The US cybersecurity company CISA on Monday warned that not too long ago disclosed vulnerabilities in Home windows SMB Consumer and Kentico Xperience CMS have been exploited within the wild.
The Home windows flaw, tracked as CVE-2025-33073 (CVSS rating of 8.8), was patched in June, when Microsoft warned that proof-of-concept (PoC) exploit code focusing on it existed.
Exploitable over the community, the bug is described as an improper entry management subject that might permit authenticated attackers to raise their privileges to System.
“To take advantage of this vulnerability, an attacker may execute a specifically crafted malicious script to coerce the sufferer machine to attach again to the assault system utilizing SMB and authenticate. This might lead to elevation of privilege,” Microsoft’s advisory reads.
On Monday, CISA added the Home windows SMB defect to its Recognized Exploited Vulnerabilities (KEV) listing together with two authentication bypass flaws within the Kentico Xperience CMS.
The Kentico bugs, tracked as CVE-2025-2746 and CVE-2025-2747 (CVSS rating of 9.6), influence the CMS’s Staging Sync Server password dealing with and will permit attackers to regulate administrative objects.
The 2 vulnerabilities, WatchTowr defined in March, may very well be chained with an authenticated distant code execution defect to compromise Xperience CMS deployments.
CISA on Monday additionally warned that CVE-2022-48503 (CVSS rating of 8.8), an arbitrary code execution subject in Apple merchandise, has been abused within the wild.Commercial. Scroll to proceed studying.
Apple patched the safety gap in July 2022 within the JavaScriptCore element of macOS Monterey 12.5, iOS 15.6, iPadOS 15.6, Safari 15.6, tvOS 15.6, and watchOS 8.7.
Kentico resolved the authentication bypass bugs in Xperience variations 13.0.173 and 13.0.178.
Per Binding Operational Directive (BOD) 22-01, now that the issues had been added to the KEV catalog, federal companies have three weeks to establish weak situations of their environments and apply the obtainable fixes.
There don’t seem like any reviews of those bugs’ exploitation previous to CISA’s warning.
Associated: CISA Confirms Exploitation of Newest Oracle EBS Vulnerability
Associated: Over 73,000 WatchGuard Firebox Gadgets Impacted by Current Important Flaw
Associated: Gladinet Patches Exploited CentreStack Vulnerability
Associated: Organizations Warned of Exploited Adobe AEM Varieties Vulnerability
