SAP has issued security updates to address a second zero-day vulnerability, CVE-2025-42999 (CVSS v3.1: 9.1), affecting SAP NetWeaver Visual Composer. This flaw was identified during investigations into the active exploitation of a previously patched vulnerability, CVE-2025-31324, which allowed unauthenticated file uploads leading to remote code execution. Threat actors have been observed chaining CVE-2025-42999 with CVE-2025-31324 since January 2025 to execute arbitrary commands remotely on vulnerable SAP NetWeaver servers. These attacks have involved uploading JSP web shells and deploying tools like Brute Ratel for post-exploitation activities.
Apple has released a series of security updates to address several vulnerabilities affecting iOS, iPadOS, macOS, and other Apple platforms. These updates include fixes for flaws that may allow privilege escalation, arbitrary code execution, and other security risks. Some of the vulnerabilities are reportedly being actively exploited in the wild.
Key Vulnerabilities (examples):
- WebKit RCE Flaws – Could allow arbitrary code execution via malicious web content
- Kernel Privilege Escalation – Local attackers could exploit to gain SYSTEM-level access
- Core services bugs – Could be used to bypass security protections or leak sensitive data
This flaw enables a local user to gain elevated privileges and execute arbitrary code with SYSTEM-level access. The vulnerability is exploited by creating a symbolic link and manipulating the service into deleting a specified directory, thereby allowing the attacker to take control of sensitive operations.
F5 has issued a security bulletin addressing a high-severity vulnerability affecting specific versions of its BIG-IP software. According to F5’s advisory (K000148591), this flaw could allow unauthenticated attackers to execute arbitrary system commands or code under certain conditions.
The vulnerability affects the Traffic Management User Interface (TMUI), which provides administrative access via HTTPS. If exploited, it may lead to full system compromise, exposing organisations to further risk, including data loss and lateral movement within the network.
Microsoft has released its May 2025 Patch Tuesday updates, resolving 78 security vulnerabilities across its software suite. Among these, five zero-day vulnerabilities are confirmed to be actively exploited in the wild, underscoring the urgency for immediate patch deployment:
- CVE-2025-30400: An elevation of privilege vulnerability in the Desktop Window Manager (DWM) Core Library, allowing attackers to gain SYSTEM-level access.
- CVE-2025-30397: A remote code execution vulnerability in the Microsoft Scripting Engine, exploitable via type confusion, particularly affecting Internet Explorer mode in Microsoft Edge.
- CVE-2025-32701 & CVE-2025-32706: Elevation of privilege vulnerabilities in the Windows Common Log File System (CLFS) driver, enabling attackers to attain SYSTEM privileges.
- CVE-2025-30386 & CVE-2025-30377: Remote code execution vulnerabilities in Microsoft Office, which can be exploited through specially crafted documents.
Fortinet has published a security advisory detailing a critical vulnerability affecting several of its products, including FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. The vulnerability, tracked as CVE-2025-32756, is a stack-based buffer overflow with a CVSS v4 score of 9.6 (CVSS v3.1: 9.8). Successful exploitation could allow a remote unauthenticated attacker to execute arbitrary code by sending a specially crafted HTTP request containing a malicious hash cookie.
Fortinet has confirmed active exploitation of this vulnerability in the wild, specifically targeting FortiVoice devices. Observed malicious activity includes network scanning, deletion of system crash logs, and enabling of FCGI debugging—suggesting attempts to log credentials via HTTP or SSH access.
Node.js project has released security updates for versions 18.x, 20.x, 22.x, and 23.x to address several vulnerabilities that could lead to denial-of-service (DoS) conditions, unauthorised access, and memory leaks. Node.js is an open-source, cross-platform JavaScript runtime environment that enables developers to build scalable network applications. Node.js is widely used in developing web servers, APIs, and real-time applications across various industries.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
SAP – Security Advisory
Apple – Security Updates
F5 – Security Advisory
Microsoft – May 2025 Security Updates
Fortinet – PSIRT Fortiguard
Node.js – 14 May Security Releases
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.