CISA Warns of Exploited Apple, Kentico, Microsoft Vulnerabilities

CISA Warns of Exploited Apple, Kentico, Microsoft Vulnerabilities

Posted on By CWS

The US cybersecurity company CISA on Monday warned that not too long ago disclosed vulnerabilities in Home windows SMB Consumer and Kentico Xperience CMS have been exploited within the wild.

The Home windows flaw, tracked as CVE-2025-33073 (CVSS rating of 8.8), was patched in June, when Microsoft warned that proof-of-concept (PoC) exploit code focusing on it existed.

Exploitable over the community, the bug is described as an improper entry management subject that might permit authenticated attackers to raise their privileges to System.

“To take advantage of this vulnerability, an attacker may execute a specifically crafted malicious script to coerce the sufferer machine to attach again to the assault system utilizing SMB and authenticate. This might lead to elevation of privilege,” Microsoft’s advisory reads.

On Monday, CISA added the Home windows SMB defect to its Recognized Exploited Vulnerabilities (KEV) listing together with two authentication bypass flaws within the Kentico Xperience CMS.

The Kentico bugs, tracked as CVE-2025-2746 and CVE-2025-2747 (CVSS rating of 9.6), influence the CMS’s Staging Sync Server password dealing with and will permit attackers to regulate administrative objects.

The 2 vulnerabilities, WatchTowr defined in March, may very well be chained with an authenticated distant code execution defect to compromise Xperience CMS deployments.

CISA on Monday additionally warned that CVE-2022-48503 (CVSS rating of 8.8), an arbitrary code execution subject in Apple merchandise, has been abused within the wild.Commercial. Scroll to proceed studying.

Apple patched the safety gap in July 2022 within the JavaScriptCore element of macOS Monterey 12.5, iOS 15.6, iPadOS 15.6, Safari 15.6, tvOS 15.6, and watchOS 8.7.

Kentico resolved the authentication bypass bugs in Xperience variations 13.0.173 and 13.0.178.

Per Binding Operational Directive (BOD) 22-01, now that the issues had been added to the KEV catalog, federal companies have three weeks to establish weak situations of their environments and apply the obtainable fixes.

There don’t seem like any reviews of those bugs’ exploitation previous to CISA’s warning.

Associated: CISA Confirms Exploitation of Newest Oracle EBS Vulnerability

Associated: Over 73,000 WatchGuard Firebox Gadgets Impacted by Current Important Flaw

Associated: Gladinet Patches Exploited CentreStack Vulnerability

Associated: Organizations Warned of Exploited Adobe AEM Varieties Vulnerability

Security Week News Tags:, , , , , ,

Related Posts

Apple Updates macOS, iOS to Fix Numerous Security Flaws Apple Updates macOS, iOS to Fix Numerous Security Flaws Security Week News
Censys Secures M to Boost Internet Intelligence Censys Secures $70M to Boost Internet Intelligence Security Week News
SAP’s January 2026 Security Updates Patch Critical Vulnerabilities SAP’s January 2026 Security Updates Patch Critical Vulnerabilities Security Week News
Iranian Man Pleads Guilty to Role in Baltimore Ransomware Attack Iranian Man Pleads Guilty to Role in Baltimore Ransomware Attack Security Week News
CarGurus Data Breach Affects Over 12 Million Users CarGurus Data Breach Affects Over 12 Million Users Security Week News
0,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits $320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits Security Week News