Security Advisory: Weekly Advisory May 21st, 2025

In this week’s Security Advisory

• SonicWall SMA Patches Multiple Vulnerabilities in SMA 100 Series
• VMware ESXi & vCenter Vulnerability Lets Attackers Run Arbitrary Commands
• Juniper Patches Multiple Secure Analytics Vulnerabilities
• Security Updates Released for Chrome and Zoom

SonicWall SMA Patches Multiple Vulnerabilities in SMA 100 Series

SonicWall has released patches for three vulnerabilities affecting its SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v secure remote access products. The first vulnerability, CVE-2025-32819 (CVSS 8.8/10), allows authenticated users to arbitrarily delete files. The second, CVE-2025-32820 (CVSS 8.3/10), is a bypass of a 2021 patch that allowed an unauthenticated user the ability to delete files. The third, CVE-2025-32821 (CVSS 6.7/10), allows a remote authenticated attacker to inject commands to upload files. It is possible to chain these vulnerabilities together and elevate their privileges to SMA Administrator.

Affected Versions

• 10.2.1.14- 75sv and earlier versions.

Recommendations

• 10.2.1.15- 81sv and higher versions.

More Reading / Information

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0011
• https://www.securityweek.com/possible-zero-day-patched-in-sonicwall-sma-appliances/

VMware ESXi & vCenter Vulnerability Lets Attackers Run Arbitrary Commands

Broadcom has issued patches for several vulnerabilities affecting VMware ESXi, vCenter Server, Cloud Foundation, Workstation and Fusion, and Telco Cloud. The two most concerning vulnerabilities are CVE-2025-41225 and CVE-2025-41229. The first vulnerability, CVE-2025-41225 (CVSS 8.8/10), is an authenticated command execution vulnerability in vCenter Server. An attacker who can set or change alarms and scripts could run unauthorized code on the vCenter Server. The second vulnerability, CVE-2025-41229 (CVSS 8.2/10), is a directory traversal vulnerability in VMware Cloud Foundation. An attacker who can connect to port 443 may be able to reach internal services in VMware Cloud Foundation.

Affected Version

• VMware Cloud Foundation versions 4.5.x, 5.x.
• VMware ESXi versions 7.0, 8.0.
• VMware vCenter Server versions 7.0, 8.0.
• VMware Telco Cloud versions 2.x-5.x.
• VMware Workstation version 17.x.
• VMware Fusion 13.x.

Recommendations

• Upgrade VMware Cloud Foundation to version 5.2.1.2.
• Upgrade VMware vCenter Server to version 8.0 U3e or 7.0 U3v.

More Reading / Information

• https://www.securityweek.com/nato-flagged-vulnerability-tops-latest-vmware-security-patch-batch/
• https://digital.nhs.uk/cyber-alerts/2025/cc-4660
• https://cybersecuritynews.com/vmware-esxi-vcenter-vulnerability/

Juniper Patches Multiple Secure Analytics Vulnerabilities

Juniper has released patches for close to 100 vulnerabilities reported in it’s Secure Analytics virtual appliance. This tool is used to collect security events from endpoints, applications, and other network devices. Three of the reported vulnerabilities were rated as critical severity.

Affected Versions

• Secure Analytics version 7.5.0 and all other versions before 7.5.0 UP11 IF03.

Recommendations

• Upgrade to Secure Analytics version 7.5.0 UP11 IF03.

More Reading / Information

• https://www.securityweek.com/vulnerabilities-patched-by-juniper-vmware-and-zoom/
• https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP11-IF03?language=en_US

Security Updates Released for Chrome and Zoom

Google has released a new version of Chrome that addresses four vulnerabilities. The most concerning is CVE-2025-4664 (4.3/10), which can be exploited by a remote attacker to leak cross-origin data through a crafted HTML page. A Proof-of-Concept exploit has been shared online for this vulnerability.

Zoom has released patches for nine vulnerabilities that affect the application on desktop and mobile versions. The most severe, CVE-2025-30663 (CVSS 8.8/10), is a time-of-use race condition that can be exploited by an authenticated attacker to escalate their privileges.

Recommendations

• Upgrade Google Chrome to version 136.0.7103.114 for Windows and Mac, and 136.0.7103.113 for Linux.
• Recent versions of Google Chrome have auto-update enabled by default. Organizations should confirm that the setting is not disabled and that they are not running any versions where the auto-update setting was not enabled by default. If updates are not set to auto-update, organizations need to ensure that they are communicating the need to update browsers with their users. Follow-up confirmation that the updates have been applied to users is essential. Additionally, browsers must be restarted to apply updates.
• Apply the latest patches for Zoom, found here.

More Reading / Information

• https://www.securityweek.com/chrome-136-update-patches-vulnerability-with-exploit-in-the-wild/
• https://www.zoom.com/en/trust/security-bulletin/?cms_guid=false&lang=null

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.