32462, CVE-2024-55550, CVE-2024-41713, CVE-2024-48865, CVE-2025-32463

Critical D-Link Vulnerability Lets Remote Attackers Crash Servers Without Authentication

Related entries in the VARIoT vulnerabilities database: VAR-202507-0217

Trust: 4.5

Fetched: July 16, 2025, 9:46 a.m., Published: July 11, 2025, 7:43 a.m.
 Vulnerabilities: memory corruption, buffer overflow, service crash
Affected productsExternal IDs
vendor: d-link model: router
vendor: d-link model: dir-825
vendor: d-link model: dir-825 rev.b
db: NVD ids: CVE-2025-7206

PerfektBlue: Major Bluetooth Stack Flaw Could Rule Billions of Devices - The420.in

Trust: 3.0

Fetched: July 16, 2025, 9:45 a.m., Published: July 13, 2025, 6:02 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Millions of vehicles and devices have been exposed by Bluetooth RCE (Remote Code Execution)! | Internet, IT & e-Discovery

Trust: 4.75

Fetched: July 16, 2025, 9:45 a.m., Published: July 14, 2025, 10:49 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-45431, CVE-2024-45434

CitrixBleed 2 Vulnerability PoC Published - Experts Warn of Mass Exploitation Risk

Trust: 5.5

Fetched: July 16, 2025, 9:44 a.m., Published: July 7, 2025, 5:57 a.m.
 Vulnerabilities: session hijacking, memory leak
Affected productsExternal IDs
vendor: citrix model: gateway
vendor: citrix model: netscaler
vendor: citrix model: netscaler adc
db: NVD ids: CVE-2025-5777

Critical Vulnerabilities Discovered in Adobe Acrobat Reader and ASUS Armoury Crate - Security Spotlight

Trust: 3.25

Fetched: July 16, 2025, 9:42 a.m., Published: July 14, 2025, 1:28 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: asus

CVE-2025-0140 GlobalProtect App: Non Admin User Can Disable the GlobalProtect App

Trust: 3.75

Fetched: July 16, 2025, 9:42 a.m., Published: July 9, 2025, 4 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo_alto_networks model: networks globalprotect
vendor: palo_alto_networks model: networks
vendor: palo_alto_networks model: palo alto networks globalprotect
vendor: palo model: networks globalprotect
vendor: palo model: networks
vendor: palo model: palo alto networks globalprotect
vendor: palo alto networks model: networks globalprotect
vendor: palo alto networks model: networks
vendor: palo alto networks model: palo alto networks globalprotect
db: NVD ids: CVE-2025-0140

ClamAV 0.99.4 < 1.0.9, 1.2.0 < 1.4.3 Multiple Vulnerabilities | Tenable®

Trust: 3.0

Fetched: July 16, 2025, 9:39 a.m., Published: Jan. 4, 2003, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: clamav model: clamav

CVE-2025-6019: time to upgrade Linux | Kaspersky official blog

Trust: 3.0

Fetched: July 16, 2025, 9:39 a.m., Published: Jan. 16, 2050, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-6019, CVE-2025-6018

[ISC] Mitigation of Threats and Attacks - 2 :: Data Analysis Producer

Trust: 3.0

Fetched: July 16, 2025, 9:34 a.m., Published: July 14, 2025, 2:12 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: delegate model: delegate

What are CVE-2025-27210 and CVE-2025-27209 vulnerabilities in Node.js, and how can Windows applications protect against these high-severity flaws? - Web Asha Technologies

Trust: 5.75

Fetched: July 16, 2025, 9:32 a.m., Published: July 20, 2025, midnight
 Vulnerabilities: denial of service, path traversal
Affected productsExternal IDs
vendor: node.js model: node.js
db: NVD ids: CVE-2025-27210, CVE-2025-27209

Secure Your IoT: Top Tips to Protect Devices from Cyberattacks - Stats and Insights

Trust: 3.75

Fetched: July 16, 2025, 9:31 a.m., Published: July 14, 2025, 10:30 a.m.
 Vulnerabilities: cross-site scripting, sql injection
Affected productsExternal IDs

CVE-2025-30023: Critical RCE Vulnerability Discovered in Axis Video Management Software

Trust: 6.75

Fetched: July 16, 2025, 9:30 a.m., Published: July 14, 2025, 12:22 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: axis model: communications
vendor: axis model: axis
vendor: axis communications model: communications
vendor: axis communications model: axis
db: NVD ids: CVE-2025-30023

CVE-2025-3498: Unauthenticated User Access and Modification of Radiflow iSAP Smart Collector Configuration - Cybersecurity Exploit Tracker by Ameeba

Trust: 3.0

Fetched: July 16, 2025, 9:30 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-3498

CVE-2025-20271 : Denial of Service Vulnerability in Cisco AnyConnect VPN on Cisco Meraki Devices

Trust: 6.0

Fetched: July 16, 2025, 9:30 a.m., Published: June 18, 2025, 4:38 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: meraki mx
db: NVD ids: CVE-2025-20271

eSIM Vulnerability in Kigen's eUICC Cards Exposes Billions of IoT

Trust: 4.5

Fetched: July 16, 2025, 9:23 a.m., Published: July 14, 2025, 2:05 p.m.
 Vulnerabilities: service disruption
Affected productsExternal IDs
vendor: snort.org model: snort
vendor: snort model: snort

National Lighting ® Online Shop | Low Trade Prices on Lighting Direct from the Manufacturer | Next Day Delivery | National Lighting® Online Shop

Trust: 3.25

Fetched: July 16, 2025, 9:11 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs

Back up your device - Android - Google One Help

Trust: 3.0

Fetched: July 16, 2025, 9:10 a.m., Published: July 3, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Little-Known IoT Device Vulnerabilities: Real Incidents and How to Stay Safe

Trust: 3.5

Fetched: July 15, 2025, 11:17 a.m., Published: July 15, 2025, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs