Skip to main content

Overview

Microsoft has released scheduled updates addressing 57 vulnerabilities across its products. Of these, one is confirmed to be actively exploited in the wild, and two have been publicly disclosed prior to patching, which significantly increases the risk of exploitation. Below are the details: 

The actively exploited vulnerability affects the Windows Cloud Files Mini Filter Driver and could allow attackers to escalate privileges on a compromised system. This type of vulnerability enables adversaries to gain higher-level access, potentially leading to full system control if combined with other exploits. 

  • CVE-2025-62221: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVSSv3 7.8)  

Affected unpatched versions:  

  • Windows 10 Versions 1809, 21H2, 22H2 
  • Windows 11 Versions 22H3, 23H2, 24H2, 25H2 
  • Windows Server 2019, 2022 (and 23H2), 2025 

A vulnerability has been publicly disclosed, meaning technical details are available to attackers before patches are widely applied.  

  • CVE-2025-54100: PowerShell Remote Code Execution Vulnerability (CVSSv3 7.8) 

 

WatchGuard has released security updates to remediate a critical vulnerability in its Fireware operating system, which powers Firebox network security appliances. This vulnerability is considered highly severe and could allow attackers to execute arbitrary code or cause system crashes. 

  • CVE-2025-14733: Out-of-Bounds Write Vulnerability (CVSSv3 9.3).  

Affected versions: 11.10.2-11.12.4_Update1, 12.0-12.11.5, 2025.1-2025.1.3. 

 

NetSupport has released security updates to address three high-severity vulnerabilities in NetSupport Manager. The vulnerabilities include issues related to SQL injection, weak password encoding, and arbitrary file upload. If exploited, these flaws could allow attackers to disclose arbitrary local files, gain unauthorised access to the NetSupport Manager application, and execute remote code.  

  • CVE-2025-34179: Information Disclosure via Unauthenticated SQL Injection (CVSSv3 8.7). Affected versions: <= 14.12.0001 
  • CVE-2025-34180: Weak Password Encoding (CVSSv3 8.7). Affected versions: <= 14.12.0001 
  • CVE-2025-34181: Remote Code Execution via Arbitrary File Upload (CVSSv3 8.7). Affected versions: <= 14.12.0001 

 

SonicWall has released security updates to address two vulnerabilities in the SMA1000 Appliance Management Console (AMC) / Central Management Console (CMC). These vulnerabilities allow for remote, unauthenticated OS command execution under specific conditions, and privilege escalation within the AMC. These can result in unauthenticated remote code execution with root privileges, creating high risk of full appliance compromise and making prompt patching essential. 

  • CVE-2025-23006: Remote Code Execution via Pre-Authentication Deserialization of Untrusted Data (CVSSv3 9.8). Affected versions: =<12.4.3-02804. 
  • CVE-2025-40602: Privilege Escalation via Insufficient Authorisation (CVSSv3 6.6). Affected versions: =< 12.4.3.03093, =<12.5.0.02002 

 

Recommended Action 

Organisations are encouraged to review the appropriate security advisory pages and apply the updates: 

Microsoft – Release Notes 

Watchguard – Advisory 

NetSupport – CVE details  

SonicWall – Vulnerability details 

 

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting aCyber Concerns Online Reporting Form.  

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates