CISA Warns of Exploited Apple, Kentico, Microsoft Vulnerabilities

CISA Warns of Exploited Apple, Kentico, Microsoft Vulnerabilities

Posted on By CWS

The US cybersecurity company CISA on Monday warned that not too long ago disclosed vulnerabilities in Home windows SMB Consumer and Kentico Xperience CMS have been exploited within the wild.

The Home windows flaw, tracked as CVE-2025-33073 (CVSS rating of 8.8), was patched in June, when Microsoft warned that proof-of-concept (PoC) exploit code focusing on it existed.

Exploitable over the community, the bug is described as an improper entry management subject that might permit authenticated attackers to raise their privileges to System.

“To take advantage of this vulnerability, an attacker may execute a specifically crafted malicious script to coerce the sufferer machine to attach again to the assault system utilizing SMB and authenticate. This might lead to elevation of privilege,” Microsoft’s advisory reads.

On Monday, CISA added the Home windows SMB defect to its Recognized Exploited Vulnerabilities (KEV) listing together with two authentication bypass flaws within the Kentico Xperience CMS.

The Kentico bugs, tracked as CVE-2025-2746 and CVE-2025-2747 (CVSS rating of 9.6), influence the CMS’s Staging Sync Server password dealing with and will permit attackers to regulate administrative objects.

The 2 vulnerabilities, WatchTowr defined in March, may very well be chained with an authenticated distant code execution defect to compromise Xperience CMS deployments.

CISA on Monday additionally warned that CVE-2022-48503 (CVSS rating of 8.8), an arbitrary code execution subject in Apple merchandise, has been abused within the wild.Commercial. Scroll to proceed studying.

Apple patched the safety gap in July 2022 within the JavaScriptCore element of macOS Monterey 12.5, iOS 15.6, iPadOS 15.6, Safari 15.6, tvOS 15.6, and watchOS 8.7.

Kentico resolved the authentication bypass bugs in Xperience variations 13.0.173 and 13.0.178.

Per Binding Operational Directive (BOD) 22-01, now that the issues had been added to the KEV catalog, federal companies have three weeks to establish weak situations of their environments and apply the obtainable fixes.

There don’t seem like any reviews of those bugs’ exploitation previous to CISA’s warning.

Associated: CISA Confirms Exploitation of Newest Oracle EBS Vulnerability

Associated: Over 73,000 WatchGuard Firebox Gadgets Impacted by Current Important Flaw

Associated: Gladinet Patches Exploited CentreStack Vulnerability

Associated: Organizations Warned of Exploited Adobe AEM Varieties Vulnerability

Security Week News Tags:, , , , , ,

Related Posts

SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability Security Week News
Bill Aims to Create National Strategy for Quantum Cybersecurity Migration Bill Aims to Create National Strategy for Quantum Cybersecurity Migration Security Week News
Ransomware Attack Forces Kettering Health to Cancel Procedures Ransomware Attack Forces Kettering Health to Cancel Procedures Security Week News
Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks Security Week News
Bipartisan Bill Aims to Block Chinese AI From Federal Agencies Bipartisan Bill Aims to Block Chinese AI From Federal Agencies Security Week News
Czech Government Condemns Chinese Hack on Critical Infrastructure Czech Government Condemns Chinese Hack on Critical Infrastructure Security Week News