VARIoT latest news about IoT security

Zero-day vulnerabilities found: Apple iPhone, iPad users urged to update devices , Digital News - AsiaOne Trust: 5.0 Fetched: Dec. 18, 2025, 11:12 p.m., Published: Dec. 15, 2025, 12:10 p.m.	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	webkit
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2025-14174, CVE-2025-43529

Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure \| AWS Security Blog Trust: 3.5 Fetched: Dec. 18, 2025, 11:11 p.m., Published: Dec. 15, 2025, 7:20 p.m.	Vulnerabilities: default credentials, traffic interception

Affected products

External IDs

db:

NVD

ids:

CVE-2023-27532, CVE-2023-22518, CVE-2022-26318, CVE-2021-26084

Android Security Bulletin-December 2025 \| Android Open Source Project Related entries in the VARIoT vulnerabilities database: VAR-202512-3498, VAR-202511-0769, VAR-202512-2964, VAR-202512-0754, VAR-202512-5347, VAR-202512-2961, VAR-202512-2043, VAR-202512-1520, VAR-202512-1246, VAR-202512-1517, VAR-202512-2040, VAR-202512-3741, VAR-202512-0999, VAR-202511-1256, VAR-202512-1793, VAR-202511-1774 Trust: 5.25 Fetched: Dec. 18, 2025, 11:10 p.m., Published: Dec. 18, 2025, midnight	Vulnerabilities: denial of service, code execution, information disclosure

Affected products

External IDs

vendor:	motorola	model:	motorola
vendor:	motorola	model:	android
vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	samsung	model:	mobile
vendor:	samsung	model:	notes
vendor:	samsung	model:	note
vendor:	samsung	model:	samsung
vendor:	huawei	model:	huawei

db:

NVD

ids:

CVE-2025-48607, CVE-2025-48564, CVE-2025-61618, CVE-2025-48618, CVE-2025-48592, CVE-2023-40130, CVE-2025-58410, CVE-2025-48627, CVE-2025-48589, CVE-2025-47382, CVE-2025-11131, CVE-2025-61619, CVE-2025-61609, CVE-2025-48583, CVE-2025-20730, CVE-2025-11133, CVE-2025-48596, CVE-2025-47370, CVE-2025-20751, CVE-2025-20725, CVE-2025-48597, CVE-2025-3012, CVE-2025-47372, CVE-2025-20754, CVE-2025-48599, CVE-2025-48631, CVE-2025-48601, CVE-2025-48629, CVE-2025-47319, CVE-2025-27070, CVE-2025-48603, CVE-2025-48633, CVE-2025-20758, CVE-2025-47354, CVE-2025-48612, CVE-2025-48628, CVE-2025-48594, CVE-2025-27053, CVE-2025-48590, CVE-2025-48565, CVE-2025-48573, CVE-2025-20757, CVE-2025-48555, CVE-2025-48576, CVE-2025-48566, CVE-2025-31718, CVE-2025-31717, CVE-2025-20790, CVE-2025-32328, CVE-2025-27074, CVE-2025-20753, CVE-2025-11132, CVE-2025-22420, CVE-2025-48572, CVE-2025-48575, CVE-2025-48588, CVE-2025-22432, CVE-2025-48615, CVE-2025-48639, CVE-2025-61610, CVE-2025-25177, CVE-2025-48600, CVE-2025-20752, CVE-2025-20756, CVE-2025-48598, CVE-2025-8045, CVE-2025-48591, CVE-2025-20791, CVE-2025-48525, CVE-2025-47351, CVE-2025-48626, CVE-2025-48622, CVE-2025-48621, CVE-2025-20792, CVE-2025-20750, CVE-2025-46711, CVE-2025-48620, CVE-2025-48584, CVE-2025-48536, CVE-2025-6349, CVE-2025-61617, CVE-2025-20759, CVE-2025-48580, CVE-2025-32319, CVE-2025-32329, CVE-2025-48632, CVE-2025-47323, CVE-2025-6573, CVE-2025-61607, CVE-2025-48614, CVE-2025-20726, CVE-2025-61608, CVE-2025-20755, CVE-2025-27054, CVE-2025-48586, CVE-2025-20727, CVE-2025-48604

Apple Patches Critical Vulnerabilities Across Multiple Platforms - CVE Vulnerability Alerts Trust: 3.75 Fetched: Dec. 18, 2025, 11:10 p.m., Published: Dec. 15, 2025, 4:17 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	apple	model:	watchos
vendor:	apple	model:	tvos
vendor:	apple	model:	webkit

db:

NVD

ids:

CVE-2025-43529

Critical FortiGate SSO Vulnerability Actively Exploited in Real-World Attacks Trust: 6.0 Fetched: Dec. 18, 2025, 11:07 p.m., Published: Dec. 16, 2025, 11:14 a.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2025-59719, CVE-2025-59718, CVE-2025-597199, CVE-2025-597189

Critical FortiGate SSO Vulnerability Actively Exploited in the Wild Trust: 5.75 Fetched: Dec. 18, 2025, 11:07 p.m., Published: Dec. 16, 2025, 11:47 a.m.	Vulnerabilities: authentication bypass, weak password

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2025-59719, CVE-2025-59718

SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances Trust: 5.25 Fetched: Dec. 18, 2025, 11:07 p.m., Published: Dec. 18, 2025, 7:16 a.m.	Vulnerabilities: privilege escalation, code execution

Affected products

External IDs

vendor:	sonicwall	model:	secure mobile access
vendor:	sonicwall	model:	remote access
vendor:	sonicwall	model:	sma 100

db:

NVD

ids:

CVE-2025-40602, CVE-2025-23006

Critical FortiGate Devices SSO Vulnerabilities Actively Exploited in the Wild Trust: 6.0 Fetched: Dec. 18, 2025, 11:01 p.m., Published: Dec. 16, 2025, 7:43 a.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2025-59719, CVE-2025-59718

Surface Laptop 5 gets new (November 25, 2025) firmware updates Trust: 3.75 Fetched: Nov. 26, 2025, 9:17 a.m., Published: Nov. 25, 2025, midnight	Vulnerabilities: denial of service, application crash, information disclosure...

Affected products

External IDs

db:

NVD

ids:

CVE-2024-21864, CVE-2022-36392, CVE-2022-38102, CVE-2024-44074

General Industrial Controls Lynx+ Gateway \| CISA Trust: 5.0 Fetched: Nov. 25, 2025, 9:42 a.m., Published: Nov. 1, 2025, midnight	Vulnerabilities: weak password

Affected products

External IDs

db:

NVD

ids:

CVE-2025-55034, CVE-2025-62765, CVE-2025-58083, CVE-2025-59780

The Hidden Risk of Device Sprawl: Why More Devices Mean More Exposure Trust: 3.0 Fetched: Nov. 25, 2025, 9:41 a.m., Published: Nov. 3, 2025, midnight	Vulnerabilities: -

Affected products	External IDs

Update Canonical Ubuntu Server: USN-7878-1: cups-filters vulnerabilities Trust: 4.5 Fetched: Nov. 25, 2025, 9:41 a.m., Published: Jan. 25, 7878, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cups	model:	cups
vendor:	canonical	model:	ubuntu

db:

NVD

ids:

CVE-2025-64503, CVE-2025-57812, CVE-2025-64524

Update Canonical Ubuntu Server: USN-7877-1: libcupsfilters vulnerabilities Trust: 6.25 Fetched: Nov. 25, 2025, 9:40 a.m., Published: Jan. 25, 7877, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2025-64503, CVE-2025-57812

Update Canonical Ubuntu Server: USN-7861-3: Linux kernel vulnerabilities Trust: 4.25 Fetched: Nov. 25, 2025, 9:39 a.m., Published: March 25, 7861, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2025-40300

Update Canonical Ubuntu Desktop: USN-7886-1: Python vulnerabilities Trust: 5.0 Fetched: Nov. 25, 2025, 9:39 a.m., Published: Jan. 25, 7886, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2025-8291, CVE-2025-6075

Update Canonical Ubuntu Server: USN-7879-1: Linux kernel vulnerabilities Trust: 3.25 Fetched: Nov. 25, 2025, 9:39 a.m., Published: Jan. 25, 7879, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities - Cyber Security Review Trust: 3.75 Fetched: Nov. 25, 2025, 9:38 a.m., Published: Nov. 12, 2025, 8:46 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	nexus
vendor:	cisco	model:	firepower

db:

NVD

ids:

CVE-2025-41244, CVE-2025-53770, CVE-2025-20362, CVE-2025-20333

Tenda N300 Vulnerabilities Let Attacker to Execute Arbitrary Commands as Root User Related entries in the VARIoT vulnerabilities database: VAR-202305-0900 Trust: 5.75 Fetched: Nov. 25, 2025, 9:37 a.m., Published: Nov. 24, 2025, 1:36 p.m.	Vulnerabilities: code execution, command execution, command injection

Affected products

External IDs

vendor:

tenda

model:

router

db:

NVD

ids:

CVE-2023-2649, CVE-2025-13207, CVE-2024-24481

CE-Cyber Delegated Act: What IoT Manufacturers Need to Do Before Enforcement - IoT Business News Trust: 3.75 Fetched: Nov. 25, 2025, 9:36 a.m., Published: Nov. 24, 2025, 8:25 a.m.	Vulnerabilities: default credentials

Affected products	External IDs

Microsoft Update Health Tools Vulnerability Lets Attackers Run Remote Code Trust: 4.0 Fetched: Nov. 25, 2025, 9:35 a.m., Published: Nov. 25, 2025, 5:39 a.m.	Vulnerabilities: code execution

Affected products	External IDs

VARIoT news about IoT security