Certain Autodesk products use a shared component that is affected by multiple vulnerabilities listed below. Exploitation of these vulnerabilities can lead to code execution. Exploitation of these vulnerabilities requires user interaction. Description

The details of the vulnerabilities are as follows:

CVE-2025-5038: A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2025-5043: A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-6631: A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2025-6635: A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-6636: A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-6637: A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2025-7497: A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2025-7675: A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Affected Products

Item: Autodesk AutoCAD 2026 and the following specialized toolsets: Autodesk AutoCAD Architecture 2026, Autodesk AutoCAD Electrical 2026, Autodesk AutoCAD Mechanical 2026, Autodesk AutoCAD MEP 2026, Autodesk AutoCAD Plant 3D 2026, Autodesk AutoCAD Map 3D 2026

Autodesk Advance Steel 2026, Autodesk 3ds Max 2026, Autodesk Civil 3D 2026, Autodesk InfraWorks 2026, Autodesk Inventor 2026, Autodesk Revit 2026, Autodesk Revit LT 2026, Autodesk Vault 2026

Impacted Versions: Autodesk Shared Components 2026.2

Mitigated Versions: Autodesk Shared Components 2026.3

Update Source: Autodesk Access or Accounts Portal

Related vulnerabilities: CVE-2025-6636CVE-2025-5038CVE-2025-7675CVE-2025-7497CVE-2025-6635CVE-2025-6631CVE-2025-5043CVE-2025-6637

Customer guidance for SharePoint vulnerability CVE-2025-53770 | MSRC Blog | Microsoft Security Response Center

Summary

Microsoft is aware of active attacks targeting on-premises SharePoint Server customers. The attacks are exploiting a variant of CVE-2025-49706. This vulnerability has been assigned CVE-2025-53770.

SharePoint Online in Microsoft 365 is not impacted.  

A patch is currently not available for this vulnerability. Mitigations and detections are provided below.

Our team is actively working to release a security update and will provide additional details as they are available.  

How to protect your environment

To protect your on-premises SharePoint Server environment, we recommend customers configure AMSI integration in SharePoint and deploy Defender AV on all SharePoint servers. This will stop unauthenticated attackers from exploiting this vulnerability.

AMSI integration was enabled by default in the September 2023 security update for SharePoint Server 2016/2019 and the Version 23H2 feature update for SharePoint Server Subscription Edition. For more details on how to enable AMSI integration, see here.

If you cannot enable AMSI, we recommend you consider disconnecting your server from the internet until a security update is available.

We also recommend you deploy Defender for Endpoint to detect and block post-exploit activity.

We will continue to provide updates and additional guidance for our customers as they become available.

Microsoft Defender Detections and Protections

Microsoft Defender Antivirus

Microsoft Defender Antivirus provides detection and protection against components and behaviors related to this threat under the detection name:

• Exploit:Script/SuspSignoutReq.A

• Trojan:Win32/HijackSharePointServer.A

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint provides customers with alerts that may indicate threat activity associated with this threat. These alerts, however, can be triggered by unrelated threat activity. The following alert titles in the Microsoft Defender Security Center portal can indicate threat activity on your network:

• Possible web shell installation
• Possible exploitation of SharePoint server vulnerabilities
• Suspicious IIS worker process behavior
• ‘SuspSignoutReq’ malware was blocked on a SharePoint server
• HijackSharePointServer’ malware was blocked on a SharePoint server

Advanced hunting  

NOTE: The following sample queries let you search for a week’s worth of events. To explore up to 30 days’ worth of raw data to inspect events in your network and locate potential related indicators for more than a week, go to the Advanced Hunting page > Query tab, select the calendar dropdown menu to update your query to hunt for the Last 30 days.

To locate possible exploitation activity, run the following queries in Microsoft 365 security center.  

Successful exploitation via file creation (requires Microsoft 365 Defender)

Look for the creation of spinstall0.aspx, which indicates successful post-exploitation of CVE-2025-53770. Run query in the Microsoft 365 Defender  

DeviceFileEvents
| where FolderPath has "MICROS~1\\WEBSER~1\\16\\TEMPLATE\\LAYOUTS"
| where FileName =~ "spinstall0.aspx"
or FileName has "spinstall0"
| project Timestamp, DeviceName, InitiatingProcessFileName, InitiatingProcessCommandLine, FileName, FolderPath, ReportId, ActionType, SHA256
| order by Timestamp desc

Related vulnerabilities: CVE-2025-53770CVE-2025-49706NCSC-2025-0233CVE-2025-53771

CISA released three Industrial Control Systems (ICS) advisories on July 17, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-198-01 Leviton AcquiSuite and Energy Monitoring Hub
• ICSMA-25-198-01 Panoramic Corporation Digital Imaging Software
• ICSA-24-191-05 Johnson Controls Inc. Software House C●CURE 9000 (Update B)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Related vulnerabilities: ICSA-24-191-05ICSA-25-198-01ICSMA-25-198-01

Support Content Notification - Support Portal - Broadcom support portal

Ref: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877 * Advisory ID: : Advisory Severity: * VMSA-2025-0013: Critical * Advisory ID: : CVSSv3 Range: * VMSA-2025-0013: 6.2-9.3 * Advisory ID: : Synopsis: * VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239) * Advisory ID: : Issue date: * VMSA-2025-0013: 2025-07-15 * Advisory ID: : Updated on: * VMSA-2025-0013: 2025-07-15 (Initial Advisory) * Advisory ID: : CVE(s) * VMSA-2025-0013: CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239

1. Impacted Products

• VMware Cloud Foundation
• VMware vSphere Foundation
• VMware ESXi
• VMware Workstation Pro 
• VMware Fusion 
• VMware Tools
• VMware Telco Cloud Platform
• VMware Telco Cloud Infrastructure

2. Introduction

Multiple vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools were privately reported to Broadcom. Updates are available to remediate these vulnerabilities in affected Broadcom products. 

3a. VMXNET3 integer-overflow vulnerability (CVE-2025-41236)

Description: VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. Broadcom has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.

Known Attack Vectors:
A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.

Resolution: To remediate CVE-2025-41236 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds:
None

Additional Documentation:
A supplemental FAQ was created for clarification. Please see: https://brcm.tech/vmsa-2025-0013-qna.

Acknowledgments: Broadcom would like to thank Nguyen Hoang Thach (@hi_im_d4rkn3ss) of STARLabs SG working with the Pwn2Own held by Zero day initiative for reporting this issue to us.

Notes:
None.

3b. VMCI integer-underflow vulnerability (CVE-2025-41237)

Description: VMware ESXi, contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. Broadcom has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.

Known Attack Vectors:
A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

Resolution: To remediate CVE-2025-41237 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds:
None

Additional Documentation:
A supplemental FAQ was created for clarification. Please see: https://brcm.tech/vmsa-2025-0013-qna.

Acknowledgments: Broadcom would like to thank Corentin BAYET (@OnlyTheDuck) of REverse Tactics (@Reverse_Tactics) working with the Pwn2Own held by Zero day initiative for reporting this issue to us.

Notes:
None

3c. PVSCSI heap-overflow vulnerability (CVE-2025-41238)

Description: VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write. Broadcom has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.

Known Attack Vectors:
A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox and exploitable only with configurations that are unsupported. On Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

Resolution: To remediate CVE-2025-41238 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds:
None

Additional Documentation:
A supplemental FAQ was created for clarification. Please see: https://brcm.tech/vmsa-2025-0013-qna.

Acknowledgments: Broadcom would like to thank Thomas Bouzerar (@MajorTomSec) and Etienne Helluy-Lafont of Synacktiv working with the Pwn2Own held by Zero day initiative for reporting this issue to us.

Notes:
None.

3d. vSockets information-disclosure vulnerability (CVE-2025-41239)

Description: VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. Broadcom has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

Known Attack Vectors:
A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes communicating with vSockets.

Resolution:
To remediate CVE-2025-41239 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds:
None

Additional Documentation:
A supplemental FAQ was created for clarification. Please see: https://brcm.tech/vmsa-2025-0013-qna.

Acknowledgments: Broadcom would like to thank Corentin BAYET (@OnlyTheDuck) of REverse Tactics (@Reverse_Tactics) working with the Pwn2Own held by Zero day initiative and Gwangun Jung of THEORI working with Trend Micro Zero Day Initiative for independently reporting this issue to us.

Notes:
[1] CVE-2025-41239 affects VMware Tools for Windows. Please check the FAQ for additional guidance if you are running VMware Tools for Windows.  
[2] VMware Tools 12.4.8 which is part of VMware Tools 12.5.3, also addresses the issue for Windows 32-bit.

Response Matrix: 

• VMware Product: VMware Cloud Foundation,VMware vSphere Foundation
• Component: ESX
• Version: 9.0.0.0
• Running On: Any
• CVE: CVE-2025-41236, CVE-2025-41238, CVE-2025-41239
• CVSSv3: N/A
• Severity: N/A
• Fixed Version: Unaffected
• Workarounds: N/A
• Additional Documentation: N/A
• VMware Product: ESX
• Component: 9.0.0.0
• Version: Any
• Running On: CVE-2025-41237
• CVE: 8.4
• CVSSv3: Important
• Severity: ESXi-9.0.0.0100-24813472
• Fixed Version: None
• Workarounds: Additional guidance for updating VMware Tools asynchronously is available in the FAQ.
• Additional Documentation:
• VMware Product: VMware Tools [1]
• Component: 13.0.0.0
• Version: Windows
• Running On: CVE-2025-41239
• CVE: 6.2
• CVSSv3: Moderate
• Severity: 13.0.1.0
• Fixed Version: None
• Workarounds: FAQ
• Additional Documentation:
• VMware Product: VMware ESXi
• Component: N/A
• Version: 8.0
• Running On: Any
• CVE: CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239
• CVSSv3: 9.3, 8.4, 7.4, 7.1
• Severity: Critical
• Fixed Version: ESXi80U3f-24784735
• Workarounds: None
• Additional Documentation: Additional guidance for updating VMware Tools asynchronously is available in the FAQ.
• VMware Product: VMware ESXi
• Component: N/A
• Version: 8.0
• Running On: Any
• CVE: CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239
• CVSSv3: 9.3, 8.4, 7.4, 7.1
• Severity: Critical
• Fixed Version: ESXi80U2e-24789317
• Workarounds: None
• Additional Documentation: Additional guidance for updating VMware Tools asynchronously is available in the FAQ.
• VMware Product: VMware ESXi
• Component: N/A
• Version: 7.0 
• Running On: Any
• CVE: CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239
• CVSSv3: 9.3, 8.4, 7.4, 7.1
• Severity: Critical
• Fixed Version: ESXi70U3w-24784741
• Workarounds: None
• Additional Documentation: Additional guidance for updating VMware Tools asynchronously is available in the FAQ.
• VMware Product: VMware Workstation
• Component: N/A
• Version: 17.x
• Running On: Any
• CVE: CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239
• CVSSv3: 9.3, 9.3, 9.3, 7.1
• Severity: Critical
• Fixed Version: 17.6.4
• Workarounds: None
• Additional Documentation: FAQ
• VMware Product: VMware Fusion
• Component: N/A
• Version: 13.x
• Running On: Any
• CVE: CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239
• CVSSv3: 9.3, 9.3, 9.3, 7.1
• Severity: Critical
• Fixed Version: 13.6.4
• Workarounds: None
• Additional Documentation: FAQ
• VMware Product: VMware Cloud Foundation 
• Component: N/A
• Version: 5.x
• Running On: Any
• CVE: CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239
• CVSSv3: 9.3, 8.4, 7.4, 7.1
• Severity: Critical
• Fixed Version: Async patch to ESXi80U3f-24784735
• Workarounds: None
• Additional Documentation: Async Patching Guide:
• VMware Product: VMware Cloud Foundation 
• Component: N/A
• Version: 4.5.x
• Running On: Any
• CVE: CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239
• CVSSv3: 9.3, 8.4, 7.4, 7.1
• Severity: Critical
• Fixed Version: Async patch to ESXi70U3w-24784741
• Workarounds: None
• Additional Documentation: Async Patching Guide: KB88287
• VMware Product: VMware Telco Cloud Platform
• Component: N/A
• Version: 5.x, 4.x
• Running On: Any
• CVE: CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239
• CVSSv3: 9.3, 8.4, 7.4, 7.1
• Severity: Critical
• Fixed Version: ESXi80U3f-24784735
• Workarounds: None
• Additional Documentation: FAQ
• VMware Product: VMware Telco Cloud Platform
• Component: N/A
• Version: 3.x, 2.x
• Running On: Any
• CVE: CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239
• CVSSv3: 9.3, 8.4, 7.4, 7.1
• Severity: Critical
• Fixed Version: ESXi70U3w-24784741
• Workarounds: None
• Additional Documentation: FAQ
• VMware Product: VMware Telco Cloud Infrastructure
• Component: N/A
• Version: 3.x, 2.x 
• Running On: Any
• CVE: CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239
• CVSSv3: 9.3, 8.4, 7.4, 7.1
• Severity: Critical
• Fixed Version: ESXi70U3w-24784741
• Workarounds:  
• Additional Documentation: FAQ
• VMware Product: VMware Tools [1]
• Component: N/A
• Version: 13.x.x
• Running On: Windows
• CVE: CVE-2025-41239
• CVSSv3: 6.2
• Severity: Moderate
• Fixed Version:  13.0.1.0
• Workarounds: None
• Additional Documentation: FAQ
• VMware Product: VMware Tools [1]
• Component: N/A
• Version: 12.x.x, 11.x.x
• Running On: Windows
• CVE: CVE-2025-41239
• CVSSv3: 6.2
• Severity: Moderate
• Fixed Version:  12.5.3 [2]
• Workarounds: None
• Additional Documentation: FAQ 
• VMware Product: VMware Tools
• Component: N/A
• Version: 13.x.x, 12.x.x, 11.x.x
• Running On: Linux
• CVE: CVE-2025-41239
• CVSSv3: N/A
• Severity: N/A
• Fixed Version: Unaffected
• Workarounds: N/A
• Additional Documentation: N/A
• VMware Product: VMware Tools
• Component: N/A
• Version: 13.x.x, 12.x.x, 11.x.x
• Running On: macOS
• CVE: CVE-2025-41239
• CVSSv3: N/A
• Severity: N/A
• Fixed Version: Unaffected
• Workarounds: N/A
• Additional Documentation: N/A

4. References

VMware Cloud Foundation 9.0.0.0.0
Downloads and Documentation:
https://support.broadcom.com/group/ecx/productfiles?displayGroup=VMware%20Cloud%20Foundation%209&release=9.0.0.0&os=&servicePk=&language=EN&groupId=529537&viewGroup=true

VMware vSphere Foundation 9.0.0.0.0
Downloads and Documentation:
https://support.broadcom.com/group/ecx/productfiles?displayGroup=VMware%20vSphere%20Foundation%209&release=9.0.0.0&os=&servicePk=&language=EN&groupId=529542&viewGroup=true

VMware ESXi 8.0 ESXi80U3f-24784735
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=15938
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html

VMware ESXi 8.0 ESXi80U2e-24789317
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=15939
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2e-release-notes.html

VMware ESXi 7.0 ESXi70U3w-24784741
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=15940
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3w-release-notes.html

VMware Workstation 17.6.4
Downloads and Documentation:
https://support.broadcom.com/group/ecx/productdownloads?subfamily=VMware%20Workstation%20Pro&freeDownloads=true
https://techdocs.broadcom.com/us/en/vmware-cis/desktop-hypervisors/workstation-pro/17-0/release-notes/vmware-workstation-1764-pro-release-notes.html

VMware Tools 13.0.1.0
Downloads and Documentation:
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Tools&displayGroup=VMware%20Tools%2013.x&release=13.0.1.0&os=&servicePk=&language=EN&freeDownloads=true
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/tools/13-0-0/release-notes/vmware-tools-1301-release-notes.html

VMware Tools 12.5.3
Downloads and Documentation:
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Tools&displayGroup=VMware%20Tools%2012.x&release=12.5.3&os=&servicePk=&language=EN&freeDownloads=true
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/tools/12-5-0/release-notes/vmware-tools-1253-release-notes.html

Mitre CVE Dictionary Links:
https://www.cve.org/CVERecord?id=CVE-2025-41236 
https://www.cve.org/CVERecord?id=CVE-2025-41237 
https://www.cve.org/CVERecord?id=CVE-2025-41238 
https://www.cve.org/CVERecord?id=CVE-2025-41239 

FIRST CVSSv3 Calculator:
CVE-2025-41236: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE-2025-41237:
ESXi: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWorkstation/Fusion: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE-2025-41238: 
ESXi: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HWorkstation/Fusion: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE-2025-41239:
ESXi/Workstation/Fusion: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Tools: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5. Change Log:

2025-07-15 VMSA-2025-0013
Initial security advisory.

6. Contact:

Copyright 2025 Broadcom. All rights reserved.

Related vulnerabilities: CVE-2025-41239CVE-2025-41236CVE-2025-41237CVE-2025-41238

The Stable channel has been updated to 138.0.7204.157/.158 for Windows, Mac and 138.0.7204.157 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. This update includes 6 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.[$7000][425583995] High CVE-2025-7656: Integer overflow in V8. Reported by Shaheen Fazim on 2025-06-17[NA][427162086] High CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU. Reported by Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group on 2025-06-23[TBD][427681143] High CVE-2025-7657: Use after free in WebRTC. Reported by jakebiles on 2025-06-25Google is aware that an exploit for CVE-2025-6558 exists in the wild.We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.As usual, our ongoing internal security work was responsible for a wide range of fixes:[431819349] Various fixes from internal audits, fuzzing and other initiativesMany of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Srinivas SistaGoogle Chrome Share on Twitter Share on Facebook https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html

Related vulnerabilities: CVE-2025-7656CVE-2025-6558CVE-2025-7657

Ruckus network management solutions riddled with unpatched vulnerabilities - Help Net Security

Claroty researcher Noam Moshe has discovered serious vulnerabilities in two Ruckus Networks (formerly Ruckus Wireless) products that may allow attackers to compromise the environments managed by the affected software, Carnegie Mellon University’s CERT Coordination Center (CERT/CC) has warned.

The vulnerabilities have yet to be patched and it’s unknown when (or whether) they will be.

The vulnerabilities

Ruckus Networks is a subsidiary of American network infrastructure provider CommScope. It sells a variety of wired and wireless networking equipment and software.

Its networking devices, CERT/CC says, are usually found at “venues where many end points will be connected to the internet, such as schools, hospitals, multi-tenant residences, and smart cities that provide public Wi-Fi.”

The solutions affected by these vulnerabilities are Ruckus Virtual SmartZone (vSZ), a wireless network control software used to virtually manage large-scale networks of access point and clients, and Ruckus Network Director (RND), software for managing multiple vSZ clusters.

The Ruckus vSZ application has:

• Multiple hardcoded secrets, which could be used by attackers to bypass authentication and achieve administrator-level access (CVE-2025-44957)
• An authenticated arbitrary file read flaw that may allow attackers to read sensitive files (CVE-2025-44962)
• A built-in user with root privileges and default public and private RSA keys in the software’s /home/$USER/.ssh/ directory (CVE-2025-44954)
• Two OS command injection vulnerabilities that may allow attackers to remotely execute code (CVE-2025-44960, CVE-2025-44961)

The Ruckus RND software:

• Uses a cryptographic key hardcoded into the web server to ensure the validity of session JSON web tokens, and it can be misused to bypass authentication and access the server with administrator privileges (CVE-2025-44963)
• Uses a weak, hardcoded password for a jailed configuration environment, which can be misused to access an RND server with root permissions (CVE-2025-44955)
• Has a built-in user (sshuser) with root privileges, and the public and private SSH keys can be found in the in the sshuser home directory. These keys can be used to access an RND server as sshuser (CVE-2025-6243)
• Encrypts passwords with a hardcoded weak secret key and returns them in plaintext (CVE-2025-44958)

No patches available. What to do?

“[The] impact of these vulnerabilities vary from information leakage to total compromise of the wireless environment managed by the affected products,” CERT/CC pointed out.

“As an example, an attacker with network access to Ruckus Wireless vSZ can exploit CVE-2025-44954 to gain full administrator access that will lead to total compromise of the vSZ wireless management environment.”

Some of the vulnerabilities could be chained to bypass security controls that prevent only specific attacks, they added.

Claroty and CERT/CC have not been able to reach Ruckus or CommScope and thus don’t know when the vulnerabilities will be patched. (HelpNetSecurity has, likewise, been unable to get a response from CommScope.)

Some Reddit users have also commented the disclosure of these vulnerability by sharing the problems they have personally had with reporting vulnerabilities to Ruckus/CommScope either via Bugcrowd or directly.

Until fixes are released, CERT/CC recommends using the affected products only within isolated management networks, and only allow trusted users and their authenticated clients to access the products’ management interface via HTTPS or SSH.

UPDATE (July 11, 2025, 11:40 a.m. ET):

Echoing a public acknowledgement of the reports, a CommScope representative told us that they are investigating the claim and will provide an update as soon as possible with guidance for their customers.

Related vulnerabilities: CVE-2025-44960CVE-2025-44963CVE-2025-6243CVE-2025-44962CVE-2025-44958CVE-2025-44955CVE-2025-44954CVE-2025-44957CVE-2025-44961

Open Source Software Issues

The tables below summarize security vulnerabilities that were addressed through open source software

This table lists high impact security vulnerabilities. Patches are being actively shared with OEMs, who have been notified and strongly recommended to deploy those patches on released devices as soon as possible. Please contact the device manufacturer for information on the patching status of released devices.

Related vulnerabilities: CVE-2025-21466CVE-2025-27057CVE-2025-27056CVE-2025-21444CVE-2025-27044CVE-2025-21454CVE-2025-21449CVE-2025-27051CVE-2025-27043CVE-2025-27046CVE-2025-27058CVE-2025-21422CVE-2025-27050CVE-2025-21432CVE-2025-27047CVE-2025-27052CVE-2025-27061CVE-2025-21450CVE-2025-21446CVE-2025-21445CVE-2025-21433CVE-2025-27042CVE-2024-53009CVE-2025-21427CVE-2025-27055

Citrix patched a critical vulnerability in its NetScaler ADC and NetScaler Gateway products that is already being compared to the infamous CitrixBleed flaw exploited by ransomware gangs and other cyber scum, although there haven't been any reports of active exploitation. Yet.

Security analyst Kevin Beaumont dubbed the vulnerability "CitrixBleed 2." As The Register's readers likely remember, that earlier flaw (CVE-2023-4966) allowed attackers to access a device's memory, find session tokens, and then use those to impersonate an authenticated user while bypassing multi-factor authentication — which is also possible with this new bug.

https://www.theregister.com/2025/06/24/critical_citrix_bug_citrixbleed/

Related vulnerabilities: CVE-2023-4966CVE-2025-5777

• CVE-2010-2568 MS10-046 Windows
• CVE-2010-2729 MS10-061 Windows
• CVE-2008-4250 MS08-067 Windows
• CVE-2010-2772 Not Available Siemens SIMATIC WinCC

Flag: ce65b57bc41dd0b9f08fc67b02496478

Related vulnerabilities: CVE-2010-2568CVE-2008-4250CVE-2010-2729CVE-2010-2772

• CVE-2011-10007 File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep() encounters a crafted filename. From 2011 but published in 2025.

Related vulnerabilities: CVE-2011-10007