CISA Warns of Exploited Apple, Kentico, Microsoft Vulnerabilities

CISA Warns of Exploited Apple, Kentico, Microsoft Vulnerabilities

Posted on By CWS

The US cybersecurity company CISA on Monday warned that not too long ago disclosed vulnerabilities in Home windows SMB Consumer and Kentico Xperience CMS have been exploited within the wild.

The Home windows flaw, tracked as CVE-2025-33073 (CVSS rating of 8.8), was patched in June, when Microsoft warned that proof-of-concept (PoC) exploit code focusing on it existed.

Exploitable over the community, the bug is described as an improper entry management subject that might permit authenticated attackers to raise their privileges to System.

“To take advantage of this vulnerability, an attacker may execute a specifically crafted malicious script to coerce the sufferer machine to attach again to the assault system utilizing SMB and authenticate. This might lead to elevation of privilege,” Microsoft’s advisory reads.

On Monday, CISA added the Home windows SMB defect to its Recognized Exploited Vulnerabilities (KEV) listing together with two authentication bypass flaws within the Kentico Xperience CMS.

The Kentico bugs, tracked as CVE-2025-2746 and CVE-2025-2747 (CVSS rating of 9.6), influence the CMS’s Staging Sync Server password dealing with and will permit attackers to regulate administrative objects.

The 2 vulnerabilities, WatchTowr defined in March, may very well be chained with an authenticated distant code execution defect to compromise Xperience CMS deployments.

CISA on Monday additionally warned that CVE-2022-48503 (CVSS rating of 8.8), an arbitrary code execution subject in Apple merchandise, has been abused within the wild.Commercial. Scroll to proceed studying.

Apple patched the safety gap in July 2022 within the JavaScriptCore element of macOS Monterey 12.5, iOS 15.6, iPadOS 15.6, Safari 15.6, tvOS 15.6, and watchOS 8.7.

Kentico resolved the authentication bypass bugs in Xperience variations 13.0.173 and 13.0.178.

Per Binding Operational Directive (BOD) 22-01, now that the issues had been added to the KEV catalog, federal companies have three weeks to establish weak situations of their environments and apply the obtainable fixes.

There don’t seem like any reviews of those bugs’ exploitation previous to CISA’s warning.

Associated: CISA Confirms Exploitation of Newest Oracle EBS Vulnerability

Associated: Over 73,000 WatchGuard Firebox Gadgets Impacted by Current Important Flaw

Associated: Gladinet Patches Exploited CentreStack Vulnerability

Associated: Organizations Warned of Exploited Adobe AEM Varieties Vulnerability

Security Week News Tags:, , , , , ,

Related Posts

French Data Breach Exposes 1.2 Million Bank Accounts French Data Breach Exposes 1.2 Million Bank Accounts Security Week News
Critical Vulnerability Patched in jsPDF Critical Vulnerability Patched in jsPDF Security Week News
Organizations Warned of Exploited Adobe AEM Forms Vulnerability Organizations Warned of Exploited Adobe AEM Forms Vulnerability Security Week News
Cisco SD-WAN Vulnerability Exploitation Grows Rapidly Cisco SD-WAN Vulnerability Exploitation Grows Rapidly Security Week News
Follow Pragmatic Interventions to Keep Agentic AI in Check Follow Pragmatic Interventions to Keep Agentic AI in Check Security Week News
Beyond the Prompt: Building Trustworthy Agent Systems Beyond the Prompt: Building Trustworthy Agent Systems Security Week News