Between 25^th and 31^st August 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 25.04

Review the Ubuntu Security Notices and apply the necessary updates.

Between 25^th and 31^st August 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms

Review the Red Hat Security Advisory and apply the necessary updates.

On 1^st September 2025, Qualcomm published a security bulletin to address vulnerabilities affecting Qualcomm products.

Review the Qualcomm Security Bulletin and apply the necessary updates.

Between 25^h and 31^st August 2025, IBM published security advisories to address vulnerabilities in multiple products.

Review the IBM Security Advisory and apply the necessary updates.

Between 25^th and 31^st August 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Avamar Data Store Ge5A - versions prior to 2.24.0
• Dell Avamar Data Store Ge5A - versions prior to 7.00.00.181
• Dell ObjectScale - versions prior to 4.1.0.0
• Dell Networking Products - multiple models and versions
• Dell NetWorker Runtime Environment (NRE) - versions prior to 17.0.2
• Dell Private Cloud VMWare - versions prior to 01.01.00.00

Review the provided Dell Security Advisory and apply the necessary updates.

On 29^th August, WhatsApp published security advisories to address vulnerabilities in multiple products.

• WhatsApp for IoS - versions prior to v2.25.21.73
• WhatsApp Business for IoS - versions prior to v2.25.21.78
• WhatsApp for MAC - versions prior to v2.25.21.78

Review the provided WhatsApp Security Advisories and apply the necessary updates.

On 28^th August 2025, WhatsApp published security advisories to address vulnerabilities in multiple products.

• Vault Community - versions 1.15.0 to 1.20.2, 1.19.8, 1.18.13 and 1.16.24
• Vault Enterprise - versions 1.15.0 to 1.20.2, 1.19.8, 1.18.13 and 1.16.24

Review HashiCorp Security Advisory and apply the necessary updates.

On 28^th August 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 139.0.3405.125.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

On 27^th August 2025, GitLab published a security advisory to address vulnerabilities in the following products:

• GitLab Community Edition (CE) - versions prior to 18.3.1, 18.2.5 and 18.1.5
• GitLab Enterprise Edition (EE) - versions prior to 18.3.1, 18.2.5 and 18.1.5

Review the following advisories and apply the necessary updates: 

• GitLab Patch Release: 18.3.1, 18.2.5, 18.1.5
• GitLab Releases

On 27^th August 2025, Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco UCS 6300 Series Fabric Interconnects
• Cisco Catalyst 8300 Series Edge uCPE
• Cisco UCS Manager Software
• Cisco UCS B-Series Blade Servers
• Cisco UCS C-Series M6, M7, and M8 Rack Servers
• Cisco UCS E-Series Servers M6
• Cisco UCS X-Series Modular System
• Cisco MDS 9000 Series Multilayer Switches
• Cisco Nexus 1000 Virtual Edge for VMware vSphere
• Cisco Nexus 3000 Series Switches
• Cisco Nexus 5500 Platform Switches
• Cisco Nexus 5600 Platform Switches
• Cisco Nexus 6000 Series Switches
• Cisco Nexus 7000 Series Switches
• Cisco Nexus 9000 Series Fabric Switches in ACI mode
• Cisco Nexus 9000 Series Switches in standalone NX-OS mode
• Cisco UCS 6400 Series Fabric Interconnects
• Cisco UCS 6500 Series Fabric Interconnects
• Cisco UCS X-Series Direct Fabric Interconnect 9108 100G
• Cisco Nexus Dashboard 3.2 and earlier
• Cisco Nexus Dashboard 4.1
• Cisco Nexus Dashboard Fabric Controller (NDFC)

Review the Cisco Security Advisory and apply the necessary updates.

On 27th August 2025, Drupal published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following: API Key Manager – all versions Authenticator Login – versions prior to 2.1.8 Facets – versions prior to 2.0.10, version 3.0.0 to versions prior to 3.0.1 Owl Carousel 2 – all versions Protected Pages – version 1.8.0 Synchronize composer.json with Contrib Modules – all versions Review the provided Drupal Security Advisory and apply the necessary updates.

On 20^th August 2025, Docker published security updates to address a vulnerability affecting Docker Desktop - versions prior to 4.44.3.

Review the Docker security bulletins and apply the necessary updates.

On 25^th August 2025, HPE published a security advisory to address vulnerabilities in HP-UX 11i v3 PAM RADIUS - versions prior to A.03.00.00.

Review the following HPE Security Advisory and apply the necessary updates:

• HPESBUX04931 rev.1 - HP-UX PAM RADIUS, Multiple Vulnerabilities
• HPE Security Bulletin Library

On 25^th August, 2025, TeamViewer published security updates to address vulnerabilities in the following products:

• TeamViewer Remote Full Client (Windows) - versions prior to 15.69
• TeamViewer Remote Host (Windows) - versions prior to 15.69

Review the following TeamViewer Security Advisory and apply the necessary updates:

• Arbitrary File Creation via Symbolic Link Leading to Denial-of-Service - TV-2025-1003
• TeamViewer Trust Center

On 26^th August 2025, Citrix published security advisories to address vulnerabilities in the following products:

• NetScaler ADC and NetScaler Gateway 14.1 - versions prior to 1-47.48
• NetScaler ADC and NetScaler Gateway 13.1 - versions prior to1-59.22
• NetScaler ADC 13.1-FIPS and NDcPP - versions prior to1-37.241-FIPS and NDcPP
• NetScaler ADC 12.1-FIPS and NDcPP - versions prior to1-55.330-FIPS and NDcPP

Review the following advisories and apply the necessary updates:

• Citrix Security Advisory - CTX694938
• Citrix Security Advisories

On 26^th August 2025, HPE published a security advisory to address vulnerabilities in HPE Compute Scale-up Server 3200 - versions prior to v1.60.88.

Review the following HPE Security Advisory and apply the necessary updates:

• HPESBHF04911 rev.1 - HPE Compute Scale-up Server 3200 Platform Servers using Certain Intel Processors, INTEL-SA-01313, 2025.3 IPU, Intel Xeon Processor Firmware Advisory, Multiple Vulnerabilities
• HPE Security Bulletin Library

On 26^th August 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop versions prior to 139.0.7258.154.155 (Windows/Mac) and 139.0.7258.154 (Linux).

Review the Google security bulletins and apply the necessary updates.

On 26th August 2025, Citrix published security advisories to address vulnerabilities in the following products: NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.48 NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.22 NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.241-FIPS and NDcPP NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.330-FIPS and NDcPP Review the Citrix security advisory and apply necessary updates.

Between 18^th and 24^th August 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell RecoverPoint for Virtual Machines (Debian) - versions prior to 6.0.SP3
• Dell RecoverPoint for Virtual Machines (Linux) - versions prior to 6.0.SP3
• Dell VxRail Appliance - versions 8.0.000 to 8.0.361
• Dell iDRAC Service Module - versions prior to 6.0.3.0

Review the following advisories and apply the necessary updates: 

• DSA-2025-311: Security Update for Dell iDRAC Service Module Vulnerabilities
• DSA-2025-317: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities
• DSA-2025-308: Security Update for Dell RecoverPoint for Virtual Machines Multiple Third-Party Component Vulnerabilities
• Dell Security advisories and notices

Between 18^th and 24^th August 2025, IBM published security advisories to address vulnerabilities in multiple products.

Review the IBM Security Advisory and apply the necessary updates.

Between 18^th and 24^th August 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms

Review the Red Hat Security Advisory and apply the necessary updates.

Between 18^th and 24^th August 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 25.04

Review the Ubuntu Security Notices and apply the necessary updates.

On 21^st August 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 139.0.3405.111.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

On 19^th August 2025, Commvault published security advisories to address vulnerabilities in the following products:

• Commvault - versions 11.32.0 to 11.32.101
• Commvault - versions 11.36.0 to 11.36.59

Review the following advisories and apply the necessary updates:

• CV_2025_08_1: Argument Injection Vulnerability in CommServe
• CV_2025_08_2: Path Traversal Vulnerability
• CV_2025_08_3: Unauthorized API Access Risk
• CV_2025_08_4: Vulnerability in Initial Administrator Login Process
• Commvault Cloud Security Advisories

On 19^th August 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop versions prior to 139.0.7258.138/.139 (Windows/Mac) and 139.0.7258.138  (Linux).

Review the Google security bulletins and apply the necessary updates.

On 20^th August 2025, Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco Duo Authentication Proxy - version 5.8.2 and prior and version 6.5.1 and prior
• Cisco Evolved Programmable Network Manager (EPNM) - version 7.1 and prior, versions 8.0 and 8.1
• Cisco Prime Infrastructure - version 3.9 and prior and version 3.10
• Cisco Identity Services Engine (ISE) - version 3.1 and prior, versions 3.2 and 3.3

Review the following Cisco Security Advisory and apply the necessary updates

• Cisco Duo Authentication Proxy Information Disclosure Vulnerability
• Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Sensitive Information Disclosure Vulnerability
• Cisco Identity Services Engine Arbitrary File Upload Vulnerability
• Cisco Security Advisories

On 20^th July 2025, Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS - versions prior to 18.6.2
• iPadOS - versions prior to 17.7.10
• macOS Sequoia - versions prior to 15.6.1
• macOS Sonoma - versions prior to 14.7.8
• macOS Ventura - versions prior to 13.7.8

Review the provided Apple Security Advisory and apply the necessary updates.

On 19^th August 2025, Mozilla published security advisories to address vulnerabilities in the following products:

• Focus for iOS - versions prior to 142
• Firefox for iOS - versions prior to 142
• Firefox ESR - versions prior to 140.2
• Firefox ESR - versions prior to 128.14
• Firefox ESR - versions prior to 115.27
• Firefox - versions prior to 142

Review the Mozilla security bulletins and apply the necessary updates.

Between 11^th to 17^th August 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell APEX Cloud Platform for Microsoft Azure - versions prior to 01.05.01.01
• Dell CloudLink - versions 8.0 to 8.1.1
• Dell Data Lakehouse - versions prior to 1.5.0.0
• Dell EMC XC Core XC7525 - version prior to 2.20.0
• Dell Intel E810 Adapters and Intel E823 LOM - versions prior to 24.0.0
• Dell Intel I350 and X550 Adapters - versions prior to 24.0.0
• Dell Intel X710, XXV710, and XL710 Adapters - versions prior to 24.0.0
• Dell OpenManage Enterprise - versions 3.10, 4.0, 4.1 and 4.2
• Dell PowerEdge R770, R670, R570, R470 - version prior to 1.3.2
• Dell PowerEdge Servers - multiple versions and models
• Dell PowerEdge T40 - versions prior to 1.19.0
• Dell PowerEdge XE7740 - versions prior to 1.2.2
• Dell PowerProtect DM5500 - versions prior to 5.19.1.0
• Dell SupportAssist for Business PCs - version 4.5.3 and prior
• Dell SupportAssist for Home PCs - version 4.8.2.29006 and prior
• Dell XC Core XC660, XC760, XC660xs, XC760xa - versions prior to 2.5.4
• Dell XC Core XC7625 - versions prior to 1.13.1

Review the provided Dell Security Advisory and apply the necessary updates.

Between 11^th and 17^th August 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 16.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 22.04 LTS

Review the following N-able Security Advisory and apply the necessary updates:

• USN-7685-5: Linux kernel (Oracle) vulnerabilities
• USN-7682-5: Linux kernel vulnerabilities
• USN-7681-3: Linux kernel (Oracle) vulnerability
• Ubuntu Security Notices

Between 11^th and 17^th August 2025, IBM published security advisories to address vulnerabilities in multiple products.

Review the IBM Security Advisory and apply the necessary updates.

Between 11^th and 17^th August 2025, IBM published security advisories to address vulnerabilities in multiple products.

Review the IBM Security Advisory and apply the necessary updates.

On 15^th August 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 139.0.3405.102.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Between 11^th and 17^th August 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms

Review the following Red Hat Security Advisory and apply the necessary updates.

On 13^th August 2025, Apache published a security advisory to address vulnerabilities in the following products:

·       Apache Tomcat 11.0.0-M1 to 11.0.7

·       Apache Tomcat 10.1.0-M1 to 10.1.41

·       Apache Tomcat 9.0.0.M1 to 9.0.105

·       Older, EOL versions may also be affected

Review the following advisories and apply the necessary updates:

• [SECURITY] CVE-2025-55668 Apache Tomcat - Session fixation via rewrite valve
• Fixed in Apache Tomcat 11.0.8
• Fixed in Apache Tomcat 10.1.42
• Fixed in Apache Tomcat 9.0.106

On 12^th August 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop versions prior to 139.0.7258.127/128 (Windows/Mac) and 139.0.7258.127 (Linux).

Review the Google security bulletins and apply the necessary updates.

On 14^th August 2025, VMware published security advisories to address vulnerabilities in the following products:

• VMware Tanzu for Valkey - version 7.2.9
• VMware Tanzu for Valkey - version 8.0.3
• VMware Tanzu for Valkey - version 8.1.2
• VMware Tanzu for Valkey on Kubernetes - version 2.1.0

Review the following advisories and apply the necessary updates:

• Product Release Advisory - VMware Tanzu for Valkey 7.2.10
• Product Release Advisory - VMware Tanzu for Valkey 8.0.4
• Product Release Advisory - VMware Tanzu for Valkey 8.1.3
• Product Release Advisory - VMware Tanzu for Valkey on Kubernetes 3.0.0
• Security Advisories - VMware Cloud Foundation

On 13^th August 2025, GitLab published a security advisory to address vulnerabilities in the following products:

• GitLab Community Edition (CE) - versions prior to 18.2.2, 18.1.4 and 18.0.6
• GitLab Enterprise Edition (EE) - versions prior to 18.2.2, 18.1.4 and 18.0.6

Review the following advisories and apply the necessary updates: 

• GitLab Patch Release: 18.2.2, 18.1.4, 18.0.6
• GitLab Releases

Between 6^th and 13^th August 2025, HPE published security advisories to address vulnerabilities in multiple products..

Review the HPE security bulletins and apply the necessary updates.

On 13^th August 2025, F5 published Quarterly Security Notifications for multiple products. Included were updates for the following:

• APM Clients - version 7.2.5
• BIG-IP (APM) - versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.5 and versions 15.1.0 to 15.1.10
• BIG-IP (APM) - versions 17.5.0 to 17.5.1, versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.6 and versions 15.1.0 to 15.1.10
• BIG-IP (all modules) - versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.5 and versions 15.1.0 to 15.1.10
• BIG-IP (all modules) - versions 17.5.0 to 17.5.1, versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.6 and versions 15.1.0 to 15.1.10
• BIG-IP Next (all modules) – versions 20.3.0
• BIG-IP Next CNF - versions 2.0.0 to 2.0.2 and versions 1.1.0 to 1.4.1
• BIG-IP Next SPK - versions 2.0.0 to 2.0.2 and versions 1.7.0 to 1.9.2
• BIG-IP Next for Kubernetes - version 2.0.0
• F5 Access for Android - versions 3.1.0 to 3.1.1
• F5 Silverline in HTTP/2 enabled proxy servers (all services)
• NGINX Open Source - versions 0.7.22 to 1.29.0
• NGINX Plus - versions R30 to R34

Review the F5 Quarterly Security Notification (August 2025) and apply the necessary updates.

On 13^th August 2025, Foxit published security advisories to address vulnerabilities in the following products:

• Foxit PDF Editor (Windows) - multiple versions
• Foxit PDF Editor for Mac - multiple versions
• Foxit PDF Reader (Windows) - version 2025.1.0.27937 and prior
• Foxit PDF Reader for Mac - version 2025.1.0.66692 and prior

Review the Foxit Security Bulletins and apply the necessary updates

On 12^th August 2025, Intel published security advisories to address vulnerabilities in multiple products.

Review the provided Intel Security Advisories and perform the suggested mitigations.

On 12^th August 2025, SolarWinds published a security advisory to address vulnerabilities in the SolarWinds Database Performance Analyzer - version 2025.2 and prior.

Review the following SolarWinds Security Advisory and apply the necessary updates.

• SolarWinds Database Performance Analyzer Hard-coded Cryptographic Key Vulnerability (CVE-2025-26398)
• SolarWinds Security Vulnerabilities

On 13^th August 2025, Drupal published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Authenticator Login (Alogin) - versions prior to 2.1.4
• Layout Builder Advanced Permissions - version 2.2.0

Review the following advisories and apply the necessary updates: 

• Authenticator Login - Highly critical - Access bypass - SA-CONTRIB-2025-096
• Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097
• Drupal Security Advisories

On 13^th August 2025, Palo Alto Networks published security advisories to address vulnerabilities in multiple versions of PAN-OS. Included were updates for the following:

• Checkov by Prisma Cloud 3.2.0 - versions prior to 3.2.449
• Cortex XDR Broker VM 28.0.0 - versions prior to 28.0.52
• GlobalProtect App 6.3 Linux - versions prior to 6.3.3
• GlobalProtect App 6.3 Windows - versions prior to 6.3.3-h2 (6.3.3-c676)
• GlobalProtect App 6.2 Linux - all versions
• GlobalProtect App 6.2 Windows - versions prior to 6.2.8-h3 (6.2.8-c263)
• GlobalProtect App 6.1 Linux/Windows - all versions
• GlobalProtect App 6.0 Linux/Windows - all versions
• PAN-OS 11.2 (On PA-7500) - versions prior to 11.2.8
• PAN-OS 11.1 (On PA-7500) - versions prior to 11.1.10
• Prisma Access Browser - versions prior to 138.69.4.184

Review the Palo Alto Networks Security Advisory and apply the necessary updates. 

On 12^th August 2025, ServiceNow published security advisories to address vulnerabilities in multiple versions of the following products:

• ServiceNow Washington - multiple versions
• ServiceNow Xanadu - multiple versions
• ServiceNow Yokohama - multiple versions
• ServiceNow Zurich - multiple versions

Review the following advisories and apply the necessary updates:

• CVE-2025-3089 - Broken Access Control in ServiceNow AI Platform
• ServiceNow security advisories

On 14^th August 2025, N-able published a security advisory to address vulnerabilities in N-central - versions prior to 2025.3.1.

Review the following N-able Security Advisory and apply the necessary updates.

• Announcing the GA of N-central 2025.3.1
• N-able Status

On 12^th August 2025, Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Microsoft Exchange Server
• SQL Server
• Role: Windows Hyper-V
• Azure Virtual Machines
• Microsoft Office SharePoint
• Microsoft Edge for Android
• Microsoft Graphics Component
• Microsoft Dynamics 365 (on-premises)
• Windows Routing and Remote Access Service (RRAS)
• Windows Kernel
• Windows Ancillary Function Driver for WinSock
• Desktop Windows Manager
• Windows File Explorer
• Windows Push Notifications
• Windows NTFS
• Remote Access Point-to-Point Protocol (PPP) EAP-TLS
• Windows Win32K - GRFX
• Windows Distributed Transaction Coordinator
• Windows Win32K - ICOMP
• Windows SMB
• Windows Cloud Files Mini Filter Driver
• Remote Desktop Server
• Windows DirectX
• Windows Installer
• Graphics Kernel
• Windows Message Queuing
• Windows Media
• Windows PrintWorkflowUserSvc
• Windows NT OS Kernel
• Kernel Transaction Manager
• Microsoft Brokering File System
• Kernel Streaming WOW Thunk Service Driver
• Storage Port Driver
• Windows Local Security Authority Subsystem Service (LSASS)
• Windows Connected Devices Platform Service
• Windows Remote Desktop Services
• Azure File Sync
• Microsoft Office Visio
• Microsoft Office
• Microsoft Office Word
• Microsoft Office Excel
• Microsoft Office PowerPoint
• Azure Stack
• Windows GDI+
• Azure OpenAI
• Windows Security App
• Web Deploy
• GitHub Copilot and Visual Studio
• Microsoft 365 Copilot's Business Chat
• Windows NTLM
• Windows Kerberos
• Microsoft Teams
• Windows Subsystem for Linux
• Windows StateRepository API
• Azure Portal

Review the Microsoft Security Updates and apply the necessary updates (Security Update Guide).

On 12^th August 2025, Ivanti published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Ivanti Virtual Application Delivery Controller (vADC) - version 22.8R2 and prior
• Ivanti Connect Secure (ICS) - version 22.7R2.7 and prior
• Ivanti Policy Secure (IPS) - version 22.7R1.4 and prior
• Ivanti ZTA Gateway - version 22.8R2.2
• Ivanti Neurons for Secure Access - version 22.8R1.3 and prior

Review the following advisories and apply the necessary updates: 

• August Security Advisory Ivanti Virtual Application Delivery Controller (vADC previously vTM) (CVE-2025-8310)
• August Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (Multiple CVEs)
• Ivanti Security Advisories

On 12^th August 2025, Adobe published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Adobe Animate 2023 - version 23.0.12 and prior
• Adobe Animate 2024 - version 24.0.9 and prior
• Adobe Commerce B2B - multiple versions
• Adobe Commerce - multiple versions
• Adobe Dimension - version 4.1.3 and prior
• Adobe FrameMaker - version FrameMaker 2020 Update 8 and prior
• Adobe FrameMaker - version FrameMaker 2022 Update 6 and prior
• Adobe Illustrator 2024 - version 28.7.8 and prior
• Adobe Illustrator 2025 - version 29.6.1 and prior
• Adobe InCopy - version 20.4 and prior
• Adobe InCopy - version 19.5.4 and prior
• Adobe InDesign - version ID19.5.4 and prior
• Adobe InDesign - version ID20.4 and prior
• Adobe Magento Open Source - multiple versions
• Adobe Photoshop 2024 - version 25.12.3 and prior
• Adobe Photoshop 2025 - version 26.8 and prior
• Adobe Substance 3D Modeler - version 1.22.0 and prior
• Adobe Substance 3D Painter - version 11.0.2 and prior
• Adobe Substance 3D Sampler - version 5.0.3 and prior
• Adobe Substance 3D Stager - version 3.1.3 and prior
• Adobe Substance 3D Viewer - version 0.25 and prior

Review the Adobe Security Advisories and apply the necessary updates.

On 12^th August 2025, Fortinet published security advisories to address vulnerabilities in multiple products.

Review the following advisories and apply the necessary updates: 

• Remote unauthenticated command injection in FortiSIEM
• Fortinet PSIRT Advisories

On 12^th August 2025, SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• SAP S/4HANA (Private Cloud or On-Premise) - versions S4CORE 102, 103, 104, 105, 106, 107 and 108
• SAP Landscape Transformation (Analysis Platform) - versions DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731 and 2011_1_752, 2020
• SAP Business One (SLD) - versions B1_ON_HANA 10.0 and SAP-M-BO 10.0
• SAP S/4HANA (Bank Communication Management) - versions SAP_APPL 606, SAP_FIN 617, 618, 720, 730, S4CORE 102, 103, 104, 105, 106, 107 and 108
• SAP NetWeaver Application Server for ABAP - multiple versions and platforms
• SAP NetWeaver ABAP Platform - versions S4CRM 100, 200, 204, 205, 206, S4CEXT 107, 108, 109, BBPCRM 713 and 714
• SAP NetWeaver Enterprise Portal (OBN component) - version EP-RUNTIME 7.50
• ABAP Platform - versions SAP_BASIS 758, SAP_BASIS 816 and SAP_BASIS 916
• SAP GUI for Windows - version BC-FES-GUI 8.00
• SAP S/4HANA (Supplier invoice) - versions S4CORE 102, 103, 104, 105, 106, 107, 108 and 109
• SAP NetWeaver - versions SAP_ABA 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H and 75I
• SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Manager) - versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.14, 9.15 and 9.16
• SAP Cloud Connector - version SAP_CLOUD_CONNECTOR 2.0
• SAP Fiori (Launchpad) - version SAP_UI 754

Review the SAP Security Patch Day - August 2025 and apply the necessary updates.

Between 4^th to 10^th August 2025, IBM published security advisories to address vulnerabilities in multiple products.

Review the IBM Security Advisory and apply the necessary updates.

Between 4^th to 10^th August 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Networking OS10 - versions prior to 10.5.6.10
• Dell SupportAssist OS Recovery - versions prior to 5.5.14.0
• PowerScale OneFS - version 9.11.0.0
• PowerScale OneFS - versions 9.5.0.0 to 9.10.1.2

Review the following advisories and apply the necessary updates: 

• DSA-2025-283: Security Update for Dell Networking OS10 Vulnerabilities
• DSA-2025-315: Security Update for Dell SupportAssist OS Recovery for Multiple Vulnerabilities
• DSA-2025-272: Security Update for Dell PowerScale OneFS Multiple Third-Party Component Vulnerabilities
• Dell Security advisories and notices

Between 4^th to 10^th August 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

Review the Ubuntu Security Notices and apply the necessary updates.

Between 4^th to 10^th August 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms

Review the following Red Hat Security Advisory and apply the necessary updates.

30^th July 2025, WinRAR published security advisories to address vulnerabilities in WinRAR - versions prior to 7.13.

Review the WinRaR Security Advisory and apply the necessary updates.

On 7^th August 2025, Juniper Networks published security advisories to address vulnerabilities in Juniper Secure Analytics (JSA) - versions 7.5.0 to versions prior to 7.5.0 UP12 IF03.

Review the Juniper Networks Security Advisories and apply the necessary updates.

On 7^th August 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 139.0.3405.86.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

On 6th August 2025, Microsoft published a security update to address vulnerabilities in the following products.

• Exchange Server 2016 CU23 - (KB5050674)
• Exchange Server 2019 CU14 - (KB5050673)
• Exchange Server 2019 CU15 - (KB5050672)
• Exchange Server Subscription Edition RTM - (KB5047155)

1. If using Exchange hybrid, review Microsoft's guidance, Exchange Server Security Changes for Hybrid Deployments, to determine if your Microsoft hybrid deployments are potentially affected and available for a Cumulative Update (CU).
2. Install Microsoft's April 2025 Exchange Server Hotfix Updates on the on-premise Exchange server and follow Microsoft's configuration instructions. Deploy a dedicated Exchange hybrid app.
3. Exchange hybrid (or have previously configured Exchange hybrid but no longer use it), review Microsoft's Service Principal Clean-Up Mode for guidance on resetting the service principal's keyCredentials.
4. Upon completion, run the Microsoft Exchange Health Checker to determine if further steps are required.

On 5^th August 2025, Adobe published a security bulletin to address vulnerabilities in Adobe Experience Manager (AEM) Forms on JEE - version 6.5.23.0 and prior.

Review the Security updates available for Adobe Experience Manager Forms | APSB25-82 and apply the necessary updates.

On 5^th August 2025, HPE published a security advisory to address vulnerabilities in the following products:

• HPE Brocade SANnav Management Portal - version prior to 2.4.0a
• Brocade Fabric OS - versions 9.1.0 to 9.2.2

Review the following HPE Security Advisory and apply the necessary updates:

• HPESBST04890 rev.2 - HPE SANnav Management Portal and Fabric OS, Multiple Vulnerabilities
• HPE Security Bulletin Library

On 5^th August 2025, Trend Micro published security advisories to address vulnerabilities in Trend Micro Apex One (on-prem) Management Server - version 14039 and prior.

Review the following Trend Micro Security Advisory and apply the necessary updates

• Trend Micro Apex One™ (On-Premise) Management Console Command Injection RCE Vulnerabilities
• Trend Micro Business Success Vulnerability Response

On 6th August 2025, BDNCIRT issued an alert on a phishing campaign on the Cyber Space of Bangladesh.

Review the phishing campaign on the Cyber Space of Bangladesh and take the necessary action. 

On 6^th August 2025, Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco Identity Services Engine (ISE) - versions prior to 3.0, versions 3.1, 3.2 and 3.3
• Cisco ISE Passive Identity Connector (ISE-PIC) - versions prior to 3.0, versions 3.1, 3.2 and 3.3

Review the following Cisco Security Advisory and apply the necessary updates

• Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities
• Cisco Security Advisories

On 6^th August 2025, Splunk published a security update to address vulnerabilities in the following products.

• Splunk AppDynamics On-Premises Enterprise Console - versions prior to 25.4.0
• Splunk AppDynamics Cluster Agent - versions prior to 25.6.0

Review the following Splunk Security Advisory and apply the necessary updates:

• Third-Party Package Updates in Splunk AppDynamics On-Premises Enterprise Console - August 2025
• Third-Party Package Updates in Splunk AppDynamics Cluster Agent - August 2025

On 1^st August 2025, HPE published a security advisory to address vulnerabilities in the following products:

• HPE Private Cloud AI - versions prior to v1.5
• HPE Telco IP Mediation - versions prior to 8.5.1-0B
• HPE Telco Service Orchestrator - versions prior to v5.3.4

Review the following HPE Security Advisory and apply the necessary updates:

• HPESBGN04904 rev.1 - HPE Private Cloud AI, Multiple Vulnerabilities
• HPESBNW04906 rev.1 - HPE Telco IP Mediation, Multiple Vulnerabilities
• HPESBNW04907 rev.1 - HPE Telco Service Orchestrator Software, Remote Command Execution Vulnerability
• HPE Security Bulletin Library

Between 28^th July and 3^rd August 2025, IBM published security advisories to address vulnerabilities in multiple products.

Review the IBM Security Advisory and apply the necessary updates.

Between 28^th July and 3^rd August 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell APEX Cloud Platform for Red Hat OpenShift - versions prior to 03.02.05.00
• Dell Avamar Data Store Gen4T, Gen5A - versions 19.10, 19.10-SP1, 19.12, 19.7, 19.8 and 19.9
• Dell Avamar Network Data Management Protocol (NDMP) Accelerator - versions 19.10, 19.10-SP1, 19.12, 19.7, 19.8 and 19.9
• Dell Avamar VMware Image Backup Proxy - versions 19.10, 19.10-SP1, 19.12, 19.7, 19.8 and 19.9
• Dell Avamar Virtual Edition - versions 19.10, 19.10-SP1, 19.12, 19.7, 19.8 and 19.9
• Dell Networker Virtual Edition (NVE)  versions 19.5, 19.6, 19.7, 19.8, 19.9, 19.10, 19.11 and 19.12
• Dell Networking OS10 - versions prior to 10.5.5.15
• Dell PowerProtect DP Series Appliance (IDPA) - versions prior to 2.7.8
• Dell PowerStore 1000X, 3000X, 5000X, 7000X, 9000X - versions prior to ESXi70U3w-24784741
• Dell Unity Operating Environment (OE) - versions prior to 5.5.1

Review the provided Dell Security Advisory and apply the necessary updates.

Between 28^th July and 3^rd August 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 25.04

Review the Ubuntu Security Notices and apply the necessary updates.

On 4^th August 2025, Android published a security bulletin to address vulnerabilities affecting Android devices.

Review the Android Security Bulletin and apply the necessary updates.

Between 28^th July and 3^rd August 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms

Review the following Red Hat Security Advisory and apply the necessary updates.

On 28^th July and 3^rd August 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop versions prior to 139.0.7258.66/67 (Windows/Mac) and 139.0.7258.66 (Linux).

Review the Google security bulletins and apply the necessary updates.

On 30^th July 2025, HPE published a security advisory to address vulnerabilities in HPE Telco Service Activator - versions prior to 10.3.2.

Review the following HPE Security Advisory and apply the necessary updates:

• HPESBNW04887 rev.1 - HPE Telco Service Activator, Protection Mechanism Failure
• HPE Security Bulletin Library

On 31^st July 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 138.0.3351.121.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

On 30^th July 2025, Apple published security advisories to address vulnerabilities in Safari - versions prior to 18.6.

Review the provided Apple Security Advisory and apply the necessary updates.

On 8^th July 2025, SUSE published security updates to address vulnerabilities in the following products:

• SUSE Linux Enterprise Micro 5.5
• SUSE Linux Enterprise Server 15 SP6
• SUSE Manager Proxy 5.0 Extension
• SUSE Manager Retail Branch Server 5.0 Extension
• SUSE Manager Server 5.0 Extensions

Review the provided Apple Security Advisory and apply the necessary updates

On 30^th July 2025, HPE published a security advisory to address vulnerabilities in HPE Telco Intelligent Assurance - versions prior to FAS and PDO 4.2.10.

Review the following HPE Security Advisory and apply the necessary updates:

• HPESBNW04905 rev. 1 - HPE Telco Intelligent Assurance, CVE-2025-48738
• HPE Security Bulletin Library

On 30^th July 2025, Drupal published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Config Pages - versions prior to 2.18.0
• GoogleTag Manager - versions prior to 1.10.0

Review the following advisories and apply the necessary updates: 

• Config Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-093
• GoogleTag Manager - Moderately critical - Cross-site scripting - SA-CONTRIB-2025-094
• Drupal Security Advisories

On 30^th July 2025, Splunk published a security update to address vulnerabilities in the following products.

• Splunk User Behavior Analytics (UBA) - versions prior to 5.4.3
• Enterprise Security - versions prior to 7.3.4
• Enterprise Security - versions prior to 8.1.0

Review the following Splunk Security Advisory and apply the necessary updates:

• Third-Party Package Updates in Splunk User Behavior Analytics (UBA) - July 2025
• Third-Party Package Updates in Enterprise Security 7.3.4 - July 2025
• Third-Party Package Updates in Enterprise Security 8.1.0 - July 2025
• Splunk Security Advisories

On 29^th July 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop versions prior to 138.0.7204.183/.184 (Windows/Mac) and 138.0.7204.183 (Linux).

Review the Google security bulletins and apply the necessary updates.

On 29^th July 2025, SonicWall published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Gen7 hardware Firewalls - version 7.2.0-7015 and prior
• Gen7 virtual Firewalls (NSv) - version 7.2.0-7015 and prior

Review the following SonicWall Security Advisory and apply the necessary updates:

• SonicWall Security Advisory - SNWLID-2025-0013
• SonicWall Security Advisories

On 28^th July 2025, Palo Alto Networks published security advisories to address vulnerabilities in multiple versions of PAN-OS. Included were updates for the following:

• GlobalProtect App 6.2 Linux - versions prior to 6.2.9
• GlobalProtect App 6.1 Linux - all versions
• GlobalProtect App 6.0 Linux - all versions

Review the following advisories and apply the necessary updates:

• Palo Alto Networks Security Advisories - CVE-2025-2179 GlobalProtect App: Non-Admin User Can Disable the GlobalProtect App
• Palo Alto Network Security Advisories

On 28^th July 2025, Node-SAML published a security update to address vulnerabilities in Node-SAML - version 5.0.1 and prior.

Review the Node-SAML SAML Signature Verification Vulnerability and apply the necessary updates.

Between 24^th July and 28^th July 2025, SolarWinds published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• SolarWinds Observability Self-Hosted - version SWOSH 2025.2 and prior
• SolarWinds Web Help Desk - version 12.8.6 and prior

Review the following SolarWinds Security Advisory and apply the necessary updates.

• SolarWinds Observability Self-Hosted Deserialization of Untrusted Data Local Privilege Escalation Vulnerability (CVE-2025-26397)
• SolarWinds Web Help Desk XML External Entity Injection (XXE) Vulnerability (CVE-2025-26400)
• SolarWinds Security Vulnerabilities

On 29^th July 2025, VMware published security advisories to address vulnerabilities in the following products:

• VMware Cloud Foundation - version 9.0.0.0
• VMware vSphere Foundation - version 9.0.0.0
• VMware vCenter - version 8.0
• VMware vCenter - version 7.0
• VMware Cloud Foundation - version 5.x
• VMware Cloud Foundation - version 4.5.x
• VMware Telco Cloud Platform - versions 5.x and 2.x
• VMware Telco Cloud Infrastructure - version 2.x

Review the following advisories and apply the necessary updates:

• Product Release Advisory - VMSA-2025-0014: VMware vCenter updates address a denial-of-service vulnerability (CVE-2025-41241)
• Security Advisories - VMware Cloud Foundation

On 29^th July 2025, Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS - versions prior to 18.5
• iPadOS - versions prior to 17.7.7
• macOS Sequoia -  versions prior to 15.5
• macOS Sonoma - versions prior to 14.7.6
• macOS Ventura - versions prior to 13.7.6
• Safari - versions prior to 18.5

Review the provided Apple Security Advisory and apply the necessary updates.

Between 21^st and 27^th July 2025, IBM published security advisories to address vulnerabilities in multiple products.

Review the IBM Security Advisory and apply the necessary updates.

Between 21^st July and 27^th July 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Avamar Data Store Gen4T - version 19.12
• Dell Avamar Data Store Gen4T - versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4
• Dell Avamar Data Store Gen5A - version 19.12
• Dell Avamar Data Store Gen5A - versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9 and 19.4
• Dell Avamar Virtual Edition for VMware ESXi and vSphere - version 19.12
• Dell Avamar Virtual Edition for VMware ESXi and vSphere - versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9, and 19.4
• Dell Avamar Virtual Edition for VMware vSphere only - version 19.12
• Dell Avamar Virtual Edition for VMware vSphere only - versions 19.10, 19.10-SP1, 19.7, 19.8, 19.9, and 19.4
• Dell CyberSense - versions prior to 8.12
• Dell Data Protection Central - version 19.7.x to 19.12
• Dell Intel E810 Adapters and Intel E823 LOM - versions prior to 24.0.0
• Dell Intel I350 and X550 Adapters - versions prior to 24.0.0
• Dell Intel X710, XXV710, and XL710 Adapters - versions prior to 24.0.0
• Dell Networking OS10 - versions prior to 10.5.4.16
• Dell PowerProtect DP Series (Integrated Data Protection Appliance (IDPA) Appliance - versions prior to 2.7.8
• Dell SmartFabric Storage Software - version prior to 1.4.4
• Dell ThinOS 10 for Multiple Google Chrome - multiple versions and models

Review the provided Dell Security Advisory and apply the necessary updates.

Between 21^st and 27^th July 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 18.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 25.04

Review the Ubuntu Security Notices and apply the necessary updates.

Between 21^st July and 27^th July 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Review the following Red Hat Security Advisory and apply the necessary updates.

On 15^th July 2025, Atlassian published security advisories to address vulnerabilities in the following products:

• Bamboo Data Center and Server - multiple versions
• Bitbucket Data Center and Server - multiple versions
• Confluence Data Center and Server - multiple versions
• Crowd Data Center and Server - multiple versions
• Jira Data Center and Server - multiple versions
• Jira Service Management Data Center and Server - multiple versions

Review the Atlassian Security Bulletin - 15th July 2025 and Security Advisory and apply the necessary update.   

On 25^th July 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 138.0.3351.109.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

On 25^th July 2025, GitHub published a security update to address vulnerabilities in tj-actions/branch-names - versions prior to 8.2.1.

Review the Command Injection Vulnerability - GHSA-gq52-6phf-x2r6 and apply the necessary updates.

On 28^th July 2025, GitHub published a security update to address vulnerabilities in Privilege Management for Windows - versions prior to 25.4.270.0.

Review the following advisories and apply the necessary updates:

• Advisory ID: BT25-05
• Advisory ID: BT25-06
• BeyondTrust Advisories

On 24^th July 2025, BDNCIRT issued a Situational Alert for the CII, Energy Sectors, and Banks.

Review Situational Alert for CII, Energy Sectors, Banks, and take the necessary action.

On 24^th July 2025, VMware published security advisories to address vulnerabilities in the following products:

• Tanzu Platform for Cloud Foundry - version 4.0.38+LTS-T
• Tanzu Platform for Cloud Foundry - version 6.0.18+LTS-T
• Tanzu Platform for Cloud Foundry - version 10.0.8
• Tanzu Platform for Cloud Foundry - version 10.2.1+LTS-T

Review the following advisories and apply the necessary updates:

• Product Release Advisory - Tanzu Platform for Cloud Foundry 4.0.38+LTS-T
• Product Release Advisory - Tanzu Platform for Cloud Foundry 6.0.18+LTS-T
• Product Release Advisory - Tanzu Platform for Cloud Foundry 10.0.8
• Product Release Advisory - Tanzu Platform for Cloud Foundry 10.2.1+LTS-T
• Security Advisories - VMware Cloud Foundation

On 24^th July 2025, HPE published a security advisory to address vulnerabilities in the following products:

• HPE Telco Service Orchestrator - versions prior to v5.0.2
• HPE Telco Service Orchestrator - versions prior to v4.2.1

Review the following HPE Security Advisory and apply the necessary updates:

• HPESBNW04901 rev.1 - HPE Telco Service Orchestrator, Remote Denial of Service (DoS) Vulnerability
• HPESBNW04902 rev.1 - HPE Telco Service Orchestrator, Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
• HPE Security Bulletin Library

On 22^nd July 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop versions prior to 138.0.7204.168/.169 (Windows/Mac) and 138.0.7204.168 (Linux).

Review the Google security bulletins and apply the necessary updates.

On 23^rd July 2025, GitLab published a security advisory to address vulnerabilities in the following products:

• GitLab Community Edition (CE) - versions prior to 18.2.1, 18.1.3 and 18.0.5
• GitLab Enterprise Edition (EE) - versions prior to 18.2.1, 18.1.3 and 18.0.5

Review the following advisories and apply the necessary updates: 

• GitLab Patch Release: 18.2.1, 18.1.3, 18.0.5
• GitLab Releases

On 23^rd July 2025, SonicWall published a security advisory to address vulnerabilities in SonicWall SMA 100 Series (SMA 210, 410, 500v) - version 10.2.1.15-81sv and prior.

Review the following SonicWall Security Advisory and apply the necessary updates:

• SonicWall Security Advisory - SNWLID-2025-0014
• SonicWall Security Advisories

On 22^nd July 2025, JavaScript (NPM Inc.) published a security advisory to address vulnerabilities in the following products:

• Form-data library - versions prior to 2.5.4
• Form-data library - versions 3.0.0 to 3.0.3
• Form-data library - versions 4.0.0 to 4.0.3

Review the JavaScript form-data library Security Advisory and apply the necessary updates.

On 23^rd July 202,5, Mitel published security advisories to address vulnerabilities in the following products:

• MiVoice MX-ONE - versions 3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14)
• MiCollab - versions 10.0 (10.0.0.26) to 10.0 SP1 FP1 (10.0.1.101) and version 9.8 SP3 (9.8.3.1) and prior

Review the following advisories and apply the necessary updates: 

• Mitel Security Advisory - MISA-2025-0009
• Mitel Security Advisory - MISA-2025-0008
• Mitel Security Bulletins

On 22^nd June 2025, Mozilla published security advisories to address vulnerabilities in the following products:

• Firefox for iOS - versions prior to 141
• Firefox ESR - versions prior to 140.1
• Firefox ESR - versions prior to 128.13
• Firefox ESR - versions prior to 115.26
• Firefox - versions prior to 141

Review the following advisories and apply the necessary updates:

• Mozilla Foundation Security Advisory MFSA 2025-60
• Mozilla Foundation Security Advisory MFSA 2025-59
• Mozilla Foundation Security Advisory MFSA 2025-58
• Mozilla Foundation Security Advisory MFSA 2025-57
• Mozilla Foundation Security Advisory MFSA 2025-56
• Mozilla Security Advisories

On 25^th June 2025, Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco ISE and ISE-PIC - versions prior to 3.3 Patch 7
• Cisco ISE and ISE-PIC - versions prior to 3.4 Patch 2

Review the following Cisco Security Advisory and apply the necessary updates

• Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities
• Cisco Security Advisories

On 21^st July 2025, Sophos published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Sophos Firewall - version v21.0 GA (21.0.0) and prior
• Sophos Firewall - version v21.5 GA (21.5.0) and prior

Review the following Sophos Security Advisory and apply the necessary updates

• Resolved Multiple Vulnerabilities in Sophos Firewall (CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974, CVE-2024-13973)
• Sophos Security Advisories

On 20^th July 2025, Microsoft Releases Guidance on the Exploitation of SharePoint Vulnerability (CVE-2025-53770).

This active exploitation of a new remote code execution (RCE) vulnerability enables unauthorized access to on-premise SharePoint servers. While the scope and impact continue to be assessed, the new Common Vulnerabilities and Exposures (CVE), CVE-2025-53770, is a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations. This exploitation activity, publicly reported as "ToolShell," provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network. 

Review the following Microsoft Guidance and apply the necessary updates:

• For information on detection, prevention, and advanced threat hunting measures, see Microsoft's Customer Guidance for SharePoint Vulnerability and advisory for CVE-2025-49706. You are encouraged to review all articles and security updates published by Microsoft on 8th July, 2025, that are relevant to the SharePoint platform deployed in your environment.
• Monitor for POSTs to /_layouts/15/ToolPane.aspx?DisplayMode=Edit
• Conduct scanning for IPs 107.191.58[.]76, 104.238.159[.]149, and 96.9.125[.]147, particularly between 18 and 19 July, 2025.
• Update intrusion prevention system and web-application firewall rules to block exploit patterns and anomalous behavior.
• Implement comprehensive logging to identify exploitation activity.

On 19^th June 2025, Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Microsoft SharePoint Server Subscription Edition - versions prior to KB5002768
• Microsoft SharePoint Server 2016 (No update available yet)
• Microsoft SharePoint Server 2019 - versions prior to KB5002754

Review the following advisories and apply the necessary updates:

• Customer guidance for SharePoint vulnerability CVE-2025-53770
• Microsoft SharePoint Server Remote Code Execution Vulnerability - CVE-2025-53770
• Microsoft SharePoint Server Spoofing Vulnerability - CVE-2025-53771
• Security Update for Microsoft SharePoint Server Subscription Edition (KB5002768)
• Security Update for Microsoft SharePoint Server 2019 Core (KB5002754)

On 18^th June 2025, CrushFTP published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• CrushFTP - versions 10 prior to 10.8.5
• CrushFTP - versions 11 prior to 11.3.4_23

Review the CrushFTP Update, follow the recommended mitigation, and apply the necessary updates.

Between 14^th and 20^th July 2025, IBM published security advisories to address vulnerabilities in multiple products.

Review the IBM Security Advisory and apply the necessary updates.

Between 14^th July and 20^th July 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell AMD-based PowerEdge Server - multiple versions and models
• Dell AppSync - versions prior to 4.6.0.4
• Dell Connectrix B-Series - versions 2.3.0 to 2.3.1a
• Dell Connectrix B-Series - versions 9.1.0 to 9.2.2
• Dell Connectrix B-Series - versions prior to 2.4.0
• Dell Data Protection Central - versions 19.8 to 19.12.1
• Dell Data Protection Central - versions prior to 19.12.0-2
• Dell EMC XC Core XC7525 - versions prior to 2.19.0
• Dell Networking OS10 - versions prior to 10.6.0.5
• Dell PowerEdge T40 - versions prior to 1.20.0
• Dell XC Core XC7625 - versions prior to 1.11.2

Review the provided Dell Security Advisory and apply the necessary updates.

Between 10^th  July and 20^th July 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Review the following Red Hat Security Advisory and apply the necessary updates.

On 16^th July 2025, ISC published security advisories to address vulnerabilities in the following product:

• ISC BIND 9 - versions 9.11.3-S1 to 9.16.50-S1
• ISC BIND 9 - versions 9.18.11-S1 to 9.18.37-S1
• ISC BIND 9 - versions 9.20.9-S1 to 9.20.10-S1
• ISC BIND 9 - versions 9.20.0 to 9.20.10
• ISC BIND 9 - versions 9.21.0 to 9.21.9

Review the following advisories and apply the necessary updates:

• ISC BIND security advisory - CVE-2025-40776
• ISC BIND security advisory - CVE-2025-40777
• BIND 9 Security Vulnerability Matrix

On 19^th July 2025, Microsoft published a customer guidance for a critical SharePoint vulnerability CVE-2025-53770 that appears to be affecting all versions of on-premises SharePoint Server¹. SharePoint Online in Microsoft 365 is not impacted.

CVE-2025-53770 involves the deserialization of untrusted data in on-premises Microsoft SharePoint Servers, allowing an unauthorised attacker to execute code over a network.

On 21^st July 2025, Microsoft released emergency patches for the following versions of SharePoint:

• Microsoft SharePoint Server Subscription Edition
• Microsoft SharePoint Server 2019

As of 21^st July 2025, there are presently no patches available for Microsoft SharePoint Server 2016.

Potential indicators of compromise

The following indicators of compromise (IoCs) have been shared by the cyber security research community ² as a starting point for compromise detection.

• Verify the presence of the following file: C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\16\TEMPLATE\LAYOUTS\spinstall0.aspx
  • SHA256:92bb4ddb98eeaf11fc15bb32e71d0a63256a0ed826a03ba293ce3a8bf057a514
• Monitor IIS logs for POST requests to /_layouts/15/ToolPane.aspx?DisplayMode=Edit&a=/ToolPane.aspx with a HTTP referer of /_layouts/SignOut.aspx
• Verify network logs for scanning or exploitation attempts from IPs 107.191.58[.]76, 104.238.159[.]149, and 96.9.125[.]147, particularly since July 17, 2025.
• Check for presence of file hashes that may indicate compromise^3 and 4 :
  • SHA256:4a02a72aedc3356d8cb38f01f0e0b9f26ddc5ccb7c0f04a561337cf24aa84030
  • SHA256:b39c14becb62aeb55df7fd55c814afbb0d659687d947d917512fe67973100b70
  • SHA256:fa3a74a6c015c801f5341c02be2cbdfb301c6ed60633d49fc0bc723617741af7
  • SHA256:27c45b8ed7b8a7e5fff473b50c24028bd028a9fe8e25e5cea2bf5e676e531014
  • SHA256:8d3d3f3a17d233bc8562765e61f7314ca7a08130ac0fb153ffd091612920b0f2
  • SHA256:b336f936be13b3d01a8544ea3906193608022b40c28dd8f1f281e361c9b64e93
  • SHA256:f917e0fd57784e40d9a41069f30b2b5cf83db29b52072c308ff030eaf1fcd764

Suggested actions

If your SharePoint Server is accessible via the internet, it is recommended to assess potential security compromises and consider isolating the affected instance until patching and threat hunt exercises are complete.

Additionally, the Cyber Centre strongly recommends that organizations follow Microsoft customer guidance for mitigation advice:

• Use or upgrade to supported versions of on-premises Microsoft SharePoint Server.
• Apply the latest security updates from Microsoft.
• Enable Antimalware Scan Interface (AMSI) integration in SharePoint Server.
• integration was enabled by default in the September 2023 security update for SharePoint Server 2016/2019 and the Version 23H2 feature update for SharePoint Server Subscription Edition⁵.
• Deploy a compatible AMSI-capable antivirus/antimalware provider across all SharePoint servers.
• Rotate SharePoint Server ASP.NET machine key
• Organizations who are running SharePoint 2016 are encouraged to monitor Microsoft's advsiories¹ and apply the patches as soon as it is available.

Please note that the identified evidence that AMSI may not consistently offer comprehensive protection against this form of exploitation, as threat actors frequently adapt their methods to evade detection.

On 16^th July 2025, HPE published a security advisory to address vulnerabilities in the following products:

• HPE Telco Service Orchestrator - versions prior to v4.2.4
• HPE AutoPass License Server - versions prior to 9.18

Review the following HPE Security Advisory and apply the necessary updates:

• HPESBNW04900 rev.1 - HPE Telco Service Orchestrator Software, Remote Denial of Service (DoS)
• HPESBGN04877 rev.1 - HPE AutoPass License Server (APLS), Multiple Vulnerabilities
• HPE Security Bulletin Library

On 16^th July 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 138.0.3351.95.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

On 15^th July 2025, Nodejs published a security advisory to address vulnerabilities in the following products:

• Node.js 20 - versions prior to v20.19.4
• Node.js 22 - versions prior to v22.17.1
• Node.js 24 - versions prior to v24.4.1

Review the Nodejs Security Releases and apply the necessary updates.

On 16^th July 2025, HPE published a security advisory to address vulnerabilities in HP-UX 11i Secure Shell Software - versions prior to A.09.30.010

Review the following HPE Security Advisory and apply the necessary updates:

• HPESBUX04903 rev.1 - HP-UX Secure Shell daemon (sshd), Multiple Vulnerabilities
• HPE Security Bulletin Library

On 15^th July 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop versions prior to 138.0.7204.157/.158 (Windows/Mac) and 138.0.7204.157 (Linux).

Review the Google security bulletins and apply the necessary updates.

On 16^th July 2025, HPE published a security advisory to address vulnerabilities in the following products:

• HPE Telco Service Orchestrator - versions prior to v5.2.1
• HPE Cray XD670 - version prior to TPM Firmware v7.86
• HPE Cray XD675 - version prior to TPM Firmware v15.24

Review the following HPE Security Advisory and apply the necessary updates:

• HPE Security Bulletin - HPESBNW04875 rev.1 - HPE Telco Service Orchestrator Software, Authenticated SQL Injection
• HPESBCR04898 rev.1 - Certain HPE Cray XD Servers Using Certain TPM 2.0, Local Denial of Service Vulnerability
• HPE Security Bulletin Library

On 16^th July 2025, Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco Unified Intelligence Center - versions 12.5, 12.6 and 15
• Cisco Unified CCX - versions prior to 12.5(1)SU3
• Cisco Identity Services Engine (ISE) - versions prior to 3.2, versions 3.3 and 3.4
• Cisco ISE Passive Identity Connector (ISE-PIC) - versions prior to 3.2, versions 3.3 and 3.4
• Cisco Evolved Programmable Network Manager (EPNM) - versions prior to 7.1, versions 8.0 and 8.1
• Cisco Prime Infrastructure - versions prior to 3.9 and version 3.10

Review the following Cisco Security Advisory and apply the necessary updates

• Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability
• Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities
• Cisco Prime Infrastructure and Evolved Programmable Network Manager Blind SQL Injection Vulnerability
• Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability
• Cisco Security Advisories

Between 9^th and 27^th June 2025, Trend Micro published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Apex One 2019 (On-prem)
• Apex One as a Service SaaS
• Worry-Free Business Security (WFBS) 10.0 SP1
• Worry-Free Business Security Services (WFBSS) 6.7 (SaaS)

Review the following Trend Micro Security Advisory and apply the necessary updates

• Trend Micro Apex One June 2025 Monthly Bulletin
• June 2025 for Trend Micro Apex Central
• June 2025 for Trend Micro Worry-Free Business Security (including Services)

On 15^th July 2025, Oracle published a security advisory to address vulnerabilities in multiple products.

Review Oracle Critical Patch Update Advisory - July 2025 and apply the necessary updates.

On 15^th July 2025, VMware published security advisories to address vulnerabilities in the following products:

• VMware Cloud Foundation - version 9.0.0.0
• VMware vSphere Foundation - version 9.0.0.0
• VMware ESXi - version 8.0
• VMware ESXi - version 8.0
• VMware ESXi - version 7.0
• VMware Workstation - version 17.x
• VMware Fusion - version 13.x
• VMware Cloud Foundation - version 5.x
• VMware Cloud Foundation - version 4.5.x
• VMware Telco Cloud Platform - versions 5.x and 4.x
• VMware Telco Cloud Platform - versions 3.x and 2.x
• VMware Telco Cloud Infrastructure - versions 3.x and 2.x
• VMware Tools [1] - version 13.x.x
• VMware Tools [1] - versions 12.x.x and 11.x.x
• VMware Tools - versions 13.x.x, 12.x.x and 11.x.x
• VMware Tools - versions 13.x.x, 12.x.x and 11.x.x

Review the following advisories and apply the necessary updates:

• VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)
• Security Advisories - VMware Cloud Foundation

On 15^th July 2025, Zyxel published security advisories to address vulnerabilities in the following products:

• NWA50AX - versions prior to 7.10(ABYW.1)
• NWA50AX PRO - versions prior to 7.10(ACGE.2)
• NWA55AXE - versions prior to 7.10(ABZL.1)
• NWA90AX - versions prior to 7.10(ACCV.1)
• NWA90AX PRO - versions prior to 7.10(ACGF.2)
• NWA110AX - versions prior to 7.10(ABTG.1)
• NWA130BE - versions prior to 7.10(ACIL.2)
• NWA210AX - versions prior to 7.10(ABTD.1)
• NWA220AX-6E - versions prior to 7.10(ACCO.1)
• NWA1123AC PRO - versions prior to 6.28(ABHD.3)
• WAC500H - versions prior to 6.70(ABWA.6)
• WAC5302D-Sv2 - versions prior to 6.25(ABVZ.9)
• WAC6103D-I - versions prior to 6.28(AAXH.3)
• WAX300H - versions prior to 7.10(ACHF.1)
• WAX510D - versions prior to 7.10(ABTF.1)
• WAX610D - versions prior to 7.10(ABTE.1)
• WAX620D-6E - versions prior to 7.10(ACCN.1)
• WAX630S - versions prior to 7.10(ABZD.1)
• WAX640S-6E - versions prior to 7.10(ACCM.1)
• WAX650S - versions prior to 7.10(ABRM.1)
• WAX655E - versions prior to 7.10(ACDO.1)
• WBE530 - versions prior to 7.10(ACLE.2)
• WBE660S - versions prior to 7.10(ACGG.2)

Review the following advisories and apply the necessary updates:

• Zyxel security advisory for path traversal vulnerability in Aps (CVE-2025-6265)
• Zyxel Advisories

Between 7^th and 13^th July 2025, IBM published security advisories to address vulnerabilities in multiple products.

Review the IBM Security Advisory and apply the necessary updates.

Between 7^th July and 13^th July 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell PowerFlex Manager - version 4.6.2 and prior
• Dell UCC Edge - versions prior to 3.0.1

Review the following advisories and apply the necessary updates: 

• Dell Security Advisories - DSA-2025-279
• Dell Security Advisories - DSA-2025-180
• Dell Security advisories and notices

Between 7^th and 13^th July 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10
• Ubuntu 25.04

Review the Ubuntu Security Notices and apply the necessary updates.

Between 7^th July and 13^th July 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Review the following Red Hat Security Advisory and apply the necessary updates.

On 9^th  and 10^th July, 2025, Juniper Networks published security advisories to address vulnerabilities in multiple products.

Review the Juniper Networks Security Advisories and apply the necessary updates.

On 8^th July 2025, Drupal published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cookies Addons - versions prior to 1.2.4
• Mail_login 3.x - versions prior to 3.2.0
• Mail_login 4.x - versions prior to 4.2.0

Review the following advisories and apply the necessary updates: 

• Cookies Addons - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-087
• Mail Login - Critical - Access bypass - SA-CONTRIB-2025-088
• Drupal Security Advisories

Between 7^th  and 8^th July 2025, HPE published a security advisory to address vulnerabilities in the following products:

• Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy - versions 9.1.0 to 9.2.2
• HPE B-series Fibre Channel Switch - multiple versions and models
• HPE Compute Scale-up Server 3200 - versions prior to v1.60.88
• HPE Networking Instant On Access Point - version 3.2.0.1 and prior
• HPE ProLiant Cray Servers ** - multiple versions and models
• HPE SANnav Management Software SANnav base OS (OVA deployment) - versions prior to 2.4.0a
• HPE SN6750B 64Gb 48/128 48-port 64Gb Short Wave SFP56 Port Side Intake Integrated FC Switch - versions 9.1.0 to 9.2.2
• HPE SN8600B 4-slot SAN Director Switch - versions 9.1.0 to 9.2.2
• HPE SN8600B 8-slot SAN Director Switch - versions 9.1.0 to 9.2.2
• HPE SN8700B 4-slot SAN Director Switch - versions 9.1.0 to 9.2.2
• HPE SN8700B 8-slot SAN Director Switch - versions 9.1.0 to 9.2.2
• HPE Storage Fibre Channel Switch B-series SN3700B - version 22
• HPE Superdome Flex 280 Server - versions prior to v2.00.12
• HPE Superdome Flex Server - versions prior to v4.10.18

Review the HPE security bulletins and apply the necessary updates.

On 8^th July 2025, ServiceNow published a security bulletin to address vulnerabilities in the ServiceNow Now Platform - multiple versions.

Review the ServiceNow security advisories and apply the necessary updates.

On 8^th July 2025, Citrix published security advisories to address vulnerabilities in the following products:

• Current Release (CR): Citrix Virtual Apps and Desktops - versions prior to 2503
• Long Term Service Release (LTSR): Citrix Virtual Apps and Desktops - versions 2402 LTSR CU2 and prior

Review the following advisories and apply the necessary updates:

• Citrix Security Advisory - CTX694820
• Citrix Security Advisories

On 9^th July 2025, GitLab published a security advisory to address vulnerabilities in the following products:

• GitLab Community Edition (CE) - versions prior to 18.1.2, 18.0.4 and 17.11.6
• GitLab Enterprise Edition (EE) - versions prior to 18.1.2, 18.0.4 and 17.11.6

Review the following advisories and apply the necessary updates: 

• GitLab Patch Release: 18.1.2, 18.0.4, 17.11.6
• GitLab Releases

On 9^th July 2025, Jenkins published a security advisory to address vulnerabilities in the following products:

• Apica Loadtest Plugin - version 1.10 and prior
• Applitools Eyes Plugin - version 1.16.5 and prior
• Aqua Security Scanner Plugin - version 3.2.8 and prior
• Credentials Binding Plugin - version 687.v619cb_15e923f and prior
• Dead Man's Snitch Plugin - version 0.1 and prior
• Git Parameter Plugin - version 439.vb_0e46ca_14534 and prior
• HTML Publisher Plugin - version 425 and prior
• IBM Cloud DevOps Plugin - version 2.0.16 and prior
• IFTTT Build Notifier Plugin - version 1.2 and prior
• Kryptowire Plugin - version 0.2 and prior
• Nouvola DiveCloud Plugin - version 1.08 and prior
• QMetry Test Management Plugin - version 1.13 and prior
• ReadyAPI Functional Testing Plugin - version 1.11 and prior
• Sensedia Api Platform tools Plugin - version 1.0 and prior
• Statistics Gatherer Plugin - version 2.0.3 and prior
• Testsigma Test Plan run Plugin - version 1.6 and prior
• User1st uTester Plugin - version 1.1 and prior
• VAddy Plugin - version 1.2.8 and prior
• Warrior Framework Plugin - version 1.2 and prior
• Xooa Plugin - version 0.0.7 and prior

Review the following advisories and apply the necessary updates:

• Jenkins Security Advisory 2025-07-09
• Jenkins Security Advisories

On 9^th July 2025, Palo Alto Networks published security advisories to address vulnerabilities in multiple versions of PAN-OS. Included were updates for the following:

• Autonomous Digital Experience Manager 5.6.0 macOS - versions prior to 5.6.7
• GlobalProtect App 6.3 macOS - versions prior to 6.3.3-h1 (6.3.3-c650)
• GlobalProtect App 6.2 macOS - versions prior to 6.2.8-h2 (6.2.8-c243)
• GlobalProtect App 6.2 Linux - versions prior to 6.2.8
• GlobalProtect App 6.1 macOS - all versions
• GlobalProtect App 6.1 Linux - all versions
• GlobalProtect App 6.0 macOS - all versions
• GlobalProtect App 6.0 Linux - all versions
• Prisma Access Browser - versions prior to 137.16.6.120

Review the following advisories and apply the necessary updates:

• Palo Alto Networks Security Advisories - PAN-SA-2025-0013 Chromium: Monthly Vulnerability Update (July 2025)
• Palo Alto Networks Security Advisories - CVE-2025-0139 Autonomous Digital Experience Manager: Privilege Escalation (PE) Vulnerability
• Palo Alto Networks Security Advisories - CVE-2025-0140 GlobalProtect App: Non Admin User Can Disable the GlobalProtect App
• Palo Alto Networks Security Advisories - CVE-2025-0141 GlobalProtect App: Privilege Escalation (PE) Vulnerability
• Palo Alto Network Security Advisories

On 8^th July 2025, SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• SAP NetWeaver ABAP Server and ABAP - multiple versions
• SAP NetWeaver ABAP Server and ABAP Platform - multiple versions
• SAP NetWeaver Application Server for ABAP - multiple versions
• SAP NetWeaver Visual Composer - version VCBASE 7.50
• SAP Business Objects Business Intelligence Platform (CMC) - version ENTERPRISE 430, 2025
• SAP Business Warehouse and SAP Plug-In Basis - multiple versions
• SAP NetWeaver Enterprise Portal Federated Portal Administration - version EP-RUNTIME 7.50
• SAP NetWeaver Enterprise Portal Federated Portal Network - version EP-RUNTIME 7.50
• SAP NetWeaver SAP NetWeaver Application Server for Java (Log Viewer) - version LMNWABASICAPPS 7.50
• SAP NetWeaver (XML Data Archiving Service) - version J2EE-APPS 7.50
• SAP Supplier Relationship Management (Live Auction Cockpit) - version SRM_SERVER 7.14
• SAP S/4HANA and SAP SCM (Characteristic Propagation) - versions SCMAPO 713, 714, S4CORE 102, 103, 104, S4COREOP 105, 106, 107, 108, SCM 700, 701, 702 and 712

Review the SAP Security Patch Day - July 2025 and apply the necessary updates.

On 8^th July 2025, Ivanti published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Ivanti Connect Secure (ICS) - version 22.7R2.7 and prior
• Ivanti Endpoint Manager - version 2022 SU8 and prior
• Ivanti Endpoint Manager - version 2024 SU2 and prior
• Ivanti Endpoint Manager Mobile - version 12.5.0.1 and prior
• Ivanti Endpoint Manager Mobile - version 12.4.0.2 and prior
• Ivanti Endpoint Manager Mobile - version 12.3.0.2 and prior
• Ivanti Policy Secure (IPS) - version 22.7R1.4 and prior

Review the following advisories and apply the necessary updates: 

• Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2025-6770, CVE-2025-6771)
• Security Advisory July 2025 for Ivanti EPM 2024 SU2 and EPM 2022 SU8
• July Security Advisory Ivanti Connect Secure and Ivanti Policy Secure (Multiple CVEs)
• Ivanti Security Advisories

On 8^th July 2025, Fortinet published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• FortiAnalyzer - multiple versions
• FortiAnalyzer Cloud - multiple versions
• FortiIsolator - multiple versions
• FortiManager - multiple versions
• FortiManager Cloud - multiple versions
• FortiOS 7.6 - versions 7.6.0 to 7.6.1
• FortiOS 7.4 - versions 7.4.0 to 7.4.7
• FortiOS 7.2 - versions 7.2.0 to 7.2.11
• FortiOS 7.0 - versions 7.0.1 to 7.0.16
• FortiProxy 7.6 - versions 7.6.0 to 7.6.1
• FortiProxy 7.4 - versions 7.4.0 to 7.4.8
• FortiProxy 7.2 - versions 7.2.0 to 7.2.13
• FortiProxy 7.0 - versions 7.0.0 to 7.0.20
• FortiSandbox - multiple versions
• FortiVoice 6.4 - versions 6.4.0 to 6.4.10
• FortiVoice 7.0 - versions 7.0.0 to 7.0.6
• FortiVoice 7.2 - versions 7.2.0
• FortiWeb - multiple versions

Review the following advisories and apply the necessary updates:

• Fortinet PSIRT - FG-IR-25-151
• Fortinet PSIRT Advisories

On 8^th July 2025, Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Microsoft 365 Apps - multiple versions and platforms
• Microsoft Office 2016 - multiple platforms
• Microsoft Office 2019 - multiple platforms
• Microsoft Office for Android
• Microsoft Office LTSC 2021 - multiple platforms
• Microsoft Office LTSC 2024 - multiple platforms
• Microsoft Office LTSC for Mac 2021
• Microsoft Office LTSC for Mac 2024
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019
• Microsoft Word 2016 - multiple platforms
• Windows 10 - multiple versions and platforms
• Windows 11 - multiple versions and platforms
• Windows Server 2008 - multiple platforms
• Windows Server 2012 - multiple platforms
• Windows Server 2016 - multiple platforms
• Windows Server 2019 - multiple platforms
• Windows Server 2022 - multiple platforms
• Windows Server 2025 - multiple platforms
• Microsoft SQL Server - multiple platforms

Review the Microsoft Security Updates and apply the necessary updates (Security Update Guide).

On 8^th July 2025, Adobe published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Adobe After Effects - version 24.6.6 and prior
• Adobe After Effects - version 245.2 and prior
• Adobe Audition - version 24.6.3 and prior
• Adobe Audition - version 25.2 and prior
• Adobe ColdFusion - multiple versions
• Adobe Connect Windows App - version 24 and prior
• Adobe Dimension - version 4.1.2 and prior
• Adobe Experience Manager (AEM) Forms on JEE - version 6.5.23.0 and prior
• Adobe Experience Manager (AEM) Screens - version AEM 6.5.22 Screens FP11.4
• Adobe FrameMaker - version FrameMaker 2020 Update 8 and prior
• Adobe FrameMaker - version FrameMaker 2022 Update 6 and prior
• Adobe Illustrator 2024 - version 28.7.6 and prior
• Adobe Illustrator 2025 - version 29.5.1 and prior
• Adobe InCopy - version 19.5.3 and prior
• Adobe InCopy - version 20.3 and prior
• Adobe InDesign - version ID20.3 and prior
• Adobe InDesign - version ID19.5.3 and prior
• Adobe Substance 3D Stager - version 3.1.2 and prior
• Adobe Substance 3D Viewer - version 0.22 and prior

Review the Adobe Security Advisories and apply the necessary updates.

On 22nd May 2025, OpenSSL published a security bulletin to address vulnerabilities in the OpenSSL x509 application.

Review the OpenSSL Security News and apply the necessary updates.

On 2^nd July 2025, HPE published a security advisory to address vulnerabilities in HPE Telco Service Orchestrator - versions prior to v5.3.3.

Review the HPE security bulletins and apply the necessary updates.

Between 30^th and 6^th July 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

Review the Ubuntu Security Notices and apply the necessary updates.

Between 30^th and 6^th July 2025, IBM published security advisories to address vulnerabilities in multiple products.

Review the IBM Security Advisory and apply the necessary updates.

On 7^th July 2025, Qualcomm published a security bulletin to address vulnerabilities affecting Qualcomm products.

Review the Qualcomm Security Bulletin and apply the necessary updates.

Between 30^th June and 6^th July 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Review the following Red Hat Security Advisory and apply the necessary updates.

Between 30^th June and 6^th July 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Apex Cloud Platform for Red Hat Openshift - versions prior to 03.01.03.00
• Dell Enterprise SONiC Distribution - versions prior to 4.5.0
• Dell Integrated System for Microsoft Azure Stack Hub 14G - versions prior to 2504
• Dell Integrated System for Microsoft Azure Stack Hub 16G - versions prior to 2504
• Dell ObjectScale 4.0.0.1 - versions prior to 4.0.0.1
• Dell Protection Advisor - versions 19.9 to 19.12

Review the following advisories and apply the necessary updates: 

• Dell Security Advisories - DSA-2025-243
• Dell Security Advisories - DSA-2025-265
• Dell Security Advisories - DSA-2025-270
• Dell Security Advisories - DSA-2025-275
• Dell Security Advisories - DSA-2025-276
• Dell Security advisories and notices

On 7^th July 2025, Splunk published a security update to address vulnerabilities in the following products.

• Splunk Cloud Platform - versions prior to 9.3.2411.103
• Splunk Cloud Platform - versions prior to 9.3.2408.113
• Splunk Cloud Platform - versions prior to 9.2.2406.119
• Splunk DB Connect - versions prior to 4.0.0
• Splunk Enterprise - versions 9.4.0 to 9.4.2
• Splunk Enterprise - versions 9.3.0 to 9.3.4
• Splunk Enterprise - versions 9.2.0 to 9.2.6
• Splunk Enterprise - versions 9.1.0 to 9.1.9
• Splunk Enterprise Cloud - versions prior to 9.3.2411.107
• Splunk Enterprise Cloud - versions prior to 9.3.2408.117
• Splunk Enterprise Cloud - versions prior to 9.2.2406.121
• splunk/universalforwarder - versions 9.4.0 to 9.4.2
• splunk/universalforwarder - versions 9.3.0 to 9.3.4
• splunk/universalforwarder - versions 9.2.0 to 9.2.6
• splunk/universalforwarder - versions 9.1.0 to 9.1.9
• Splunk SOAR - versions prior to 6.4.1

Review the Splunk Security Advisories and apply the necessary updates.

On 1^st July 2025, Trend Micro published security advisories to address vulnerabilities in Trend Micro Security for Windows versions prior to 17.8.1476.

Review the Trend Micro security bulletins and apply the necessary updates.

On 4^th June 2025, VMware published security advisories to address vulnerabilities in the following products:

• VMware Tanzu Greenplum - version 7.5.0
• VMware Tanzu GemFire - version 9.15.16
• VMware Tanzu Greenplum - version 6.30.0
• VMware Tanzu for Valkey - version 8.1.2
• VMware Tanzu for Postgres on Kubernetes - version 4.2.1

Review the following advisories and apply the necessary updates:

• Security Advisories - TNZ-2025-0031
• Security Advisories - TNZ-2025-0042
• Security Advisories - TNZ-2025-0043
• Security Advisories - TNZ-2025-0044
• Security Advisories - TNZ-2025-0045
• Security Advisories - Tanzu

On 2^nd July 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 138.0.3351.65.                

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

On 2^nd July 2025, Citrix published a security Advisory to address a vulnerability in XenServer 8.4

Review Citrix security advisory and apply necessary updates.

On 2^nd July 2025, Drupal published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Config Pages Viewer - versions prior to 1.0.4
• Two-factor Authentication (TFA) - versions prior to 1.11.0

Review the following advisories and apply the necessary updates: 

• Config Pages Viewer - Critical - Access bypass - SA-CONTRIB-2025-086
• Two-factor Authentication (TFA) - Less critical - Access bypass - SA-CONTRIB-2025-085
• Drupal Security Advisories

On 30^th June 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop - versions prior to 138.0.7204.96/97 (Windows/Mac) and 138.0.7204.92 (Linux).

Review the Google security bulletins and apply the necessary updates.

On 2^nd July 2025, Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco BroadWorks Application Delivery Platform - versions prior to RI.2025.05
• Cisco Enterprise Chat and Email - version 11 and versions prior to 12.6(1)_ES11
• Cisco Spaces Connector - versions prior to Connector 3-Jun 2025
• Cisco Unified Communications Manager - versions 15.0.1.13010-1 to 15.0.1.13017-1
• Cisco Unified Communications Manager Session Management Edition Engineering Special (ES) - versions 15.0.1.13010-1 to 15.0.1.13017-1

Review the following Cisco Security Advisory and apply the necessary updates

• Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability
• Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability
• Cisco Spaces Connector Privilege Escalation Vulnerability
• Cisco Unified Communications Manager Static SSH Credentials Vulnerability
• Cisco Security Advisories

Between 23^rd and 29^th June 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 25.04
• Ubuntu 24.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS

Review the Ubuntu Security Notices and apply the necessary updates.

Between 23^rd  and 30^th June 2025, IBM published security advisories to address vulnerabilities in multiple products.

Review the IBM Security Advisory and apply the necessary updates.

On 27^th June 2025, MongoDB published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• MongoDB Server v6.0 - versions prior to 6.0.21
• MongoDB Server v7.0 - versions prior to 7.0.17
• MongoDB Server v8.0 - versions prior to 8.0.5

Review the MongoDB security bulletins and apply the necessary updates.

On 25^th June 2025, Brother published a security update to address vulnerabilities in multiple products (including laser printers).

Review the Japan CIRT or Brother Security advisories and apply the necessary updates.

On 26^th June 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 138.0.3351.55.                

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

• HPE Telco Unified OSS Console - version prior to v3.1.16
• HPE OneView for VMware vCenter with Operations Manager and Log Insight - versions prior to v11.7

• HPE Security Bulletin - hpesbnw04885en_us
• HPE Security Bulletin - hpesbgn04876en_us
• HPE Security Bulletin Library

• Firefox ESR - versions prior to 128.12
• Firefox ESR - versions prior to 115.25
• Firefox - versions prior to 140

• Mozilla Foundation Security Advisory MFSA 2025-53
• Mozilla Foundation Security Advisory MFSA 2025-52
• Mozilla Foundation Security Advisory MFSA 2025-51
• Mozilla Security Advisories

On 24^th June 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop - versions prior to 138.0.7204.49/50 (Windows/Mac) and 138.0.7204.50 (Linux).

Review the Google security bulletins and apply the necessary updates.

On 25^th June 2025, GitLab published a security advisory to address vulnerabilities in the following products:

• GitLab Community Edition (CE) - versions prior to 18.1.1, 18.0.3 and 17.11.5
• GitLab Enterprise Edition (EE) - versions prior to 18.1.1, 18.0.3 and 17.11.5

Review the following advisories and apply the necessary updates: 

• GitLab Patch Release: 18.1.1, 18.0.3, 17.11.5
• GitLab Releases

On 23^rd June 2025, Splunk published a security update to address vulnerabilities in the following products.

• splunk/splunk - version 9.4.1
• splunk/splunk - versions 9.3.0 to 9.3.3
• splunk/splunk - versions 9.2.0 to 9.2.5
• splunk/splunk - versions 9.1.0 to 9.1.8
• splunk/universalforwarder - version 9.4.1
• splunk/universalforwarder - versions 9.3.0 to 9.3.3
• splunk/universalforwarder - versions 9.2.0 to 9.2.5
• splunk/universalforwarder - versions 9.1.0 to 9.1.8
• Splunk Operator for Kubernetes - versions prior to 2.8.0
• Splunk AppDynamics Smart Agent - versions prior to 25.5.1

Review the following Splunk Security Advisory and apply the necessary updates:

• Third-Party Package Updates in Splunk Enterprise - June 2025 - SVD-2025-0607
• Third-Party Package Updates in Splunk Enterprise - June 2025 - SVD-2025-0608
• Third-Party Package Updates in Splunk Enterprise - June 2025 - SVD-2025-0609
• Third-Party Package Updates in Splunk Enterprise - June 2025 - SVD-2025-0610
• Splunk Security Advisories

On 24^th June, 2025, TeamViewer published security updates to address vulnerabilities in the following products:

• TeamViewer Remote Full Client (Windows) - multiple versions
• TeamViewer Remote Host (Windows) - multiple versions

Review TeamViewer view security advisory, Improper Neutralization of Argument Delimiters in TeamViewer Clients - TV-2025-1002, and apply the necessary updates.

On 20^th June 2025, Trend Micro published security advisories to address vulnerabilities in Trend Micro Password Manager - versions prior to 5.8.0.1327.

Review the Trend Micro security bulletins and apply the necessary updates.

On 25^th June 2025, Citrix published security advisories to address vulnerabilities in the following products:

• NetScaler ADC and NetScaler Gateway 14.1 - versions prior to 14.1-47.46
• NetScaler ADC and NetScaler Gateway 13.1 - versions prior to 13.1-59.19
• NetScaler ADC 13.1-FIPS and NDcPP - versions prior to 13.1-37.236-FIPS and NDcPP

Review the following advisories and apply the necessary updates:

• Citrix Security Advisory - CTX694788
• Citrix Security Advisories

On 25^th June 2025, Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco ISE and ISE-PIC - versions prior to 3.3
• Cisco ISE and ISE-PIC - versions prior to 3.4

Review the following Cisco Security Advisory and apply the necessary updates

• Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities
• Cisco Security Advisories

Between 16^th June and 22^nd June 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Connectrix B-Series - versions 9.0.0 to 9.2.2
• Dell Connectrix B-Series - versions prior to 2.4.0
• Dell Connectrix B-Series - versions prior to 9.2.2
• Dell Container Storage Modules - versions prior to 1.14
• Dell EMC XC Core XC7525 - versions prior to 2.14.1
• Dell Policy Manager for Secure Connect Gateway - versions prior to 5.28.00.14
• Dell PowerEdge C6525 - versions prior to 2.14.1
• Dell PowerEdge R6515 - versions prior to 2.14.1
• Dell PowerEdge R6525 - versions prior to 2.14.1
• Dell PowerEdge R7515 - versions prior to 2.14.1
• Dell PowerEdge R7525 - versions prior to 2.14.1
• Dell PowerEdge XE8545 - versions prior to 2.14.1
• Dell PowerFlex Custom Node - versions prior to 1.11.2
• Dell PowerFlex Custom Node - versions prior to 1.16.2
• Dell PowerFlex Custom Node - versions prior to 2.18.1
• Dell PowerFlex Custom Node - versions prior to 2.5.4
• Dell VxFlex Ready Node - versions prior to 2.23.0

Review the provided Dell Security Advisory and apply the necessary updates.

• GitHub Enterprise Server - versions 3.17.x prior to 3.17.1
• GitHub Enterprise Server - versions 3.16.x prior to 3.16.4
• GitHub Enterprise Server - versions 3.15.x prior to 3.15.8
• GitHub Enterprise Server - versions 3.14.x prior to 3.14.13
• GitHub Enterprise Server - versions 3.13.x prior to 3.13.16

• GitHub Release Notes #3.17.1
• GitHub Release Notes # 3.16.4
• GitHub Release Notes # 3.15.8
• GitHub Release Notes # 3.14.13
• GitHub Release Notes # 3.13.16

Between 23^rd June and 29^th June 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• iDRAC10 - versions prior to 1.20.50.50
• NetWorker - versions 19.12 to 19.12.0.1 and versions prior to 19.11.0.5
• Dell Open Manage Network Integration - versions prior to 3.7
• Dell PowerMax EEM 5978 - versions prior to 5978.714.714.10730
• Dell PowerMax EEM 10.2.0.1 - versions prior to 10.2.01 Patch 10732
• Dell PowerMaxOS 5978 - versions prior to 5978.714.714.10730
• Dell PowerMax OS 10.2.0.1 - versions prior to 10.2.0.1 Patch 10732
• PowerProtect Cyber Recovery - versions prior to 19.20
• Dell Secure Connect Gateway - Appliance -versions prior to 5.30.0.14
• Solutions Enabler - versions prior to 9.2.4.11 and versions prior to 10.2.0.5
• Dell Storage Monitoring and Reporting - versions prior to 5.1.1.0
• Dell Storage Resource Manager (SRM) - versions prior to 5.1.1.0
• Unisphere for PowerMax - versions prior to 9.2.4.17 and versions prior to 10.2.0.12
• Unisphere 360 - versions prior to 9.2.4.37

Review the provided Dell Security Advisory and apply the necessary updates.

Between 16^th and 22^nd June 2025, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM Cloud Pak for Data - versions 3.5 and 4.5
• IBM Cloud Pak for Data - versions 4.8.0 to 4.8.9, 5.0.0 to 5.0.3 and 5.1.0 to 5.1.3
• IBM Cloudera Data Platform Private Cloud Base with IBM (CDP) - versions 7.1.7 SP3 and 7.1.9 SP1
• IBM Cloudera Data Platform Private Cloud Data Services with IBM - versions 1.5.3 and 1.5.4
• IBM Cloudera Data Platform Streaming with IBM - versions 7.1.7 SP3 and 7.1.9 SP1
• IBM Cloudera Data Platform Streams Messaging Base with IBM Version - versions 7.1.7 SP3 and 7.1.9 SP1
• IBM Data Virtualization on Cloud Pak for Data - versions 3.1.0 to 3.1.2
• IBM Data Virtualization on Cloud Pak for Data - versions 1.7.0 to 1.7.8
• IBM Data Virtualization on Cloud Pak for Data - versions 1.8.0 to 1.8.3
• IBM Data Virtualization on Cloud Pak for Data - versions 3.0.0 to 3.0.3
• IBM Edge Data Collector - version 9.0.9
• IBM Event Processing - versions 1.0.0 to 1.3.2
• IBM Fusion HCI for watsonx - versions 2.8.2 to 2.9.0
• IBM Fusion HCI - versions 2.2.0 to 2.9.0
• IBM Fusion - versions 2.2.0 to 2.9.1
• IBM QRadar SIEM - versions 7.5 to 7.5.0 UP12 IF01
• IBM Storage Fusion Data Foundation - version 4.18.4
• IBM Watson Query on Cloud Pak for Data - versions 2.0.0 to 2.0.4
• IBM Watson Query on Cloud Pak for Data - versions 2.1.0 to 2.1.3
• IBM Watson Query on Cloud Pak for Data - versions 2.2.0 to 2.2.8
• IBM Watson Speech Services Cartridge - versions 4.0.0 to 5.1.3
• IBM watsonx Code Assistant On Prem - versions 5.0 to 5.1.2
• IBM watsonx.data - version 2.1.3

Review the IBM Security Advisory and apply the necessary updates.

Between 16^th and 22^nd June 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 22.04 LTS

Review the Ubuntu Security Notices and apply the necessary updates.

On 23^rd June 2025, Fortinet published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• FortiOS 7.4 - versions 7.4.0 to 7.4.3
• FortiOS 7.2 - versions 7.2.0 to 7.2.7
• FortiOS 7.0 - versions 7.0.0 to 7.0.14
• FortiOS 6.4 - all versions
• FortiOS 6.2 - all versions
• FortiOS 6.0 - all versions
• FortiPAM 1.2 - all versions
• FortiPAM 1.1 - all versions
• FortiPAM 1.0 - all versions
• FortiProxy 7.4 - versions 7.4.0 to 7.4.3
• FortiProxy 7.2 - versions 7.2.0 to 7.2.9
• FortiProxy 7.0 - versions 7.0.0 to 7.0.16
• FortiProxy 2.0 - all versions
• FortiProxy 1.2 - all versions
• FortiProxy 1.1 - all versions
• FortiProxy 1.0 - all versions
• FortiSwitchManager 7.2 - versions 7.2.0 to 7.2.3
• FortiSwitchManager 7.0 - versions 7.0.1 to 7.0.3

Review the following advisories and apply the necessary updates:

• Fortinet PSIRT - FG-IR-24-036
• Fortinet PSIRT Advisories

On 20^th June 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 137.0.3296.93.                

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

On 17^th June 2025, Atlassian published security advisories to address vulnerabilities in the following products:

• Bamboo Data Center and Server - multiple versions
• Bitbucket Data Center and Server - multiple versions
• Confluence Data Center and Server - multiple versions
• Crowd Data Center and Server - multiple versions
• Jira Data Center and Server - multiple versions
• Jira Service Management Data Center and Server - multiple versions

Review the Atlassian Security Bulletin - 17^th June 2025 and Security Advisory and apply the necessary update.            

On 18^th June 2025, Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway - multiple models
• Secure Endpoint Connector for Linux - versions prior to 1.26.1
• Secure Endpoint Connector for Mac - versions prior to 1.26.1
• Secure Endpoint Connector for Windows - versions prior to 7.5.21 and 8.4.5
• Secure Endpoint Private Cloud - versions prior to 4.2.2

Review the following Cisco Security Advisory and apply the necessary updates

• ClamAV UDF File Parsing Out-of-Bounds Read Information Disclosure Vulnerability
• Cisco Meraki MX and Z Series AnyConnect VPN with Client Certificate Authentication Denial of Service Vulnerability
• Cisco Security Advisories

On 17^th June 2025, Citrix published security advisories to address vulnerabilities in the following products:

• Citrix Secure Access Client for Windows - versions prior to 25.5.1.15
• NetScaler ADC and NetScaler Gateway 14.1 - versions prior to 14.1-43.56
• NetScaler ADC and NetScaler Gateway 13.1 - versions prior to 13.1-58.32
• NetScaler ADC 13.1-FIPS and NDcPP - versions prior to 13.1-37.235-FIPS and NDcPP
• NetScaler ADC 12.1-FIPS - versions prior to 12.1-55.328-FIPS
• NetScaler Console 14.1 - versions prior to 14.1.47.46
• NetScaler Console 13.1 - versions prior to 13.1.58.32
• NetScaler SDX (SVM) 14.1 - versions prior to 14.1.47.46
• NetScaler SDX (SVM) 13.1 - versions prior to 13.1.58.32

Review the following advisories and apply the necessary updates:

• Citrix Security Advisory - CTX694724
• Citrix Security Advisory - CTX693420
• Citrix Security Advisory - CTX694729
• Citrix Security Advisories

On 16^th June 2025. BeyondTrust published a security advisory to address vulnerabilities in the following products:

• Remote Support - version 24.2.2 to 24.2.4, 24.3.1 to 24.3.3, and 25.1.1
• Privileged Remote Access - version 24.2.2 to 24.2.4, 24.3.1 to 24.3.3, and 25.1.1

Review the following advisories and apply the necessary updates:

• BeyondTrust Security Advisory - Advisory ID: BT25-04
• BeyondTrust Advisories

On 17^th June 2025, Veeam published security advisories to address vulnerabilities in the following products:

• Veeam Backup & Replication - version 12.3.1.1139 and prior
• Veeam Agent for Microsoft Windows - version 6.3.1.1074 and prior

Review the following advisories and apply the necessary updates:

• Veeam Security Advisory - KB4743
• Veeam Knowledge Base

On 16^th June 2025, Apache published a security advisory to address vulnerabilities in the following products:

• Apache Tomcat - versions 11.0.0-M1 to 11.0.7
• Apache Tomcat - versions 10.1.0-M1 to 10.1.41
• Apache Tomcat - versions 9.0.0.M1 to 9.0.105

Review the provided Apache Security Advisory and apply the necessary updates.

Between June 9^th and 15^th, 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Review the following Red Hat Security Advisory and apply the necessary updates.

Between 9^th and 15^th June 2025, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• API Connect - version V10.0.5.0 to V10.0.5.9
• API Connect - version V10.0.8.0 to V10.0.8.2-iFix1
• IBM DataPower Gateway 10.6CD - versions 10.6.1.0 to 10.6.3.0
• IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data - multiple versions
• IBM MQ Operator - multiple versions
• IBM Robotic Process Automation - version 21.0.0 to 21.0.7.20 and version 23.0.0 to 23.0.20.1
• IBM Robotic Process Automation for Cloud Pak - version 21.0.0 to 21.0.7.20 and version 23.0.0 to 23.0.20.1
• IBM Security QRadar EDR - version 3.12
• IBM supplied MQ Advanced container images - multiple versions
• PowerVC - version 2.2.0, 2.2.1, 2.2.1.1, 2.2.1.2 and 2.3.0

Review the IBM Security Advisory and apply the necessary updates.

Between 9^th and 15^th June 2025, Dell published security advisories to address vulnerabilities in the Dell iDRAC Tools - versions prior to 11.3.0.0.

Review the following advisories and apply the necessary updates: 

• Dell Security Advisories - DSA-2025-169
• Dell Security advisories and notices

On 17^th June 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop - versions prior to 137.0.7151.119/.120 (Windows/Mac) and 137.0.7151.119 (Linux).

Review the Google security bulletins and apply the necessary updates.

On 11th June 2025, GitLab published security advisories to address vulnerabilities in the following products:

• GitLab Community Edition (CE) - versions prior to 18.0.2, 17.11.4, and 17.10.8
• GitLab Enterprise Edition (EE) - versions prior to 18.0.2, 17.11.4, and 17.10.8

• GitLab Patch Release: 18.0.2, 17.11.4, 17.10.8
• GitLab Releases

On 9^th June 2025, Trend Micro published security advisories to address vulnerabilities in Trend Micro Apex One.

Review the Trend Micro security bulletins and apply the necessary updates.

On 13^th June, BDNCIRT issued a situational alert regarding recent Cyber Threats.

Review the Situational Alert on recent Cyber Threats and take the necessary action.

On 18th April and 10th June, Apache published security advisories to address vulnerabilities in the following products:

• Apache CloudStack - versions 4.0.0 to 4.20.0.0 and versions 4.0.0 to 4.19.2.0
• Apache ActiveMQ NMS OpenWire Client - versions prior to 2.1.

• Security Improvements in Apache CloudStack 4.19.3.0 and 4.20.1.0
• CVE-2025-29953: Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass

On 11^th June 2025, Palo Alto Networks published security advisories to address vulnerabilities in multiple versions of PAN-OS. Included were updates for the following:

• GlobalProtect App 6.3 macOS - versions prior to 6.3.3
• GlobalProtect App 6.2 macOS - versions prior to 6.2.8-h2
• GlobalProtect App 6.1 macOS - all versions
• GlobalProtect App 6.0 macOS - all versions
• PAN-OS 11.2 - versions prior to 11.2.6
• PAN-OS 11.1 - versions prior to 11.1.10
• PAN-OS 11.0 - versions prior to 11.0.3
• PAN-OS 10.2 - versions prior to 10.2.14
• PAN-OS 10.1 - all versions
• Prisma Access Browser - versions prior to 136.24.1.93

Review the following advisories and apply the necessary updates:

• Palo Alto Networks Security Advisories - CVE-2025-4232 GlobalProtect: Authenticated Code Injection Through Wildcard on macOS
• Palo Alto Networks Security Advisories - CVE-2025-4231 PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface
• Palo Alto Networks Security Advisories - CVE-2025-4230 PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI
• Palo Alto Networks Security Advisories - PAN-SA-2025-0011
• Palo Alto Network Security Advisories

Between June 2^nd and June 8^th, 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Review the following Red Hat Security Advisory and apply the necessary updates.

On 10th June 2025, Mozilla published security advisory to address vulnerabilities in Firefox - versions prior to 139.0.4.

Review the Mozilla security bulletins and apply the necessary updates.

On 10^th June 2025, SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• SAP NetWeaver Application Server for ABAP - versions KERNEL 7.89, 7.93, 9.14 and 9.15
• SAP GRC (AC Plugin) - versions GRCPINW V1100_700 and V1100_731
• SAP Business Warehouse and SAP Plug-In Basis - versions PI_BASIS 2006_1_700, 701, 702, 731, 740, SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, 758, 914 and 915
• SAP BusinessObjects Business Intelligence (BI Workspace) - versions ENTERPRISE 430, 2025 and 2027
• SAP NetWeaver Visual Composer - version VCBASE 7.50
• SAP MDM Server - versions MDM_SERVER 710.750

Review the SAP Security Patch Day – June 2025 and apply the necessary updates.

On 10^th June 2025, HPE published a security advisory to address vulnerabilities in HPE Aruba Networking Private 5G Core - versions 1.24.1.0 to 1.25.1.0.

Review the HPE security bulletins and apply the necessary updates.

On 10^th June 2025, Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Windows Storage Management Provider
• Windows Cryptographic Services
• .NET and Visual Studio
• Windows Remote Desktop Services
• Windows Win32K - GRFX
• Windows Common Log File System Driver
• Windows Installer
• Remote Desktop Client
• Windows Media
• Windows SMB
• Windows Recovery Driver
• Windows Storage Port Driver
• Windows Local Security Authority Subsystem Service (LSASS)
• Windows DHCP Server
• Windows DWM Core Library
• WebDAV
• Microsoft Local Security Authority Server (lsasrv)
• Windows Local Security Authority (LSA)
• Windows Routing and Remote Access Service (RRAS)
• Windows Kernel
• Windows Standards-Based Storage Management Service
• App Control for Business (WDAC)
• Windows Netlogon
• Windows KDC Proxy Service (KPSSVC)
• Windows Shell
• Microsoft Office
• Microsoft Office SharePoint
• Microsoft Office Excel
• Microsoft Office Word
• Microsoft Office Outlook
• Microsoft Office PowerPoint
• Windows Remote Access Connection Manager
• Windows Security App
• Visual Studio
• Windows SDK
• Power Automate
• Microsoft AutoUpdate (MAU)
• Windows Hello
• Nuance Digital Engagement Platform

Review the Microsoft Security Updates and apply the necessary updates (Security Update Guide).

On 10^th June 2025, Adobe published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Acrobat DC - version 25.001.20521 and prior
• Acrobat Reader DC - version 25.001.20521 and prior
• Acrobat 2024 - version 24.001.30235 and prior
• Acrobat 2020 - version 20.005.30763 and prior
• Acrobat Reader 2020 - version 20.005.30763 and prior
• Adobe Commerce and Commerce B2B - multiple versions
• Adobe Experience Manager (AEM) - version 6.5.22 and prior
• Adobe InCopy - version 20.2 and prior, and version 19.53 and prior
• Adobe InDesign - version ID20.2 and prior, and version ID19.5.3 and prior
• Adobe Substance 3D Painter - version 11.0.1 and prior
• Adobe Substance 3D Sampler - version 5.0 and prior
• Magento Open Source - multiple versions

Review the Adobe Security Advisories and apply the necessary updates.

On 10^th June 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop - versions prior to 137.0.7151.103/.104 (Windows/Mac) and 137.0.7151.103 (Linux).

Review the Google security bulletins and apply the necessary updates.

Between 2nd June and 8th June 2025, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 22.04 LTS

Between 2^nd June to 8^th June 2025, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• GDSC Platform On-prem - version 3.7.1
• IBM Concert Software - versions 1.0.0 to 1.0.5
• IBM Cloud Pak for Security - versions 1.10.0.0 to 1.10.11.0
• IBM Security Verify Governance - version 10.0.2
• IBM Security Verify Governance - Identity Manager Virtual Appliance – version 10.0.2
• Maximo AI Service - version 9.0.5
• QRadar Suite Software - versions 1.10.12.0 to 1.11.2.0

Review the IBM Security Advisory and apply the necessary updates.

Between 2^nd June and 8^th June 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell SD-WAN EDGE610/610-LTE - versions prior to 2.6
• Dell SD-WAN EDGE620/640/680 - versions prior to 2.6
• Dell SmartFabric Manager - versions prior to 1.3.0
• PowerSwitch E3200-ON Series - versions prior to 3.57.5.1-5
• PowerSwitch N2200 Series - versions prior to 3.45.5.1-31
• PowerSwitch N3200-ON Series - versions prior to 45.5.1-31
• PowerSwitch S5448F-ON - versions prior to 3.52.5.1-12
• PowerSwitch Z9432F-ON - versions prior to 3.51.5.1-21
• PowerSwitch Z9264F-ON - versions prior to 3.42.5.1-21
• VEP1400 (VEP1425/1445/1485) - versions prior to 2.6

Review the following advisories and apply the necessary updates: 

• Dell Security Advisories - DSA-2025-233
• Dell Security Advisories - DSA-2025-216
• Dell Security advisories and notices

Between 9^th and 15^th June 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 LTS
• Ubuntu 16.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 22.04 LTS

Review the Ubuntu Security Notices and apply the necessary updates.

On 4^th June 2025. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) have issued an updated advisory on Play Ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play ransomware group and provides updated indicators of compromise (IOCs) to enhance threat detection.

Since June 2022, Playcrypt has targeted diverse businesses and critical infrastructure across North America, South America, and Europe, becoming one of the most active ransomware groups in 2024. As of May 2025, the FBI has identified approximately 900 entities allegedly exploited by these ransomware actors.

Review and implement the recommendations provided in the joint CSA to reduce the likelihood and impact of Play and other ransomware incidents.

On 4^th June 2025, HPE published a security advisory to address vulnerabilities in HPE Insight Remote Support - versions prior to 7.15.0.646.

Review the HPE security bulletins and apply the necessary updates.

On 6^th June 2025, Jenkins published a security advisory to address vulnerabilities in Gatling Plugin - version 136.vb_9009b_3d33a_e and prior.

Review the Jenkins Security Advisory and apply the necessary updates.

On 2^nd June 2025, Android published a security bulletin to address vulnerabilities affecting Android devices.

Review the Android Security Bulletin and apply the necessary updates.

On 4^th June 2025, VMware published security advisories to address vulnerabilities in the following products:

• VMware Cloud Foundation - versions 5.0.x, 5.1.x and 5.2.x
• VMware NSX - versions 4.0.x, 4.1.x, 4.2.1.x and 4.2.x
• VMware Telco Cloud Infrastructure - versions 2.x and 3.x
• VMware Telco Cloud Platform - versions 3.x, 4.x and 5.x

Review the following advisories and apply the necessary updates:

• VMSA-2025-0012: VMware NSX updates address multiple vulnerabilities (CVE-2025-22243, CVE-2025-22244, CVE-2025-22245)
• Security Advisories - VMware Cloud Foundation

On 4^th June 2025, BDNCIRT issued a Situational Awareness for Eid-ul-Adha Holidays.

Review the Situational Awareness for Eid-ul-Adha Holidays and take the necessary action.

On 3^rd June 2025 HPE published a security advisory to address vulnerabilities in HPE Telco Service Orchestrator - versions prior to v5.3.2.

Review the HPE security bulletins and apply the necessary updates.

On 3^rd June 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 137.0.3296.62.                

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

On 4^th June 2025, Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Cisco Identity Services Engine on Cloud Platforms (AWS) - versions 3.1, 3.2, 3.3 and 3.4
• Cisco Identity Services Engine on Cloud Platforms (Azure) - versions 3.2, 3.3 and 3.4
• Cisco Identity Services Engine on Cloud Platforms (OCI) - versions 3.2, 3.3 and 3.4
• Cisco Integrated Management Controller - UCS B-Series Blade Servers
• Cisco Integrated Management Controller - UCS C-Series Rack Servers
• Cisco Integrated Management Controller - UCS S-Series Storage Servers
• Cisco Integrated Management Controller - UCS X-Series Modular System
• Cisco Nexus Dashboard Fabric Controller (NDFC) - versions prior to 3.2(2f)

Review the following Cisco Security Advisory and apply the necessary updates

• Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability
• Cisco Integrated Management Controller Privilege Escalation Vulnerability
• Cisco Nexus Dashboard Fabric Controller SSH Host Key Validation Vulnerability
• Cisco Security Advisories

On 2^nd June 2025, SolarWinds published a security advisory to address vulnerabilities in the SolarWinds Platform – version 12.3.1.20 and prior.

Review the SolarWinds Security Advisory and apply the necessary updates.

On 2^nd June 2025, Splunk published a security update to address vulnerabilities in the following products.

• Splunk Enterprise - versions prior to 9.4.2, 9.3.4, 9.2.6 and 9.1.9
• Splunk Universal Forwarder - versions prior to 9.4.2, 9.3.4, 9.2.6 and 9.1.9
• Splunk Universal Forwarder for Windows - versions prior to 9.4.2, 9.3.4, 9.2.6 and 9.1.9

Review the following Splunk Security Advisory and apply the necessary updates:

• Incorrect permission assignment on Universal Forwarder for Windows during new installation or upgrade
• Third-Party Package Updates in Splunk Enterprise - June 2025
• Third-Party Package Updates in Splunk Universal Forwarder - June 2025
• Splunk Security Advisories

On 02^nd June 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop - versions prior to 137.0.7151.68/.69 (Windows/Mac) and 137.0.7151.68 (Linux).

Review the Google security bulletins and apply the necessary updates.

On 2^nd June 2025, Qualcomm published a security bulletin to address vulnerabilities affecting multiple chipsets.

Review the Qualcomm Security Bulletin and apply the necessary updates.

Between 26th May and 1st June 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux for Power LE - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Between 26th May and 1st June 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell APEX Cloud Platform for Red Hat OpenShift - versions prior to 03.03.01.00
• Dell Avamar - multiple versions and products
• Dell Connectrix SANnav - versions prior to 2.3.1a
• Dell NetWorker Runtime Environment (NRE) - version 8.0.24
• Dell NetWorker Virtual Edition (NVE) - multiple versions
• Dell PowerProtect DP Series Appliance (IDPA) - versions prior to 2.7.8
• Dell ThinOS - multiple versions
• Dell VxRail Appliance - versions 7.0.000 to 7.0.541

Between 26th May and 1st June 2025, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• Astronomer with IBM - version 0.36.1
• IBM DataStage on Cloud Pak for Data - versions 8.9 and 5.1.3
• IBM® Db2® - version 1.0 to 11.1.4.7, 11.5.0 to 11.5.9 and 12.1.0 to 12.1.1
• IBM DS8900F and DS8A00 - multiple products and versions
• IBM Guardium Data Protection - version 0
• IBM InfoSphere Information Server - version 7
• IBM Maximo Application Suite - Monitor Component - multiple versions
• IBM Observability with Instana (OnPrem) - Build 1.0.292 to 1.0.295
• IBM Process Mining - version 0.1
• IBM Rapid Infrastructure Automation - multiple versions
• IBM Guardium Data Protection - version 0
• IBM SPSS Collaboration and Deployment Services - version 5
• IBM Tivoli Monitoring - versions 6.3.0.7 to 6.3.0.7 Service Pack 19
• IBM Watson Discovery Cartridge ICP - Discovery - version 0.0 to 5.0.3
• IBM Watson Knowledge Catalog on-prem - Discovery - versions 8.6 and 4.8.7
• IBM Watson Knowledge Catalog on-prem - Discovery - versions 0.2, 5.0.3 and 5.1

On 1st June 2025, Roundcube published security advisories to address vulnerabilities in the following products:

• Webmail - versions prior to 1.5.10
• Webmail - versions prior to 1.6.11

• Security updates 1.6.11 and 1.5.10 released
• Roundcube Webmail 1.6.11
• Roundcube Webmail 1.5.10

Between 30^th May and 2^nd June 2025, HPE published a security advisory to address vulnerabilities in the following products:

• HPE StoreOnce Software – versions prior to 4.3.11
• HPE OneView – versions prior to v10.00

Review the following HPE Security Advisory and apply the necessary updates:

• HPE Security Bulletin - HPESBST04847
• HPE Security Bulletin - hpesbgn04853en_us
• HPE Security Bulletin Library

Between 26^th May and 1^st June 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

Review the Ubuntu Security Notices and apply the necessary updates.

On 29th May 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 137.0.3296.52.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

On 27th May 2025, Mozilla published security advisories to address vulnerabilities in the following products:

• Firefox ESR - versions prior to 128.11
• Firefox ESR - versions prior to 115.24
• Firefox - versions prior to 139

• Mozilla Foundation Security Advisory 2025-44
• Mozilla Foundation Security Advisory 2025-43
• Mozilla Foundation Security Advisory 2025-42
• Mozilla Security Advisories

On 27th May 2025 Citrix published a security Advisory to address a vulnerability in XenServer VM Tools for Windows - versions prior to 9.4.1.

Review Citrix security advisory and apply necessary updates.

On 27th May 2025, Google released security updates to address multiple vulnerabilities affecting Stable Channel Chrome for Desktop - versions prior to 137.0.7151.55/56 (Windows/Mac) and 137.0.7151.55 (Linux).

Review the Google security bulletins and apply the necessary updates.

Between 19th and 25th May 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products: Ubuntu 18.04 LTS Ubuntu 20.04 LTS Ubuntu 22.04 LTS Ubuntu 24.04 LTS Ubuntu 24.10 Review the Ubuntu Security Notices and apply the necessary updates.

Between 19th and 25th May 2025, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM Integrated Analytics System - versions 1.0.0.0 to 1.0.30.0
• IBM Integration Bus - versions 10.1.0.0 to 10.1.0.5
• IBM MANTA Automated Data Lineage for IBM Cloud Pak for Data - versions 5.0 to 5.1.2
• IBM Maximo AI Service - version 9.0.5
• IBM Security QRadar EDR - version 3.12
• IBM watsonx Assistant Cartridge - versions 4.0 to 5.1.2
• IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component - versions 5.0 to 5.1.2

Between 19th and 25th May 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Networking OS10 - versions prior to 10.5.6.9
• CloudBoost Virtual Appliance - versions prior to 19.12.0.1

• Dell Security Advisories - DSA-2025-175
• Dell Security Advisories - DSA-2025-160
• Dell Security advisories and notices

Between 19th and 25th May 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux for IBM - multiple versions and platforms
• Red Hat Enterprise Linux for Power - multiple versions and platforms
• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms

• RHSA-2025:7937 - Security Advisory
• RHSA-2025:8056 - Security Advisory
• RHSA-2025:8057 - Security Advisory
• RHSA-2025:8058 - Security Advisory
• Red Hat Security Advisories

On 22nd May 2025, HPE published a security advisory to address vulnerabilities in the following products:

• HPE NonStop SSL (T0910) - multiple versions
• HPE MR-WIN6530 (T0819) - multiple versions
• HPE NonStop SSH Server (T0801) - multiple versions

On 21st May 2025, GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 18.0.1, 17.11.3 and 17.10.7
• GitLab Enterprise Edition (EE) - versions prior to 18.0.1, 17.11.3 and 17.10.7

On 21st May 2025, Cisco published a security advisory to address a vulnerability in the Cisco Identity Services Engine (ISE) - version 3.4.

Review the Cisco Security Advisory and apply the necessary updates.

Between 12th to 18th May 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

Between 12th to 18th May 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux for Real Time - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Between 12th to 18th May 2025, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• Astronomer with IBM - version 0.36.1
• IBM ApplinX - version 11.1
• IBM Business Automation Workflow Enterprise Service Bus - multiple versions
• IBM Business Automation Workflow traditional - multiple versions
• IBM Event Streams - version 11.3.0 to 11.6.1
• IBM Storage Copy Data Management - version 2.2.0.0 to 2.2.25.0
• IBM watsonx Assistant for IBM Cloud Pak for Data - version 4.0.0 to 4.8.7

Between 12th to 18th May 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• APEX Cloud Platform for Red Hat OpenShift - versions prior to 03.04.01.00
• RecoverPoint for Virtual Machines - versions 6.0 SP1, 6.0 SP1 P1, 6.0 SP1 P2 and 6.0. SP2
• Dell EMC Networking VEP1425/1445/1485 - versions prior to 2.6
• Dell SD-WAN EDGE620/640/680 - versions prior to 3.50.0.9-21
• Dell SD-WAN EDGE610/610-LTE - versions prior to 3.43.0.9-24
• PowerFlex Appliance IC - versions prior to IC-38.367.01
• PowerSwitch Z9664F-ON - versions prior to 3.54.5.1-9
• PowerSwitch Z9432F-ON - versions prior to 3.51.5.1-21
• PowerSwitch Z9264F-ON - versions prior to 3.42.5.1-21
• PowerSwitch S5448F-ON - versions prior to 3.52.5.1-12
• PowerSwitch E3200-ON Series - versions prior to 3.57.5.1-5
• PowerSwitch N2200-ON Series - versions prior to 3.45.5.1-31
• PowerSwitch N3200-ON Series - versions prior to 3.45.5.1-31

• Dell Security Advisories - DSA-2025-209
• Dell Security Advisories - DSA-2025-202
• Dell Security Advisories - DSA-2025-197
• Dell Security Advisories - DSA-2025-196
• Dell Security advisories and notices

On 20th May 2025, Atlassian published security advisories to address vulnerabilities in the following products:

• Bamboo Data Center and Server - multiple versions
• Confluence Data Center and Server - multiple versions
• Fisheye/Crucible - version 4.9.0
• Jira Data Center and Server - multiple versions
• Jira Service Management Data Center and Server - multiple versions

On 17th May 2025, Mozilla published security advisories to address vulnerabilities in the following products:

• Firefox ESR - versions prior to 115.23.1
• Firefox ESR - versions prior to 128.10.1
• Firefox - versions prior to 138.0.4

• Mozilla Security Advisory (MFSA 2025-38)
• Mozilla Security Advisory (MFSA 2025-37)
• Mozilla Security Advisory (MFSA 2025-36)
• Mozilla Security Advisories

On 20th May 2025, Mozilla published security advisories to address vulnerabilities in the following products:

• vCenter Server - versions 7.0 and 8.0
• VMware ESXi - versions 7.0 and 8.0
• VMware Cloud Foundation (vCenter) - versions 4.5.x and 5.x
• VMware Cloud Foundation (ESXi) - versions 4.5.x and 5.x
• VMware Fusion - versions 13.x
• VMware Telco Cloud Platform (ESXi) - versions 2.x, 3.x, 4.x and 5.x
• VMware Telco Cloud Infrastructure (ESXi) - versions 2.x and 3.x
• VMware Telco Cloud Platform (vCenter) - versions 2.x, 3.x, 4.x and 5.
• VMware Telco Cloud Infrastructure (vCenter) - versions 2.x and 3.x
• VMware Workstation - versions 13.x and 17.x

• VMSA-2025-0009 : VMware Cloud Foundation updates address multiple vulnerabilities (CVE-2025-41229, CVE-2025-41230, CVE-2025-41231)
• VMSA-2025-0010 : VMware ESXi, vCenter Server, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)
• Security Advisories - VMware Cloud Foundation

On 15th May 2025, Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 136.0.3240.76.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

On 13th May 2025, Ivanti published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Ivanti Endpoint Manager Mobile (EPMM) - version 11.12.0.4 and prior
• Ivanti Endpoint Manager Mobile (EPMM) - version 12.3.0.1 and prior
• Ivanti Endpoint Manager Mobile (EPMM) - version 12.4.0.1 and prior
• Ivanti Endpoint Manager Mobile (EPMM) - version 12.5.0.0 and prior

• Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428)
• Ivanti Security Advisories

On 13th May 2025, Adobe published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Adobe Animate 2023 - version 23.0.11 and prior
• Adobe Animate 2024 - version 24.0.8 and prior
• Adobe Bridge - version 14.1.6 and prior
• Adobe Bridge - version 15.0.3 and prior
• Adobe ColdFusion 2021 - version Update 19 and prior
• Adobe ColdFusion 2023 - version Update 13 and prior
• Adobe ColdFusion 2025 - version Update 1 and prior
• Adobe Connect - version 12.8 and prior
• Adobe Dimension - version 4.1.1 and prior
• Adobe Dreamweaver - version 21.4 and prior
• Adobe Illustrator 2024 - version 28.7.5 and prior
• Adobe Illustrator 2025 - version 29.3 and prior
• Adobe InDesign - version ID19.5.2 and prior
• Adobe InDesign - version ID20.2 and prior
• Adobe Lightroom - version 8.2 and prior
• Adobe Substance 3D Modeler - version 1.21.0 and prior
• Adobe Substance 3D Stager - version 3.1.1 and prior
• Photoshop 2024 - version 25.12.2 and prior
• Photoshop 2025 - version 26.5 and prior
• Adobe Substance 3D Painter - version 11.0 and prior

On 14th May 2025, Palo Alto Networks published a security advisory to address a critical vulnerability in Prisma Access Browser - versions prior to 135.16.8.96.

Review the Palo Alto Networks Security Advisory and apply the necessary updates.

On 14th May 2025, Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 136.0.7103.113 for Linux and prior to versions prior to 136.0.7103.113/114 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

From 9th to 13th May 2025, Juniper Networks published a security advisory to address a critical vulnerability in the following products:

• Juniper Secure Analytics - versions 7.5.0 to versions prior to 7.5.0 UP11 IF02
• Junos OS - versions 19.4R1 and later
• Junos OS Evolved - versions 22.3R1 and later

• 2024-05 Reference Advisory: Junos OS and Junos OS Evolved: Multiple CVEs reported in OpenSSH
• On Demand: JSA Series: Multiple vulnerabilities resolved in Juniper Secure Analytics in 7.5.0 UP11 IF03
• Juniper Networks Security Advisories

On 14th May 2025, Jenkins published a security advisory to address vulnerabilities in the following products:

• Cadence vManager Plugin - version 4.0.1-286.v9e25a_740b_a_48 and prior
• DingTalk Plugin - version 2.7.3 and prior
• Health Advisor by CloudBees Plugin - version 374.v194b_d4f0c8c8 and prior
• OpenID Connect Provider Plugin - version 96.vee8ed882ec4d and prior
• WSO2 Oauth Plugin - version 1.0 and prior

• Jenkins Security Advisory 2025-05-15
• Jenkins Security Advisories

Between the 5th to 11th May 2025, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM App Connect Operator - multiple versions
• IBM App Connect Enterprise Certified Containers Operands - multiple versions
• IBM Application Modernization Accelerator - versions 4.0.0 to 4.1.0
• IBM Business Automation Insights - versions 24.0.0 and 24.0.1
• IBM CICS TX Advanced - versions 10.1 and 11.1
• IBM Cloud Pak for Business Automation - multiple versions
• IBM Cloud Pak for Data System 1.0 - versions 1.0.0.0 to 1.0.8.4
• IBM Cloud Transformation Advisor - versions 2.0.1 to 4.1.0
• IBM Cognos Dashboards on Cloud Pak for Data - versions 4.8.0 to 4.8.8 and versions 5.0.0 to 5.1.2
• IBM Content Collector for Email - version 4.0.1
• IBM Content Collector for File Systems - version 4.0.1
• IBM Content Collector for Microsoft - version 4.0.1
• IBM Maximo AI Service - version 9.0.5
• IBM Maximo Application Suite - versions 8.8, 8.9 and 9.0
• IBM Maximo Application Suite - Location Service for Esri Component - version 9.0
• IBM Operational Decision Manager - multiple versions
• IBM Planning Analytics Local - IBM Planning Analytics Workspace - versions 2.0 and 2.1
• IBM Storage Scale - versions 1.7.0 to 5.1.9.8 and 5.2.2.0 to 5.2.2.1
• IBM Storage Virtualize vSphere Remote Plug-in - multiple versions
• IBM TXSeries for Multiplatforms - multiple versions
• IBM Watson Knowledge Catalog on-prem - versions 4.5.2, 4.6.6 to 4.8.6 and versions 5.0 to 5.0.3
• IBM Watson Machine Learning Accelerator on Cloud Pak for Data - versions 4.8.2 to 4.8.6 and versions 5.0 to 5.0.2
• IBM watsonx Orchestrate with watsonx Assistant Cartridge - versions 4.8.4 to 4.8.5
• IBM watsonx Orchestrate with watsonx Assistant Cartridge - versions 5.0.0 to 5.1.2
• IBM watsonx.data - version 2.1.2
• Red Hat OpenShift on IBM Cloud - multiple versions

On 12th May 2025, VMware published security advisories to address vulnerabilities in the following products:

• VMware Aria Automation - version 8.18.x
• VMware Cloud Foundation - version 4.x and 5.x
• VMware Telco Cloud Platform - version 5.x

• MSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)
• Security Advisories - VMware Cloud Foundation

On 12th May 2025, Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS - versions prior to 18.5
• iPadOS - versions prior to 17.7.7
• macOS Sequoia - versions prior to 15.5
• macOS Sonoma - versions prior to 14.7.6
• macOS Ventura - versions prior to 13.7.6
• Safari - versions prior to 18.5

On 13th May 2025, Fortinet published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• FortiCamera 1.1 - all versions
• FortiCamera 2.0 - all versions
• FortiCamera 2.1 - version 2.1.0 to 2.1.3
• FortiMail - version 7.0.0 to 7.0.8
• FortiMail - version 7.2.0 to 7.2.7
• FortiMail - version 7.4.0 to 7.4.4
• FortiMail - version 7.6.0 to 7.6.2
• FortiNDR - version 1.1 to 1.4
• FortiNDR - version 1.5.0 to 1.5.3
• FortiNDR - version 7.0.0 to 7.0.6
• FortiNDR - version 7.1.0 to 7.1.1
• FortiNDR - version 7.2.0 to 7.2.4
• FortiNDR - version 7.4.0 to 7.4.7
• FortiNDR - version 7.6.0
• FortiOS - version 7.4.4 to 7.4.6
• FortiOS - version 7.6.0
• FortiProxy - version 7.6.0 to 7.6.1
• FortiRecorder - version 6.4.0 to 6.4.5
• FortiRecorder - version 7.0.0 to 7.0.5
• FortiRecorder - version 7.2.0 to 7.2.3
• FortiSwitchManager - version 7.2.5
• FortiVoice - versions 6.4.0 to 6.4.10
• FortiVoice - versions 7.0.0 to 7.0.6
• FortiVoice - versions prior to 7.2.0

• Fortinet PSIRT - FG-IR-25-254 (CVE-2025-32756)
• Fortinet PSIRT - FG-IR-25-472 (CVE-2025-22252)
• Fortinet PSIRT Advisories

On 13th May 2025, SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• SAP Business Objects Business Intelligence Platform (PMW) - versions ENTERPRISE 430, 2025 and 2027
• SAP Landscape Transformation (PCL Basis) - versions DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2018_1_752, 2020, S4CORE 102, 103, 104, 105, 106, 107 and 108
• SAP NetWeaver (Visual Composer development server) - version VCFRAMEWORK 7.50
• SAP Supplier Relationship Management (Live Auction Cockpit) - version SRM_SERVER 7.14
• SAP S/4HANA S4CORE Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) - versions S4CORE 102, 103, 104, 105, 106, 107, 108, SCM_BASIS 700, 701, 702, 712, 713 and 714

On 13th May 2025, Ivanti published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• Ivanti Cloud Services Application - version 5.0.4 and prior
• Ivanti Neurons for ITSM (on-prem only) - versions 2023.4, 2024.2 and 2024.3

• Security Advisory Ivanti Cloud Services Application (CVE-2025-22460)
• Security Advisory Ivanti Neurons for ITSM (on-premises only) (CVE-2025-22462)
• Ivanti Security Advisories

On 12th and 13th May 2025, Intel published security advisories to address vulnerabilities in multiple products.

Review the provided Intel Security Advisories and perform the suggested mitigations.

On 13th May 2025, Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Microsoft 365 Apps - multiple versions and platforms
• Microsoft Office - multiple versions and platforms
• Windows 10 - multiple versions and platforms
• Windows 11 - multiple versions and platforms
• Windows Server - multiple versions and platforms

Between May 5 and 11, 2025, Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

Between 5th and 11th May 2025, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Between 5th to 11th May 2025, Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Connectrix SANnav - versions prior to 2.3.1a
• Dell Edge Gateway - multiple models and versions prior to 2.00.10
• Dell EMC Networking VEP1425/VEP1445/VEP1485 - versions prior to 2.6
• Dell Networking VEP4600 - multiple models and versions prior to 4.3
• Dell PowerFlex rack - versions prior to 3.7.7.0
• Dell PowerFlex rack - versions prior to 3.8.2.0
• Dell PowerSwitch - multiple models and versions
• Dell SD-WAN Edge 600 - versions prior to 2.6
• Dell Storage Manager DSM - versions prior to 2020 R1.21

Commvault published a security advisory to address a critical vulnerability in Commvault - versions 11.38.0 to 11.38.19

Review the Security Advisory and apply the necessary updates.

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 136.0.3240.64.

Release notes for Microsoft Edge Security Updates and apply the necessary updates.

F5 published Quarterly Security Notifications for multiple products. Included were updates for the following:

• BIG-IP (all modules) - versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.5, and versions 15.1.0 to 15.1.10
• BIG-IP (APM) - versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.5, and versions 15.1.0 to 15.1.10
• BIG-IP (PEM) - versions 17.1.0 to 17.1.2, versions 16.1.0 to 16.1.5, and versions 15.1.0 to 15.1.10
• BIG-IP Next (all modules) - versions 20.2.0 to 20.2.1
• BIG-IP Next SPK - versions 1.8.0 to 1.9.2 and versions 1.7.0 to 1.9.2
• BIG-IP Next CNF - versions 1.1.0 to 1.4.1
• F5OS-A - versions 1.5.1 to 1.5.3
• F5OS-C - versions 1.6.0 to 1.6.2

Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• 1000 Series Integrated Services Routers
• 1100 Series Integrated Services Routers (ISRs)
• 4000 Series Integrated Services Routers
• Integrated access points (APs) in Integrated Service Routers (ISR)1100 (Wi-Fi 6)
• Catalyst 8200 Series Edge Platforms
• Catalyst 8300 Series Edge Platforms
• Catalyst 8500 Series Edge Platforms
• Catalyst 8500L Series Edge Platforms
• Catalyst 9800-CL Wireless Controllers for Cloud
• Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
• Catalyst 9800 Series Wireless Controllers
• Embedded Wireless Controller on Catalyst 9100X Access Points
• Catalyst SD-WAN Manager - versions 20.8 and prior, 20.9, 20.10, 20.11, 20.12, 20.13, 20.14, 20.15, and 20.16
• Wi-Fi 6 pluggable module for Catalyst IR1800 Rugged Series Routers
• Cisco Industrial Ethernet 2000, 4000, 4010, and 5000 Series Switches
• Cisco IOS, IOS XE, NX-OS and IOS XR Software
• Cisco Adaptive Security Appliance (ASA) Software
• Cisco Firepower Threat Defense (FTD) Software

SonicWall published a security advisory to address vulnerabilities in SonicWall SMA 100 Series (SMA 200, 210, 400, 410, 500v) - version 10.2.1.14-75sv and prior.

Review the Security Advisory and apply the necessary updates.

Drupal published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Enterprise MFA - TFA for Drupal - versions prior to 4.7.0 and versions 5.0.0 to versions prior to 5.2.0
• Restrict route by IP - versions prior to 1.3.0

• Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047
• Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054
• Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-0554
• Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-056

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 136.0.7103.92 for Linux and prior to 136.0.7103.92/.93 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Android published a security bulletin to address vulnerabilities affecting Android devices.

Review the Android Security Bulletin and apply the necessary updates.

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell APEX Cloud Platform for Microsoft Azure - versions prior to 01.04.01.00
• Dell VxRail Appliance - versions 8.0.000 to 8.0.322
• PowerFlex Appliance IC - versions prior to IC 46.377.00 and versions prior to IC 46.382.00
• PowerFlex rack RCM - versions prior to 6.7.1

• DSA-2025-194: Security Update for Dell PowerFlex Rack Multiple Third-Party Component Vulnerabilities
• DSA-2025-193: Security Update for Dell PowerFlex Appliance Multiple Third-Party Component Vulnerabilities
• DSA-2025-152: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities
• DSA-2025-170: Security Update for Dell APEX Cloud Platform for Microsoft Azure and Dell APEX Cloud Platform Foundation Software Multiple Third-Party Component Vulnerabilities
• Dell Security advisories and notices

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• CP4NA - version 2.7.7
• GDSC Platform On-prem - version 3.7.1
• IBM Cloud Pak for Business Automation - versions V24.0.1 to V24.0.1-IF001 and versions 24.0.0 to 24.0.0-IF004
• IBM Cloud Pak System - version 2.3.4.0 (Intel)
• IBM Planning Analytics Cartridge - versions 5.0.0 to 5.1.0
• IBM Planning Analytics Cartridge for IBM Cloud Pak for Data - versions 4.8.0 to 4.8.8
• IBM watsonx Orchestrate with watsonx Assistant Cartridge - versions 4.8.4 to 4.8.5 and versions 5.0.0 to 5.1.1
• IBM Watson Speech Services Cartridge - versions 4.0.0 to 5.1.2

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 20.04 ESM
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 136.0.3240.50.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 136.0.7103.59 for Linux and prior to 136.0.7103.48/49 for Windows and Apple MAC.

Review the Google security bulletins  and apply the necessary updates.

Mozilla published security advisories to address vulnerabilities in the following products:

• VMware Tanzu GemFire Vector Database - versions prior to 1.2.0
• VMware Tanzu Greenplum - versions prior to 7.4.1

• Product Release Advisory - VMware Tanzu Gemfire 1.2.0
• Product Release Advisory - VMware Tanzu Greenplum 7.4.1
• Security Advisories - Tanzu

Mozilla published security advisories to address vulnerabilities in the following products:

• Thunderbird ESR - versions prior to 128.10
• Thunderbird - versions prior to 138
• Firefox ESR - versions prior to 115.23
• Firefox ESR - versions prior to 128.10
• Firefox - versions prior to 138

• Mozilla Security Advisory (MFSA 2025-32)
• Mozilla Security Advisory (MFSA 2025-31)
• Mozilla Security Advisory (MFSA 2025-30)
• Mozilla Security Advisory (MFSA 2025-29)
• Mozilla Security Advisory (MFSA 2025-28)

Apache published a security advisory to address vulnerabilities in the following products:

• Apache Tomcat - versions 11.0.0-M1 to 11.0.5
• Apache Tomcat - versions 10.1.0-M1 to 10.1.39
• Apache Tomcat - versions 9.0.0.M1 to 9.0.102

• Apache Tomcat - 9.0.104
• Apache Tomcat - 10.1.40
• Apache Tomcat - 11.0.6

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell APEX Cloud Platform for Red Hat OpenShift - versions prior to 03.02.04.00
• Dell Connectrix B-Series - versions 9.1.0 to 9.1.1d6
• Dell PowerProtect Data Manager - versions 19.15.0 to 19.18.0-23

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM Power HMC V10.2.1030.0 - version V10.2.1030.0
• IBM Power HMC V10.3.1050.0 - version V10.3.1050.0
• IBM QRadar SIEM - version 7.5 to 7.5.0 UP11 IF03
• IBM webMethods B2B (on-prem) - versions 10.11, 10.15 and 11.1
• IBM webMethods Integration (on prem) - versions 10.11, 10.15 and 11.1

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS
• Ubuntu 24.10

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 135.0.3179.98.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

GitHub published a security advisory to address a critical vulnerability in the following products:

• GitLab Community Edition (CE) - versions prior to 17.11.1, 17.10.5 and 17.9.7
• GitLab Enterprise Edition (EE) - versions prior to 17.11.1, 17.10.5 and 17.9.7

Cisco published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• ConfD
• ConfD Basic
• Intelligent Node Manager
• Network Services Orchestrator (NSO)
• Smart PHY
• Ultra Cloud Core - Subscriber Microservices Infrastructure

HPE published a security advisory to address vulnerabilities in the following products:

• HPE Brocade Fabric OS - versions prior to v9.1.1d7 and v9.2.0
• HPE Compute Scale-up Server 3200 - versions prior to v1.55.98
• HPE Performance Cluster Manager HPCM 1.12 and prior
• HPE Superdome Flex 280 Server - versions prior to v2.00.12
• HPE Telco Unified OSS Console - versions prior to v3.1.15

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 135.0.7049.114 for Linux and prior to 135.0.7049.114/115 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM App Connect Enterprise - versions 12.0.1.0 to 12.0.12.12 and 13.0.1.0 to 13.0.2.2
• IBM CICS TX Standard - version 11.1
• IBM Cloud Pak for Security - version 1.10.0.0 to 1.10.11.0
• IBM Maximo Application Suite - multiple versions
• PowerVC - versions 2.1.1.2, 2.2.0, 2.2.1, 2.2.1.1 and 2.3.0
• QRadar Suite Software - version 1.10.12.0 to 1.11.1.0

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Data Lakehouse - versions prior to 1.4.0.0
• Dell Storage Resource Manager - versions prior to 5.1.0.0
• Dell Storage Monitoring and Reporting - versions prior to 5.1.0.0
• PowerStore 1000X - versions prior to 3.2.1.6-2476179
• PowerStore 3000X - versions prior to 3.2.1.6-2476179
• PowerStore 5000X - versions prior to 3.2.1.6-2476179
• PowerStore 7000X - versions prior to 3.2.1.6-2476179
• PowerStore 9000X - versions prior to 3.2.1.6-2476179

• DSA-2025-165: Dell Storage Resource Manager (SRM) and Dell Storage Monitoring and Reporting (SMR) Security Update for Multiple Third-Party Component Vulnerabilities
• DSA-2025-182: Dell PowerStore X Security Update for Multiple Vulnerabilities
• DSA-2025-184: Security Update for Dell Data Lakehouse Multiple Third-Party Component Vulnerabilities
• Dell Security advisories and notices

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat CodeReady Linux Builder - multiple versions and platforms
• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms
• Red Hat Enterprise Linux Server for Real Time - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 0.3179.85.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Apple published security updates to address vulnerabilities in the following products:

• iOS and iPadOS - versions prior to 18.4.1
• macOS Sequoia - versions prior to 15.4.1

Cisco published a security advisory to address a vulnerability in the Cisco Webex App - versions 44.6 and 44.7.

Review the Cisco Security Advisory and apply the necessary updates.

Mozilla published security advisories to address vulnerabilities in Firefox - versions prior to 137.0.2.

Review the Mozilla security bulletins and apply the necessary updates.

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 135.0.7049.95 for Linux and prior to 135.0.7049.95/96 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Atlassian published security advisories to address vulnerabilities in the following products:

• Bamboo Data Center and Server - multiple versions
• Confluence Data Center and Server - multiple versions
• Jira Data Center and Server - multiple versions
• Jira Service Management Data Center and Server - multiple versions

Oracle published a security advisory to address vulnerabilities in multiple products. Included were critical updates for the following:

• Oracle Analytics
• Oracle Application Express
• Oracle Autonomous Health Framework
• Oracle Commerce
• Oracle Communications Applications
• Oracle Communications
• Oracle Construction and Engineering
• Oracle E-Business Suite
• Oracle Enterprise Manager
• Oracle Financial Services Applications
• Oracle Food and Beverage Applications
• Oracle Fusion Middleware
• Oracle GoldenGate
• Oracle Hospitality Applications
• Oracle Hyperion
• Oracle Insurance Applications
• Oracle Java SE
• Oracle JD Edwards
• Oracle MySQL
• Oracle PeopleSoft
• Oracle Policy Automation
• Oracle Retail Applications
• Oracle Siebel CRM
• Oracle Solaris
• Oracle SQL Developer
• Oracle Supply Chain
• Oracle Support Tools
• Oracle TimesTen In-Memory Database
• Oracle Utilities
• Oracle Virtualization

Ubuntu published a security notice to address vulnerabilities in the Linux kernel affecting the following products:

• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM
• Ubuntu 18.04 ESM
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS
• Ubuntu 24.04 LTS

Dell published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• Dell Avamar Data Store Gen5a - version ADS Gen5A
• Dell Integrated System for Microsoft Azure Stack HCI - multiple versions and models
• Dell Integrated System for Microsoft Azure Stack Hub 16G - versions prior to 2502
• Dell iDRAC9 - versions prior to 7.00.00.181 and 7.20.30.50
• Dell NetWorker Management Console - versions prior to 19.11.04 and 19.12.0.1
• Dell PowerProtect Cyber Recovery Software - versions prior to 19.18.0.2
• Dell PowerProtect Data Manager DM5500 Appliance Software - versions prior to 5.19

IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products

• IBM Business Automation Manager Open Editions - versions 8.0.0 to 8.0.6
• IBM Guardium Data Protection - version 11.4, 12.0 and 12.1
• IBM Integration Bus for z/OS - versions 10.1.0.0 to 10.1.0.5
• IBM PCOMM - versions v14.x and v15.x
• IBM Process Mining - versions 2.0.0 IF001 and 2.0.0
• IBM Storage Protect Plus - versions 10.1.0. to 10.1.16
• IBM Storage Protect Server - version 8.1
• IBM Storage Scale - versions 5.1.7.0 to 5.1.9.8 and 5.2.0.0 to 5.2.2.0
• IBM Security Verify Governance - version ISVG 10.02
• IBM Security Verify Governance, Identity Manager Software Stack - version ISVG 10.02
• IBM Security Verify Governance, Identity Manager Virtual Appliance - version ISVG 10.02

Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

• Red Hat Enterprise Linux - multiple versions and platforms
• Red Hat Enterprise Linux Server for Power LE - multiple versions and platforms
• Red Hat Enterprise Linux Server - multiple versions and platforms

• RHSA-2025:3832 - Security Advisory
• Red Hat Security Advisories

Microsoft published a security update to address vulnerabilities in Edge Stable Channel - versions prior to 135.0.3179.73.

Review the Release notes for Microsoft Edge Security Updates and apply the necessary updates.

Juniper Networks published a security advisory to address a critical vulnerability in the following products:

• CTP View - versions prior to 9.2R1
• Junos OS - multiple versions
• Junos OS Evolved - multiple versions
• Junos OS on EX and QFX5k Series - multiple versions
• Junos OS on MX Series - multiple versions
• Juno OS on SRX Series - multiple versions
• Junos Space - versions prior to 24.1R3
• Junos Space Security Director - versions prior to 24.1R3

Palo Alto Networks published a security advisory to address a critical vulnerability in Prisma Access Browser - versions prior to 132.83.3017.1.

Review the Palo Alto Networks Security Advisory and apply the necessary updates.

Drupal published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

• ECA : Event - Condition - Action – versions 1.2.x, versions prior to 1.1.12, version 2.0.0 to versions prior to 2.0.16 and version 2.1.0 to versions prior to 2.1.7
• Panels - versions prior to 4.9.0

• ECA: Event - Condition - Action - Critical - Cross site request forgery - SA-CONTRIB-2025-031
• Panels - Critical - Access bypass - SA-CONTRIB-2025-033
• Drupal Security Advisories

HPE published a security advisory to address vulnerabilities in HPE Cray XD670 - versions prior to BMC v1.19.

Review the HPE security bulletins and apply the necessary updates.

SAP published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

• SAP Capital Yield Tax Management - versions CYTERP 420_700, CYT 800, IBS 7.0 and CYT4HANA 100
• SAP Commerce Cloud -versions HY_COM 2205 and COM_CLOUD 2211
• SAP Financial Consolidation -version 1010
• SAP Landscape Transformation DMIS- versions 2011_1_700, 2011_1_710, 2011_1_730 and 2011_1_731
• SAP NetWeaver and ABAP Platform (Service Data Collection)- versions ST-PI 2008_1_700, 2008_1_710 and 740
• SAP NetWeaver Application Server ABAP - versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89 and 7.93
• SAP S/4HANA S4CORE - versions 102, 103, 104, 105, 106, 107 and 108

Fortinet published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• FortiSwitch 7.6 version 7.6.0
• FortiSwitch 7.4 versions 7.4.0 to 7.4.4
• FortiSwitch 7.2 versions 7.2.0 to 7.2.8
• FortiSwitch 7.0 versions 7.0.0 to 7.0.10
• FortiSwitch 6.4 versions 6.4.0 to 6.4.14

Review the Fortinet Advisory and apply the necessary updates.

Ivanti published a security advisory to address a vulnerability in Ivanti Endpoint Manager version 2024 and version 2022 SU6 and prior.

Review the Security Advisory April 2025 for Ivanti EPM 2024 and EPM 2022 SU6 and apply the necessary updates.

Adobe published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Adobe After Effects version 24.6.4 and prior and version 25.1 and prior
• Adobe Animate 2024 version 24.0.7 and prior
• Adobe Animate 2023 version 23.0.10 and prior
• Adobe Bridge version 14.1.5 and prior and version 15.0.2 and prior
• Adobe Commerce multiple versions
• Adobe Commerce B2B multiple versions
• Adobe Experience Manager Forms on JEE version 6.5.22.0 (AEMForms-6.5.0-0093) and prior
• Adobe Experience Manager Screens version AEM 6.5 Screens FP11.3 and prior
• Adobe FrameMaker version 2022 Release Update 5 and prior
• Adobe FrameMaker version 2020 Release Update 7 and prior
• Adobe Media Encoder version 24.6.4 and prior and version 25.1 and prior
• Adobe Premiere Pro version 25.1 and prior and version 24.6.4 and prior
• Adobe XMP-Toolkit-SDK version 2023.12 and prior
• ColdFusion 2025 version build 331385
• ColdFusion 2023 version Update 12 and prior
• ColdFusion 2021 version Update 18 and prior
• Magento Open Source multiple versions
• Photoshop 2025 version 26.4.1 and prior
• Photoshop 2024 version 25.12.1 and prior

Review the Adobe Security Advisories and apply the necessary updates

Google has released security updates to address multiple vulnerabilities affecting Stable Channel Chrome versions 135.0.7049.84 for Linux and prior to 0.7049.84/85 for Windows and Apple MAC.

Review the Google security bulletins and apply the necessary updates.

Microsoft published security advisories to address vulnerabilities in multiple products. Included were updates for the following products:

• Microsoft 365 Apps - multiple versions and platforms
• Microsoft Office - multiple versions and platforms
• Windows 10 - multiple versions and platforms
• Windows 11 - multiple versions and platforms
• Windows Server - multiple versions and platforms 

Review the Microsoft Security Updates and apply the necessary updates (Security Update Guide).