In this week's Security Advisory:
- High Severity 7-zip Vulnerability Allows for Remote Code Execution
- Zyxel Zero-Day Under Active Exploitation
- Veeam Patches Critical Vulnerability Allowing MITM Code Execution
- Netgear Releases Patches for Two Critical Vulnerabilities
- Android Patches Actively Exploited Vulnerability in February Patch Cycle
- Security Updates Released for Google Chrome and Mozilla Products
It has been confirmed that this vulnerability is now being exploited in the wild. Threat actors are using 7-zip to deliver malware to unsuspecting users. It is recommended to upgrade to the latest version of 7-zip as soon as possible.
More Reading/Information
Original Advisory:
A high-severity 7-zip vulnerability, CVE-2025-0411 (CVSS 7/10), was released over the weekend. The vulnerability allows an attacker to bypass the Windows Mark of the Web Security feature, which is designed to identify files downloaded from unverified sources and flag them to restrict execution. By bypassing this feature, users would not be warned that a file extracted from 7-zip is malicious, and an attacker would be able to remotely execute on the user's device.
Affected Versions
- 7-zip versions before 24.09.
More Reading/Information
Zyxel Zero-Day Under Active Exploitation
Zyxel announced that this vulnerability affects devices that are at the end of support and will no longer receive patches. It is highly recommended to replace these devices if they are still in use as no patch will be made available. A full list of affected devices is included in the link below.
More Reading/Information
Original Advisory:
Security researchers issued a warning that a critical zero-day vulnerability affecting Zyxel CPE Series devices is being exploited in the wild. The vulnerability, CVE-2024-40891, is a critical command injection vulnerability that has not been publicly disclosed or patched. No patch is available currently, users are advised to follow the recommendations below if they use a Zyxel CPE device. Monitor Zyxel's security advisories for updates and apply patches or mitigations immediately, if released. Halt the use of devices that have reached end-of-life.
More Reading/Information
- https://www.greynoise.io/blog/active-exploitation-of-zero-day-zyxel-cpe-vulnerability-cve-2024-40891
Veeam Patches Critical Vulnerability Allowing MITM Code Execution
Veeam has published an advisory for CVE-2025-23114 (CVSS 9/10), which affects the Veeam updater component in multiple products. The vulnerability allows an attacker with root level permissions to execute arbitrary code on an affected server. Veeam's advisory does note that there is an option to receive automatic updates and if you have that enabled you should be running the latest version now.
Affected Versions
- A full list of affected versions can be found here
More Reading/Information
Netgear Releases Patches for Two Critical Vulnerabilities
Netgear has released two advisories affecting multiple versions of their Wi-Fi routers and wireless access point products. There are no CVE identifiers for these currently, however, they are tracked as PSV-2023-0039 (CVSS 9.8) and PSV-2024-0117 CVSS(9.6/10) on Netgear's site. The first vulnerability is an unauthenticated remote code execution vulnerability affecting three Wi-Fi routers. The second is an authentication bypass vulnerability affecting three wireless access point products.
Affected Versions
More Reading/Information
Android Patches Actively Exploited Vulnerability in February Patch Cycle
Android published its February Security Bulletin, which addressed forty-six vulnerabilities, one of which is under active exploitation. The exploited vulnerability is CVE-2024-53104 (CVSS 7.8/10). This vulnerability is an out-of-bounds write bug that can lead to privilege escalation on a vulnerable android device.
Affected Versions
- A full list of affected versions can be found here
More Reading/Information
Security Updates Released for Google Chrome and Mozilla Products
Google Chrome announced patches with an updated browser version, which has addressed twelve new vulnerabilities. Successful exploitation of these can lead to code execution, data corruption, and denial of service. Mozilla has released updates to Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR to address eleven vulnerabilities, including five high severity vulnerabilities.
More Reading/Information
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.
