In this week's Security Advisory:
- Cisco Announces CSLU Backdoor Admin Account Being Exploited
- Proof-of-Concept Released for Kentico Xperience CMS
- Splunk Patches Multiple Vulnerabilities Affecting Different Products
- Apple Releases Patches for Multiple Vulnerabilities
- Canon Provides Update on Critical Driver Vulnerability
- Security Updates Released for Google Chrome and Mozilla Products
Cisco is warning customers to patch vulnerability CVE-2024-20439 (CVSS 9.8/10). This affects Cisco's Smart Licensing Utility (CSLU), and the vulnerability exposes a built-in backdoor admin account that is being used in attacks. This was originally patched in September 2024, but due to recent exploit attempts, it was added to CISA's Known Exploited Vulnerabilities Catalog. It is recommended this application be placed behind a firewall or VPN. CyberMaxx strongly recommends you ensure those applications are also running the latest version.
Affected Versions
- CSLU versions 2.0.0, 2.1.0, 2.2.0, and 2.3.0.
More Reading/Information
- https://www.bleepingcomputer.com/news/security/cisco-warns-of-cslu-backdoor-admin-account-used-in-attacks/
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw
Proof-of-Concept Released for Kentico Xperience CMS
A new vulnerability, CVE-2025-2748, affecting Kentico Xperience CMS has been discovered. From the Proof-of-Concept, it appears this stems from unauthenticated users having the ability to fetch resources, and unauthenticated users can also bypass file extension restrictions by uploading a ZIP archive to a temporary directory. Chaining these together can allow an unauthenticated attacker the ability to execute code remotely on the application. Since a Proof-of-Concept exploit has been released, it is recommended to patch this as soon as possible.
Affected Versions
- Kentico Xperience up to 13.0.178.
More Reading/Information
- https://cybersecuritynews.com/kentico-xperience-cms-xss-vulnerability/
- https://devnet.kentico.com/download/hotfixes
Splunk Patches Multiple Vulnerabilities Affecting Different Products
Splunk has released patches for dozens of vulnerabilities affecting multiple products. The most severe vulnerabilities affect Splunk Enterprise and the Secure Gateway App. The two vulnerabilities, CVE-2025-20229 (CVSS 8/10) and CVE-2025-20231 (7.1/10). The first vulnerability allows a low privileged user to perform a remote code execution through a file upload due to the directory missing authorization checks. The second vulnerability allows a low-privileged user to run a search with higher level permissions, which could lead to information disclosure.
Affected Versions
- A full list of affected versions can be found here
More Reading/Information
- https://advisory.splunk.com/advisories
- https://www.securityweek.com/splunk-patches-dozens-of-vulnerabilities/
Apple Releases Patches for Multiple Vulnerabilities
Apple has announced updates to a variety of its products addressing multiple vulnerabilities, including two zero-day vulnerabilities affecting older iOS versions. The vulnerabilities include CVE-2025-24201 (CVSS 8.8/10) and CVE-2025-24200 (CVSS 6.1/10). Apple also patched dozens of other vulnerabilities affecting multiple iOS products.
Affected Versions
- A full list can be found here
More Reading/Information
- https://support.apple.com/en-us/100100
- https://thehackernews.com/2025/04/apple-backports-critical-fixes-for-3.html
- https://www.securityweek.com/apple-patches-recent-zero-days-in-older-iphones/
Canon Provides Update on Critical Driver Vulnerability
Canon has released new printer drivers to remediate CVE-2025-1268 (CVSS 9.4/10). This vulnerability can allow an attacker to execute arbitrary code and prevent printing. Canon also released advisories for other products on their noticeboard.
Affected Versions
- Generic Plus PCL6 Printer Driver – V3.12 and earlier.
- Generic Plus UFR II Printer Driver - V3.12 and earlier.
- Generic Plus LIPS4 Printer Driver - V3.12 and earlier.
- Generic Plus LIPSLX Printer Driver - V3.12 and earlier.
- Generic Plus PS Printer Driver - V3.12 and earlier.
More Reading/Information
- https://psirt.canon/advisory-information/cp2025-003/
- https://www.usa.canon.com/support/canon-product-advisories
- https://www.securityweek.com/critical-vulnerability-found-in-canon-printer-drivers/
Security Updates Released for Google Chrome and Mozilla Products
Google Chrome announced patches with an updated browser version, which has addressed fourteen new vulnerabilities. Mozilla has released updates to Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR to address eight vulnerabilities, including three high-severity vulnerabilities.
More Reading/Information
- https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/
- https://www.securityweek.com/chrome-135-firefox-137-patch-high-severity-vulnerabilities/
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.
