What Happened Over the Week? | CVEs Edition

Here you are.

Welcome to your most readable and elucidator newsletter page, B'News, the Biweekly Cybersecurity Newsletter from the Brandefense Team.

In our newsletter episodes, you will find significant security news, some findings from the dark web, blogs, details of apt groups, and more and more...

So, Let's Begin!

1) SonicWall Urges Immediate Patching as SMA 100 Series Flaws Face Active Exploitation

SonicWall has confirmed that cyber attackers are actively exploiting two security flaws in its SMA 100 Series devices. These flaws could allow hackers to gain unauthorized access and control over affected systems. Users are strongly advised to update their devices immediately to prevent potential breaches.

SonicWall released an advisory on April 29, 2025.

CVE-2023-44221: OS Command Injection Vulnerability

• CVSS Score: 7.2
• Exploitation Status: Confirmed active exploitation in the wild.

Affected Versions:

• SMA 100 Series (Models: 200, 210, 400, 410, 500v)
• Firmware versions 10.2.1.9-57sv and earlier

Fixed Version:

• Firmware 10.2.1.10-62sv and above

CVE-2024-38475: Path Traversal Vulnerability in Apache mod_rewrite

• CVSS Score: 9.8
• Exploitation Status: Actively exploited using specific techniques.

Affected Versions:

• SMA 100 Series (Models: 200, 210, 400, 410, 500v)
• Firmware versions 10.2.1.13-72sv and earlier

Fixed Version:

• Firmware 10.2.1.14-75sv and above

2) CVE-2024-10442: Critical Zero-Click RCE in Synology DiskStation - Public Exploit Available

A serious security flaw has been discovered in Synology's DiskStation NAS device, allowing hackers on the same network to take full control without any user interaction. A working example of the attack has already been published, so immediate updates are necessary.

A zero-click remote code execution (RCE) vulnerability, identified as CVE-2024-10442 and rated CVSS 10, has been disclosed in Synology DiskStation DS1823xs+.

Affected Products:

• Synology DiskStation DS1823xs+
• DiskStation Manager (DSM) and related Replication Services across multiple versions:

1. DSMUC 3.1DSM 7.2 Replication Service
2. DSM 7.1 Replication Service
3. DSM 6.2 Replication Service

Security Mitigations and Patch Guidance:

Synology has released patches for all supported platforms:

• DSMUC 3.1: Update to 3.1.4-23079 or later
• DSM 7.2 Replication Service: Update to 1.3.0-0423 or later
• DSM 7.1 Replication Service: Update to 1.2.2-0353 or later
• DSM 6.2 Replication Service: Update to 1.0.12-0066 or later

3) CVE-2025-29906: Critical Authentication Bypass Discovered in Finit Init System

A vulnerability in a core component of some Linux systems, particularly those used in embedded devices, allows users to log in without a password. This security gap could let unauthorized individuals gain access to sensitive systems if physical access is available.

Severity: High (CVSS 8.6)

Affected Products:

• Finit versions from v3.0-rc1 to versions prior to v4.11

4) CVE-2025-32444: Critical Remote Code Execution Flaw in vLLM Mooncake Integration

A severe security flaw has been found in vLLM, a widely used tool for running large AI models. This bug, found in the "Mooncake" feature, could let hackers remotely run malicious code on vulnerable systems. A fix is available, and users are strongly urged to update immediately.

Severity: Critical (CVSS 10.0)

Affected Products:

• vLLM (versions >= 0.6.5) with Mooncake integration enabled

5) SAP NetWeaver Zero-Day Actively Exploited

A severe flaw in SAP's NetWeaver platform is being actively exploited by hackers to take full control of systems. U.S. cybersecurity authorities have flagged this issue as urgent, and organizations using SAP are strongly advised to update immediately to prevent breaches.

SAP has released emergency patches to fix the vulnerability.

Overview:

• The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-31324 to its Known Exploited Vulnerabilities (KEV) Catalog.
• The flaw affects SAP NetWeaver's Visual Composer Metadata Uploader component.
• It allows unauthenticated attackers to upload and execute malicious files remotely.
• Assigned the highest severity rating: CVSS score of 10.0.

Affected Products:

• SAP NetWeaver (Visual Composer component)

Indicators of Compromise (IoCs):

• Endpoint: /developmentserver/metadatauploader

6) Rancher Patches Critical Privilege Escalation Flaw

Security researchers have identified and Rancher has patched a privilege escalation vulnerability, tracked as CVE-2024-22031, affecting several versions of the Rancher platform. With a CVSS score of 8.6, this flaw enables a user to exploit namespace collisions and gain unintended access to resources in other clusters.

Affected Products

• Rancher v2.11.0 and earlier
• Rancher v2.10.4 and earlier
• Rancher v2.9.8 and earlier

Fixed Versions

• v2.11.1
• v2.10.5
• v2.9.9

7) Critical Zero-Click Wormable Vulnerabilities Found in Apple AirPlay Protocol

Security researchers have identified a serious set of vulnerabilities—called "AirBorne"—in Apple’s AirPlay technology that allows hackers to take control of devices like iPhones, MacBooks, and smart TVs without any user action. These flaws can spread malware across nearby devices automatically, making the threat extremely dangerous for both personal and enterprise environments.

 Critical CVEs Highlighted:

• CVE-2025-24252 and CVE-2025-24132: Enable zero-click wormable RCE, allowing automatic malware propagation.
• CVE-2025-24270: Allows local arbitrary file read.

Affected Products:

• Apple Devices:

1. MacBooks
2. iPhones
3. Apple TVs
4. CarPlay systems

• Third-Party Products:

1. AirPlay-enabled smart TVs
2. Speakers
3. Automotive infotainment systems

8) Chrome 136 and Firefox 138 Address High-Severity Security Vulnerabilities

Security researchers have identified and reported multiple vulnerabilities in the latest versions of Chrome (136) and Firefox (138). Both browsers have now been updated to address these flaws, some of which could have allowed attackers to execute malicious code or bypass security protections.

Affected Products:

• Google Chrome 136 (Windows, macOS, Linux)
• Mozilla Firefox 138
• Firefox ESR
• Thunderbird 138
• Thunderbird ESR