24h | 7d | 30d

Overview

  • Meta
  • react-server-dom-webpack

03 Dec 2025
Published
06 Dec 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
77.80%

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 27 Posts
  • 53 Interactions

Last activity: Last hour

Fediverse

Profile picture

☕ & : CISA has moved the due date for mitigating CVE-2025-55182 (Meta React Server Components Remote Code Execution Vulnerability) up two weeks. It was initially set for December 26, but it is now due on December 12. IIRC, this is the first time the due date has been modified.

In all honesty, if you haven't already patched this vulnerability, it's likely too late. As a reminder, patching does not boot attackers, so you should check for indicators of compromise.

  • 11
  • 17
  • 1
  • 7h ago
Profile picture

⚠️ Podverse Alpha Update ⚠️

I'm shutting off the Alpha website for the night, as there is a critical security vulnerability with the version of Next.js it is using (CVE-2025-55182).

Should have it redeployed and patched tomorrow.

Good video explaining the CVE: youtube.com/watch?v=s81dVUM-cQM

Thanks to @suorcd or notifying me.

#podverse #pv2

  • 2
  • 7
  • 0
  • 14h ago
Profile picture

CVE-2025-55182

GG, no re.
And people wonder why we serve only static web pages at work. (it's a lot more effort, but at least nobody is gonna take over the web server itself)

  • 0
  • 5
  • 0
  • 23h ago
Profile picture

Exploitation of recent React RCE vul (CVE-2025-55182 - #React2Shell) leading to #Mirai infection ⤵️

Botnet Mirai C2 domains 📡:
effeminate.fuckphillipthegerman .ru
trap.fuckphillipthegerman .ru
tranny.fuckphillipthegerman .ru

Botnet Mirai C2 servers , all hosted at FORTIS 🇷🇺:
138.124.72.251:52896
138.124.69.154:60328
5.144.176.19:60328

Mirai #malware sample 🤖:
bazaar.abuse.ch/sample/ee2fe11

Payload delivery host 🌐:
urlhaus.abuse.ch/host/172.237.

Releated IOCs 🦊:
threatfox.abuse.ch/browse/tag/

  • 0
  • 5
  • 0
  • 16h ago
Profile picture

Hvis du troede, at eksploiteringen af #React2Shell hovedsageligt var begrænset til virksomheds-apps bygget med React-frameworket, kan Bitdefender fortælle, at exploiteringen er blevet adopteret af IoT-botnet-operatører, der bruger den til at gå efter smarte enheder, der muligvis bruger React til deres web-administrations-paneler
bitdefender.com/en-us/blog/lab

  • 0
  • 1
  • 0
  • 12h ago
Profile picture

Interesting payload detected by my Lophiid honeypots. It does a comprehensive job to obtain secrets (including using trufflehog and gitleaks).

Raw request here:
github.com/mrheinen/lophiid/bl

CVE-2025-55182

  • 0
  • 0
  • 0
  • 6h ago
Profile picture

❗ Aktualizujcie swoje UMAMI, pisaliśmy o nich niedawno. Podatność React:

"Podatność CVE-2025-55182, dotycząca RSC, występuje w wersjach 19.0, 19.1.0, 19.1.1 oraz 19.2.0 następujących modułów:

react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack"

react.dev/blog/2025/12/03/crit

  • 0
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture
> Weekly Report: JPCERT/CCが「React Server Componentsの脆弱性(CVE-2025-55182)について」を公開 https://www.jpcert.or.jp/wr/2025/wr251210.html#3
  • 0
  • 1
  • 0
  • 17h ago
Profile picture
The Nextjs Nightmare: How CVE-2025-55182 Exposes Your Web Apps and How This New Tool Automates the Exploit Introduction: A critical path traversal vulnerability, designated CVE-2025-55182, has been identified in Next.js, the popular React framework. This flaw allows unauthenticated attackers to…
  • 0
  • 1
  • 0
  • 17h ago
Profile picture
vercel.com/changelog/cve-2... Summary of CVE-2025-55182 - Vercel
  • 0
  • 1
  • 0
  • 16h ago
Profile picture
The React2Shell Nightmare: How a Single CVE-2025-55182 Flaw Can Obliterate Your Nextjs Infrastructure Introduction: A critical remote code execution (RCE) vulnerability, dubbed React2Shell (CVE-2025-55182), is actively exploiting a fundamental flaw in React Server Components (RSC) and Next.js…
  • 0
  • 1
  • 0
  • 13h ago
Profile picture
Interesting #react2shell payload detected by my Lophiid honeypots. It does a comprehensive job to obtain secrets (including using trufflehog and gitleaks). Raw request here: github.com/mrheinen/lop... CVE-2025-55182 #honeypot #dfir #infosec #cybersecurity #exploits
  • 0
  • 1
  • 0
  • 6h ago
Profile picture
📌 North Korean Hackers Suspected in React2Shell Attacks Exploiting CVE-2025-55182 https://www.cyberhub.blog/article/16561-north-korean-hackers-suspected-in-react2shell-attacks-exploiting-cve-2025-55182
  • 0
  • 0
  • 0
  • 21h ago
Profile picture
Protect against React RSC CVE-2025-55182 with Azure Web Application Firewall (WAF) by Yuval Pery techcommunity.microsoft.com/t5/azure-net...
  • 0
  • 0
  • 0
  • 20h ago
Profile picture
Exploitation of recent React RCE vul (CVE-2025-55182 - #React2Shell) leading to #Mirai infection ⤵️ Botnet Mirai C2 domains 📡: fuckphillipthegerman .ru Botnet Mirai C2 servers , all hosted at FORTIS 🇷🇺: 138.124.72.251:52896 138.124.69.154:60328 5.144.176.19:60328
  • 0
  • 0
  • 0
  • 16h ago
Profile picture
www.wiz.io/blog/critical-v... React2Shell (CVE-2025-55182): Critical React Vulnerability | Wiz Blog
  • 0
  • 0
  • 0
  • 16h ago
Profile picture
CVE-2025-55182 Exploitation Hits the Smart Home www.bitdefender.com/en-us/blog/l...
  • 0
  • 0
  • 0
  • 13h ago
Profile picture
📢 React2Shell (CVE-2025-55182) : GreyNoise observe une exploitation opportuniste à grande échelle 📝 Source et contexte: GreyNoise publie … https://cyberveille.ch/posts/2025-12-10-react2shell-cve-2025-55182-greynoise-observe-une-exploitation-opportuniste-a-grande-echelle/ #CVE_2025_55182 #Cyberveille
  • 0
  • 0
  • 0
  • 12h ago
Profile picture
⚠️ With the React2Shell vulnerability (CVE-2025-55182) now being actively exploited in the wild, some organizations may struggle to deploy patches quickly. To help reduce exposure, CrowdSec is releasing a free blocklist that tracks & blocks IPs currently involved 👉 app.crowdsec.net/blocklists/6...
  • 0
  • 0
  • 1
  • 12h ago
Profile picture
PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182
  • 0
  • 0
  • 0
  • 5h ago
Profile picture
CVE-2025–55182 (React2Shell) — Complete Bug Bounty Hunting Guide https://medium.com/@Aacle/cve-2025-55182-react2shell-complete-bug-bounty-hunting-guide-9cbfd15b6e47?source=rss------bug_bounty-5
  • 0
  • 0
  • 0
  • 4h ago
Profile picture
React2Shell Unmasked: Inside the 5-Hour Zero-Day Frenzy That Bypassed Every WAF Introduction: CVE-2025-55182, dubbed "React2Shell," is a critical remote code execution flaw in React Server Components with a maximum CVSS score of 10.0. Exploited in the wild by China-nexus actors within hours of…
  • 0
  • 0
  • 0
  • 3h ago
Profile picture
CVE-2025-55182 Exploitation Hits the Smart Home - React
  • 0
  • 0
  • 0
  • 1h ago
Profile picture
📌 React2Shell (CVE-2025-55182): Critical RCE Vulnerability in Next.js https://www.cyberhub.blog/article/16597-react2shell-cve-2025-55182-critical-rce-vulnerability-in-nextjs
  • 0
  • 0
  • 0
  • Last hour
Profile picture
Threat actors exploit CVE-2025-55182 in React Server Components to deliver cryptocurrency miners and novel malware: PeerBlight, CowTunnel, and ZinFoq.
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Microsoft
  • Windows 10 Version 1809

09 Dec 2025
Published
10 Dec 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
8.21%

Description

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Statistics

  • 5 Posts
  • 2 Interactions

Last activity: 8 hours ago

Fediverse

Profile picture

🚨 Microsoft patches 56 Windows vulnerabilities, incl. 2 zero-days. Actively exploited: privilege escalation in Cloud Files Mini Filter Driver (CVE-2025-62221). Patch ASAP to defend cloud-linked endpoints! radar.offseq.com/threat/micros

  • 0
  • 0
  • 0
  • 10h ago
Profile picture

Microsoft rilascia aggiornamenti urgenti per un bug zero-day di PLE sfruttato in Windows

Una vulnerabilità zero-day nel driver Windows Cloud Files Mini Filter (cldflt.sys) è attualmente oggetto di sfruttamento attivo. Microsoft ha provveduto al rilascio di aggiornamenti di sicurezza urgenti al fine di risolvere tale falla.

La classificazione della vulnerabilità è high, secondo il punteggio base CVSS v3.1, pari a 7,8; inoltre, secondo l’avviso rilasciato da Microsoft, risulta che gli aggressori stanno sfruttando exploit funzionanti sulle macchine al fine di ottenere i privilegi di SYSTEM.

Un’ampia gamma di sistemi operativi Windows, dalle più recenti versioni di Windows 11, come la 25H2, e Windows Server 2025, fino a Windows 10 versione 1809, è interessata da questa vulnerabilità di escalation dei privilegi (PLE).

La vulnerabilità è descritta come una debolezza Use-After-Free all’interno del Cloud Files Mini Filter Driver, un componente del kernel responsabile della gestione dei “segnaposto” e della sincronizzazione per i servizi di archiviazione cloud come OneDrive.

A differenza delle falle di esecuzione di codice in modalità remota (RCE) questa vulnerabilità viene sfruttata come fase secondaria nelle catene di attacco, in cui gli avversari hanno già messo piede nel sistema e cercano di aumentare i propri privilegi per persistere o disabilitare i controlli di sicurezza.

La falla consente infatti ad un aggressore con privilegi bassi e autenticato localmente di innescare uno stato di danneggiamento della memoria, consentendogli successivamente di eseguire codice arbitrario con i privilegi di sistema più elevati.

Microsoft Threat Intelligence Center (MSTIC) e Microsoft Security Response Center (MSRC) hanno individuato il bug , sottolineando che, sebbene la complessità dell’attacco sia bassa e non richieda alcuna interazione da parte dell’utente, l’aggressore deve aver stabilito l’accesso locale al computer di destinazione.

Gli amministratori dovrebbero dare priorità all’applicazione immediata di patch a questi sistemi, dato lo stato di sfruttamento attivo confermato.

L'articolo Microsoft rilascia aggiornamenti urgenti per un bug zero-day di PLE sfruttato in Windows proviene da Red Hot Cyber.

  • 0
  • 0
  • 0
  • 11h ago

Bluesky

Profile picture
🚨 Microsoft’s Dec 2025 Patch Advisory is live! 50+ vulnerabilities patched across Windows, Office, Outlook, SharePoint, Azure Monitor & more, including multiple Critical RCEs and an actively exploited CLFS EoP (CVE-2025-62221). 🛡️ Patch now → stay resilient. www.sequretek.com/resources/re...
  • 1
  • 1
  • 0
  • 8h ago
Profile picture
「この内 CVE-2025-62221 の脆弱性について、Microsoft 社では悪用の事実を確認済みと公表しており、今後被害が拡大するおそれがあるため、至急、セキュリティ更新プログラムを適用してください。」
  • 0
  • 0
  • 0
  • 16h ago
Profile picture
マイクロソフト、2025年12月の月例パッチで悪用されるゼロデイ含む脆弱性57件を修正(CVE-2025-62221ほか) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/42977/
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • RARLAB
  • WinRAR

21 Jun 2025
Published
10 Dec 2025
Updated

CVSS v3.0
HIGH (7.8)
EPSS
8.03%

Description

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.

Statistics

  • 4 Posts
  • 1 Interaction

Last activity: 3 hours ago

Fediverse

Profile picture

🚨 CVE-2025-6218: RARLAB WinRAR Path Traversal Vulnerability has been added to the CISA KEV Catalog

CVSS: 7.8

darkwebinformer.com/cisa-kev-c

  • 0
  • 0
  • 0
  • 19h ago

Bluesky

Profile picture
CISA warns WinRAR CVE-2025-6218 is under active attack by multiple threat groups, requiring federal fixes by Dec. 30, 2025.
  • 0
  • 1
  • 0
  • 4h ago
Profile picture
A path traversal vulnerability in the Windows version of WinRAR (CVE-2025-6218) enables code execution and has active exploitation. The flaw […]
  • 0
  • 0
  • 0
  • 8h ago
Profile picture
Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups #thehackersnews
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Gogs
  • Gogs
  • Gogs

10 Dec 2025
Published
10 Dec 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
Pending

KEV

Description

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

Statistics

  • 2 Posts
  • 16 Interactions

Last activity: 3 hours ago

Fediverse

Profile picture

🚨 With folks (rightfully) abandoning GitHub for other pastures, some are turning to self-hosting. One option is Gogs, and the epic team at Wiz says you gotta patch since there's an 0-day in the wild (pls RT for reach and someone pls post on the stupid fosstodon server b/c the folks there are likely to be doing this)

wiz.io/blog/wiz-research-gogs-

  • 11
  • 4
  • 0
  • 3h ago

Overview

  • Microsoft
  • Windows 10 Version 1809

09 Dec 2025
Published
10 Dec 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.16%

KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally.

Statistics

  • 3 Posts

Last activity: 4 hours ago

Fediverse

Profile picture

As Microsoft explains, this mitigates a high-severity PowerShell remote code execution vulnerability (CVE-2025-54100), which primarily affects enterprise or IT-managed environments that use PowerShell scripts for automation, since PowerShell scripts are not as commonly used
2/3

  • 0
  • 0
  • 0
  • 14h ago
Profile picture

Le patch pour la vulnérabilité CVE-2025-54100 peut avoir un impact sur vos scripts PowerShell it-connect.fr/windows-powershe #Cybersécurité #Logiciel-OS #Powershell #Microsoft

  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Ivanti
  • Endpoint Manager

09 Dec 2025
Published
10 Dec 2025
Updated

CVSS v3.1
CRITICAL (9.6)
EPSS
0.11%

KEV

Description

Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.

Statistics

  • 3 Posts
  • 3 Interactions

Last activity: 3 hours ago

Fediverse

Profile picture

🚨 CRITICAL: Fortinet, Ivanti, SAP patch auth bypass & code exec flaws (e.g. CVE-2025-59718, CVE-2025-10573, CVE-2025-42880). Affects FortiOS, FortiWeb, Ivanti Endpoint Manager, SAP Solution Manager. Patch ASAP & disable risky features! radar.offseq.com/threat/fortin

  • 1
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture
Ivanti、EPMの重大なRCE欠陥について警告(CVE-2025-10573) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/42995/
  • 1
  • 0
  • 0
  • 14h ago
Profile picture
Tracked as CVE-2025-10573 with a CVSS score of 9.6, the flaw was patched on December 9, 2025, with the release of Ivanti EPM 2024 SU4 SR1.
  • 0
  • 1
  • 0
  • 3h ago

Overview

  • Fortinet
  • FortiWeb

09 Dec 2025
Published
10 Dec 2025
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.10%

KEV

Description

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Statistics

  • 3 Posts

Last activity: 14 hours ago

Fediverse

Profile picture

Vulnerabilità critica in FortiOS e altri prodotti Fortinet: aggiornamenti urgenti

Una vulnerabilità critica, monitorata con il codice CVE-2025-59719, riguarda le linee di prodotti FortiOS, FortiWeb, FortiProxy e FortiSwitchManager è stata segnalata da Fortinet tramite un avviso di sicurezza urgente. Tale avviso è stato emesso in relazione a falle di sicurezza che interessano tali prodotti.

Un aggressore potrebbe ottenere l’accesso amministrativo non autorizzato al dispositivo creando un messaggio SAML specifico, se la vulnerabilità viene sfruttata. Tale vulnerabilità è causata dall’incapacità del dispositivo di verificare in modo corretto le firme dei messaggi SAML.
Pannello CVE Details di Red Hot Cyber
Fortinet raccomanda ai propri clienti di procedere con l’aggiornamento alle versioni più recenti che seguono. Per quelle organizzazioni che non sono in grado di applicare le patch immediatamente, è stata messa a disposizione una soluzione provvisoria. Disabilitanto la funzionalità di accesso a FortiCloud, gli amministratori sono in grado di ridurre il rischio.

La falla di sicurezza, identificata come Verifica impropria della firma crittografica (CWE-347), potrebbe consentire a un aggressore non autenticato di aggirare l’autenticazione di accesso Single Sign-On (SSO) di FortiCloud.

Quando un amministratore registra un dispositivo su FortiCare tramite l’interfaccia utente grafica (GUI), l’opzione “Consenti accesso amministrativo tramite FortiCloud SSO” è abilitata per impostazione predefinita. A meno che l’amministratore non disattivi esplicitamente questa opzione durante la registrazione, il dispositivo diventa immediatamente vulnerabile a questo bypass.

La scoperta del problema è stata fatta internamente da Theo Leleu e Yonghui Han del team di sicurezza dei prodotti Fortinet, e l’informazione è stata resa pubblica il 9 dicembre 2025. La funzionalità SSO di FortiCloud, costituisce un rischio considerevole soprattutto negli ambienti di rete distribuiti.

L'articolo Vulnerabilità critica in FortiOS e altri prodotti Fortinet: aggiornamenti urgenti proviene da Red Hot Cyber.

  • 0
  • 0
  • 0
  • 14h ago

Bluesky

Profile picture
Fortinet、FortiCloud SSOログイン認証バイパスの重大な脆弱性について警告(CVE-2025-59718、CVE-2025-59719) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/42981/
  • 0
  • 0
  • 0
  • 16h ago
Profile picture
Fortinet warns of critical FortiCloud SSO login auth bypass flaws (CVE-2025-59718 and CVE-2025-59719) #patchmanagement
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Apache Software Foundation
  • Apache Struts
  • org.apache.struts:struts2-core

01 Dec 2025
Published
01 Dec 2025
Updated

CVSS
Pending
EPSS
0.12%

KEV

Description

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

Statistics

  • 2 Posts
  • 3 Interactions

Last activity: 6 hours ago

Fediverse

Profile picture

Related to this one.

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.\n\nThis issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.\n\nUsers are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.\n\nIt's related to cve.org/CVERecord?id=CVE-2025- - this CVE addresses missing affected version 6.7.4

cwiki.apache.org/confluence/di

  • 0
  • 3
  • 0
  • 6h ago

Bluesky

Profile picture
SIOSセキュリティブログを更新しました。 Apache Struts 2の脆弱性(Important: CVE-2025-66675 (Old: CVE-2025-64775)) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #apache #struts security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • SAP_SE
  • SAP Solution Manager

09 Dec 2025
Published
10 Dec 2025
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
0.05%

KEV

Description

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availability of the system.

Statistics

  • 2 Posts
  • 2 Interactions

Last activity: 15 hours ago

Fediverse

Profile picture

🚨 CRITICAL: Fortinet, Ivanti, SAP patch auth bypass & code exec flaws (e.g. CVE-2025-59718, CVE-2025-10573, CVE-2025-42880). Affects FortiOS, FortiWeb, Ivanti Endpoint Manager, SAP Solution Manager. Patch ASAP & disable risky features! radar.offseq.com/threat/fortin

  • 1
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture
SAP fixes three critical vulnerabilities across multiple products SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws. The most severe (CVSS score: 9.9) of all the issues is CVE-2025-42880, a code…
  • 1
  • 0
  • 0
  • 19h ago

Overview

  • Fortinet
  • FortiSwitchManager

09 Dec 2025
Published
10 Dec 2025
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.09%

KEV

Description

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Statistics

  • 3 Posts
  • 1 Interaction

Last activity: 15 hours ago

Fediverse

Profile picture

🚨 CRITICAL: Fortinet, Ivanti, SAP patch auth bypass & code exec flaws (e.g. CVE-2025-59718, CVE-2025-10573, CVE-2025-42880). Affects FortiOS, FortiWeb, Ivanti Endpoint Manager, SAP Solution Manager. Patch ASAP & disable risky features! radar.offseq.com/threat/fortin

  • 1
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture
Fortinet、FortiCloud SSOログイン認証バイパスの重大な脆弱性について警告(CVE-2025-59718、CVE-2025-59719) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/42981/
  • 0
  • 0
  • 0
  • 16h ago
Profile picture
Fortinet warns of critical FortiCloud SSO login auth bypass flaws (CVE-2025-59718 and CVE-2025-59719) #patchmanagement
  • 0
  • 0
  • 0
  • 15h ago
Showing 1 to 10 of 43 CVEs