Organizations Warned of Exploited Meteobridge Vulnerability
A Meteobridge command-injection vulnerability (CVE-2025-4008) has been exploited in attacks and added to CISA's Known Exploited Vulnerabilities catalog.
CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild
Meteobridge contains a command-injection vulnerability (CVE-2025-4008) allowing unauthenticated remote attackers to execute arbitrary commands as root; vulnerability is actively exploited and patched in version 6.
Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure
An unsafe deserialization flaw (CVE-2025-10035) in Fortra GoAnywhere permits unauthenticated command injection and was actively exploited in the wild by at least September 10, 2025.
Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers
A command-injection vulnerability in Libraesva ESG allows arbitrary shell command execution via crafted compressed email attachments; patches available for ESG 5.x while 4.x is discontinued.