Google has issued updates to the stable versions of its Chrome browser in order to fix a high-severity security flaw. The vulnerability, identified as CVE-2025-6554, is a ‘type confusion’ issue within the V8 JavaScript engine used by the browser. This flaw could potentially be exploited by an attacker to carry out arbitrary read and write operations, typically by persuading a user to access a malicious HTML webpage.
Google has confirmed that there are known instances of this vulnerability being actively exploited in the wild.
Microsoft has released a series of security updates addressing a total of 130 vulnerabilities across 70 of its products. Among these, 12 notable vulnerabilities have been highlighted. One has been publicly disclosed, while the remaining 11 are classified by Microsoft as critical.
- CVE-2025-47981 – Remote Code Execution (RCE) Vulnerability in the SPNEGO Extended Negotiation (NEGOEX) Security Mechanism – CVSSv3 score: 9.8
- CVE-2025-48822 – RCE Vulnerability in Windows Hyper-V Discrete Device Assignment (DDA) – CVSSv3 score: 8.6
- CVE-2025-49704 – RCE Vulnerability in Microsoft SharePoint – CVSSv3 score: 8.8
- CVE-2025-49717 – RCE Vulnerability in Microsoft SQL Server – CVSSv3 score: 8.5
- CVE-2025-49695 – RCE Vulnerability in Microsoft Office – CVSSv3 score: 8.4
- CVE-2025-49696 – RCE Vulnerability in Microsoft Office – CVSSv3 score: 8.4
- CVE-2025-49697 – RCE Vulnerability in Microsoft Office – CVSSv3 score: 8.4
- CVE-2025-49735 – RCE Vulnerability in Windows KDC Proxy Service (KPSSVC) – CVSSv3 score: 8.1
- CVE-2025-49698 – RCE Vulnerability in Microsoft Word – CVSSv3 score: 7.8
- CVE-2025-49702 – RCE Vulnerability in Microsoft Office – CVSSv3 score: 7.8
- CVE-2025-49703 – RCE Vulnerability in Microsoft Word – CVSSv3 score: 7.8
Wing FTP issued an update to resolve a critical security flaw in its Wing FTP Server software. According to security researchers, the vulnerability, tracked as CVE-2025-47812—is currently being actively exploited.
- CVE-2025-47812 – Remote Code Execution Vulnerability in Wing FTP Server – CVSSv3 score: 10.0
Brother printer models, 689 in total, have been found to contain a serious security vulnerability that allows the default administrator passwords to be remotely predicted. The issue, identified as CVE-2024-51978 with a CVSS score of 9.8, stems from a flawed password-generation algorithm that uses the device’s serial number, which is publicly accessible.
This vulnerability is particularly concerning because it cannot be fully addressed through firmware updates, as the insecure logic is hardcoded during manufacturing. Only newly produced units will include a secure password-generation process, according to the manufacturer.
Fortinet’s FortiWeb web application firewall is affected by a serious pre-authentication SQL injection flaw (tracked as CVE‑2025‑25257) that allows unauthorised users to execute remote code on vulnerable installations, without any prior login. Proof‑of‑concept exploits have recently been published, making the issue exploit‑ready.
The vulnerability, with a critical severity score of 9.8, lies within FortiWeb’s Fabric Connector module. A failure to sanitise the bearer token in the get_fabric_user_by_token() function permits attackers to inject SQL via crafted HTTP requests. The injected SQL can be escalated to remote code execution by using SELECT ... INTO OUTFILE to deploy a malicious Python .pth file. When a CGI Python script runs, it can trigger the payload and grant full code execution
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Google – Chrome Releases
Google (Android) – Android Security Bulletin
Roundcube – Security Updates
Cisco – Security Advisories
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.