CVE-2025-43300

Overview

Apple
iOS and iPadOS

21 Aug 2025

Published

15 Sep 2025

Updated

CVSS

Pending

EPSS

0.24%

MITRE

KEV

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Statistics

11 Posts
2 Interactions

Last activity: 1 hour ago

Fediverse

Christoph Schmees @PC_Fluesterer

Apple aktualisiert alles – und vergibt neue Nummern

Auch im September veröffentlicht Apple Updates für fast seine sämtlichen Systeme. VisionOS wird nicht aktualisiert, obwohl es auch einige der jetzt geflickten (und damit bekannten) Sicherheitslücken enthält. Eine Zählung ist schwierig bis unmöglich, da Apple wie immer krampfhaft um Intransparenz bemüht ist. Über das Risikopotential der einzelnen Lücken sagt die Firma schon mal gar nichts. Einzig die "Sicherheitslücke" (Hintertür) CVE-2025-43300, die zusammen mit WhatsApp für Zero-Click Infektion mit Staatstrojanern benutzt wurde, ist gut bekannt.

https://www.pc-fluesterer.info/wordpress/2025/09/16/apple-aktualisiert-alles-und-vergibt-neue-nummern/

#Empfehlung #Hintergrund #Warnung #0day #apple #cybercrime #ios #macos #sicherheit #vorbeugen

1
0
0
22h ago

CyberDigests.com @cyberdigests

Apple Zero-Day Exploited

#Apple has revealed several vulnerabilities, including a critical #zero-day (CVE-2025-43300) currently being exploited by attackers. These flaws could allow for remote code execution and data compromise, posing a severe risk to users. Immediate patching of affected Apple devices is strongly recommended.
https://cyberdigests.com/article/200
#exploit #vulnerability #threatintel #cybersec

1
0
0
9h ago

Bluesky

blackhatnews.tokyo @blackhatnews.tokyo

Apple、巧妙なスパイウェア攻撃で悪用されたCVE-2025-43300の修正をバックポート 2025年9月16日Ravie Lakshmanan脆弱性 / スパイウェア Appleは月曜日、最近修正されたセキュリティ脆弱性に対する修正を、すでに実際に悪用されていることを受けてバックポートしました。問題となっている脆弱性はCVE-2025-43300（CVSSスコア: 8.8）で、ImageIOコンポーネントにおけるバッファオーバーフロー（アウト・オブ・バウンズ書き込み）により、悪意のある画像ファイルを処理する際にメモリ破損が発生する可能性があります。…

0
0
0
19h ago

Ninja Owl @ninjaowl.ai

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...

0
0
2
19h ago

InfoSec Industry @infosecindustry.bsky.social

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in…

0
0
1
19h ago

matricedigitale.bsky.social @matricedigitale.bsky.social

Apple backporta CVE-2025-43300; FileFix diffonde StealC via steganografia; abusato RMM PDQConnect in Italia. #evidenza #FileFix #INFOSTEALER #malware #PDQConnectRMM #phishing #Stealc #steganografia #zeroday www.matricedigitale.it/2025/09/16/z...

0
0
0
17h ago

Packet Storm News @packetstorm.bsky.social

Apple Backports FIx For CVE-2025-43300 Exploited In Sophisticated Spyware Attack https://packetstorm.news/news/view/38815 #news

0
0
0
13h ago

InfoSec Industry @infosecindustry.bsky.social

Apple backports fix for actively exploited CVE-2025-43300 Apple announced it has backported patches for a recently addressed actively exploited vulnerability tracked as CVE-2025-43300. Apple has backported security patches released to address an actively exploited vulnerability tracked as…

0
0
0
1h ago

CVE-2024-7344

Overview

Radix
SmartRecovery

14 Jan 2025

Published

15 Sep 2025

Updated

CVSS

Pending

EPSS

0.08%

MITRE

KEV

Description

Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

Statistics

7 Posts
2 Interactions

Last activity: 2 hours ago

Fediverse

geeknik @geeknik

HybridPetya pwns UEFI Secure Boot via CVE-2024-7344, scrambles your NTFS MFT, wants $1k in Bitcoin.
https://thehackernews.com/2025/09/new-hybridpetya-ransomware-bypasses.html

0
0
1
14h ago

Bluesky

tamosan @tamosan.bsky.social

『EFIシステムパーティション上に悪意あるEFIアプリケーションをインストールする』：新ランサムウェアHybridPetya、CVE-2024-7344のエクスプロイトでUEFIセキュアブートをバイパス | Codebook｜Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/40860/

1
1
0
2h ago

guardian360.bsky.social @guardian360.bsky.social

New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit thehackernews.com/2025/09/ne...

0
0
0
23h ago

ohhara @shiojiri.com

新ランサムウェアHybridPetya、CVE-2024-7344のエクスプロイトでUEFIセキュアブートをバイパス | Codebook｜Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/40860/

0
0
0
22h ago

CyberVeille @cyberveille-ch.bsky.social

📢 HybridPetya : un clone de NotPetya capable de compromettre l’UEFI et de contourner Secure Boot 📝 Selon ESET Research, HybridPetya a été … https://cyberveille.ch/posts/2025-09-15-hybridpetya-un-clone-de-notpetya-capable-de-compromettre-luefi-et-de-contourner-secure-boot/ #CVE_2024_7344 #Cyberveille

0
0
0
8h ago

tamosan @tamosan.bsky.social

関連：UEFIセキュアブートに潜在する脅威：CVE-2024-7344 | ESET https://www.eset.com/jp/blog/welivesecurity/under-cloak-uefi-secure-boot-introducing-cve-2024-7344-jp/

0
0
0
2h ago

CVE-2025-41249

Overview

VMware
Spring Framework

16 Sep 2025

Published

16 Sep 2025

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.04%

MITRE

KEV

Description

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature. You are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces. This CVE is published in conjunction with CVE-2025-41248 https://spring.io/security/cve-2025-41248 .

Statistics

4 Posts
1 Interaction

Last activity: 10 hours ago

Fediverse

Stéphane Nicoll @snicoll

Time to upgrade! Spring Framework addresses CVE-2025-41249

The fix is available in Spring Framework 6.2.11 (OSS), 5.3.45 (Enterprise), and 6.1.23 (Enterprise).

Tanzu Spring customers can also upgrade to Spring Boot 2.7.29.1, 3.2.18.1, and 3.3.15.1.

https://spring.io/security/cve-2025-41249

#spring #java #security

0
1
1
22h ago

Offensive Sequence @offseq

🚨 CVE-2025-41249 (HIGH, CVSS 7.5) hits VMware Spring Framework (5.3.x, 6.1.x, 6.2.x). Annotation detection flaw with @EnableMethodSecurity may allow unauthorized access to protected methods. Review code & prep for updates! https://radar.offseq.com/threat/cve-2025-41249-vulnerability-in-vmware-spring-fram-c2ba4cb4 #OffSeq #SpringFramework #AppSec

0
0
0
20h ago

Bluesky

CrowdCyber @crowdcyber.bsky.social

Spring Framework and Spring Security Vulnerabilities Expose Authorization Bypass Risks (CVE-2025-41248 & CVE-2025-41249)

0
0
0
10h ago

CVE-2025-6202

Overview

SK Hynix
DDR5

15 Sep 2025

Published

15 Sep 2025

Updated

CVSS v4.0

HIGH (7.1)

EPSS

0.01%

MITRE

KEV

Description

Vulnerability in SK Hynix DDR5 on x86 allows a local attacker to trigger Rowhammer bit flips impacting the Hardware Integrity and the system's security. This issue affects DDR5: DIMMs produced from 2021-1 until 2024-12.

Statistics

2 Posts
1 Interaction

Last activity: 15 hours ago

Fediverse

tomcat @tomcat

🔥 New hardware hack ALERT:

ETH Zürich + Google just broke SK Hynix DDR5 memory wide open.

➡️ “Phoenix” (CVE-2025-6202) gets ROOT in 109s on SK Hynix chips
➡️ ECC & TRR defenses? ❌ Bypassed
➡️ RSA keys + sudo at risk

Full story → https://thehackernews.com/2025/09/phoenix-rowhammer-attack-bypasses.html

💡 Only fix: crank DRAM refresh rate 3×.

0
1
0
22h ago

Bluesky

CyberVeille @cyberveille-ch.bsky.social

📢 Phoenix: une nouvelle attaque Rowhammer casse les DDR5 SK Hynix malgré TRR et ODECC 📝 Source: Computer Security Group (ETH Zurich) via comsec.eth… https://cyberveille.ch/posts/2025-09-16-phoenix-une-nouvelle-attaque-rowhammer-casse-les-ddr5-sk-hynix-malgre-trr-et-odecc/ #CVE_2025_6202 #Cyberveille

0
0
0
15h ago

CVE-2025-21043

Overview

Samsung Mobile
Samsung Mobile Devices

12 Sep 2025

Published

13 Sep 2025

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.10%

MITRE

KEV

Description

Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.

Statistics

3 Posts

Last activity: 6 hours ago

Bluesky

innovaTopia @innovatopia.bsky.social

Samsung、Galaxy全機種に緊急アップデート配信ゼロデイ脆弱性「CVE-2025-21043」の実攻撃を確認ーイノベトピア innovatopia.jp/cyber-securi... この脆弱性の技術的な側面を説明すると、問題の核心は「libimagecodec.quram.so」という画像処理ライブラリにあります。このライブラリは、スマートフォンが画像ファイルを処理する際に使用される重要なコンポーネントで、メモリの境界外書き込みという脆弱性を抱えていました。攻撃者は悪意のある画像ファイルを送信することで、標的のデバイス上で任意のコードを実行できる状況が生まれていたのです。

0
0
1
22h ago

セキュリティ対策Lab @securitylab-jp.bsky.social

サムスンのスマートフォンを狙ったWhatsApp関連ゼロデイ脆弱性、9月の月例アップデートで修正(CVE-2025-21043) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security

0
0
0
6h ago

CVE-2025-5086

Overview

Dassault Systèmes
DELMIA Apriso

02 Jun 2025

Published

12 Sep 2025

Updated

CVSS v3.1

CRITICAL (9.0)

EPSS

63.95%

MITRE

KEV

Description

A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.

Statistics

2 Posts

Last activity: Last hour

Bluesky

CyberVeille @cyberveille-ch.bsky.social

📢 Exploits en cours contre Dassault DELMIA Apriso (CVE-2025-5086) via désérialisation .NET 📝 Selon le SANS Internet Storm Center (diary de Johan… https://cyberveille.ch/posts/2025-09-16-exploits-en-cours-contre-dassault-delmia-apriso-cve-2025-5086-via-deserialisation-net/ #CVE_2025_5086 #Cyberveille

0
0
0
14h ago

Lorenzo Ordóñez @lordman1982.bsky.social

Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning thehackernews.com/2025/09/crit...

0
0
0
Last hour

CVE-2025-30749

Overview

Oracle Corporation
Oracle Java SE

15 Jul 2025

Published

16 Jul 2025

Updated

CVSS v3.1

HIGH (8.1)

EPSS

0.17%

MITRE

KEV

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

1 Post
1 Interaction

Last activity: 14 hours ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

New #security bulletin analysis: Java 8 OpenJDK update addresses significant vulnerabilities. The highlights include CVE-2025-30749, a heap corruption flaw with a CVSS score of 8.3 that can lead to remote code execution and full application compromise. Read more:👉 tinyurl.com/55kj4vsu #SUSE

0
1
0
14h ago

CVE-2023-36617

Overview

Pending

29 Jun 2023

Published

02 Aug 2024

Updated

CVSS

Pending

EPSS

1.55%

MITRE

KEV

Description

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.

Statistics

1 Post

Last activity: 16 hours ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

CVE-2023-36617: A d eep dive into the RubyGems ReDoS vulnerability just patched in USN-7747-1. It's a classic case of how a maliciously crafted input can trigger catastrophic backtracking in a regex, bringing systems to a halt. Read more: 👉 tinyurl.com/yv6dtexm #Secxurity #Ubuntu

0
0
0
16h ago

CVE-2025-54896

Overview

Microsoft
Office Online Server

09 Sep 2025

Published

16 Sep 2025

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.06%

MITRE

KEV

Description

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Statistics

1 Post

Last activity: 4 hours ago

Bluesky

SecQube | Harvey | AI Platform for MS Graph @secqube.com

CVE-2025-54896 Microsoft Excel Remote Code Execution Vulnerability scq.ms/46q9ufg #SecQube #cybersecurity

0
0
0
4h ago

CVE-2025-9708

Overview

Kubernetes
Kubernetes CSharp Client

16 Sep 2025

Published

16 Sep 2025

Updated

CVSS v3.1

MEDIUM (6.8)

EPSS

Pending

MITRE

KEV

Description

A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially intercept or manipulate communication with the Kubernetes API server, leading to possible man-in-the-middle attacks and API impersonation.

Statistics

4 Posts

Last activity: 13 hours ago

Fediverse

K8sContributors @K8sContributors

CVE-2025-9708: Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks - https://github.com/kubernetes/kubernetes/issues/134063

0
0
3
13h ago