Apple has issued security patches to fix two actively exploited zero-day vulnerabilities affecting various Apple devices.
The first vulnerability, identified as CVE-2025-31200 and rated 7.5 on the CVSSv3 scale, could enable an unauthorised attacker to execute arbitrary code on a device by manipulating an audio stream within a specially crafted media file. The second flaw, CVE-2025-31201, has a CVSSv3 score of 6.8 and may allow an attacker with the ability to perform arbitrary read and write operations to bypass pointer authentication mechanisms.
Cisco has published a security alert regarding a high-severity vulnerability impacting the Webex App, which is unaffected by configuration settings or operating system.
The flaw, tracked as CVE-2025-20236, is related to inadequate input validation and carries a CVSSv3 score of 8.8. Successful exploitation could allow a remote, unauthenticated attacker to execute arbitrary code, provided they can trick a user into clicking a specially crafted meeting link.
Erlang has issued updates for its OTP (Open Telecom Platform) package to fix a critical flaw in the built-in Secure Shell (SSH) server. Erlang is a widely used open-source programming language, and OTP is a collection of libraries and middleware designed to support application development in Erlang.
The vulnerability, identified as CVE-2025-32433, holds a maximum CVSSv3 score of 10.0. It could allow a remote, unauthenticated attacker to execute arbitrary code, potentially resulting in full system compromise.
Langflow, an open-source tool for building AI-driven agents and workflows, has patched a critical remote code execution (RCE) vulnerability tracked as CVE-2025-3248. The issue affects all versions prior to 1.3.0 and carries a CVSSv3 score of 9.8.
The flaw resides in the /api/v1/validate/code endpoint, where untrusted code was executed using Python’s exec() function without authentication or sandboxing. This could allow remote attackers to run arbitrary commands on the server, posing a major threat to systems using Langflow in development or production environments.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Apple – Security Releases
Cisco – Security Advisory
Erlang – Github Security Advisories
Langflow – Security Boulevard (Techstrong Group, Inc.)
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.