Advisory Week


Week 5, 2025
National Cyber Awareness System
 
CISA Adds One Known Exploited Vulnerability to Catalog
Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software
CISA Releases Six Industrial Control Systems Advisories
CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Partners with ASD’s ACSC, CCCS, NCSC-UK, and Other International and US Organizations to Release Guidance on Edge Devices
CISA Releases Nine Industrial Control Systems Advisories
CISA Adds Four Known Exploited Vulnerabilities to Catalog
Mozilla Security Advisories
 
Security Vulnerabilities fixed in Thunderbird 135 mfsa2025-11
Security Vulnerabilities fixed in Thunderbird ESR 128.7 mfsa2025-10
Security Vulnerabilities fixed in Firefox ESR 128.7 mfsa2025-09
Security Vulnerabilities fixed in Firefox ESR 115.20 mfsa2025-08
Security Vulnerabilities fixed in Firefox 135 mfsa2025-07
Ubuntu Security Notices
 
GNU C Library vulnerability: USN-7259-1
Ruby vulnerabilities: USN-7256-1
CKEditor vulnerabilities: USN-7258-1
Kerberos vulnerability: USN-7257-1
OpenJDK 23 vulnerability: USN-7255-1
OpenJDK 21 vulnerability: USN-7254-1
OpenJDK 17 vulnerability: USN-7253-1
OpenJDK 11 vulnerability: USN-7252-1
OpenJDK 8 regressions: USN-7096-2
Linux kernel (Low Latency) vulnerabilities: USN-7238-3
Linux kernel (Azure) vulnerabilities: USN-7234-3 / USN-7233-3
libvpx vulnerability: USN-7249-1
libndp vulnerability: USN-7248-1
OpenCV vulnerabilities: USN-7247-1
HarfBuzz vulnerability: USN-7251-1
Netdata vulnerabilities: USN-7250-1
Red Hat Security Advisory
 
Important: Red Hat Integration Camel K 1.10.9 release and security update.: RHSA-2025:1154
Important: OpenShift Container Platform 4.14.46 security update: RHSA-2025:0842 / RHSA-2025:0840 / RHSA-2025:0839
Important: firefox security update: RHSA-2025:1140 / RHSA-2025:1139 / RHSA-2025:1138 / RHSA-2025:1137 / RHSA-2025:1136 / RHSA-2025:1135 / RHSA-2025:1133 / RHSA-2025:1132 / RHSA-2025:1066
Moderate: python-jinja2 security update: RHSA-2025:1109 / RHSA-2025:0978
Important: OpenShift Container Platform 4.16.33 security and extras update: RHSA-2025:0827
Important: OpenShift Container Platform 4.12.72 packages and security update: RHSA-2025:0834
Important: OpenShift Container Platform 4.12.72 bug fix and security update: RHSA-2025:0832
Important: OpenShift Container Platform 4.12.72 security and extras update: RHSA-2025:0831
Important: Red Hat Ansible Automation Platform Execution Environments Container Release Update: RHSA-2025:1101
Important: ovn24.09 security update: RHSA-2025:1097
Important: ovn24.03 security update: RHSA-2025:1096
Important: ovn23.09 security update: RHSA-2025:1095
Important: ovn23.06 security update: RHSA-2025:1094 / RHSA-2025:1088
Important: ovn23.03 security update: RHSA-2025:1093 / RHSA-2025:1087
Important: ovn22.12 security update: RHSA-2025:1092 / RHSA-2025:1086
Important: ovn22.09 security update: RHSA-2025:1091 / RHSA-2025:1085
Important: ovn22.06 security update: RHSA-2025:1090 / RHSA-2025:1084
Important: ovn22.03 security update: RHSA-2025:1089 / RHSA-2025:1083
Moderate: Red Hat Build of Apache Camel 4.8 for Quarkus 3.15 update is now available (RHBQ 3.15.3.GA): RHSA-2025:1082
Important: Red Hat Build of Apache Camel 4.8.3 for Spring Boot security update.: RHSA-2025:1078
Important: OpenShift Container Platform 4.17.15 packages and security update: RHSA-2025:0878
Moderate: OpenShift Container Platform 4.17.15 bug fix and security update: RHSA-2025:0876
Important: libsoup security update: RHSA-2025:1075 / RHSA-2025:1047 / RHSA-2025:0949 / RHSA-2025:0903 / RHSA-2025:0889 / RHSA-2025:0882
Moderate: Red Hat build of Quarkus 3.15.3 release and security update: RHSA-2025:0900
Moderate: Red Hat OpenStack Platform 16.2 (python-django20) security update: RHSA-2025:1070
Moderate: kernel security update: RHSA-2025:1068
Moderate: kernel-rt security update: RHSA-2025:1067
Important: OpenShift Container Platform 4.17.15 security and extras update: RHSA-2025:0875
Important: Red Hat OpenShift Service Mesh Containers for 2.6.5: RHSA-2025:1053
Important: Red Hat OpenShift Service Mesh Containers for 2.5.8: RHSA-2025:1051
Important: Red Hat OpenShift Service Mesh Containers for 2.4.14: RHSA-2025:1050
Moderate: Satellite 6.16.2 Async Update: RHSA-2025:1019
Important: RHSA: Submariner 0.19.2 - bug fix and enhancement update: RHSA-2025:1013
Important: python-jinja2 security update: RHSA-2025:0951 / RHSA-2025:0950 / RHSA-2025:0883
Moderate: mariadb:10.11 security update: RHSA-2025:0912
Moderate: bzip2 security update: RHSA-2025:0925
Moderate: galera and mariadb security update: RHSA-2025:0914
Important: buildah security update: RHSA-2025:0923
Moderate: keepalived security update: RHSA-2025:0917
Moderate: mingw-glib2 security update: RHSA-2025:0936
Important: podman security update: RHSA-2025:0922
Critical: ACS 4.6.2 enhancement and security update: RHSA-2025:0907
Important: Red Hat OpenShift Dev Spaces 3.18.0 release: RHSA-2025:0892
Important: rsync security update: RHSA-2025:0885 / RHSA-2025:0884
Moderate: tuned security update: RHSA-2025:0881
Important: tuned security update: RHSA-2025:0880 / RHSA-2025:0879
Cisco Security Advisory
 
Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Vulnerabilities
Cisco Secure Web Appliance Range Request Bypass Vulnerability
Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities
Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities
Cisco Expressway Series Cross-Site Scripting Vulnerability
Cisco Secure Email and Web Manager and Secure Email Gateway Cross-Site Scripting Vulnerability
Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance SNMP Polling Information Disclosure Vulnerability
Microsoft Security
 
Microsoft February 2025 Security Update Guide
CVE-2025-21342 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2025-21283 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2025-21408 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Chromium: CVE-2025-0445 Use after free in V8
CVE-2025-21253 Microsoft Edge for IOS and Android Spoofing Vulnerability
Chromium: CVE-2025-0451 Inappropriate implementation in Extensions API
CVE-2025-21177 Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability
CVE-2025-21279 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2025-21267 Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2025-21404 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Chromium: CVE-2025-0444 Use after free in Skia
CISA Known Exploted Vulnerabilities
 
Paessler PRTG Network Monitor Local File Inclusion Vulnerability CVE-2018-19410
Paessler PRTG Network Monitor OS Command Injection Vulnerability CVE-2018-9276
Microsoft .NET Framework Information Disclosure Vulnerability CVE-2024-29059
Apache OFBiz Forced Browsing Vulnerability CVE-2024-45195
Linux Kernel Out-of-Bounds Write Vulnerability CVE-2024-53104
Sophos XG Firewall Buffer Overflow Vulnerability CVE-2020-15069
CyberoamOS (CROS) SQL Injection Vulnerability CVE-2020-29574
Microsoft Outlook Improper Input Validation Vulnerability CVE-2024-21413
Dante Discovery Process Control Vulnerability CVE-2022-23748
7-Zip Mark of the Web Bypass Vulnerability CVE-2025-0411
Trimble Cityworks Deserialization Vulnerability CVE-2025-0994

The known exploited vulnerabilities list contains vulnerabilities that are known to be actively exploited. They may not be new or recently discovered. Vulnerabilities listed here were added to this list in the past week.
Switch to Daily Mode
  We're thrilled to announce the launch of AdvisoryDaily, a once a day version of this newsletter.

Get AdvisoryDaily