August Vulnerabilities of Note

Search IOCs, vulnerabilities, APT…

216.73.217.22

← Back to attack reports

August Vulnerabilities of Note

· Published 15/09/2025 18:00 · Modified 15/09/2025 22:09

Share: LinkedIn Facebook Mastodon X

Export JSON

Essential information

Published: 15/09/2025 18:00
Modified: 15/09/2025 22:09
Tags: 2025-09-15 CVE-2025-20265 CVE-2025-25256 CVE-2025-7775 CVE-2025-8088 CVE-2025-8875 CVE-2025-8876 command injection deserialization exploitation mythic c2 agent patch management remote code execution rustyclaw snipbot vulnerability
Related entities: 20 vulnerabilities (cve), 11 observables, 1 intrusion sets (apt), 12 techniques (mitre), 3 malware, 12 others

Description

In August 2025, eighteen high-impact vulnerabilities were identified for prioritized remediation, down from 22 in July. The month saw a focus on Citrix and D-Link flaws, with active exploitation of Citrix NetScaler products and D-Link routers. OS Command Injection was the most common weakness. One vulnerability was linked to a malware campaign by the Russia-linked group RomCom. Six vulnerabilities allowed remote code execution, affecting WinRAR, Citrix, FreePBX, and Microsoft products. Notable exploits included a critical Citrix NetScaler flaw (CVE-2025-7775) and a WinRAR vulnerability (CVE-2025-8088) used by RomCom to deliver malware. Other significant vulnerabilities affected N-able N-central, Cisco Secure FMC, and Fortinet FortiSIEM.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Vulnerabilities (CVE) (20)

CVE-2025-8424

8.7 High

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the …

Published: 20/12/2025
Modified: 27/05/2026

Received

CVE-2025-57819 KEV

9.8 Critical

Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary …

Attack vector: NETWORK
Complexity: Low
Published: 28/08/2025
Modified: 18/06/2026

CWE-89

CVE-2025-7776

8.8 High

Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is …

Attack vector: Network
Published: 26/08/2025
Modified: 27/05/2026

Undergoing Analysis

CVE-2025-7775 KEV

9.2 Critical

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured …

Attack vector: Network
Published: 26/08/2025
Modified: 27/05/2026

Analyzed

CVE-2025-43300 KEV

10.0 Critical

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS …

Attack vector: Network
Complexity: Low
Published: 21/08/2025
Modified: 27/05/2026

CWE-787 Received

CVE-2025-8876 KEV

9.4 Critical

Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.

Attack vector: Network
Published: 13/08/2025
Modified: 27/05/2026

Analyzed

CVE-2025-8875 KEV

9.4 Critical

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

Attack vector: Local
Published: 13/08/2025
Modified: 27/05/2026

Analyzed

CVE-2025-20265

10.0 Critical

A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to …

Attack vector: Network
Published: 14/08/2025
Modified: 27/05/2026

Awaiting Analysis

CVE-2025-25256

9.8 Critical

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through …

Attack vector: Network
Published: 12/08/2025
Modified: 27/05/2026

Received

CVE-2024-26009

8.1 High

An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, FortiOS 6.2.0 through 6.2.16, FortiOS …

Attack vector: Network
Complexity: High
Published: 12/08/2025
Modified: 27/05/2026

CWE-288 Received

CVE-2007-0671 KEV

8.8 High

Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This …

Attack vector: Network
Complexity: Low
Published: 03/02/2007
Modified: 27/05/2026

CVE-2013-3893 KEV

8.8 High

Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or …

Attack vector: Network
Complexity: Low
Published: 18/09/2013
Modified: 27/05/2026

CWE-399 CWE-416

CVE-2025-8088 KEV

8.8 High

RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary …

Attack vector: Network
Published: 12/08/2025
Modified: 27/05/2026

CVE-2020-25079 KEV

D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddns_enc.cgi. The impacted products could be end-of-life (EoL) and/or end-of-service …

Published: 05/08/2025
Modified: 27/05/2026

CVE-2020-25078 KEV

D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be …

Published: 05/08/2025
Modified: 27/05/2026

CVE-2025-54948 KEV

9.4 Critical

Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload …

Attack vector: Network
Published: 18/08/2025
Modified: 27/05/2026

Awaiting Analysis

CVE-2025-48384 KEV

8.0 High

Git contains a link following vulnerability that stems from Git’s inconsistent handling of carriage return characters in configuration files.

Attack vector: Network
Published: 25/08/2025
Modified: 27/05/2026

CVE-2022-40799 KEV

8.8 High

D-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands …

Attack vector: Network
Published: 05/08/2025
Modified: 27/05/2026

CVE-2024-8068 KEV

8.0 High

Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must …

Attack vector: Adjacent
Published: 25/08/2025
Modified: 27/05/2026

Awaiting Analysis

CVE-2024-8069 KEV

8.0 High

Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account …

Attack vector: Adjacent
Published: 25/08/2025
Modified: 27/05/2026

Awaiting Analysis

Observables (11)

https://gohazeldale.com
https://srlaptop.com/s/0.7.8/clarity.js
https://melamorri.com/iEZGPctehTZ
https://campanole.com/TOfrPOseJKZ
srlaptop.com
melamorri.com
gohazeldale.com
campanole.com
e0cbe8f18315a2ee781de48565dc8a087a1564557c42c66067f65c267120c894
0517d413beb3e124e773d7ccc1983b226d6593d1f46a81ba7e79a8b48d6242fa
8082956ace8b016ae8ce16e4a777fe347c7f80f8a576a6f935f9d636a30204e7

Intrusion sets (APT) (1)

RomCom

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:51 · Modified 27/05/2026 15:52

Techniques (MITRE) (12)

T1588.002

Tool
T1204.002

Malicious File
T1203

Exploitation for Client Execution
T1105

Ingress Tool Transfer
T1047

Windows Management Instrumentation
T1055

Process Injection
T1210

Exploitation of Remote Services
T1204

User Execution
T1190

Exploit Public-Facing Application
T1078

Valid Accounts
T1068

Exploitation for Privilege Escalation
T1059

Command and Scripting Interpreter

Malware (3)

Mythic C2 agent

Family

Published 15/09/2025 18:00 · Modified 15/09/2025 18:00
RustyClaw

Family

Published 15/09/2025 18:00 · Modified 15/09/2025 18:00
SnipBot

Family

Published 15/09/2025 18:00 · Modified 15/09/2025 18:00

Others (12)

British Indian Ocean Territory
Kenya
Singapore
India
Australia
Netherlands
Canada
Germany
United Kingdom of Great Britain and Northern Ireland
United States of America
Technology
Telecommunications

External references

https://www.recordedfuture.com/blog/august-2025-cve-landscape
https://otx.alienvault.com/pulse/68c8542d707c703692b65d8f

Contact About Legal notice Privacy policy Terms of use