Table of Contents
In this week’s Security Advisory
- Cisco Patches Multiple Critical Vulnerabilities
- Malware Hidden in NuGet Packages
- Microsoft’s November Patch Tuesday Release
- SAP Releases November Patch Cycle
- Synology Patches Critical RCE Vulnerability
Cisco Patches Multiple Critical Vulnerabilities
Cisco released patches for a dozen vulnerabilities, two of which were rated as critical. The critical vulnerabilities, CVE-2025-20354 (CVSS 9.8/10) and CVE-2025-20358 (CVSS 9.4/10), impact the Cisco Unified Contact Center Express (Unified CCX) appliance. The first vulnerability can be exploited by a remote, unauthenticated user, and the second can allow the user to escalate their permissions to the admin level.
Additional updates were also released for two previously patched Cisco firewall vulnerabilities, CVE-2025-20333 (CVSS 9.9/10) and CVE-2025-20363(CVSS 9/10), warning that they have seen new attacks targeting them. This affects the ASA, Secure FMC, and Secure FTD products.
Affected Versions
- A full list can be found here.
Recommendations
- Apply the latest patches.
More Reading / Information
- https://sec.cloudapps.cisco.com/security/center/publicationListing.x
- https://www.securityweek.com/cisco-patches-critical-vulnerabilities-in-contact-center-appliance/
Malware Hidden in NuGet Packages
Security researchers have discovered nine NuGet packages that were weaponized to detonate during different dates in 2027 and 2028. The malware contained in these packages has been traced to postings in 2023 and 2024 by the username “shanhai666”. The most dangerous code was identified in the package, Sharp7Extend, which targeted industrial PLCs with dual sabotage mechanisms: immediate random process termination and silent write failures that begin 30-90 minutes after installation. In total, the poisoned packages have been downloaded 9,488 times and NuGet is working on returning them to a trusted state.
Affected Versions
- MyDbRepository (Last updated on May 13, 2023).
- MCDbRepository (Last updated on June 5, 2024).
- Sharp7Extend (Last updated on August 14, 2024).
- SqlDbRepository (Last updated on October 24, 2024).
- SqlRepository (Last updated on October 25, 2024).
- SqlUnicornCoreTest (Last updated on October 26, 2024).
- SqlUnicornCore (Last updated on October 26, 2024).
- SqlUnicorn.Core (Last updated on October 27, 2024).
- S6qlLiteRepository (Last updated on October 28, 2024).
Recommendations
- Audit dependencies for the nine malicious packages immediately and assume any system with these packages is fully compromised.
- Further recommendations can be found here.
More Reading / Information
- https://socket.dev/blog/9-malicious-nuget-packages-deliver-time-delayed-destructive-payloads
- https://thehackernews.com/2025/11/hidden-logic-bombs-in-malware-laced.html
Microsoft’s November Patch Tuesday Release
Microsoft released its Patch Tuesday for November. This includes security updates for 63 vulnerabilities, including one actively exploited zero-day vulnerability tracked as CVE-2025-62215 (7.0/10). This zero-day vulnerability is an EoP vulnerability in the Windows Kernel. A local, authenticated attacker could exploit this vulnerability by attaining a race condition to gain SYSTEM privileges.
Affected Versions
- A full list of affected versions can be found here.
Recommendations
- Apply the latest patches.
More Reading / Information
- https://www.helpnetsecurity.com/2025/11/12/patch-tuesday-microsoft-cve-2025-62215/
- https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2025-patch-tuesday-fixes-1-zero-day-63-flaws/
SAP Releases November Patch Cycle
SAP released patches for 18 new vulnerabilities and updates to two previously patched vulnerabilities. The most critical vulnerability, CVE-2025-42890 (CVSS 10/10), affects the SQL Anywhere Monitor application. This exists due to hardcoded credentials within the application. Due to this, SAP temporarily recommends stopping the use of SQL Anywhere Monitor entirely. They also fixed CVE-2025-42887 (CVSS 9.9/10), which allows an attacker to inject malicious code.
Affected Versions
- A full list can be found here.
Recommendations
- Apply the latest patches.
More Reading / Information
- https://www.securityweek.com/sap-patches-critical-flaws-in-sql-anywhere-monitor-solution-manager/
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news/november-2025.html
Synology Patches Critical RCE Vulnerability
Synology has patched a critical vulnerability in the BeeStation OS, which is used by its NAS devices. The vulnerability, CVE-2025-12686 (CVSS 9.8/10), is a code execution vulnerability that can be exploited remotely. There are currently no workarounds to this vulnerability, so users will need to upgrade to the following versions.
Affected Versions
- BeeStation OS 1.0.
- BeeStation OS 1.1.
- BeeStation OS 1.2.
- BeeStation OS 1.3.
Recommendations
- Upgrade to 1.3.2-65648 or above.
More Reading / Information
- https://www.synology.com/en-us/security/advisory/Synology_SA_25_12
- https://www.bleepingcomputer.com/news/security/synology-fixes-beestation-zero-days-demoed-at-pwn2own-ireland/
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.