VARIoT latest news about IoT security

Critical Fortinet Flaws Under Active Attack Trust: 4.25 Fetched: Dec. 18, 2025, 11:24 p.m., Published: Dec. 2, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2025-59719, CVE-2025-59718

IoT Cybersecurity: Cybersecurity for the Internet of Things (IoT) Trust: 4.5 Fetched: Dec. 18, 2025, 11:23 p.m., Published: Dec. 6, 2025, 2:47 p.m.	Vulnerabilities: default password, denial of service

Affected products

External IDs

vendor:

essential

model:

phone

SSA-912274 Related entries in the VARIoT vulnerabilities database: VAR-202512-0219, VAR-202512-0221, VAR-202512-0223, VAR-202512-0222, VAR-202512-0220, VAR-202512-0224 Trust: 4.75 Fetched: Dec. 18, 2025, 11:23 p.m., Published: Dec. 2, 2025, midnight	Vulnerabilities: code injection, command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-56836, CVE-2024-56837, CVE-2024-56839, CVE-2024-56840, CVE-2024-56838, CVE-2024-56835

ZnDoor Malware Exploiting React2Shell Vulnerability to Compromise Network Trust: 5.5 Fetched: Dec. 18, 2025, 11:22 p.m., Published: Dec. 16, 2025, 9:33 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	trend	model:	security
vendor:	snort	model:	snort
vendor:	snort.org	model:	snort

db:

NVD

ids:

CVE-2025-55182

CVE-2025-9315: Unauthenticated Device Registration Vulnerability in MXsecurity Series \| Moxa Trust: 3.0 Fetched: Dec. 18, 2025, 11:22 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-9315

Thousands of Vehicles at Risk: Zero-Day Vulnerabilities Reveal a Critical Blind Spot in Automotive Cybersecurity - VicOne Trust: 4.25 Fetched: Dec. 18, 2025, 11:22 p.m., Published: Dec. 19, 2025, midnight	Vulnerabilities: privilege escalation, code execution

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2025-2764, CVE-2025-2762, CVE-2025-2766, CVE-2025-2763, CVE-2025-2765

Technical Advisory: React2Shell Critical Unauthenticated RCE in React (CVE-2025-55182) Trust: 4.5 Fetched: Dec. 18, 2025, 11:21 p.m., Published: March 18, 2025, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	canary	model:	canary
vendor:	trend	model:	security
vendor:	node.js	model:	node.js

db:

NVD

ids:

CVE-2025-66478, CVE-2025-55182

Critical FortiGate Devices SSO Vulnerabilities Actively Exploited in the Trust: 4.75 Fetched: Dec. 18, 2025, 11:20 p.m., Published: Dec. 16, 2025, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2025-59719, CVE-2025-59718

FortiGate firewall credentials being stolen after vulnerabilities discovered \| CSO Online Trust: 5.25 Fetched: Dec. 18, 2025, 11:19 p.m., Published: Dec. 16, 2025, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2025-59719, CVE-2025-59718

Apple users urged to update their device software following security warnings \| The Straits Times Trust: 4.75 Fetched: Dec. 18, 2025, 11:19 p.m., Published: Dec. 26, 2025, midnight	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	webkit
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2025-14174, CVE-2025-43529

IoT Security Guide 2024: Threats, Risks & Protection for Smart Devices \| The Daily Explainer Trust: 4.0 Fetched: Dec. 18, 2025, 11:17 p.m., Published: Dec. 2, 2025, 1 p.m.	Vulnerabilities: default credentials, default password, denial of service

Affected products

External IDs

vendor:	parallels	model:	tools
vendor:	essential	model:	phone
vendor:	google	model:	google home
vendor:	google	model:	home
vendor:	tesla	model:	model

Critical FortiGate Vulnarability Under Active Attack - InfoSecBulletin Trust: 4.75 Fetched: Dec. 18, 2025, 11:16 p.m., Published: Dec. 16, 2025, 3:37 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	cisco	model:	asyncos
vendor:	cisco	model:	cisco asyncos
vendor:	fortigate	model:	fortios

db:

NVD

ids:

CVE-2025-55182

Understanding IoT Device Vulnerabilities: What Every User Should Know - Ask.com Trust: 3.0 Fetched: Dec. 18, 2025, 11:16 p.m., Published: Nov. 26, 2025, 4:24 p.m.	Vulnerabilities: default credentials

Affected products	External IDs

Microsoft's December Patch fixes three zero-day flaws including one critical exploited vulnerability - update your PC right now \| Tom's Guide Trust: 5.0 Fetched: Dec. 18, 2025, 11:13 p.m., Published: Dec. 9, 2025, 10:18 p.m.	Vulnerabilities: privilege elevation, privilege escalation, code execution...

Affected products

External IDs

db:

NVD

ids:

CVE-2025-54100, CVE-2025-64671, CVE-2025-62221

December Patch Tuesday fixes three zero-days, including one that hijacks Windows devices \| Malwarebytes Trust: 3.0 Fetched: Dec. 18, 2025, 11:13 p.m., Published: Dec. 10, 2025, 4:06 p.m.	Vulnerabilities: script execution, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2025-64671

Zero-day vulnerabilities found: Apple iPhone, iPad users urged to update devices , Digital News - AsiaOne Trust: 5.0 Fetched: Dec. 18, 2025, 11:12 p.m., Published: Dec. 15, 2025, 12:10 p.m.	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	webkit
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2025-14174, CVE-2025-43529

Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure \| AWS Security Blog Trust: 3.5 Fetched: Dec. 18, 2025, 11:11 p.m., Published: Dec. 15, 2025, 7:20 p.m.	Vulnerabilities: default credentials, traffic interception

Affected products

External IDs

db:

NVD

ids:

CVE-2023-27532, CVE-2023-22518, CVE-2022-26318, CVE-2021-26084

Android Security Bulletin-December 2025 \| Android Open Source Project Related entries in the VARIoT vulnerabilities database: VAR-202511-0769, VAR-202512-0754, VAR-202512-2043, VAR-202512-1520, VAR-202512-1246, VAR-202512-1517, VAR-202512-2040, VAR-202512-0999, VAR-202511-1256, VAR-202512-1793, VAR-202511-1774 Trust: 5.25 Fetched: Dec. 18, 2025, 11:10 p.m., Published: Dec. 18, 2025, midnight	Vulnerabilities: denial of service, code execution, information disclosure

Affected products

External IDs

vendor:	motorola	model:	motorola
vendor:	motorola	model:	android
vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	samsung	model:	mobile
vendor:	samsung	model:	notes
vendor:	samsung	model:	note
vendor:	samsung	model:	samsung
vendor:	huawei	model:	huawei

db:

NVD

ids:

CVE-2025-48607, CVE-2025-48564, CVE-2025-61618, CVE-2025-48618, CVE-2025-48592, CVE-2023-40130, CVE-2025-58410, CVE-2025-48627, CVE-2025-48589, CVE-2025-47382, CVE-2025-11131, CVE-2025-61619, CVE-2025-61609, CVE-2025-48583, CVE-2025-20730, CVE-2025-11133, CVE-2025-48596, CVE-2025-47370, CVE-2025-20751, CVE-2025-20725, CVE-2025-48597, CVE-2025-3012, CVE-2025-47372, CVE-2025-20754, CVE-2025-48599, CVE-2025-48631, CVE-2025-48601, CVE-2025-48629, CVE-2025-47319, CVE-2025-27070, CVE-2025-48603, CVE-2025-48633, CVE-2025-20758, CVE-2025-47354, CVE-2025-48612, CVE-2025-48628, CVE-2025-48594, CVE-2025-27053, CVE-2025-48590, CVE-2025-48565, CVE-2025-48573, CVE-2025-20757, CVE-2025-48555, CVE-2025-48576, CVE-2025-48566, CVE-2025-31718, CVE-2025-31717, CVE-2025-20790, CVE-2025-32328, CVE-2025-27074, CVE-2025-20753, CVE-2025-11132, CVE-2025-22420, CVE-2025-48572, CVE-2025-48575, CVE-2025-48588, CVE-2025-22432, CVE-2025-48615, CVE-2025-48639, CVE-2025-61610, CVE-2025-25177, CVE-2025-48600, CVE-2025-20752, CVE-2025-20756, CVE-2025-48598, CVE-2025-8045, CVE-2025-48591, CVE-2025-20791, CVE-2025-48525, CVE-2025-47351, CVE-2025-48626, CVE-2025-48622, CVE-2025-48621, CVE-2025-20792, CVE-2025-20750, CVE-2025-46711, CVE-2025-48620, CVE-2025-48584, CVE-2025-48536, CVE-2025-6349, CVE-2025-61617, CVE-2025-20759, CVE-2025-48580, CVE-2025-32319, CVE-2025-32329, CVE-2025-48632, CVE-2025-47323, CVE-2025-6573, CVE-2025-61607, CVE-2025-48614, CVE-2025-20726, CVE-2025-61608, CVE-2025-20755, CVE-2025-27054, CVE-2025-48586, CVE-2025-20727, CVE-2025-48604

Apple Patches Critical Vulnerabilities Across Multiple Platforms - CVE Vulnerability Alerts Trust: 3.75 Fetched: Dec. 18, 2025, 11:10 p.m., Published: Dec. 15, 2025, 4:17 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	apple	model:	watchos
vendor:	apple	model:	tvos
vendor:	apple	model:	webkit

db:

NVD

ids:

CVE-2025-43529

Critical FortiGate SSO Vulnerability Actively Exploited in Real-World Attacks Trust: 6.0 Fetched: Dec. 18, 2025, 11:07 p.m., Published: Dec. 16, 2025, 11:14 a.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2025-59719, CVE-2025-59718, CVE-2025-597199, CVE-2025-597189

VARIoT news about IoT security