Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs
Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release.
Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited in the wild as a zero-day. Like last month, 38 of the disclosed flaws are related to privilege escalation, followed by remote code execution (22), information disclosure (14), and denial-of-service (3).
„For the third time this year, Microsoft patched more elevation of privilege vulnerabilities than remote code execution flaws,“ Satnam Narang, senior staff research engineer at Tenable, said. „Nearly 50% (47.5%) of all bugs this month are privilege escalation vulnerabilities.“
The patches are in addition to 12 vulnerabilities addressed in Microsoft’s Chromium-based Edge browser since the release of August 2025’s Patch Tuesday update, including a security bypass bug (CVE-2025-53791, CVSS score: 4.7) that has been patched in version 140.0.3485.54 of the browser.
The vulnerability that has been flagged as publicly known is CVE-2025-55234 (CVSS score: 8.8), a case of privilege escalation in Windows SMB.
„SMB Server might be susceptible to relay attacks depending on the configuration,“ Microsoft said. „An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks.“
Source: The hacker news / Bleeping computer / Krebs on security / Securityweek / CISCO Talos intelligence group / SANS internet storm center
Link: https://thehackernews.com/2025/09/microsoft-fixes-80-flaws-including-smb.html
Link: https://krebsonsecurity.com/2025/09/microsoft-patch-tuesday-september-2025-edition/
Link: https://www.securityweek.com/microsoft-patches-86-vulnerabilities/
Link: https://blog.talosintelligence.com/microsoft-patch-tuesday-september-2025/
Link: https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20September%202025/32270
Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks
Samsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has been exploited in zero-day attacks.
The vulnerability, CVE-2025-21043 (CVSS score: 8.8), concerns an out-of-bounds write that could result in arbitrary code execution.
„Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code,“ Samsung said in an advisory. „The patch fixed the incorrect implementation.“ According to a 2020 report from Google Project Zero, libimagecodec.quram.so is a closed-source image parsing library developed by Quramsoft that implements support for various image formats.
The critical-rated issue, per the South Korean electronics giant, affects Android versions 13, 14, 15, and 16. The vulnerability was privately disclosed to the company on August 13, 2025.
Source: The hacker news / Bleeping computer / Securityweek
Link: https://thehackernews.com/2025/09/samsung-fixes-critical-zero-day-cve.html
Link: https://www.securityweek.com/samsung-patches-zero-day-exploited-against-android-users/
Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild.
The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file.
„Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,“ the company said.
Since then, WhatsApp has acknowledged that a vulnerability in its messaging apps for Apple iOS and macOS (CVE-2025-55177, CVSS score: 5.4) had been chained with CVE-2025-43300 as part of highly-targeted spyware attacks aimed at less than 200 individuals.
While the shortcoming was first addressed by the iPhone maker late last month with the release of iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Ventura 13.7.8, macOS Sonoma 14.7.8, and macOS Sequoia 15.6.1, it has also been released for the following older versions –
- iOS 16.7.12 and iPadOS 16.7.12 – iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
- iOS 15.8.5 and iPadOS 15.8.5 – iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
The updates have been rolled out alongside iOS 26, iPadOS 26, iOS 18.7, iPadOS 18.7, macOS Tahoe 26, macOS Sequoia 15.7, macOS Sonoma 14.8, tvOS 26, visionOS 26, watchOS 26, Safari 26, and Xcode 26, which also address a number of other security flaws.
Source: The hacker news / Bleeping computer / Securityweek
Link: https://thehackernews.com/2025/09/apple-backports-fix-for-cve-2025-43300.html
Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover
Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments.
„Attackers need only minimal in-cluster network access to exploit these vulnerabilities, execute the platform’s fault injections (such as shutting down pods or disrupting network communications), and perform further malicious actions, including stealing privileged service account tokens,“ JFrog said in a report shared with The Hacker News.
Chaos Mesh is an open-source cloud-native Chaos Engineering platform that offers various types of fault simulation and simulates various abnormalities that might occur during the software development lifecycle.
The issues, collectively called Chaotic Deputy, are listed below –
- CVE-2025-59358 (CVSS score: 7.5) – The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial-of-service
- CVE-2025-59359 (CVSS score: 9.8) – The cleanTcs mutation in Chaos Controller Manager is vulnerable to operating system command injection
- CVE-2025-59360 (CVSS score: 9.8) – The killProcesses mutation in Chaos Controller Manager is vulnerable to operating system command injection
- CVE-2025-59361 (CVSS score: 9.8) – The cleanIptables mutation in Chaos Controller Manager is vulnerable to operating system command injection
An in-cluster attacker, i.e., a threat actor with initial access to the cluster’s network, could chain CVE-2025-59359, CVE-2025-59360, CVE-2025-59361, or with CVE-2025-59358 to perform remote code execution across the cluster, even in the default configuration of Chaos Mesh.
Source: The hacker news
Link: https://thehackernews.com/2025/09/chaos-mesh-critical-graphql-flaws.html
Critical SAP S/4HANA Vulnerability Under Attack, Patch Now
A critical code injection vulnerability in SAP’s S/4HANA ERP software that was first disclosed last month is now under exploitation in the wild.
SAP previously disclosed and patched CVE-2025-42957, which affects both private cloud and on-premise S/4HANA instances. The flaw, which received a 9.9 CVSS score, allows attackers with low-privileged user access to inject SAP’s ABAP code into a system to fully compromise it. The vulnerability was discovered and reported to the software maker by SecurityBridge, an SAP-focused security firm based in Germany.
In a blog post Thursday, SecurityBridge said it discovered an exploit for CVE-2025-42957 and confirmed it has been used in the wild. „While widespread exploitation has not yet been reported, SecurityBridge has verified actual abuse of this vulnerability,“ the blog post said. „That means attackers already know how to use it – leaving unpatched SAP systems exposed.“
SecurityBridge added that SAP’s patch for CVE-2025-42957 is „relatively easy“ to reverse engineer, and that successful exploitation gives attackers access to the operating system and all data in the targeted SAP system. Joris Van De Vis, director of research at SecurityBridge, says the scope and scale of the exploitation activity is „limited“ and that to the company’s knowledge, there is no public proof-of-concept exploit for the vulnerability.
Source: Dark reading
Link: https://www.darkreading.com/vulnerabilities-threats/sap-4hana-vulnerability-under-attack