Here are the CVE updates for the week of September 29th through October 5th.
🔴 Critical Severity Vulnerabilities
Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability (CISA KEV) | CVE-2025-10035
Description:
A deserialization vulnerability affects the License Servlet of Fortra’s GoAnywhere MFT. The servlet incorrectly accepts forged license responses with valid signatures, and as a result, it processes attacker-controlled objects. Consequently, attackers can inject malicious payloads that lead to command execution. Since exploitation only requires a forged license signature, attackers can easily escalate control.
Potential Impacts:
- Remote Code Execution (RCE): Attackers directly execute arbitrary commands on the server.
- System Compromise: Successful exploitation allows complete control of the MFT instance.
- Data Exfiltration or Tampering: Sensitive transfers and files may be stolen or altered.
- Supply Chain Risk: Malicious payloads could infiltrate business-critical workflows.
Mitigation Recommendations:
- Apply Security Updates: Install the patched release of GoAnywhere MFT once available.
- Restrict Access: Only trusted networks should access servlets and admin panels.
- Input Validation: Enforce strict validation of license responses to block unsafe deserialization.
- Monitoring & Logging: Continuously log and monitor license validation events to spot anomalies.
Jenkins Remote Code Execution Vulnerability (CISA KEV) | CVE-2017-1000353
Description:
Jenkins versions 2.56 and earlier, along with 2.46.1 LTS and earlier, contain a remote code execution flaw in the Jenkins CLI. Attackers can craft malicious Java SignedObject
payloads, and because Jenkins deserializes them insecurely, the objects execute immediately. Since no authentication is required, attackers gain direct control of the server.
Potential Impacts:
- Remote Code Execution: Arbitrary code runs under Jenkins process privileges.
- Server Takeover: Attackers can compromise the Jenkins master instance.
- Pipeline & Build Manipulation: Malicious jobs or plugins may be deployed.
- Credential Theft: Stored secrets can be stolen for further compromise.
Mitigation Recommendations:
- Upgrade Jenkins: Update to 2.54+ or LTS 2.46.2+, which block unsafe deserialization.
- Disable Remoting CLI: Explicitly disable the unsafe Java serialization CLI.
- Use HTTP CLI Protocol: Switch to the safer HTTP-based protocol.
- Restrict Access: Limit CLI access to trusted networks only.
Juniper ScreenOS Improper Authentication Vulnerability (CISA KEV) | CVE-2015-7755
Description:
Juniper ScreenOS versions 6.2.0r15–6.2.0r18 and 6.3.0–6.3.0r20 include a backdoor that bypasses authentication. Attackers can log in with a hardcoded password during SSH or Telnet sessions, and as a result, they obtain full administrative access. Consequently, devices become compromised even without valid credentials.
Potential Impacts:
- Full Administrative Access: Attackers gain unrestricted control of the device.
- Network Compromise: Because ScreenOS often runs in firewalls, entire networks may be exposed.
- Traffic Interception/Manipulation: Attackers may alter or intercept communications.
- Persistence: Hidden changes or implants may ensure long-term control.
Mitigation Recommendations:
- Upgrade ScreenOS: Apply the fixed releases (6.3.0r12b–6.3.0r21) immediately.
- Restrict Remote Access: Limit SSH/Telnet to trusted IPs only.
- Disable Telnet: Use secure protocols such as SSH with strong authentication.
- Monitor Logs: Continuously track suspicious administrative activity.
- Replace Legacy Devices: Transition away from unsupported ScreenOS versions.
Samsung Mobile Devices Out-of-Bounds Write Vulnerability (CISA KEV) | CVE-2025-21043
Description:
An out-of-bounds write flaw exists in libimagecodec.quram.so
before Samsung’s September 2025 SMR Release 1. Crafted files trigger improper memory handling, and as a result, attackers may overwrite memory and execute arbitrary code. Typically, exploitation requires convincing a victim to open a malicious image or media file.
Potential Impacts:
- Remote Code Execution: Attackers directly run arbitrary code on the device.
- Privilege Escalation: Code may execute with elevated system rights.
- Data Theft: Personal files and credentials may be exfiltrated.
- Device Compromise: Attackers can seize complete device control.
Mitigation Recommendations:
- Update to SMR Sep-2025 Release 1+: Apply Samsung’s official patch.
- Avoid Untrusted Files: Do not open suspicious images or attachments.
- Use Mobile Protections: Enable endpoint defense and mobile security features.
- Adopt Memory Safety Practices: Developers should use ASLR and CFI for stronger protection.
🟠 High Severity Vulnerabilities
Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CISA KEV)| CVE-2025-32463: Local attackers can abuse the --chroot
option in Sudo < 1.9.17p1 to load a malicious nsswitch.conf
. This gives them arbitrary code execution as root.
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability (CISA KEV)| CVE-2025-20352: A stack overflow in the SNMP subsystem enables attackers with SNMPv2c or SNMPv3 credentials to crash the system or execute code as root. Both IPv4 and IPv6 are vulnerable.
Adminer Server-Side Request Forgery Vulnerability (CISA KEV)| CVE-2021-21311: Adminer versions 4.0.0–4.7.8 allow crafted requests to arbitrary hosts. Attackers can use SSRF to bypass restrictions and exfiltrate data. The issue was fixed in version 4.7.9.
GNU Bash OS Command Injection Vulnerability (CISA KEV)| CVE-2014-6278: Known as Shellshock, Bash ≤ 4.3 incorrectly parses environment variables. Attackers can inject commands in contexts like OpenSSH ForceCommand
or Apache mod_cgi
.
Smartbedded Meteobridge Command Injection Vulnerability (CISA KEV)| CVE-2025-4008: The Meteobridge web interface fails to sanitize input in CGI scripts, allowing unauthenticated attackers to execute arbitrary root commands remotely.
🟡 Medium Severity Vulnerabilities
Libraesva Email Security Gateway Command Injection Vulnerability (CISA KEV)| CVE-2025-59689: Versions 4.5–5.5.x < 5.5.7 mishandle compressed email attachments. Attackers can inject system commands, gain full compromise, bypass security controls, and steal sensitive data.