Table of Contents

    About the Author

    Security Advisory

    Security Advisory

    The CyberMaxx team publishes weekly security advisories based on data and research found in the wild.

    More Articles

    Additional Resources:

    Network Segmentation: Why It’s a Must-Have for Cybersecurity in 2025

    Network Segmentation: Why It’s a Must-Have for Cybersecurity in 2025

    Articles

    8 min read

    Security Advisory: Weekly Advisory May 21st, 2025

    Security Advisory: Weekly Advisory May 21st, 2025

    Cybersecurity News

    3 min read

    In this week’s Security Advisory

    • Cisco Resolves High-Severity Security Issues in Latest Update.
    • Atlassian Releases May Patch Cycle
    • Gitlab Releases Patches for Community and Enterprise Editions
    • Security Updates Released for Chrome and Firefox

    Cisco Resolves High-Severity Security Issues in Latest Update

    Cisco addressed over a dozen vulnerabilities, including two high-severity flaws in its Identity Services Engineer (ISE) and Unified Intelligence Center. The ISE vulnerability, CVE-2025-20152 (CVSS 8.6/10), can cause a denial of service (DoS) while the Unified Intelligence Center vulnerability, CVE-2025-20113 (CVSS 7.1/10), allows an attacker to escalate their privileges to Admin. Other medium-severity vulnerabilities were fixed in various Cisco products like Webex, Duo, and Secure Network Analytics. Exploiting these could lead to XSS attacks, command execution, privilege escalation, and data tampering. Currently, there are no known exploitations in the wild.

    Affected Versions

    • A full list of affected versions can be found here.

    Recommendations

    • Apply the latest patches.

    More Reading / Information

    Atlassian Releases May Patch Cycle

    Atlassian has released patches for six high-severity vulnerabilities affecting third-party dependencies in its Bamboo, Confluence, Fisheye/Crucible, and Jira Data Center and Server versions. If exploited, these vulnerabilities can lead to Denial-of-Service and privilege escalation.

    Affected Versions

    • A full list of affected versions can be found here.

    Recommendations

    • Apply the latest updates to any affected products.

    More Reading / Information

    Gitlab Releases Patches for Community and Enterprise Editions

    Gitlab released patches for 10 vulnerabilities affecting its GitLab Community Edition (CE) and Enterprise Edition (EE). The most severe vulnerability, CVE-2025-0993 (CVSS 7.5/10), can be exploited by an authenticated attacker to cause a Denial-of-Service on the server. There were also seven medium severity and two low severity vulnerabilities in the bulletin.

    Affected Version

    • A full list of affected versions can be found here.

    Recommendations

    • Upgrade to GitLab CE/EE versions 17.10.7,17.11.3, and 18.0.1.

    More Reading / Information

    Security Updates Released for Chrome and Firefox

    Google has released a new version of Chrome that addresses multiple vulnerabilities. This includes two high severity memory safety issues CVE-2025-5063 (CVSS 8.8/10) and CVE-2025-5280 (CVSS 8.8/10). Exploiting memory safety vulnerabilities may allow attackers to execute arbitrary code or cause application crashes.

    Mozilla has released a new version of Firefox with patches for ten vulnerabilities. This includes a high severity double-free issue in libvpx that could lead to memory corruption issue. No CVE has been assigned to this vulnerability yet.

    Recommendations

    • Upgrade Google Chrome to version 137.0.7151.56 for Windows and Mac, and 137.0.7151.55 for Linux.
      • Recent versions of Google Chrome have auto-update enabled by default. Organizations should confirm that the setting is not disabled and that they are not running any versions where the auto-update setting was not enabled by default. If updates are not set to auto-update, organizations need to ensure that they are communicating the need to update browsers with their users. Follow-up confirmation that the updates have been applied to users is essential. Additionally, browsers must be restarted to apply updates.
    • Upgrade Mozilla Firefox to version 139.
      • Recent versions of Firefox have auto-update enabled by default. Organizations should confirm that the setting is not disabled and that they are not running any versions where the auto-update setting was not enabled by default. If updates are not set to auto-update, organizations need to ensure that they are communicating the need to update browsers with their users. Follow-up confirmation that the updates have been applied to users is essential. Additionally, browsers must be restarted to apply updates.

    More Reading / Information

    Recommendations

    Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.