Sign-up

VARIoT news about IoT security

CVE-2025-59372 - Path Traversal - SecAlerts

Trust: 4.75

Fetched: Nov. 25, 2025, 9:25 a.m., Published: -
 Vulnerabilities: path traversal
Affected productsExternal IDs
vendor: asus model: router
vendor: asus model: routers
vendor: asus model: asus
db: NVD ids: CVE-2025-59372

CVE-2025-59370 - OS Command Injection - SecAlerts

Trust: 5.5

Fetched: Nov. 25, 2025, 9:25 a.m., Published: -
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
vendor: asus model: router
vendor: asus model: asus
db: NVD ids: CVE-2025-59370

CVE-2025-59368 - Integer Underflow - SecAlerts

Trust: 5.75

Fetched: Nov. 25, 2025, 9:24 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: asus model: router
vendor: asus model: routers
vendor: asus model: asus
db: NVD ids: CVE-2025-59368

CVE-2025-63207 (CVSS 9.8): Critical Broken Access Control Flaw Exposes R.V.R Elettronica TEX Devices to Full System Takeover

Trust: 3.0

Fetched: Nov. 25, 2025, 9:24 a.m., Published: Nov. 25, 2025, 12:25 a.m.
 Vulnerabilities: access control flaw, authentication flaw
Affected productsExternal IDs
db: NVD ids: CVE-2025-63207

CVE-2025-12003 - Path Traversal - SecAlerts

Trust: 3.25

Fetched: Nov. 25, 2025, 9:24 a.m., Published: -
 Vulnerabilities: path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2025-12003

CVE-2025-59365 - ASUS Router Stack Buffer Overflow Vulnerability

Trust: 6.0

Fetched: Nov. 25, 2025, 9:22 a.m., Published: Nov. 25, 2025, 8:15 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: asus model: router
vendor: asus model: asus
db: NVD ids: CVE-2025-59365

Tenda N300 Vulnerabilities Let Attacker to Execute Arbitrary Commands as

Trust: 4.5

Fetched: Nov. 25, 2025, 9:21 a.m., Published: Nov. 25, 2025, midnight
 Vulnerabilities: denial of service, default credentials, command injection...
Affected productsExternal IDs
vendor: snort model: snort
vendor: tenda model: router
vendor: snort.org model: snort
vendor: wireshark model: wireshark

Perplexity's Comet AI browser may have some concerning security flaws which could let hacker hijack your device | TechRadar

Trust: 3.25

Fetched: Nov. 25, 2025, 9:19 a.m., Published: Nov. 20, 2025, 6:32 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome

Rust Adoption Drives Android Memory Safety Bugs Below 20% for First Time

Trust: 4.75

Fetched: Nov. 23, 2025, 10:12 a.m., Published: Nov. 17, 2025, 6:02 a.m.
 Vulnerabilities: use after free, code execution, buffer overflow
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-48530

Fortinet FortiWeb Exploitation Hits Silently Patched Vulnerability | Blog | VulnCheck

Trust: 3.75

Fetched: Nov. 23, 2025, 10:11 a.m., Published: Nov. 18, 2025, midnight
 Vulnerabilities: path traversal, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-64446

Apple patches 50 security flaws-update now | Malwarebytes

Trust: 3.5

Fetched: Nov. 23, 2025, 10:10 a.m., Published: Nov. 5, 2025, 11:14 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: software update
vendor: apple model: watchos
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: watch
vendor: apple model: apple tv
db: NVD ids: CVE-2025-43442

Access Denied

Trust: 3.25

Fetched: Nov. 23, 2025, 10:10 a.m., Published: Nov. 21, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome

Attention! Critical flaw in ASUS's Wi-Fi-routers might compromise your data

Trust: 6.75

Fetched: Nov. 23, 2025, 10:09 a.m., Published: Nov. 23, 2023, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: asus model: dsl-ac51
vendor: asus model: dsl-n16
vendor: asus model: router
vendor: asus model: dsl-ac750
vendor: asus model: asus
vendor: asus model: routers
db: NVD ids: CVE-2025-59367

Update: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities

Trust: 3.25

Fetched: Nov. 23, 2025, 10:09 a.m., Published: Nov. 12, 2025, 3:20 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: firepower

Critical ASUSTOR Vulnerability Let Attackers Execute Malicious Code with

Trust: 4.75

Fetched: Nov. 23, 2025, 10:09 a.m., Published: Nov. 21, 2025, 5:06 p.m.
 Vulnerabilities: service disruption
Affected productsExternal IDs
vendor: pfsense model: pfsense
db: NVD ids: CVE-2025-13051

⚡ Weekly Recap: Fortinet Exploited, China's AI Hacks, PhaaS Empire Falls & More

Trust: 4.25

Fetched: Nov. 23, 2025, 10:07 a.m., Published: Nov. 17, 2025, 12:34 p.m.
 Vulnerabilities: code execution, arbitrary command execution, command execution...
Affected productsExternal IDs
vendor: trend model: security
vendor: synology model: chat
vendor: synology model: drive
vendor: node.js model: node.js
vendor: watchguard model: firebox
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: cisco model: series
vendor: cisco model: catalyst
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: installer
vendor: trend micro model: security
vendor: asus model: asus
vendor: google model: chrome
vendor: google model: android
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: palo model: networks
db: NVD ids: CVE-2025-37734, CVE-2025-62449, CVE-2025-33178, CVE-2025-11224, CVE-2025-42887, CVE-2025-20341, CVE-2025-43515, CVE-2025-64404, CVE-2025-46608, CVE-2025-59396, CVE-2025-64401, CVE-2025-11919, CVE-2025-64403, CVE-2025-52970, CVE-2025-64405, CVE-2025-12121, CVE-2025-10918, CVE-2025-12686, CVE-2025-64739, CVE-2025-42890, CVE-2025-64740, CVE-2025-64738, CVE-2025-12762, CVE-2025-62453, CVE-2025-59367, CVE-2025-23361, CVE-2025-12120, CVE-2025-4619, CVE-2025-64446, CVE-2025-64741, CVE-2025-12485

CVE-2025-8693 - Zyxel DX3300-T0 Command Injection Vulnerability

Trust: 5.0

Fetched: Nov. 23, 2025, 10:06 a.m., Published: Nov. 18, 2025, 2:15 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-8693

Critical Security Vulnerabilities Discovered in Perplexity Comet AI Browser: Hidden MCP API Enables Full Device Takeover and Command Execution - SafetyBis

Trust: 3.25

Fetched: Nov. 23, 2025, 10:05 a.m., Published: Nov. 21, 2025, midnight
 Vulnerabilities: cross-site scripting, script injection, command execution...
Affected productsExternal IDs
vendor: apple model: safari
vendor: google model: chrome
vendor: google model: google chrome

Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts

Trust: 4.5

Fetched: Nov. 23, 2025, 10:04 a.m., Published: Nov. 14, 2025, 9 a.m.
 Vulnerabilities: path traversal, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-64446

Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability

Trust: 4.5

Fetched: Nov. 23, 2025, 10:03 a.m., Published: Nov. 18, 2025, 4:44 a.m.
 Vulnerabilities: heap corruption, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2025-6554, CVE-2025-4664, CVE-2025-10585, CVE-2025-5419, CVE-2025-6558, CVE-2025-13223, CVE-2025-13224, CVE-2025-2783