Cisco has released 10 security advisories addressing multiple vulnerabilities, including seven high and three medium severity advisories affecting Cisco IOS XR Software, which is a networking software system.
CVE-2025-20138 is an ‘improper neutralization of special elements used in an OS Command’ vulnerability with a CVSSv3 score of 8.8. Successful exploitation could allow an authenticated, remote attacker to execute arbitrary commands and elevate privileges on an affected device, provided that the attacker has valid read-only administrative credentials.
Read more…
Source: NHS Digital
Related:
- Apple says zero-day bugs exploited against ‘specific targeted individuals’ using iOS
April 16, 2025
Apple has released new software updates across its product line to fix two security vulnerabilities, which the company said may have been actively used to hack customers running its mobile software, iOS. In security advisories posted on its website, Apple confirmed it fixed the two zero-day vulnerabilities, which “may have been exploited in an extremely sophisticated ...
- Fortinet Releases Security Updates for FortiOS and FortiGate
April 11, 2025
Fortinet has released security updates for FortiOS to mitigate novel post-exploitation activity observed against FortiGate devices. The disclosure details a new persistence technique used by an attacker, in conjunction with known vulnerabilities, to maintain read-only access to FortiGate devices through the use of symbolic links even after the initial access vector has been remediated. Fortinet has ...
- Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks
April 10, 2025
In September 2024, NVIDIA released several updates to address a critical vulnerability (CVE-2024-0132) in its NVIDIA Container Toolkit. If exploited, this vulnerability could expose AI infrastructure, data, or sensitive information. With a CVSS v3.1 rating of 9.0, all customers were advised to update their affected software immediately. Further research, however, uncovered that the patch was incomplete. ...
- Trump orders federal investigation into former CISA director Chris Krebs
April 10, 2025
President Trump on Wednesday ordered a federal investigation into Chris Krebs, the former director of U.S. cybersecurity agency CISA. In a new executive order, Trump instructed the Department of Homeland Security, which houses CISA, and the U.S. attorney general to investigate Krebs, who was fired by the Trump administration in November 2020 soon after he publicly ...
- Patch Tuesday – April 2025
April 9, 2025
Microsoft is addressing 121 vulnerabilities this April 2025 Patch Tuesday, which is more than twice as many as last month. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, which is already reflected in CISA KEV. Once again, Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them ...
- Google fixes two actively exploited zero-day vulnerabilities in Android
April 8, 2025
Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published. The term reflects the amount of time that a vulnerable organization ...