#active-exploitation

#active-exploitation

The impact is that any user with access to the FreePBX Administration panel could leverage this vulnerability to execute arbitrary shell commands on the underlying host. An attacker could leverage this to obtain remote access to the system as the asterisk user.

The zero-day in Cisco Catalyst SD-WAN is being actively exploited, according to Cisco's security arm Talos. The research team discovered that attackers are using this vulnerability to compromise controllers and connect malicious peers to target networks. The group UAT-8616, which is not yet known, has been exploiting the flaw since at least 2023.

Research from Pentera Labs reveals evidence of active exploitation in customer-managed business cloud environments, particularly within Fortune 500 companies and cybersecurity vendors. This exploitation is targeting training applications utilized by said organizations. These are applications typically deployed for security demos and training, including OWASP Juice Shop, DVWA and Hackazon. The research discovered thousands of systems exposed, with several hosted on enterprise infrastructure using Azure, AWS and GCP cloud platforms.

The vulnerability, tracked as CVE-2025-6218 (CVSS score: 7.8), is a path traversal bug that could enable code execution. However, for exploitation to succeed, it requires a prospective target to visit a malicious page or open a malicious file. 'RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user,' CISA said in an alert.

Searchlight Cyber researchers Adam Kues and Shubham Shah, who discovered the flaw, have published their own technical teardown of the vulnerability that doesn't mince words about the ease with which criminals can weaponize it. The researchers call exploitation "trivial," describing a single HTTP request that bypasses OIM's normal authentication flow and ultimately gives an attacker remote system-level control. Oracle disclosed the bug in October, but didn't indicate that it was under active exploitation.

Citrix has issued patches in order to fix three newly-designated common vulnerabilities and exposures (CVEs) in the widely used NetScaler Application Delivery Controller (ADC) and NetScaler Gateway lines. The trio of bugs, which are tracked as CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 are, respectively, a memory overflow vulnerability that leads either to pre-authentication remote code execution (RCE) or denial of service (DoS), or both.