MUST READ

Operation Zero Disco: Threat actors targets Cisco SNMP flaw to drop Linux rootkits

 | 

U.S. CISA adds Adobe Experience Manager Forms flaw to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA adds SKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities catalog

 | 

Spanish fashion retailer MANGO disclosed a data breach

 | 

Qilin Ransomware announced new victims

 | 

200,000 Linux systems from Framework are shipped with signed UEFI components vulnerable to Secure Boot bypass

 | 

SAP fixed maximum-severity bug in NetWeaver

 | 

Unencrypted satellites expose global communications

 | 

Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor

 | 

Researchers warn of widespread RDP attacks by 100K-node botnet

 | 

Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group

 | 

UK NCSC Reports 429 cyberattacks in a year, with nationally significant cases more than doubling

 | 

Unverified COTS hardware enables persistent attacks in small satellites via SpyChain

 | 

Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884

 | 

Customer payment data stolen in Unity Technologies’s SpeedTree website compromise

 | 

SimonMed Imaging discloses a data breach impacting over 1.2 million people

 | 

Microsoft revamps Internet Explorer Mode in Edge after August attacks

 | 

Astaroth Trojan abuses GitHub to host configs and evade takedowns

 | 

Google, Mandiant expose malware and zero-day behind Oracle EBS extortion

 | 

Stealit Malware spreads via fake game & VPN installers on Mediafire and Discord

 | 

U.S. CISA adds SKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini October 16, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds OracSKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added OracSKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Below are the descriptions for these flaws:

  • CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
  • CVE-2025-6264 Rapid7 Velociraptor Incorrect Default Permissions Vulnerability
  • CVE-2025-24990 Microsoft Windows Untrusted Pointer Dereference Vulnerability
  • CVE-2025-47827 IGEL OS Use of a Key Past its Expiration Date Vulnerability
  • CVE-2025-59230 Microsoft Windows Improper Access Control Vulnerability

The vulnerability CVE-2016-7836 in SKYSEA Client View (≤ v11.221.03) allows remote code execution due to improper authentication handling in TCP connections with the management console.

Velociraptor lets endpoints expose VQL “Artifacts” that often run with elevated privileges. The Admin.Client.UpdateClientConfig artifact failed to require the higher EXECVE permission, so any user with COLLECT_CLIENT (typically the Investigator role) could collect and invoke it to modify client configuration. The CVE-2025-6264 flaw enables arbitrary command execution and potential endpoint takeover; however, the exploitation requires prior ability to collect artifacts from the target.

The two actively exploited Windows zero-days added the KeV catalog are CVE-2025-24990 in the Agere Modem Driver and CVE-2025-59230 in RasMan. Both flaws allow privilege escalation. Microsoft plans to remove the vulnerable driver instead of patching it.

The last issue added to the catalog, tracked CVE-2025-47827, is a Secure Boot bypass that affects IGEL OS versions before 11, publicly disclosed June 2025 by Zack Didcott. Exploitation lets an attacker deploy a kernel-level rootkit to compromise IGEL OS and virtual desktops, potentially capturing credentials and tampering sessions. The flaw is not remote: it typically requires physical access, enabling “evil-maid” style attacks.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix the vulnerabilities by November 4, 2025.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

Hacking hacking news information security news IT Information Security Microsoft Windows Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini October 16, 2025
Operation Zero Disco: Threat actors targets Cisco SNMP flaw to drop Linux rootkits
Read more
Pierluigi Paganini October 16, 2025
U.S. CISA adds Adobe Experience Manager Forms flaw to its Known Exploited Vulnerabilities catalog
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Operation Zero Disco: Threat actors targets Cisco SNMP flaw to drop Linux rootkits

Malware / October 16, 2025

U.S. CISA adds Adobe Experience Manager Forms flaw to its Known Exploited Vulnerabilities catalog

Security / October 16, 2025

China-linked APT Jewelbug targets Russian IT provider in rare cross-nation cyberattack

APT / October 16, 2025

U.S. CISA adds SKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities catalog

Security / October 16, 2025

Spanish fashion retailer MANGO disclosed a data breach

Data Breach / October 16, 2025