Warning of attacks on Apple, Kentico, Microsoft, and Oracle vulnerabilities

The US cybersecurity agency CISA has added five vulnerabilities to the "Known Exploited Vulnerabilities" catalog. According to the agency, attackers are currently exploiting vulnerabilities in products from Apple, Kentico, Microsoft, and Oracle.

One of the security vulnerabilities that CISA lists as actively exploited dates back to 2023 and affects multiple Apple products. The CVE entry does not provide details, but Apple reports that the issue has been corrected through improved boundary checks -- this sounds like a potential buffer overflow that Apple has fixed in tvOS 15.6, watchOS 8.7, iOS and iPadOS 15.6, macOS 12.5, and Safari 15.6 (CVE-2022-48503, CVSS 8.8, risk "high").

Younger vulnerabilities also targeted

In the Kentico Xperience environment, the manufacturer patched critical security vulnerabilities in March of this year that allowed attackers to bypass authentication via the Staging Sync Server (CVE-2025-2746, CVE-2025-2747, CVSS 9.8, risk "critical"). Attackers are now targeting both of these vulnerabilities. The same applies to a vulnerability in Windows SMB, through which authenticated attackers can escalate their privileges over the network -- and which Microsoft already closed with an update in June (CVE-2025-33073, CVSS 8.8, risk "high").

Finally, attacks on the security vulnerability in Oracle E-Business Suite closed with an emergency update last week have now also been observed. It is a Cross-Server-Side-Request-Forgery (SSRF) vulnerability, which, according to Oracle, can be exploited from the network without prior authentication (CVE-2025-61884). CVSS 7.5, risk "high"). It allows access to sensitive information.

IT managers should download and install the available software updates promptly to minimize the attack surface. As usual, CISA does not provide details about the attacks, so there are currently no indicators of compromise (IOCs) available that could be used to detect them.

(dmk)