Overview
SonicWall: Security researchers have published a proof-of-concept (PoC) exploit for CVE-2024-53704, an authentication bypass vulnerability in the SonicOS SSL VPN component. SonicWall released patches on 7 January 2025.
If exploited, a remote, unauthenticated attacker could hijack active SSL VPN sessions, granting access to private networks, Virtual Office bookmarks, and VPN tunnels, as well as forcibly terminating user connections.
Apple has released emergency security updates addressing a critical, zero-day vulnerability, tracked as CVE-2025-24200, which the company believes was exploited in extremely sophisticated targeted attacks against specific people. Affected devices include iPhone XS and later, iPad Pro (various models), iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later. The vulnerability could allow an attacker to disable USB Restricted Mode on a locked device, potentially granting unauthorised access to sensitive data. The new update can be installed by accessing the ‘Settings’ on your device.
Cisco has issued nine security advisories, including one critical and two high-severity vulnerabilities, affecting Cisco ISE, NX-OS, Expressway, IOS, IOS XE, IOS XR, and Secure Email/Web products.
- Critical Vulnerability (Cisco ISE & ISE Passive Identity Connector – CVE 2025-20124 and CVE-2025-20125): Allows authenticated remote attackers with read-only admin credentials to execute arbitrary commands and escalate privileges.
- High-Severity (Cisco NX-OS – CVE-2024-20397): Enables attackers to bypass image signature verification and load unverified software.
- High-Severity (Cisco IOS, IOS XE, IOS XR – CVE-2025-20169): Could allow authenticated remote attackers to perform DoS attacks on affected devices.
F5 has published a security advisory detailing vulnerabilities affecting its BIG-IP and BIG-IP Next networking products. The update includes 13 high-impact, one medium-impact, and one low-impact vulnerabilities.
Among the high-impact issues is CVE-2025-20029, a command injection vulnerability with a CVSSv4 score of 8.7. If exploited, an authenticated attacker could execute arbitrary system commands, potentially compromising affected systems.
Ivanti has issued three security advisories addressing critical vulnerabilities across its products:
- Ivanti Cloud Services Appliance (CSA): A critical OS command injection flaw (CVE-2024-47908, CVSS 9.1) could allow remote code execution (RCE) if exploited by an authenticated attacker.
- Ivanti Neurons for MDM (N-MDM): A privilege assignment weakness has been patched automatically as of 17 January 2025, requiring no action from customers.
- Ivanti Connect Secure (ICS), Policy Secure (IPS), and Secure Access Client (ISAC): Eight vulnerabilities, including three critical flaws (CVE-2025-22467, CVE-2024-38657, CVE-2024-10644), could lead to RCE or arbitrary file writes by admin-level attackers.
Fortinet has issued an urgent security advisory regarding CVE-2025-24472, a critical authentication bypass vulnerability affecting FortiOS and FortiProxy. The flaw, which has a CVSS score of 8.1, is actively being exploited in the wild to hijack Fortinet firewalls and gain unauthorised super-admin access. The versions affected as follows:
- FortiOS: Versions 7.0.0 through 7.0.16
- FortiProxy: Versions 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
SonicWall – Security Advisory
Apple – Security Updates
Cisco – Security Advisories
F5 – Security Advisory
Ivanti – Security Update
Fortinet – Fortiguard PSIRT
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.