Juniper Networks, VMware, and Zoom have printed a complete of ten safety advisories describing dozens of vulnerabilities patched throughout their product portfolios.
Juniper on Tuesday introduced fixes for practically 90 bugs in third-party dependencies in Safe Analytics, the digital equipment that collects safety occasions from community gadgets, endpoints, and purposes.
Patches for these points, most of which had been disclosed final 12 months, had been included in Safe Analytics model 7.5.0 UP11 IF03. A few of the flaws are dated 2016, 2019, and 2020, and three of them are rated ‘essential severity’.
VMware printed two advisories coping with a high-severity XSS defect within the VMware Aria automation equipment (tracked as CVE-2025-22249) and a medium-severity insecure file dealing with difficulty in VMware Instruments (tracked as CVE-2025-22247).
The primary vulnerability permits an attacker to steal the entry token of a logged-in consumer by convincing the sufferer to click on on a crafted hyperlink, whereas the second allows a risk actor with non-administrative privileges on a visitor VM to switch native information and set off insecure file operations inside the VM.
Zoom on Tuesday launched seven advisories detailing 9 safety defects in Zoom Office Apps throughout desktop and cell platforms.
Essentially the most extreme of the problems is CVE-2025-30663 (CVSS rating of 8.8), a high-severity time-of-check time-of-use race situation that would permit an area, authenticated attacker to raise their privileges.
The remaining eight flaws are medium-severity bugs that permit attackers to raise privileges, trigger denial of service (DoS), or impression utility integrity.Commercial. Scroll to proceed studying.
Whereas Juniper, VMware, and Zoom make no point out of any of those vulnerabilities being exploited within the wild, customers are suggested to use the contemporary patches as quickly as doable.
Associated: Ivanti Patches Two EPMM Zero-Days Exploited to Hack Clients
Associated: SAP Patches One other Exploited NetWeaver Vulnerability
Associated: Adobe Patches Large Batch of Vital-Severity Software program Flaws
Associated: Radware Says Lately Disclosed WAF Bypasses Have been Patched in 2023
