Vulnerabilities Patched by Juniper, VMware and Zoom 

Vulnerabilities Patched by Juniper, VMware and Zoom 

Posted on By CWS

Juniper Networks, VMware, and Zoom have printed a complete of ten safety advisories describing dozens of vulnerabilities patched throughout their product portfolios.

Juniper on Tuesday introduced fixes for practically 90 bugs in third-party dependencies in Safe Analytics, the digital equipment that collects safety occasions from community gadgets, endpoints, and purposes.

Patches for these points, most of which had been disclosed final 12 months, had been included in Safe Analytics model 7.5.0 UP11 IF03. A few of the flaws are dated 2016, 2019, and 2020, and three of them are rated ‘essential severity’.

VMware printed two advisories coping with a high-severity XSS defect within the VMware Aria automation equipment (tracked as CVE-2025-22249) and a medium-severity insecure file dealing with difficulty in VMware Instruments (tracked as CVE-2025-22247).

The primary vulnerability permits an attacker to steal the entry token of a logged-in consumer by convincing the sufferer to click on on a crafted hyperlink, whereas the second allows a risk actor with non-administrative privileges on a visitor VM to switch native information and set off insecure file operations inside the VM.

Zoom on Tuesday launched seven advisories detailing 9 safety defects in Zoom Office Apps throughout desktop and cell platforms.

Essentially the most extreme of the problems is CVE-2025-30663 (CVSS rating of 8.8), a high-severity time-of-check time-of-use race situation that would permit an area, authenticated attacker to raise their privileges.

The remaining eight flaws are medium-severity bugs that permit attackers to raise privileges, trigger denial of service (DoS), or impression utility integrity.Commercial. Scroll to proceed studying.

Whereas Juniper, VMware, and Zoom make no point out of any of those vulnerabilities being exploited within the wild, customers are suggested to use the contemporary patches as quickly as doable.

Associated: Ivanti Patches Two EPMM Zero-Days Exploited to Hack Clients

Associated: SAP Patches One other Exploited NetWeaver Vulnerability

Associated: Adobe Patches Large Batch of Vital-Severity Software program Flaws

Associated: Radware Says Lately Disclosed WAF Bypasses Have been Patched in 2023

Security Week News Tags:, , , ,

Related Posts

Google Enhances Pixel Security with Rust DNS Parser Google Enhances Pixel Security with Rust DNS Parser Security Week News
Boost Security Secures M to Enhance SDLC Defense Boost Security Secures $4M to Enhance SDLC Defense Security Week News
US Organizations Warned of Chinese Malware Used for Long-Term Persistence US Organizations Warned of Chinese Malware Used for Long-Term Persistence Security Week News
Chip Programming Firm Data I/O Hit by Ransomware Chip Programming Firm Data I/O Hit by Ransomware Security Week News
Recently Disrupted DanaBot Leaked Valuable Data for 3 Years Recently Disrupted DanaBot Leaked Valuable Data for 3 Years Security Week News
Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) Security Week News