Advisory Week

Week 18, 2025

National Cyber Awareness System

CISA Releases Five Industrial Control Systems Advisories

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA Releases Three Industrial Control Systems Advisories

Unsophisticated Cyber Actor(s) Targeting Operational Technology

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds One Known Exploited Vulnerability to Catalog

Ubuntu Security Notices

LibreOffice vulnerability: USN-7504-1

h11 vulnerability: USN-7503-1

Django vulnerability: USN-7501-2 / USN-7501-1

Horde Css Parser vulnerability: USN-7502-1

libsoup vulnerabilities: USN-7490-3

Linux kernel (Real-time) vulnerability: USN-7489-2

Linux kernel (Azure) vulnerabilities: USN-7500-2 / USN-7496-4 / USN-7496-3 / USN-7495-3

Linux kernel (Azure FIPS) vulnerabilities: USN-7496-5

OpenJDK 24 vulnerabilities: USN-7484-1

OpenJDK 21 vulnerabilities: USN-7483-1

OpenJDK 17 vulnerabilities: USN-7482-1

OpenJDK 11 vulnerabilities: USN-7481-1

OpenJDK 8 vulnerabilities: USN-7480-1

MySQL vulnerabilities: USN-7479-1

Corosync vulnerability: USN-7478-1

c-ares vulnerability: USN-7477-1

Red Hat Security Advisory

Important: firefox security update: RHSA-2025:4756 / RHSA-2025:4753 / RHSA-2025:4752 / RHSA-2025:4751 / RHSA-2025:4458 / RHSA-2025:4443

Moderate: Red Hat JBoss Web Server 5.8.4 release and security update: RHSA-2025:4521

Important: OpenShift Container Platform 4.18.12 bug fix and security update: RHSA-2025:4427

Important: OpenShift Container Platform 4.12.76 bug fix and security update: RHSA-2025:4409

Important: OpenShift Container Platform 4.15.50 bug fix and security update: RHSA-2025:4422

Important: OpenShift Container Platform 4.17.28 bug fix and security update: RHSA-2025:4431

Important: OpenShift Container Platform 4.12.76 security and extras update: RHSA-2025:4408

Important: osbuild-composer security update: RHSA-2025:4669 / RHSA-2025:4569 / RHSA-2025:4462

Moderate: Updated 7.1 container image is now available in the Red Hat Ecosystem Catalog.: RHSA-2025:4667

Important: Red Hat Advanced Cluster Management 2.11.7 container updates: RHSA-2025:4666

Important: thunderbird security update: RHSA-2025:4665 / RHSA-2025:4654 / RHSA-2025:4649 / RHSA-2025:4617 / RHSA-2025:4514 / RHSA-2025:4513 / RHSA-2025:4512 / RHSA-2025:4460

Important: Red Hat Ceph Storage 7.1 security, bug fix, and enhancement updates: RHSA-2025:4664

Moderate: libtiff security update: RHSA-2025:4658

Important: libsoup security update: RHSA-2025:4624 / RHSA-2025:4609 / RHSA-2025:4568 / RHSA-2025:4560 / RHSA-2025:4538 / RHSA-2025:4508 / RHSA-2025:4440 / RHSA-2025:4439

Important: redis:6 security update: RHSA-2025:4607 / RHSA-2025:4561 / RHSA-2025:4441

Important: multicluster Engine for Kubernetes 2.6.7 container updates: RHSA-2025:4605

Important: Satellite 6.17.0 release: RHSA-2025:4576

Moderate: mod_auth_openidc:2.3 security update: RHSA-2025:4597

Important: redis security update: RHSA-2025:4577

Moderate: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update: RHSA-2025:4553

Important: Red Hat JBoss Enterprise Application Platform 7.4.22 security update: RHSA-2025:4552 / RHSA-2025:4550 / RHSA-2025:4549 / RHSA-2025:4548

Important: yelp security update: RHSA-2025:4532 / RHSA-2025:4505 / RHSA-2025:4457 / RHSA-2025:4456 / RHSA-2025:4455 / RHSA-2025:4451 / RHSA-2025:4450

Important: RHODF-4.18-RHEL-9 security update: RHSA-2025:4511

Important: kernel security update: RHSA-2025:4509 / RHSA-2025:4469

Important: Red Hat Advanced Cluster Management 2.10.8 container updates: RHSA-2025:4502

Important: kpatch-patch-5_14_0-503_15_1 and kpatch-patch-5_14_0-503_26_1 security update: RHSA-2025:4499

Important: kpatch-patch-5_14_0-70_112_1, kpatch-patch-5_14_0-70_121_1, kpatch-patch-5_14_0-70_124_1, and kpatch-patch-5_14_0-70_85_1 security update: RHSA-2025:4498

Important: kpatch-patch-5_14_0-427_13_1, kpatch-patch-5_14_0-427_31_1, kpatch-patch-5_14_0-427_44_1, and kpatch-patch-5_14_0-427_55_1 security update: RHSA-2025:4497

Important: kpatch-patch-5_14_0-284_104_1, kpatch-patch-5_14_0-284_52_1, kpatch-patch-5_14_0-284_79_1, and kpatch-patch-5_14_0-284_92_1 security update: RHSA-2025:4496

Moderate: 389-ds-base security update: RHSA-2025:4491

Moderate: ruby:3.1 security update: RHSA-2025:4488

Important: multicluster Engine for Kubernetes 2.5.9 container updates: RHSA-2025:4473

Important: kernel-rt security update: RHSA-2025:4471

Moderate: nodejs:20 security update: RHSA-2025:4461

Important: nodejs:22 security update: RHSA-2025:4459

Moderate: xmlrpc-c security update: RHSA-2025:4449 / RHSA-2025:4448 / RHSA-2025:4447

Node.js Security Advisories

Wednesday, May 14, 2025 Security Releases

Cisco Security Advisory

Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers ARP Denial of Service Vulnerability

Cisco IOS XE Software for WLC Wireless IPv6 Clients Denial of Service Vulnerability

Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability

Cisco IOS XE Software Web-Based Management Interface Vulnerabilities

Cisco IOS XE Software Web-Based Management Interface Command Injection Vulnerability

Cisco Catalyst SD-WAN Manager Stored Cross-Site Scripting Vulnerability

Cisco Catalyst SD-WAN Manager Reflected HTML Injection Vulnerability

Cisco IOS, IOS XE, and IOS XR Software TWAMP Denial of Service Vulnerability

Cisco IOS and IOS XE Software SNMPv3 Configuration Restriction Vulnerability

Cisco IOS XE SD-WAN Software Packet Filtering Bypass Vulnerability

Multiple Cisco Products Switch Integrated Security Features DHCPv6 Denial of Service Vulnerability

Cisco Catalyst SD-WAN Manager Arbitrary File Creation Vulnerability

Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability

Cisco IOS XE Software Model-Driven Programmability Authorization Bypass Vulnerability

Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IKEv2 Denial of Service Vulnerability

Cisco IOS Software on Cisco Catalyst 1000 and 2960L Switches Access Control List Bypass Vulnerability

Cisco IOx Application Hosting Environment Denial of Service Vulnerability

Cisco IOS XE Software Privilege Escalation Vulnerabilities

Cisco IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability

Cisco IOS XE Software DHCP Snooping Denial of Service Vulnerability

Cisco IOS Software Industrial Ethernet Switch Device Manager Privilege Escalation Vulnerability

Cisco IOS XE Wireless Controller Software Unauthorized User Deletion Vulnerability

Cisco IOS XE Wireless Controller Software Cisco Discovery Protocol Denial of Service Vulnerability

Cisco Catalyst Center Unauthenticated API Access Vulnerability

Cisco Catalyst Center Insufficient Access Control Vulnerability

Cisco Catalyst SD-WAN Manager Certificate Validation Vulnerability

Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches Secure Boot Bypass Vulnerability

Cisco IOS XE Software Bootstrap Arbitrary File Write Vulnerability

Microsoft Security

Microsoft May 2025 Security Update Guide

Chromium: CVE-2025-4372 Use after free in WebAudio

CVE-2025-47732 Microsoft Dataverse Remote Code Execution Vulnerability

CVE-2025-47733 Microsoft Power Apps Information Disclosure Vulnerability

CVE-2025-29813 Azure DevOps Elevation of Privilege Vulnerability

CVE-2025-29827 Azure Automation Elevation of Privilege Vulnerability

CVE-2025-29972 Azure Storage Resource Provider Spoofing Vulnerability

CVE-2025-33072 Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability

Amazon AWS Security Advisories

CVE-2025-4318 - Input validation issue in AWS Amplify Studio UI component properties

CISA Known Exploted Vulnerabilities

Langflow Missing Authentication Vulnerability CVE-2025-3248

FreeType Out-of-Bounds Write Vulnerability CVE-2025-27363

GeoVision Devices OS Command Injection Vulnerability CVE-2024-11120

GeoVision Devices OS Command Injection Vulnerability CVE-2024-6047

The known exploited vulnerabilities list contains vulnerabilities that are known to be actively exploited. They may not be new or recently discovered. Vulnerabilities listed here were added to this list in the past week.

Switch to Daily Mode

We're thrilled to announce the launch of AdvisoryDaily, a once a day version of this newsletter.

Get AdvisoryDaily