Spyke

Syndicated from the fediverse. Read and engage on the original instance.

View original on lemmy.ml
security·SecuritybyCedric

Vulnerability Report - September 2025

Introduction

This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community.

It highlights the most frequently mentioned vulnerability for September 2025, based on sightings collected from various sources, including MISP, Exploit-DB, Bluesky, Mastodon, GitHub Gists, The Shadowserver Foundation, Nuclei, SPLOITUS, and more. For further details, please visit this page.

The Month at a Glance

September 2025 has been marked by a diverse set of vulnerability sightings across multiple platforms and software ecosystems. The data collected through Vulnerability-Lookup indicates that both newly disclosed and previously known vulnerabilities continued to see active exploitation and discussion in the wild.

CVE-2025-10585, affecting Google Chrome, dominated the reports with 94 sightings. Other frequently sighted vulnerabilities include CVE-2025-10035 in Fortra’s GoAnywhere MFT and CVE-2025-42957 in SAP S/4HANA, both of which reflect persistent enterprise-level risks. These instances underscore the continued need for rapid patch deployment and robust monitoring in enterprise environments.

Network and infrastructure devices also remained a focus for adversaries. Vulnerabilities such as CVE-2023-51767 in OpenSSH and several router-specific CVEs like CVE-2017-18368 highlight the ongoing relevance of securing network endpoints against unauthorized access and exploitation. Similarly, Linux-based vulnerabilities, including CVE-2024-50264, accounted for a significant number of sightings, reinforcing the importance of kernel updates and system hardening practices.

From a severity perspective, most sightings fell into the High and Critical categories, with VLAI confidence scores often exceeding 0.95. This aligns with global observations of attackers prioritizing high-impact targets, such as widely used browsers, enterprise software, and critical network infrastructure. For example, Adobe Commerce, Sitecore Experience Manager, and Microsoft Entra were all associated with vulnerabilities of critical severity, underlining the necessity for organizations to prioritize patching and risk mitigation.

September 2025 reinforces several key trends in the cybersecurity landscape: high-severity vulnerabilities remain prevalent across browsers, enterprise software, and networking devices; unpublished vulnerabilities are actively exploited; and community-driven data aggregation plays a critical role in timely awareness and response. Organizations are encouraged to review patch management processes, monitor community sightings, and leverage threat intelligence feeds to mitigate exposure to these ongoing threats.

This month’s report features a new section dedicated to Known Exploited Vulnerabilities catalogs.

Top 10 Vendors of the Month

Top 15 vulnerabilities of the Month

VulnerabilitySighting CountVendorProductVLAI Severity
CVE-2025-1058594GoogleChromeHigh (confidence: 0.9945)
CVE-2025-1003579FortraGoAnywhere MFTCritical (confidence: 0.9076)
CVE-2025-4295771SAP_SESAP S/4HANA (Private Cloud or On-Premise)Critical (confidence: 0.9849)
CVE-2025-5524168MicrosoftMicrosoft EntracHigh (confidence: 0.4512)
CVE-2025-5423664AdobeAdobe CommerceCritical (confidence: 0.9679)
CVE-2024-5026460LinuxLinuxHigh (confidence: 0.9854)
CVE-2015-205158dlinkdir-645High (confidence: 0.4993)
CVE-2023-5176757opensshopensshHigh (confidence: 0.5824)
CVE-2017-1836857zyxelp660hn-t1a_v2Critical (confidence: 0.9679)
CVE-2025-4330054AppleiOS and iPadOSHigh (confidence: 0.9548)
CVE-2025-5517753FacebookWhatsApp Desktop for MacHigh (confidence: 0.5006)
CVE-2018-1056251dasannetworksgpon_routerCritical (confidence: 0.9522)
CVE-2016-155549netgearwnap320Critical (confidence: 0.9159)
CVE-2025-2033348code-projectsBlood Bank Management SystemMedium (confidence: 0.9945)
CVE-2025-5369044SitecoreExperience Manager (XM)Critical (confidence: 0.9573)

Known Exploited Vulnerabilities

New entries have been added to major Known Exploited Vulnerabilities catalogs.

CISA

CVE IDDate AddedVendorProductVLAI Severity
CVE-2025-5968929/09/25CiscoIOSMedium (confidence: 0.8045)
CVE-2025-1003529/09/25FortraGoAnywhere MFTCritical (confidence: 0.9076)
CVE-2025-3246329/09/25Sudo projectSudoHigh (confidence: 0.5599)
CVE-2021-2131129/09/25vranaadminerHigh (confidence: 0.6111)
CVE-2025-2035229/09/25CiscoIOSHigh (confidence: 0.9912)
CVE-2025-2033325/09/25CiscoCisco Adaptive Security Appliance (ASA) SoftwareCritical (confidence: 0.9823)
CVE-2025-2036225/09/25CiscoCisco Adaptive Security Appliance (ASA) SoftwareMedium (confidence: 0.9948)
CVE-2025-1058523/09/25GoogleChromeHigh (confidence: 0.9945)
CVE-2025-508611/09/25Dassault SystèmesDELMIA AprisoCritical (confidence: 0.9632)
CVE-2025-5369004/09/25SitecoreExperience Manager (XM)Critical (confidence: 0.9573)
CVE-2025-4854304/09/25GoogleAndroidHigh (confidence: 0.9709)
CVE-2025-3835204/09/25LinuxLinuxHigh (confidence: 0.8176)
CVE-2023-5022403/09/25TP-LinkTL-WR841NMedium (confidence: 0.9651)
CVE-2025-937703/09/25TP-Link Systems Inc.Archer C7(EU) V2High (confidence: 0.9895)
CVE-2020-2436302/09/25TP-Linktl-wa855reHigh (confidence: 0.9407)

ENISA

CVE IDDate AddedVendorProductVLAI Severity
CVE-2025-2523109/09/25OmnissaOmnissa Workspace ONE UEMHigh (confidence: 0.8877)

Top 10 Weaknesses of the Month

Click the image for more information.

Unpublished Vulnerabilities in the Wild

Sightings detected between 2025-09-01 and 2025-09-30 that are associated with unpublished vulnerabilities.

Continuous Exploitation

Insights from Contributors

Thank you

Thank you to all the contributors and our diverse sources!

If you want to contribute to the next report, you can create your account.

Feedback and Support

If you have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us!
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/

Funding

The main objective of Federated European Team for Threat Analysis (FETTA) is improvement of Cyber Threat Intelligence (CTI) products available to the public and private sector in Poland, Luxembourg, and the European Union as a whole.
Developing actionable CTI products (reports, indicators, etc) is a complex task and requires an in-depth understanding of the threat landscape and the ability to analyse and interpret large amounts of data. Many SOCs and CSIRTs build their capabilities in this area independently, leading to a fragmented approach and duplication of work.

The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to provide a systematic response facility to computer security threats and incidents. The organization brings to the table its extensive experience in cybersecurity incident management, threat intelligence, and proactive response strategies. With a strong background in developing innovative open source cybersecurity tools and solutions, CIRCL’s contribution to the FETTA project is instrumental in achieving enhanced collaboration and intelligence sharing across Europe.

Press release

View original on lemmy.ml
4

3 replies

lemmy.radio

From a security perspective I'd be surprised if number of mentions as a metric has any bearing whatsoever on the impact or urgency of a CVE.

If you're using mentions as a proxy for affected user base, I'd hazard an opinion that there are better ways of determining the impact footprint of a CVE.

Finally, a vulnerability rating or priority is determined and published with each CVE, so I'd expect that this would take into account some of those considerations.

That said, a vendor ranking seems like something that I've not seen before, mind you, the notion that Microsoft didn't make it into the list is gobsmacking considering that patch Tuesday addressed 81 flaws and 2 zero-days in September.

In my opinion, he idea seems useful, but the execution needs some work.

2

Considering vendor ranking. I see this quite often. Recently during Vuln4Cast conference. I think we will try some CNA ranking as well. Just to see. Or make a CNA classification. For example some CNAs often publish advisories related to Wordpress vulnerabilities that are barely maintained. I would like to be able to make stats including or excluding various CNAs, vendors, etc. We need first to handle couple of new indexes in our system for this.

1

Most of the time, yes. It has a relation with the impact. I’m referring to activity on social networks such as Mastodon and Bluesky, but also to other sources like Nuclei templates, Metasploit modules, and the Shadowserver Honeypot dataset. We rely on different types of sightings. It’s not just about “mentions.” The sightings used in the reports are from different sources: https://www.vulnerability-lookup.org/tools/#sightings

Regarding social network mentions, especially on platforms like Bluesky, I was quite skeptical at first since there’s a lot of noise. Lot of people are simply ranting. I changed my mind on this. Honestly, most of the time when we observe a spike in activity shortly after — or even before — the publication of an advisory, it turns out to be a severe vulnerability. Or something we have to look at.

We discussed this topic in our paper presented in Berlin: https://www.vulnerability-lookup.org/events/#first-cyber-threat-intelligence-conference , and more recently, we explored its connection with forecasting and automated classification techniques in our paper “VLAI: A RoBERTa-Based Model for Automated Vulnerability Severity Classification.”

1

You reached the end