Apple has released security updates to address CVE-2025-43300, a serious out-of-bounds write vulnerability in the ImageIO framework used by iOS, iPadOS, and macOS. The flaw has already been exploited in targeted attacks and could allow threat actors to achieve remote code execution simply by sending a malicious image via email, message, or website. If the image is processed by the device, attackers may be able to crash the system or install malware.
This type of vulnerability is especially dangerous because it requires little or no user interaction beyond opening or previewing an image. Apple has described the attacks as 'extremely sophisticated' and urges all users to update immediately.
Affected devices include iPhone XS and later, iPad Pro (3rd gen and later), iPad Air (3rd gen and later), iPad (7th gen and later), and iPad mini (5th gen and later). Fixes are available in iOS 18.6.2, iPadOS 18.6.2/17.7.10, macOS Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8.
Cisco has released a new batch of 21 security advisories addressing 29 vulnerabilities affecting Cisco Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC) software. This release is part of Cisco’s scheduled August 2025 security advisory bundle.
The advisories are categorised based on severity: 1 critical, 11 high, and 9 medium. Users are strongly encouraged to review the critical vulnerability in particular, as it poses the most serious risk.
Critical Vulnerability:
-
CVE-2025-20265: Advisory ID: cisco-sa-fmc-radius-rce-TNBKf79. Component Affected: Cisco Secure Firewall Management Center (FMC) Software. Vulnerability Type: RADIUS Remote Code Execution (RCE). CVSSv3 Score: 10.0 (Critical). This flaw could allow an unauthenticated attacker to remotely execute arbitrary shell commands on the affected device. The vulnerability can be exploited only if FMC is configured to use RADIUS authentication for the web-based GUI, SSH management access, or both.
SAP has published an urgent security advisory addressing two critical vulnerabilities in SAP NetWeaver Visual Composer, identified as CVE-2025-31324 and CVE-2025-42999.
- CVE-2025-31324 – Missing Authorisation Check (CVSS score: 10.0). This flaw in the Metadata Uploader component allows unauthenticated attackers to upload malicious files, leading to remote code execution and full system compromise.
- CVE-2025-42999 – Insecure Deserialisation (CVSS score: 9.1). When combined with CVE-2025-31324, attackers can execute arbitrary code without authentication.
Both vulnerabilities have been weaponized in the wild, enabling attackers to bypass authentication, deploy JSP-based web shells (e.g., helper.jsp, cache.jsp), and gain privileged access to compromised systems.
SAP has released emergency patches through Security Note 3594142 (April 2025) and Security Note 3604119 (May 2025) to address the underlying issues. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added both CVEs to its Known Exploited Vulnerabilities Catalog, highlighting the urgent need for organisations to apply the fixes.
Xerox has published a security advisory to address two critical, unauthenticated remote code execution vulnerabilities in its FreeFlow Core print orchestration platform.
- CVE-2025-8355 – XML External Entity (XXE) Injection (CVSS 7.5): A flaw in the JMF Client service allowed specially crafted XML input to cause Server-Side Request Forgery (SSRF) attacks.
- CVE-2025-8356 – Path Traversal (CVSS 9.8): A vulnerability in file-handling routines enabled attackers to place a web shell in a publicly accessible location, facilitating remote code execution using JMF commands.
FreeFlow Core is designed to automate prepress workflows in environments such as commercial print shops, universities, packaging, marketing, and government agencies. The combination of open accessibility and sensitive content – like pre-public marketing materials – makes it a high-value target. Xerox has released fixes for both vulnerabilities in FreeFlow Core version 8.0.5 and strongly urges customers to apply the update promptly.
Microsoft has released security updates addressing 111 vulnerabilities across 55 products. Fourteen of these flaws are of particular concern one is publicly disclosed, and the remaining thirteen are rated critical by Microsoft.
The publicly disclosed vulnerability is:
- CVE-2025-53779 – Windows Kerberos Elevation of Privilege (CVSS 7.2)
The critical vulnerabilities include:
- CVE-2025-50165 – Windows Graphics Component RCE (CVSS 9.8)
- CVE-2025-53766 – GDI+ RCE (CVSS 9.8)
- CVE-2025-53778 – Windows NTLM Elevation of Privilege (CVSS 8.8)
- CVE-2025-53784 – Microsoft Word RCE (CVSS 8.4)
- CVE-2025-53740 – Microsoft Office RCE (CVSS 8.4)
- CVE-2025-53733 – Microsoft Word RCE (CVSS 8.4)
- CVE-2025-53731 – Microsoft Office RCE (CVSS 8.4)
- CVE-2025-50177 – MSMQ RCE (CVSS 8.1)
- CVE-2025-49707 – Azure Virtual Machines Spoofing (CVSS 7.9)
- CVE-2025-50176 – DirectX Graphics Kernel RCE (CVSS 7.8)
- CVE-2025-53781 – Azure Virtual Machines Information Disclosure (CVSS 7.7)
- CVE-2025-53793 – Azure Stack Hub Information Disclosure (CVSS 7.5)
- CVE-2025-48807 – Windows Hyper-V RCE (CVSS 7.5)
Microsoft has also released security updates to address a critical vulnerability in on-premises SharePoint Server.
- CVE-2025-53770 – Remote Code Execution via deserialisation of untrusted data (actively exploited, including against UK targets).
- CVE-2025-53771 – Related flaw enabling authentication bypass.
Affected versions include SharePoint Server Subscription Edition, 2019, and 2016. The NCSC is urging organisations to patch immediately. Microsoft also advises enabling and correctly configuring the Anti-Malware Scan Interface (AMSI), ensuring only supported versions are in use, deploying Defender for Endpoint (or equivalent), and rotating ASP.NET machine keys as additional precautions.
Fortinet has published a security advisory about a high-severity flaw in the FGFM (FortiGate to FortiManager) protocol, impacting FortiOS (FortiGate), FortiPAM, FortiProxy, and FortiSwitchManager. The issue affects only devices managed through a FortiManager.
Tracked as CVE-2024-26009 (CVSS 7.9), the vulnerability stems from weak authentication in the FGFM protocol and could be exploited to compromise affected systems. Fortinet recommends applying the provided fixes promptly to mitigate the risk.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Apple – Support
Cisco – August 2025 Cisco Secure Firewall ASA…
SAP – Security Patch Day (April 2025)
Xerox – Product Support: Freeflow Core
Microsoft – August Security Updates and CVE-2025-53770
Fortinet – PSIRT (Fortiguard Labs)
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.