Table of Contents
In this week’s Security Advisory:
- Multiple Cisco Products Vulnerable to Unauthenticated Remote Code Execution Vulnerability
- SAP NetWeaver Vulnerability Under Active Exploitation
- Apple AirBorne Vulnerability Can Lead to AirPlay RCE Attacks
- Security Updates for Google Chrome and Mozilla Firefox
Multiple Cisco Products Vulnerable to Unauthenticated Remote Code Execution Vulnerability
A critical vulnerability, CVE-2025-32433 (CVSS 10/10), in Erlang/OTP SSH allows unauthenticated remote attackers to execute code on affected devices. Erlang is a programming language typically used in telecom systems. Erlang/OTP is an additional set of libraries and tools built on top of the programming language to provide components like SSH for remote access. Multiple Cisco products utilize Erlang/OTP and are vulnerable to this issue. The company released an advisory detailing the affected devices and what versions to upgrade to.
Affected Versions
- A full list of affected versions can be found here.
Recommendations
- Apply the latest patches.
More Reading / Information
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy?
- https://www.bleepingcomputer.com/news/security/critical-erlang-otp-ssh-pre-auth-rce-is-surprisingly-easy-to-exploit-patch-now/
SAP NetWeaver Critical Vulnerability Under Active Exploitation
The vulnerability, CVE-2025-31324 (CVSS 10/10), is the result of a missing authorization check included with the Visual Composer Metadata Uploader component of SAP’s NetWeaver product and can allow attackers to upload malicious executable files. When exploited, an attacker can gain full control of the affected NetWeaver product. There are credible reports of this being exploited in the wild, and CyberMaxx recommends urgent patching of the vulnerability.
Affected Versions
- SAP NetWeaver VCFRAMEWORK 7.50.
Recommendations
- Apply the latest patches provided in SAP’s security note.
More Reading / Information
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html
- https://www.securityweek.com/exploited-vulnerability-exposes-over-400-sap-netweaver-servers-to-attacks/
- https://www.bleepingcomputer.com/news/security/over-1-200-sap-netweaver-servers-vulnerable-to-actively-exploited-flaw/
Apple AirBorne Vulnerability Can Lead to AirPlay RCE Attacks
Two vulnerabilities, tracked as CVE-2025-24252 and CVE-2025-24132, affecting Apple’s AirPlay Protocol and AirPlay Software Development Kit (SDK) are exposing devices to remote code execution, Man-in-the-Middle, and Denial-of-Service attacks that can bypass access control lists and user interaction. To exploit this, an attacker needs to be on the same network as the targeted device. After exploitation, attackers can then use the affected device to gain access to other vulnerable AirPlay devices on the same network. Apple addressed this by releasing patches to the AirPlay audio SDK, AirPlay Video SDK, and CarPlay Communication Plug-in.
Affected Versions
- A full list of affected versions can be found here.
Recommendations
- Apply the latest iOS updates to all Apple devices.
More Reading / Information
- https://www.wired.com/story/airborne-airplay-flaws/
- https://www.bleepingcomputer.com/news/security/apple-airborne-flaws-can-lead-to-zero-click-airplay-rce-attacks/
- https://support.apple.com/en-us/122403
Security Updates for Google Chrome and Mozilla Firefox
Google Chrome announced patches with an updated browser version, which has addressed eight new vulnerabilities. Successful exploitation of these can lead to buffer overflows and data validation issues.
Mozilla has released updates to Firefox ESR, Thunderbird, and Thunderbird ESR to address eleven new vulnerabilities that could lead to privilege escalation, sandbox escape, and arbitrary code execution.
Recommendations
- Upgrade Google Chrome to version 136.0.7103.49 for Windows and Mac, and 136.0.7103.59 for Linux.
- Recent versions of Google Chrome have auto-update enabled by default. Organizations should confirm that the setting is not disabled and that they are not running any versions where the auto-update setting was not enabled by default. If updates are not set to auto-update, organizations need to ensure that they are communicating the need to update browsers with their users. Follow-up confirmation that the updates have been applied to users is essential. Additionally, browsers must be restarted to apply updates.
- Upgrade Mozilla Firefox to version 138.
- Recent versions of Firefox have auto-update enabled by default. Organizations should confirm that the setting is not disabled and that they are not running any versions where the auto-update setting was not enabled by default. If updates are not set to auto-update, organizations need to ensure that they are communicating the need to update browsers with their users. Follow-up confirmation that the updates have been applied to users is essential. Additionally, browsers must be restarted to apply updates.
More Reading / Information
- https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities will have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.
