TT-CSIRT – 446.07.08.25 – Privilege Escalation Vulnerability in Microsoft Exchange Hybrid Deployments
Please be advised of a high-severity vulnerability, CVE-2025-53786, affecting Microsoft Exchange hybrid deployments. This vulnerability allows a threat actor with administrative access to an on-premise Exchange server to escalate privileges…
Read MoreTT-CSIRT – 445.06.08.25 – Critical RCE Vulnerabilities in Trend Micro Apex One (On-Premise) Management Console
Please be advised that Trend Micro has identified and issued mitigations for two critical command injection vulnerabilities, CVE-2025-54948 and CVE-2025-54987, affecting the Apex One (On-Premise) Management Console. Both vulnerabilities may allow…
Read MoreTT-CSIRT – 444.05.08.25 – Increased Threat Activity Targeting SSLVPN on Gen 7 SonicWall Firewalls
Please be advised that SonicWall has detected a substantial rise in cyber incidents within the past 4 days concerning Gen 7 SonicWall Firewalls that have SSL VPN activated. An ongoing…
Read MoreTT-CSIRT – 443.30.07.25 – Vulnerabilities found in some Dahua products
Please be advised that Dahua has released a security update to address two critical buffer overflow vulnerabilities CVE-2025-31700 and CVE-2025-31701 reported by the Bitdefender IoT Research Team. Impact Affected Products …
Read MoreTT-CSIRT – 442.20.07.25 – SharePoint Vulnerability
Microsoft has advised of active attacks targeting on-premises SharePoint Server customers, SharePoint Online M365 is not impacted. The attacks are exploiting a variant of CVE-2025-49706 and being assigned CVE-2025-53770 with…
Read MoreTT-CSIRT – 441.10.07.25 – Fortinet Security Advisories – SQL injection in GUI
Please be advised of the critical vulnerability CVE-2025-25257, which affects FortiWeb. This issue stems from improper handling of special characters in SQL commands, leading to a SQL Injection vulnerability (CWE-89).…
Read More