VulnHub

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious vulnerability, tracked as CVE-2025-59374, found in the Asus Live Update tool. This flaw acts as a backdoor that attackers can exploit, making it a significant concern for anyone using affected Asus devices. The vulnerability stems from a supply chain attack, meaning it was introduced during the software development process rather than through direct hacking. This situation puts users at risk, as the compromised update tool could allow unauthorized access to their systems. Asus users should take this warning seriously and ensure their devices are not vulnerable to exploitation.

A new vulnerability, tracked as CVE-2025-20393, has been discovered in Cisco's Secure Email Gateway and Secure Email and Web Manager appliances. This zero-day flaw is reportedly being exploited by hackers linked to China, posing a significant risk to organizations using these products. The vulnerability allows attackers to bypass security controls, potentially leading to unauthorized access and data breaches. Companies using these Cisco appliances should prioritize patching and monitoring their systems to mitigate the risks associated with this exploit. The discovery of this flaw is particularly concerning given the ongoing cyber threats targeting critical infrastructure and enterprise environments.

SonicWall has issued a hotfix for a local privilege escalation vulnerability, identified as CVE-2025-40602, that affects its Secure Mobile Access (SMA) 1000 appliances. This flaw is currently being exploited by attackers, particularly in combination with another vulnerability, CVE-2025-23006, which allows for unauthenticated remote code execution with root privileges. Organizations using SMA 1000 appliances are at risk, as this could enable unauthorized access and control over their systems. SonicWall is urging all customers to apply the patch promptly to mitigate the risk of exploitation. The situation highlights the ongoing need for vigilance and timely updates in cybersecurity practices.

A ransomware group has taken advantage of a serious vulnerability in React2Shell, identified as CVE-2025-55182, to infiltrate corporate networks. Once they gain access, they deploy their file-encrypting malware in under a minute, making the attack extremely swift and damaging. This incident highlights the urgency for organizations to address this vulnerability, as it poses a significant risk to corporate data security. Companies using systems that incorporate React2Shell need to remain vigilant and take immediate action to protect their networks from potential exploitation. The rapid nature of these attacks underlines the necessity for robust security measures and timely updates.

Researchers at Arctic Wolf have reported that attackers are actively exploiting a vulnerability in Fortinet's FortiGate firewalls, identified as CVE-2025-59718. This flaw allows unauthorized access to the firewalls, enabling attackers to export sensitive system configuration files. These files can reveal critical information about the network, security policies, and even encrypted passwords, which could facilitate further attacks. Organizations using FortiGate firewalls should take immediate action to protect their systems, as the risk of a security breach is significant due to the data that can be accessed through this vulnerability. The situation underscores the importance of timely updates and security measures to safeguard network infrastructure.

Fortinet FortiGate devices are currently under active attack due to two recently disclosed vulnerabilities, CVE-2025-59718 and CVE-2025-59719, which allow for authentication bypass through malicious single sign-on (SSO) logins. Cybersecurity firm Arctic Wolf reported observing these attacks on December 12, 2025, just days after the vulnerabilities were made public. This situation poses significant risks for organizations using FortiGate appliances, as attackers can potentially gain unauthorized access to sensitive systems. Companies using these devices should take immediate action to protect their networks and data from these ongoing intrusions.

Apple has released security updates to address two vulnerabilities in WebKit, identified as CVE-2025-14174 and CVE-2025-43529, which are currently being exploited in the wild. The first vulnerability, CVE-2025-14174, was previously patched by Google for its Chrome desktop browser, but details were limited at that time. This flaw allows for out-of-bounds memory access, potentially enabling attackers to execute arbitrary code. Users of Apple devices, particularly those running Safari or any applications reliant on WebKit, should prioritize updating their systems to safeguard against these vulnerabilities. Ignoring these updates could leave devices exposed to active exploitation.

In December 2025, researchers identified a serious vulnerability in React, designated as CVE-2025-55182, which has led to a surge in attacks on services that use React2Shell. This vulnerability affects numerous applications built with the React framework, making them targets for malicious actors. Attackers are exploiting this flaw to gain unauthorized access to systems, which could lead to data breaches or service disruptions. Organizations utilizing React-enabled services are urged to take immediate action to safeguard their systems. The situation is critical, as the exploitation of this vulnerability poses significant risks to businesses and users globally.

The React team has identified and patched two significant vulnerabilities in React Server Components (RSC) that could lead to denial-of-service (DoS) attacks and exposure of source code. These issues were uncovered by security researchers while they were probing the existing patches for a previously disclosed critical bug (CVE-2025-55182) that had a CVSS score of 10.0, indicating its severity. This situation is concerning as it affects developers using React for building applications, potentially putting sensitive code at risk. The React team emphasizes the importance of applying these patches promptly to maintain application security.

A serious security vulnerability in Gogs, a self-hosted Git service, is currently being exploited, affecting over 700 instances worldwide. This flaw, identified as CVE-2025-8110, has a CVSS score of 8.7 and allows attackers to overwrite files via the file update API. The lack of a patch means that many users are at risk, and researchers from Wiz have highlighted the urgency of addressing this issue. Companies using Gogs should take immediate action to secure their installations and monitor for any signs of compromise. The situation underscores the need for timely updates and vigilance in managing self-hosted services.

Google has addressed a zero-day vulnerability in its Chrome browser that was actively exploited in the wild. This vulnerability, which does not have a CVE identifier, remains shrouded in mystery, as details about its origin and the specific components it affects are unclear. The lack of a CVE means users and security experts have limited information regarding the potential risks involved. However, the fact that it has been exploited means users should update their Chrome browsers promptly to safeguard against potential attacks. Keeping software up to date is crucial in mitigating risks associated with such vulnerabilities.

CVE-2025-55182 is currently being exploited by threat actors, raising concerns about the potential for increased attacks. This vulnerability affects a range of systems, and researchers have noted that their honeypots are already being targeted. In addition to the exploitation, specific malware has been identified as part of these attacks, which could compromise the integrity of affected systems. It’s crucial for organizations to understand the implications of this vulnerability and take proactive measures to protect their infrastructure. Knowing how to defend against this threat is vital as the situation evolves.

On December 2025 Patch Tuesday, a total of 57 Common Vulnerabilities and Exposures (CVEs) were reported, including one critical zero-day vulnerability and two others that have been publicly disclosed. The zero-day is particularly concerning as it is actively exploited, meaning attackers may already be using it to compromise systems. Users and organizations running affected software should prioritize applying the latest patches to mitigate these risks. The vulnerabilities impact various products and systems, highlighting the ongoing need for vigilance in cybersecurity practices. Keeping software updated is essential to defend against potential exploitation.