Advisory Notice: Sonicwall, Trend Micro, Microsoft and Adobe

SonicWall has published a security advisory in response to a series of internal and external cybersecurity incidents involving its products. The company has initiated an investigation to determine whether attackers are exploiting a previously known flaw or exploiting a new, undisclosed vulnerability in its firmware.

SonicWall has not yet confirmed the root cause or issued a patch. In the meantime, it has issued interim mitigation guidance for organisations using Gen 7 firewalls with Secure Sockets Layer Virtual Private Network (SSL VPN) functionality enabled. Implementation of these measures is strongly advised until further updates are available.

The advisory follows multiple reports from independent security researchers of active intrusions targeting Gen 7 devices with SSL VPN enabled. Post-compromise activity has included privilege escalation, lateral movement within networks, data theft, and the deployment of Akira ransomware.

Attacks have been observed even against fully patched firewalls with multi-factor authentication (MFA) enabled. Researchers believe this behaviour could point to the exploitation of an unknown zero-day vulnerability.

Trend Micro has issued a critical security bulletin addressing two serious command injection remote code execution (RCE) vulnerabilities: CVE-2025-54948 (CVSS 9.8) and CVE-2025-54987 (CVSS 9.8), affecting the on-premise version of the Apex One Management Console.

Both vulnerabilities could allow a remote attacker, without prior authentication, to upload malicious code and execute arbitrary commands on vulnerable systems. While similar in nature, each flaw targets a different CPU architecture.

Trend Micro has announced that a critical security update is scheduled for release in mid-August 2025. This forthcoming update is expected not only to resolve both vulnerabilities but also to reinstate the Remote Install Agent feature, provided it is applied after the temporary mitigation tool.

Organisations using affected versions of Apex One (on-premise) are strongly advised to monitor for the update’s release and apply it promptly to ensure systems are secured against potential exploitation.

Microsoft has released an urgent security bulletin addressing two critical zero-day vulnerabilities in Adobe Experience Manager (AEM) Forms on Java EE, identified as CVE-2025-54253 (CVSS 10.0) and CVE-2025-54254 (CVSS 8.6). AEM Forms is a platform used for creating and managing digital forms within enterprise environments.

• CVE-2025-54253 is attributed to a misconfiguration that enables an authentication bypass in environments where Struts2's development mode is mistakenly left enabled in the admin UI. This flaw allows unauthenticated attackers to perform arbitrary code execution via OGNL expressions.
• CVE-2025-54254 is a critical XXE (XML External Entity Injection) vulnerability that permits unauthenticated attackers to read arbitrary files from the server.

Adobe has released an urgent security bulletin addressing two critical zero-day vulnerabilities in Adobe Experience Manager (AEM) Forms on Java EE, identified as CVE-2025-54253 (CVSS 10.0) and CVE-2025-54254 (CVSS 8.6). AEM Forms is a platform used for creating and managing digital forms within enterprise environments.

• CVE-2025-54253 is attributed to a misconfiguration that enables an authentication bypass in environments where Struts2's development mode is mistakenly left enabled in the admin UI. This flaw allows unauthenticated attackers to perform arbitrary code execution via OGNL expressions.
• CVE-2025-54254 is a critical XXE (XML External Entity Injection) vulnerability that permits unauthenticated attackers to read arbitrary files from the server.

Adobe notes that proof-of-concept (PoC) exploit code for both vulnerabilities has been publicly available, though there is no indication of active exploitation in the wild.

Recommended Action

Organisations are encouraged to review the appropriate security advisory pages and apply the updates:

Sonicwall – Support

TrendMicro – Critical Security Bulletin

Microsoft – CISA Advisory

Adobe – Experience Manager (Documentation)

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.