In this week's Security Advisory:
Fortinet announced that a new vulnerability, CVE-2025-24472, was added to its advisory recently that affects the same versions of FortiOS and FortiProxy as the below vulnerability did. This new vulnerability has been exploited, but the patch was released in January. It is recommended to ensure you have upgraded to the most recent version.
More Reading/Information
Original Advisory:
Fortinet has released details on a zero-day vulnerability that affects their FortiOS and FortiProxy products. The issue tracked as CVE-2024-55591 (CVSS 9.8/10), is an authentication bypass vulnerability that allows an unauthenticated attacker to create a user with super admin privileges. It has been confirmed that this vulnerability is actively exploited in the wild.
Once a rogue account is established, attackers have been observed altering firewall configurations and policies to allow for persistent VPN access into a victim's environment.
Affected Versions
More Reading/Information
A Proof-of-Concept is now available for the below vulnerability, increasing the likelihood of exploitation. It is recommended that you ensure your devices are patched.
Original Advisory:
SonicWall has posted an advisory regarding 4 CVE's which may be chained to allow an unauthenticated attacker remote code execution. They have cited CVE-2024-53704 (CVSS 8.2/10), an authentication bypass, as the most critical. The vulnerability lies in the SSL VPN and SSH management interfaces.
Affected Versions
A full list of affected SonicWall firewalls can be found here
More Reading/Information
Cisco has released an advisory detailing two vulnerabilities, CVE-2025-20124 (CVSS 9.9/10) and CVE-2025-20125 (CVSS 9.1/10). This affects its Identity Services Engine (ISE) platform. This tool is typically used as an Identity and Access Management solution by administrators. If exploited, an authenticated remote attacker would be able to execute commands as root and bypass authorization on unpatched devices. This could be done with just read-only admin permissions.
Affected Versions
More Reading/Information
Microsoft announced patches for fifty-five vulnerabilities, including four zero-day vulnerabilities, two of which are being exploited in the wild. The vulnerabilities in total can lead to remote code execution, privilege escalation, denial of service, spoofing, and feature bypasses. Three of these were rated critical, all of those being remote code execution vulnerabilities.
Affected Versions
More Reading/Information
SAP has released its February patch release nineteen new vulnerabilities. The highest severity vulnerability is CVE-2025-0064 (CVSS 8.7/10) which is an improper authorization issue in Business Objects. This vulnerability can allow authenticated attackers to impersonate any user in the system.
Affected Versions
More Reading/Information
Adobe has released patches for forty-five vulnerabilities across multiple products. Thirty-one of the new vulnerabilities affect its Adobe Commerce application. Adobe has marked all the vulnerabilities in this application as critical. It is recommended to patch these with urgency. There are no reports of active exploitation for these vulnerabilities.
Affected Versions
A full list of affected versions can be found here
More Reading/Information
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.