In this week's Security Advisory:
Ivanti has published an advisory detailing vulnerabilities affecting its Avalanche, Application Control Engine, and Endpoint Manager. Four (4) of these vulnerabilities allow for patch traversal in Ivanti EPM that could allow remote, unauthenticated users to access sensitive information. The Avalanche patch addresses issues for three high-severity path traversal vulnerabilities that remote unauthenticated users could exploit as well. The Application Control Engine received patches for one high-severity vulnerability, which would require authentication to be exploited.
Please note that these vulnerabilities are different from the Priority Advisory from last week.
Affected Versions
More Reading/Information
Tuesday, Microsoft announced patches for one hundred and fifty-nine (159) vulnerabilities, including eight (8) zero-day vulnerabilities, three (3) of which are being exploited in the wild, and twelve (12) critical vulnerabilities that can lead to remote code execution, privilege escalation, and information disclosures. The three (3) being exploited currently are CVE-2025-21333 (CVSS 7.8/10), CVE-2025-21334 (CVSS 7.8/10), and CVE-2025-21335 (CVSS 7.8/10). These vulnerabilities affect Windows Hyper-V and were exploited to gain SYSTEM privileges on Windows devices.
Affected Versions
More Reading/Information
Last month Apple released macOS Sequoia 15.2 to address a few vulnerabilities. One of those, CVE-2024-44243 (CVSS 5.5), could allow an attacker with "root" privileges to bypass the OS's System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party extensions. SIP is a security framework that enforces protections against the root user account by only allowing modifications to protected parts of the operating system with a signature signed by Apple.
Affected Versions
More Reading/Information
Six vulnerabilities have been patched in the newest version of file-synchronizing tool Rsync. The most severe vulnerability, CVE-2024-12084 (CVSS 9.8/10), is a heap buffer overflow vulnerability. An attacker would only need anonymous read access to a Rsync server to have the ability to execute arbitrary code on the server the program runs on.
Affected Versions
More Reading/Information
Aviatrix Controller is a tool that enhances operational visibility for multi-cloud environments. The vulnerability, CVE-2024-50603 (CVSS 10/10), is a remote command execution vulnerability that threat actors have been using to install backdoors and crypto miners. The issue stems from inadequate input sanitization in some API actions, which allows attackers to inject malicious commands into the OS. A proof-of-concept exploit was released on GitHub recently which has led to this vulnerability being exploited in the wild.
Affected Versions
More Reading/Information
Juniper Networks has released patches for dozens of high-severity vulnerabilities in Junos OS, Junos OS Evolved, and Juniper Tunnel Driver (JTD). The vulnerabilities can lead to unauthenticated attackers sending malformed packets to cause denial-of-service conditions and access sensitive information.
Affected Versions
More Reading/Information
Google Chrome announced patches with an updated browser version, which has addressed sixteen (16) vulnerabilities. These vulnerabilities range from out-of-bounds memory access, buffer overflows, and inappropriate code implementations.
Adobe has announced patches for over a dozen vulnerabilities affecting Adobe Photoshop, Substance 3D Stager, Illustrator for iPad, Adobe Animate, and Adobe Substance 3D Designer. The most critical vulnerabilities CVE-2025-21127 and CVE-2025-21122 affect Adobe Photoshop. Adobe strongly advises organizations to update urgently since successful exploitation can lead to remote code execution.
More Reading/Information
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.