Table of Contents

    Additional Resources:

    Security Advisory: Weekly Advisory June 26th, 2025

    Security Advisory: Weekly Advisory June 26th, 2025

    Cybersecurity News

    5 min read

    EDR & MDR

    EDR & MDR

    Demystifying Cyber

    11 min read

    In this week’s Security Advisory

    • Palo Alto Patches Multiple Vulnerabilities
    • Citrix Patches Multiple NetScaler Vulnerabilities
    • Veeam Patches Critical RCE Vulnerability
    • BeyondTrust Patches RCE Vulnerability
    • Security Updates Released for Chrome

    Palo Alto Patches Multiple Vulnerabilities

    Palo Alto released seven advisories for 18 new vulnerabilities affecting multiple products. The most severe vulnerability, CVE-2025-4232 (CVSS 8.5), is exploitable due to an improper neutralization in the log collection feature of the Palo Alto Networks GlobalProtect app on macOS. This can allow an authenticated user to elevate their privileges to root.

    Affected Versions

    A full list of affected versions can be found here.

    Recommendations

    • Apply the latest patches.

    More Reading / Information

    Citrix Patches Multiple NetScaler Vulnerabilities

    Citrix has released patches for multiple vulnerabilities affecting its customer-managed NetScaler ADC and NetScaler Gateway. The most severe, CVE-2025-5777 (CVSS 9.3/10), is an insufficient input validation that leads to a memory overread. Citrix warns that NetScaler ADC and Gateway versions 12.1 and 13.0, which have been discontinued, are affected by these vulnerabilities too and it is important to upgrade to a supported iteration as soon as possible.

    Affected Versions

    • NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-43.56.
    • NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-58.32.
    • NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.235-FIPS and NDcPP.
    • NetScaler ADC 12.1-FIPS BEFORE 12.1-55.328-FIPS.

    Recommendations

    • Upgrade to NetScaler ADC and NetScaler Gateway 14.1-43.56 and later releases.
    • Upgrade to NetScaler ADC and NetScaler Gateway 13.1-58.32 and later releases of 13.1.
    • Upgrade to NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.235 and later releases of 13.1-FIPS and 13.1-NDcPP.
    • Upgrade to NetScaler ADC 12.1-FIPS 12.1-55.328 and later releases of 12.1-FIPS.

    More Reading / Information

    Veeam Patches Critical RCE Vulnerability

    Veeam has released patches to contain a critical security flaw that may affect its Backup & Replication software. Exploitation would result in remote code execution on the server by an authenticated user. This vulnerability, CVE-2025-23121 (CVSS 9.9/10), impacts all early version 12 builds but has been resolved in version 12.3.2.

    Affected Versions

    • Veeam Backup & Replication 12.3.1.1139 and all earlier version 12 builds.

    Recommendations

    • Upgrade to Veeam Backup & Replication 12.3.2 (build 12.3.2.3617).

    More Reading / Information

    BeyondTrust Patches RCE Vulnerability

    BeyondTrust has released security updates to fix a serious vulnerability known as CVE-2025-5309 (8.6/10) in its Remote Support and Privileged Remote Access tools. This flaw could allow hackers to remotely run code on affected servers without needing to log in. Currently, there are no reports of this being exploited in the wild.

    Affected Versions

    • Remote Support Version 24.2.2 to 24.2.4, 24.3.1 to 24.3.3, and 25.1.1.
    • Privileged Remote Access 24.2.2 to 24.2.4, 24.3.1 to 24.3.3, and 25.1.1.

    Recommendations

    • BA patch has been applied to all RS/PRA cloud customers as of June 16, 2025 that remediates this vulnerability.
    • On-premise customers of RS/PRA should apply the patch if their instance is not subscribed to automatic updates in their /appliance interface.

    More Reading / Information

    Security Updates Released for Chrome

    Google recently issued an update for Chrome 137 to fix three security vulnerabilities, including two high-severity vulnerabilities. If these vulnerabilities are leveraged, they could allow attackers to gain control over a user’s system, making it necessary for users to update their browsers. The first vulnerability, CVE-2025-6191 (CVSS 8.8/10), is an integer overflow in the V8 JavaScript engine. The second, CVE-2025-6192 (CVSS 7.3/10), is a use-after-free flaw in Chrome’s Profiler component. There are no known instances of any of these vulnerabilities being exploited in the wild.

    Recommendations

    • Upgrade to Google Chrome to version 137.0.7151.120 for Windows and Mac, and 137.0.7151.119 for Linux.
      • Recent versions of Google Chrome have auto-update enabled by default. Organizations should confirm that the setting is not disabled and that they are not running any versions where the auto-update setting was not enabled by default. If updates are not set to auto-update, organizations need to ensure that they are communicating the need to update browsers with their users. Follow-up confirmation that the updates have been applied to users is essential. Additionally, browsers must be restarted to apply updates.

    More Reading / Information

    Recommendations

    Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.