Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws
Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclosed as publicly known at the time of the release.
Of the 111 vulnerabilities, 16 are rated Critical, 92 are rated Important, two are rated Moderate, and one is rated Low in severity. Forty-four of the vulnerabilities relate to privilege escalation, followed by remote code execution (35), information disclosure (18), spoofing (8), and denial-of-service (4) defects.
This is in addition to 16 vulnerabilities addressed in Microsoft’s Chromium-based Edge browser since the release of last month’s Patch Tuesday update, including two spoofing bugs affecting Edge for Android.
Included among the vulnerabilities is a privilege escalation vulnerability impacting Microsoft Exchange Server hybrid deployments (CVE-2025-53786, CVSS score: 8.0) that Microsoft disclosed last week.
The publicly disclosed zero-day is CVE-2025-53779 (CVSS score: 7.2), another privilege escalation flaw in Windows Kerberos that stems from a case of relative path traversal. Akamai researcher Yuval Gordon has been credited with discovering and reporting the bug.
Source: The hacker news / Bleeping Computer / Krebs on security / Securityweek / CISCO Talos intelligence group / SANS internet storm center
Link: https://thehackernews.com/2025/08/microsoft-august-2025-patch-tuesday.html
Link: https://krebsonsecurity.com/2025/08/microsoft-patch-tuesday-august-2025-edition/
Link: https://www.securityweek.com/microsoft-patches-over-100-vulnerabilities/
Link: https://blog.talosintelligence.com/microsoft-patch-tuesday-august-2025/
Link: https://isc.sans.edu/diary/Microsoft%20August%202025%20Patch%20Tuesday/32192
Adobe Patches Over 60 Vulnerabilities Across 13 Products
Adobe’s August 2025 Patch Tuesday updates address more than 60 vulnerabilities across 3D design, content creation, publishing and other types of products.
The software giant has published 13 new advisories, including five that cover vulnerabilities in Substance 3D products such as Viewer, Modeler, Painter, Sampler, and Stager.
In each of them Adobe patched one or more critical (high severity based on CVSS score) code execution vulnerabilities, and in some of them multiple important (medium severity) memory leaks.
In Commerce and the Magento open source solution Adobe fixed four critical vulnerabilities that can be exploited for privilege escalation, denial of service (DoS), and arbitrary file system read, along with two security feature bypass issues.
In Animate, the company patched one critical arbitrary code execution vulnerability and a memory leak, while in Illustrator it addressed three code execution flaws and one DoS issue.
Source: Securityweek
Link: https://www.securityweek.com/adobe-patches-over-60-vulnerabilities-across-13-products/
WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately
The maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability.
Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version of the tool that could be exploited to obtain arbitrary code execution by crafting malicious archive files.
“When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of a specified path,” WinRAR said in an advisory.
Anton Cherepanov, Peter Kosinar, and Peter Strycek from ESET have been credited for discovering and reporting the security defect, which has been addressed in WinRAR version 7.13 released on July 30, 2025.
Source: The hacker news / Bleeping computer
Link: https://thehackernews.com/2025/08/winrar-zero-day-under-active.html
Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws
Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution.
The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025-49457 (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation.
“Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access,” Zoom said in a security bulletin on Tuesday.
The issue, reported by its own Offensive Security team, affects the following products –
- Zoom Workplace for Windows before version 6.3.10
- Zoom Workplace VDI for Windows before version 6.3.10 (except 6.1.16 and 6.2.12)
- Zoom Rooms for Windows before version 6.3.10
- Zoom Rooms Controller for Windows before version 6.3.10
- Zoom Meeting SDK for Windows before version 6.3.10
The disclosure comes as multiple vulnerabilities have been disclosed in Xerox FreeFlow Core, the most severe of which could result in remote code execution.
Source: The hacker news
Link: https://thehackernews.com/2025/08/zoom-and-xerox-release-critical.html
Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code
Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild.
The vulnerability, tracked as CVE-2025-25256, carries a CVSS score of 9.8 out of a maximum of 10.0.
“An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests,” the company said in a Tuesday advisory.
The following versions are impacted by the flaw –
- FortiSIEM 6.1, 6.2, 6.3, 6.4, 6.5, 6.6 (Migrate to a fixed release)
- FortiSIEM 6.7.0 through 6.7.9 (Upgrade to 6.7.10 or above)
- FortiSIEM 7.0.0 through 7.0.3 (Upgrade to 7.0.4 or above)
- FortiSIEM 7.1.0 through 7.1.7 (Upgrade to 7.1.8 or above)
- FortiSIEM 7.2.0 through 7.2.5 (Upgrade to 7.2.6 or above)
- FortiSIEM 7.3.0 through 7.3.1 (Upgrade to 7.3.2 or above)
- FortiSIEM 7.4 (Not affected)
Fortinet acknowledged in its advisory that a “practical exploit code for this vulnerability was found in the wild,” but did not share any additional specifics about the nature of the exploit and where it was found. It also noted that the exploitation code does not appear to produce distinctive indicators of compromise (IoCs).
Source: The hacker news / Bleeping computer
Link: https://thehackernews.com/2025/08/fortinet-warns-about-fortisiem.html
ICS Patch Tuesday: Major Vendors Address Code Execution Vulnerabilities
August 2025 Patch Tuesday advisories have been published by several major companies offering industrial control system (ICS) and other operational technology (OT) solutions.
Siemens has published 22 new advisories. One of them is for CVE-2025-40746, a critical Simatic RTLS Locating Manager issue that can be exploited by an authenticated attacker for code execution with System privileges.
The company has also published advisories covering high-severity vulnerabilities in Comos (code execution), Siemens Engineering Platforms (code execution), Simcenter (crash or code execution), Sinumerik controllers (unauthorized remote access), Ruggedcom (authentication bypass with physical access), Simatic (code execution), Siprotect (DoS), and Opcenter Quality (unauthorized access).
Siemens also addressed vulnerabilities introduced by the use of third-party components, including OpenSSL, Linux kernel, Wibu Systems, Nginx, Nozomi Networks, and SQLite.
Medium- and low-severity issues have been resolved in Simotion Scout, Siprotec 5, Simatic RTLS Locating Manager, Ruggedcom ROX II, and Sicam Q products. As usual, Siemens has released patches for many of these vulnerabilities, but only mitigations or workarounds are available for some of the flaws.
Source: Securityweek
Link: https://www.securityweek.com/ics-patch-tuesday-major-vendors-address-code-execution-vulnerabilities/
SAP Patches Critical S/4HANA Vulnerability
SAP has fixed more than a dozen vulnerabilities with its August 2025 Patch Tuesday updates, including critical vulnerabilities.
This Patch Tuesday — or as the enterprise software giant calls it, Security Patch Day — 15 new security notes (fixes) have been released, along with four updates to previous fixes.
Onapsis, a company specializing in enterprise application security, which often finds SAP product vulnerabilities, pointed out that the vendor has released a total of 26 new and updated fixes since the previous Patch Tuesday.
Of these 26 fixes, four have been classified as ‘hot news’ or ‘critical’, including two that are new and two updates to previous patches. The new ‘hot news’ patches are for CVE-2025-42950 and CVE-2025-42957, which have been described as code injection issues.
According to Onapsis, they can be exploited for arbitrary code execution, which can lead to a full system compromise.
CVE-2025-42950 and CVE-2025-42957 are the same vulnerability, Onapsis said, but different CVEs have been assigned to different products. CVE-2025-42957 has been assigned to the S/4HANA enterprise resource planning (ERP) software, while CVE-2025-42950 is for the older generation of the ERP software, ERP Central Component (ECC).
Source: Securityweek
Link: https://www.securityweek.com/sap-patches-critical-s-4hana-vulnerability/
Malvertising campaign leads to PS1Bot, a multi-stage malware framework
Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C#, which we are referring to as “PS1Bot.”
PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious activities on infected systems, including information theft, keylogging, reconnaissance and the establishment of persistent system access.
PS1Bot has been designed with stealth in mind, minimizing persistent artifacts left on infected systems and incorporating in-memory execution techniques to facilitate execution of follow-on modules without requiring them to be written to disk.
PS1Bot distribution campaigns have been extremely active since early 2025, with new samples being observed frequently throughout the year.
The information stealer module implementation leverages wordlists embedded into the stealer to enumerate files containing passwords and seed phrases that can be used to access cryptocurrency wallets, which the stealer also attempts to exfiltrate from infected systems.
Source: CISCO Talos intelligence group
Link: https://blog.talosintelligence.com/ps1bot-malvertising-campaign/