Table of Contents

    About the Author

    Security Advisory

    Security Advisory

    The CyberMaxx team publishes weekly security advisories based on data and research found in the wild.

    More Articles

    Get Our Blogs Directly to Your Inbox, Every Friday

    Additional Resources:

    Security Advisory: Weekly Advisory January 21st, 2025

    Security Advisory: Weekly Advisory January 21st, 2025

    Cybersecurity News

    3 min read

    In this week’s Security Advisory

    • WatchGuard Patches Firebox Zero-Day
    • SonicWall Patches Exploited Vulnerability
    • Critical Vulnerability in n8n Workflow Automation Leads to RCE
    • MongoDB Patches High Severity RCE Vulnerability

    WatchGuard Patches Firebox Zero-Day

    WatchGuard has released fixes to address a critical security flaw in Fireware OS, which it claims has been exploited in real-world attacks. This vulnerability is being tracked as CVE-2025-14733 (CVSS score of 9.3/10). The zero-day is an out-of-bounds write issue affecting the Fireware OS’s Internet Key Exchange Daemon (IKED) process. WatchGuard has confirmed that successful exploitation of the flaw could allow remote, unauthenticated attackers to execute arbitrary code on vulnerable devices.

    Affected Versions

    • Fireware OS versions 11.x, 12.x, and 2025.x.

    Recommendations

    • Patch to versions 2025.1.4, 12.11.6, 12.5.15, and 12.3.1_Update4 (B728352).
    • No patch will be released for Fireware OS 11.x, which has reached end-of-life (EoL).

    More Reading / Information

    SonicWall Patches Exploited Vulnerability

    SonicWall patched a newly discovered vulnerability in its SMA 1000 solution. Tracked as CVE-2025-40602 (CVSS 6.6/10), when chained with a previously patched vulnerability, CVE-2025-23006 (CVSS 9.8/10), allows an unauthenticated user to execute code remotely with root privileges. If you cannot patch immediately, it is recommended that you restrict SSH access to the AMC via VPN or specific admin IPs and disable the SSL VPN management interface (AMC) and SSH access from the public internet.

    Affected Versions

    • SMA1000 12.4.3-03093 (platform-hotfix) and earlier versions.
    • SMA1000 12.5.0-02002 (platform-hotfix) and earlier versions.

    Recommendations

    • Upgrade to SMA1000 12.4.3-03245 (platform-hotfix) and higher versions.
    • Upgrade to SMA1000 12.5.0-02283 (platform-hotfix) and higher versions..

    More Reading / Information

    Critical Vulnerability in n8n Workflow Automation Leads to RCE

    n8n is an open source workflow automation platform. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior by executing arbitrary code with the privileges of the n8n process. Successful exploitation of the vulnerability, CVE-2025-68613 (CVSS 9.9/10), may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.

    Affected Versions

    • From version 0.211.0 and below 1.120.4.

    Recommendations

    • Upgrade to one of the versions 1.120.4, 1.121.1, and 1.122.0.

    More Reading / Information

    MongoDB Patches High Severity RCE Vulnerability

    MongoDB has patched a high severity vulnerability, CVE-2025-14847 (CVSS 8.7/10), that could lead to remote code execution against multiple MongoDB and MongoDB server versions. The vulnerability is caused by a flaw in backend library implementation, which allows an attacker to execute arbitrary commands on the host.

    Affected Versions

    • A full list of affected versions can be found here.

    Recommendations

    • Upgrade to MongoDB 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, or 4.4.30.

    More Reading / Information

    Recommendations

    Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.

    This year, we joined forces with special agents at Santa’s Operation Center (SOC), to compile a Naughty IP list. We named the joint task force the NLRU – Naughty List Response Unit. The unit specializes in identifying and limiting grinches in the wild and allowing Santa to continue his mission of spreading joy and holiday cheer to all.

    You can follow Santa as he deploys gifts instead of patches (but definitely, please still deploy those) and rest assured his sleigh is protected by layers of holiday-grade security controls at the following link: https://www.flightradar24.com/R3DN053/3d9fb50a