Advisory Week


Week 15, 2025
National Cyber Awareness System
 
CISA Releases Six Industrial Control Systems Advisories
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA Releases Guidance on Credential Risks Associated with Potential Legacy Oracle Cloud Compromise
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Releases Nine Industrial Control Systems Advisories
Oracle Security Alerts
 
Oracle Critical Patch Update Advisory - April 2025
Mozilla Security Advisories
 
Security vulnerability fixed in Firefox 137.0.2 mfsa2025-25
Security Vulnerabilities fixed in Thunderbird ESR 128.9.2 mfsa2025-27
Security Vulnerabilities fixed in Thunderbird 137.0.2 mfsa2025-26
Ubuntu Security Notices
 
Erlang vulnerability: USN-7443-1
Ruby vulnerabilities: USN-7442-1
ImageMagick regression: USN-7440-1
LSN-0111-1: Kernel Live Patch Security Notice
QuickJS vulnerabilities: USN-7439-1
7-Zip vulnerabilities: USN-7438-1
Docker vulnerability: USN-7161-3
CImg library vulnerabilities: USN-7437-1
WebKitGTK vulnerabilities: USN-7436-1
Protocol Buffers vulnerability: USN-7435-1
Perl vulnerability: USN-7434-1
GraphicsMagick vulnerabilities: USN-7433-1
Red Hat Security Advisory
 
Important: Updated service-interconnect rhel9 container images for 1.8: RHSA-2025:4005
Important: Red Hat Advanced Cluster Management 2.12.3 container image updates: RHSA-2025:4002
Important: mod_auth_openidc:2.3 security update: RHSA-2025:3997
Moderate: Red Hat JBoss Enterprise Application Platform 8.0.7 security update: RHSA-2025:3992 / RHSA-2025:3990 / RHSA-2025:3989
Important: Multicluster Engine for Kubernetes 2.7.4 security updates: RHSA-2025:3987
Important: OpenShift Container Platform 4.13.57 bug fix and security update: RHSA-2025:3780
Important: postgresql security update: RHSA-2025:3978
Important: tigervnc security update: RHSA-2025:3976
Important: webkit2gtk3 security update: RHSA-2025:3974
Important: OpenShift Virtualization 4.16.7 Images: RHSA-2025:3973
Important: OpenShift Container Platform 4.15.49 bug fix and security update: RHSA-2025:3790
Important: OpenShift Container Platform 4.13.57 security and extras update: RHSA-2025:3779
Important: openvswitch3.1 security update: RHSA-2025:3970 / RHSA-2025:3963
Important: openvswitch3.4 security update: RHSA-2025:3965
Important: openvswitch3.3 security update: RHSA-2025:3964
Important: Logging for Red Hat OpenShift - 6.1.5: RHSA-2025:3907
Important: kpatch-patch-5_14_0-70_112_1, kpatch-patch-5_14_0-70_121_1, kpatch-patch-5_14_0-70_124_1, and kpatch-patch-5_14_0-70_85_1 security update: RHSA-2025:3961
Important: VolSync 0.11.2 security fixes and enhancements for RHEL 9: RHSA-2025:3959
Important: OpenShift Container Platform 4.17.25 bug fix and security update: RHSA-2025:3798
Moderate: OpenJDK 21.0.7 Security Update for Windows Builds: RHSA-2025:3857
Moderate: OpenJDK 21.0.7 Security Update for Portable Linux Builds: RHSA-2025:3856
Moderate: OpenJDK 17.0.15 Security Update for Windows Builds: RHSA-2025:3854
Moderate: OpenJDK 17.0.15 Security Update for Portable Linux Builds: RHSA-2025:3853
Moderate: OpenJDK 8u452 Windows Security Update: RHSA-2025:3847
Moderate: OpenJDK 8u452 Security Update for Portable Linux Builds: RHSA-2025:3846
Moderate: java-1.8.0-openjdk security update: RHSA-2025:3845 / RHSA-2025:3844
Important: Logging for Red Hat OpenShift - 6.0.7: RHSA-2025:3905
Moderate: OpenJDK 11.0.27 ELS Security Update for Portable Linux Builds: RHSA-2025:3850
Moderate: OpenJDK 11.0.27 ELS Security Update for Windows Builds: RHSA-2025:3849
Important: mod_auth_openidc security update: RHSA-2025:3945
Important: Logging for Red Hat OpenShift - 5.9.13: RHSA-2025:3906
Moderate: kernel security update: RHSA-2025:3937 / RHSA-2025:3935 / RHSA-2025:3931 / RHSA-2025:3903 / RHSA-2025:3893 / RHSA-2025:3887 / RHSA-2025:3880 / RHSA-2025:3832 / RHSA-2025:3827
Important: OpenShift Container Platform 4.18.9 bug fix and security update: RHSA-2025:3775
Important: OpenShift Container Platform 4.15.49 security and extras update: RHSA-2025:3789
Important: Red Hat OpenShift Dev Spaces 3.20.0 release: RHSA-2025:3932
Important: RHACS 4.7 security update: RHSA-2025:3930
Important: ACS 4.6 enhancement and security update: RHSA-2025:3929
Important: ACS 4.5 enhancement and security update: RHSA-2025:3928
Moderate: Red Hat OpenShift Service Mesh Containers for 2.5.10: RHSA-2025:3922
Moderate: kernel-rt security update: RHSA-2025:3901 / RHSA-2025:3894 / RHSA-2025:3889 / RHSA-2025:3861
Important: Red Hat multicluster global hub 1.3.3 bug fixes and container update: RHSA-2025:3863
Important: kernel-rt security update: RHSA-2025:3839
Important: kernel security update: RHSA-2025:3838
Moderate: openssh security update: RHSA-2025:3837
Important: gvisor-tap-vsock security update: RHSA-2025:3833
Moderate: glibc security update: RHSA-2025:3828
Cisco Security Advisory
 
Cisco Nexus Dashboard LDAP Username Enumeration Vulnerability
Cisco Webex App Client-Side Remote Code Execution Vulnerability
Cisco Secure Network Analytics Privilege Escalation Vulnerability
Atlassian Security Advisories
 
Security Bulletin - April 15 2025
Microsoft Security
 
Microsoft April 2025 Security Update Guide
Chromium: CVE-2025-3619 Heap buffer overflow in Codecs
Chromium: CVE-2025-3620 Use after free in USB
CVE-2025-29817 Microsoft Power Automate Desktop Information Disclosure Vulnerability
Github Security Advisories
 
[GHSA-22fp-mf44-f2mq] youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization
[GHSA-5423-jcjm-2gpv] Traefik affected by Go HTTP Request Smuggling Vulnerability
[GHSA-3wqc-mwfx-672p] Traefik affected by Go oauth2/jws Improper Validation of Syntactic Correctness of Input vulnerability
[GHSA-53q9-r3pm-6pq6] PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
[GHSA-h9w6-f932-gq62] ses's global contour bindings leak into Compartment lexical scope
[GHSA-mg2h-6x62-wpwc] Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass
[GHSA-7xq5-54jp-2mfg] Rasa Pro Missing Authentication For Voice Connector APIs
[GHSA-f8j4-p5cr-p777] Permission policy information leakage in Backstage permission system
[GHSA-42fh-pvvh-999x] Unregistered users can see "public" messages from a closed wiki via notifications from a different wiki
[GHSA-fhg8-qxh5-7q3w] NATS Server may fail to authorize certain Jetstream admin APIs
[GHSA-hf3c-wxg2-49q9] vLLM vulnerable to Denial of Service by abusing xgrammar cache
[GHSA-459x-q9hg-4gpq] Kyverno vulnerable to SSRF via Service Calls
[GHSA-qc59-cxj2-c2w4] aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role
[GHSA-m67m-3p5g-cw9j] VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
[GHSA-j752-cjcj-w847] Dpanel's hard-coded JWT secret leads to remote code execution
[GHSA-3988-q8q7-p787] ash_authentication has email link auto-click account confirmation vulnerability
[GHSA-6q87-84jw-cjhp] @sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params
[GHSA-472w-7w45-g3w5] Pleezer resource exhaustion through uncollected hook script processes
[GHSA-hmp7-x699-cvhq] Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR
[GHSA-rq77-p4h8-4crw] gorilla/csrf CSRF vulnerability due to broken Referer validation
[GHSA-vw58-ph65-6rxp] Directus inserts access token from query string into logs
CISA Known Exploted Vulnerabilities
 
SonicWall SMA100 Appliances OS Command Injection Vulnerability CVE-2021-20035
Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability CVE-2025-24054
Apple Multiple Products Arbitrary Read and Write Vulnerability CVE-2025-31201
Apple Multiple Products Memory Corruption Vulnerability CVE-2025-31200

The known exploited vulnerabilities list contains vulnerabilities that are known to be actively exploited. They may not be new or recently discovered. Vulnerabilities listed here were added to this list in the past week.
Switch to Daily Mode
  We're thrilled to announce the launch of AdvisoryDaily, a once a day version of this newsletter.

Get AdvisoryDaily