Table of Contents
In this week’s Security Advisory
Proof-of-Concept Exploit Available for WatchGuard Firebox Vulnerability
ConnectWise Patches Multiple Vulnerabilities
CISA Warns of Windows SMB Flaw Under Active Exploitation
Critical Vulnerabilities Patched in TP-Link’s Omada Gateways
Oracle Patches 374 Vulnerabilities with October 2025 Patch Release
Proof-of-Concept Exploit Available for WatchGuard Firebox Vulnerability
WatchGuard has updated its advisory to state that they have evidence of this vulnerability being exploited, and a proof-of-concept exploit is available. There are currently an estimated 73,000 devices susceptible to this vulnerability. If you have not patched yet, please do so as soon as possible.
More Reading / Information
- https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015
- https://thehackernews.com/2025/10/researchers-uncover-watchguard-vpn-bug.html
Original Advisory:
WatchGuard has released a patch for the vulnerability CVE-2025-9242 (CVSS 9.3/10). The vulnerability is caused by an out-of-bounds write weakness that could allow for malicious code to be executed by a remote user. This affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer.
Affected Versions
- This vulnerability affects Fireware OS 11.10.2 through 11.12.4_Update1, 12.0 through 12.11.3, and 2025.1.
Recommendations
- Upgrade to one of the fixed versions, which includes 12.3.1_Update3 (B722811), 12.5.13, 12.11.4, and 2025.1.1.
More Reading / Information
- https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015
- https://www.bleepingcomputer.com/news/security/watchguard-warns-of-critical-vulnerability-in-firebox-firewalls/
ConnectWise Patches Multiple Vulnerabilities
ConnectWise has patched multiple vulnerabilities in its Automate Agent, the most severe of which is CVE-2025-11492 (CVSS 9.6/10), which allows clear text transmission of sensitive information that could be intercepted by a malicious actor. The next vulnerability, CVE-2025-11493 (CVSS 8.8/10), is caused by a lack of integrity checks for verifying update packages, which could lead to a malicious file being installed. An attacker could impersonate a valid ConnectWise server and push malicious updates to the RMM Agent. ConnectWise also announced that these only affect on-prem instances and cloud configurations have already been updated.
Affected Versions
- ConnectWise Automate versions before 2025.9.
Recommendations
- Apply the 2025.9 release.
More Reading / Information
- https://www.connectwise.com/company/trust/security-bulletins/connectwise-automate-2025.9-security-fix
- https://www.bleepingcomputer.com/news/security/connectwise-fixes-automate-bug-allowing-aitm-update-attacks/
CISA Warns of Windows SMB Flaw Under Active Exploitation
CISA has reported that malicious actors are actively exploiting a serious Windows SMB vulnerability that allows them to escalate privileges and gain SYSTEM-level access on systems that haven’t been patched. The vulnerability, CVE-2025-33073 (CVSS 8.8/10), impacts all Windows 10 versions, Windows Server 2012 and 2022, and Windows 11 systems up to Windows 11 24H2. Microsoft patched this vulnerability during the June 2025 edition of Patch Tuesday.
Recommendations
- Apply the latest Microsoft Patch Tuesday Update.
More Reading / Information
- https://www.helpnetsecurity.com/2025/10/21/cisa-warns-of-windows-smb-flaw-under-active-exploitation-cve-2025-33073/
- https://www.bleepingcomputer.com/news/security/cisa-high-severity-windows-smb-flaw-now-exploited-in-attacks/
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33073
Critical Vulnerabilities Patched in TP-Link’s Omada Gateways
TP-Link has released patches for four vulnerabilities in its Omada gateway devices. The first critical severity vulnerability is CVE-2025-6452 (CVSS 9.3/10). This vulnerability allows a remote, unauthenticated attacker to execute arbitrary OS commands on the affected system. The second critical severity vulnerability, CVE-2025-6542 (CVSS 9.3), is a command injection vulnerability that can be exploited by an attacker with admin access.
Affected Versions
- A full list of affected versions can be found here.
Recommendations
- Apply the latest patches.
More Reading / Information
- https://support.omadanetworks.com/us/document/108456/
- https://www.securityweek.com/critical-vulnerabilities-patched-in-tp-links-omada-gateways/
Oracle Patches 374 Vulnerabilities with October 2025 Patch Release
Oracle has released 374 separate patches that address close to 230 unique vulnerabilities, some affecting multiple products, as part of its October 2025 Critical Patch Update. Twelve of these patches address critical-severity vulnerabilities. 47 of the now patched vulnerabilities that can be exploited by remote, unauthenticated attackers.
Affected Versions
- A full list of affected versions can be found here.
Recommendations
- Please apply patches to all relevant software, as Oracle is receiving reports of attempts to exploit vulnerabilities.
More Reading / Information
- https://www.oracle.com/security-alerts/cpuoct2025.html
- https://www.securityweek.com/oracle-releases-october-2025-patches/
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.