Table of Contents

    About the Author

    Security Advisory

    Security Advisory

    The CyberMaxx team publishes weekly security advisories based on data and research found in the wild.

    More Articles

    Additional Resources:

    EDR & MDR

    EDR & MDR

    Demystifying Cyber

    11 min read

    CISO Summer Checklist

    CISO Summer Checklist

    Articles

    3 min read

    In this week’s Security Advisory

    • SonicWall Issues Notice on Fake NetExtender Version
    • Teleport Patches Authentication Bypass Vulnerability
    • New Vulnerabilities Discovered in Hundreds of Brother Printer Models
    • Atlassian Releases June Patch Cycle
    • Security Updates for Chrome and Firefox

    Citrix Patches Multiple NetScaler Vulnerabilities

    Last week, Citrix patched CVE-2025-5777 (CVSS 9.3/10), now being dubbed CitrixBleed 2. This vulnerability can allow an attacker the ability to potentially access session tokens, credentials, and other sensitive data from public-facing gateways and virtual servers. There are no reports of this being exploited in the wild yet, however, CyberMaxx strongly urges patching these vulnerabilities as soon as possible.

    More Reading / Information

    Original Advisory:

    Citrix has released patches for multiple vulnerabilities affecting its customer-managed NetScaler ADC and NetScaler Gateway. The most severe, CVE-2025-5777 (CVSS 9.3/10), is an insufficient input validation that leads to a memory overread. Citrix warns that NetScaler ADC and Gateway versions 12.1 and 13.0, which have been discontinued, are affected by these vulnerabilities too, and it is important to upgrade to a supported iteration as soon as possible.

    Affected Versions

    • NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-43.56.
    • NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-58.32.
    • NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.235-FIPS and NDcPP.
    • NetScaler ADC 12.1-FIPS BEFORE 12.1-55.328-FIPS.

    Recommendations

    • Upgrade to NetScaler ADC and NetScaler Gateway 14.1-43.56 and later releases.
    • Upgrade to NetScaler ADC and NetScaler Gateway 13.1-58.32 and later releases of 13.1.
    • Upgrade to NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.235 and later releases of 13.1-FIPS and 13.1-NDcPP.
    • Upgrade to NetScaler ADC 12.1-FIPS 12.1-55.328 and later releases of 12.1-FIPS.

    More Reading / Information

    SonicWall Issues Notice on Fake NetExtender Version

    SonicWall has released a notice about a campaign to distribute a malicious version of NetExtender to steal information. The malicious version of NetExtender was built with the latest release (version 10.3.2.27) and digitally signed with a certificate issued for Citylight Media Private Limited. If a user downloads the malicious version, their credentials, domain, and more will be captured and sent to the attacker’s server to be harvested. As of now, the websites to get the installer have been taken down, and the installer’s digital signature has been revoked.

    Affected Versions

    • The following components of the NetExtender installer are infected.
      • NeService.exe (Modified file; digital signature is invalid).
      • NetExtender.exe (Modified file; no digital signature).

    Recommendations

    • Download SonicWall applications only from trusted sources.

    More Reading / Information

    Teleport Patches Authentication Bypass Vulnerability

    Teleport is an application that provides authentication for servers and cloud applications by using protocols like SSH, RDP, and HTTPS. The vulnerability, CVE-2025-49825 (CVSS 9.8/10), allows an attacker to bypass SSH authentication to access Teleport-managed systems. Updates were already patched for cloud customers, but self-hosted agents will need to be updated manually.

    Affected Versions

    • Teleport Community Edition versions up to 17.5.1.

    Recommendations

    • Teleport Community Edition versions up to 17.5.1.

    More Reading / Information

    New Vulnerabilities Discovered in Hundreds of Brother Printer Models

    Security researchers have discovered multiple vulnerabilities affecting multiple printers produced by Brother. The most severe flaw includes CVE-2024-51978 (CVSS 9.8/10), where an unauthenticated attacker who knows the target device’s serial number can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device’s serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, a PJL request, or an SNMP request.

    Affected Versions

    • 689 Brother models (printers, scanners, label makers).
    • 46 Fujifilm, 5 Ricoh, 6 Konica Minolta, and 2 Toshiba printers.

    Recommendations

    • Ensure that the default administrator password is changed, and never use the default settings for serial number access.

    More Reading / Information

    Atlassian Releases June Patch Cycle

    Atlassian has released patches for five high-severity vulnerabilities affecting third-party dependencies in Bamboo, Bitbucket, Confluence, Crowd, and Jira versions. If exploited, these vulnerabilities can lead to Denial-of-Service and privilege escalation.

    Affected Versions

    • A full list of affected versions can be found here.

    Recommendations

    • Apply the latest updates to any affected products.

    More Reading / Information

    Security Updates Released for Chrome and Firefox

    Google Chrome 138 announced patches with an updated browser version, which has addressed 11 vulnerabilities. Successful exploitation of these can result in use-after-free errors in Animation, inadequate policy enforcement in the loader, and insufficient data validation in DevTools.

    Mozilla has released updates to Firefox 140 with patches for 13 security defects, including high-severity memory safety bugs (use-after-free issue in FontFaceSet and memory corruption defects), which could result in remote code execution with successful exploitation.

    Recommendations

    • Upgrade to Google Chrome to version 138.0.7204.50 for Windows and Mac, and 138.0.7204.49 for Linux.
      • Recent versions of Google Chrome have auto-update enabled by default. Organizations should confirm that the setting is not disabled and that they are not running any versions where the auto-update setting was not enabled by default. If updates are not set to auto-update, organizations need to ensure that they are communicating the need to update browsers with their users. Follow-up confirmation that the updates have been applied to users is essential. Additionally, browsers must be restarted to apply updates.
    • Upgrade to Firefox ESR to version 128.12.
    • Recent versions of Firefox have auto-update enabled by default. Organizations should confirm that the setting is not disabled and that they are not running any versions where the auto-update setting was not enabled by default. If updates are not set to auto-update, organizations need to ensure that they are communicating the need to update browsers with their users. Follow-up confirmation that the updates have been applied to users is essential. Additionally, browsers must be restarted to apply updates.

    More Reading / Information

    Recommendations

    Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.