Google has rolled out its May 2025 Android security update, addressing 46 vulnerabilities, including a critical flaw that has been actively exploited in the wild.
The most severe issue, identified as CVE-2025-27363 with a CVSS score of 8.1, is a high-severity vulnerability in the Android System component. This flaw could lead to local code execution without requiring additional execution privileges or user interaction.
In addition to CVE-2025-27363, the update resolves eight other flaws in the Android System and 15 in the Framework module, which could be exploited for privilege escalation, information disclosure, or denial-of-service attacks. Google advises all Android users to apply the latest security updates promptly to mitigate potential risks. The company also notes that enhancements in newer versions of the Android platform make exploitation more difficult.
Apple has addressed a series of critical vulnerabilities in its AirPlay protocol, collectively termed ‘AirBorne’ by cybersecurity firm Oligo. These flaws could allow attackers on the same Wi-Fi network to execute zero-click remote code execution (RCE) attacks, potentially compromising Apple and third-party devices utilizing the AirPlay SDK. Notably, vulnerabilities such as CVE-2025-24252 and CVE-2025-24132 can be combined to create a wormable exploit. This means malware could autonomously spread across devices within the same local network, leading to the deployment of backdoors, ransomware, or other malicious activities.
Apache: a critical security flaw has been found in Apache Parquet, a popular tool used to handle large data files. The issue, tracked as CVE-2025-30065, could allow attackers to trigger unexpected behaviour when the system processes certain files. Security researchers have released a tool that can check if systems are vulnerable to this issue. Although the bug doesn’t directly allow full remote control, it can be misused to cause problems, especially if data comes from untrusted sources. Users are advised to update Apache Parquet and review how their systems handle incoming data to stay protected.
SysAid issued security patches for its on-premise IT service management platform to address several critical issues, including XML external entity (XXE) vulnerabilities and an OS command injection flaw.
Following this release, cybersecurity company watchTowr Labs published proof-of-concept exploit code targeting four vulnerabilities resolved in that update. The first two, CVE-2025-2775 and CVE-2025-2776, are XXE flaws in the /mdm endpoint that could be exploited by unauthenticated users to access sensitive data or disrupt services. These were logged as SYSAID-11223.
A third issue, CVE-2025-2777 (SYSAID-11224), is another XXE vulnerability located in the /lshw endpoint, with similar risks of information exposure or denial-of-service attacks.
The final vulnerability, CVE-2025-2778 (SYSAID-11246), involves OS command injection and could allow a logged-in attacker to run arbitrary commands on the server.
Cisco has released a security advisory addressing a critical vulnerability in its IOS XE Wireless LAN Controller (WLC) software. The flaw, identified as CVE-2025-20188 with a CVSS score of 10.0, stems from a hard-coded JSON Web Token (JWT) present in certain systems. This vulnerability could allow an unauthenticated, remote attacker to upload arbitrary files, perform path traversal, and execute commands with root privileges by sending crafted HTTPS requests to the AP image download interface.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Google – Android Security Bulletin
Apple – Oligo Blog
Apache – NIST CVE-2025-30065
SysAid – 24.4.60 b16 On-premise releases
Cisco – Security Advisories
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.