Tag

Remote Code Execution

All articles tagged with #remote code execution

technology27 days ago•3 min saved

Windows 11 gets a sudden hotfix to close RRAS remote-code execution vulnerability

Microsoft released an out-of-band hotpatch (KB5084597) to fix RRAS remote-code-execution vulnerabilities on Windows 11 25H2/24H2 and Enterprise LTSC 2024. The fixes (CVE-2026-25172, -25173, -26111) were added to an in-memory patch that also updates on-disk files, enabling the patch to apply without reboot for devices enrolled in the hotpatch program and Windows Autopatch. The update is a re-release of earlier hotfixes to ensure comprehensive coverage alongside the March 2026 Patch Tuesday fixes; it targets enterprise systems that cannot reboot easily and will install automatically without restart when available.

via BleepingComputer|

#autopatch #hotpatch #remote-code-execution

technology2 months ago•4 min saved

Critical pre-auth RCE in BeyondTrust remote-support tools prompts urgent patch

BeyondTrust warns of CVE-2026-1731, a pre-auth remote code execution flaw in Remote Support (RS) 25.3.1 and Privileged Remote Access (PRA) 24.3.4 and earlier, allowing unauthenticated attackers to run OS commands; patches are available by upgrading to RS 25.3.2+ and PRA 25.1.1+ (or enabling automatic updates). Cloud systems have been secured; about 11,000 instances are exposed online, with roughly 8,500 on-premises potentially vulnerable if not patched; no active exploitation is reported yet.

via BleepingComputer|

#enterprise-security #patch-management #remote-code-execution

technology2 months ago•3 min saved

One-Click RCE Flaw Lets Attackers Hijack OpenClaw Gateways

OpenClaw faces a high-severity vulnerability (CVE-2026-25253, CVSS 8.8) that enables one-click remote code execution via a crafted malicious link by exfiltrating the gateway token through a cross-site WebSocket hijack, granting attacker control of the gateway API and the ability to run commands on the host; a fix is in version 2026.1.29 (Jan 30, 2026).

via The Hacker News|

#cve-2026-25253 #openclaw #remote-code-execution

security2 months ago•4 min saved

Ivanti EPMM hit by two critical zero-days, with patches and risk guidance issued

Ivanti disclosed two critical RCE zero-day flaws in Endpoint Manager Mobile (CVE-2026-1281 and CVE-2026-1340) exploited in the wild at a limited number of customers. Both flaws score 9.8 and can run arbitrary code remotely without authentication. Ivanti released RPM-based mitigations for affected EPMM versions, noting no downtime is required but hotfixes must be reapplied after any version upgrade; a permanent fix arrives with EPMM 12.8.0.0 in Q1 2026. Exploitation can reveal administrator and user data, device details, and location (if enabled), and attackers could alter configurations via the API or web console. Defenders can detect activity via a specific Apache access-log regex, though logs can be altered by attackers. Recovery guidance includes restoring from a known-good backup or rebuilding, resetting local and service accounts' passwords, rotating certificates, and reviewing Sentry logs. CISA has added CVE-2026-1281 to KEV; federal agencies must patch or decommission affected systems by Feb 1, 2026.

via BleepingComputer|

#epmm #ivanti #patch-management

security2 months ago•2 min saved

Fortinet patches critical FortiSIEM flaw enabling unauthenticated remote code execution

Fortinet released patches for FortiSIEM to fix CVE-2025-64155, an unauthenticated OS command injection that could let an attacker execute code via crafted requests to the phMonitor service on port 7900, potentially enabling a reverse shell and root-level control. The flaw affects multiple FortiSIEM versions; users should upgrade to fixed releases or restrict access to port 7900 as a workaround. The advisory also patches a separate FortiFone vulnerability (CVE-2025-47855).

via The Hacker News|

#cve-2025-64155 #fortinet #fortisiem

cybersecurity2 months ago•52 min saved

Critical FortiOS/FortiSwitchManager flaw enables remote code execution

Fortinet disclosed a critical heap-based buffer overflow vulnerability in the cw_acd daemon affecting FortiOS and FortiSwitchManager that allows remote, unauthenticated attackers to execute arbitrary code by sending specially crafted requests. Fortinet has issued advisories and patches across multiple FortiOS branches, FortiSASE, and FortiSwitchManager, and urges immediate upgrades to mitigate risk of full-system compromise (no CVE assigned yet). In the meantime, mitigations include disabling fabric access on interfaces and blocking CAPWAP-CONTROL traffic (UDP ports 5246–5249) via local-in policies, along with monitoring cw_acd activity and segmenting management interfaces.

via Cyber Security News|

#cwe-122 #cybersecurity #fortinet

security5 months ago•6 min saved

Active Exploitation of Critical Windows Server Update Service Vulnerability

A critical remote code execution vulnerability in Microsoft WSUS (CVE-2025-59287) was actively exploited in the wild shortly after an emergency patch was released. The flaw allows unauthenticated attackers to execute arbitrary code on affected servers, primarily impacting systems with the WSUS role enabled. Microsoft recommends immediate patching or applying workarounds such as disabling the WSUS role or blocking high-risk ports to mitigate the risk.

via Unit 42|

#active-exploitation #cve-2025-59287 #microsoft-patch

technology5 months ago•3 min saved

Microsoft Releases Urgent Patch for Critical WSUS Vulnerability Exploited in the Wild

Microsoft released urgent out-of-band security updates for a critical WSUS vulnerability (CVE-2025-59287) that is actively being exploited in the wild, allowing remote code execution through unsafe deserialization. Users are advised to apply the patch immediately and follow recommended mitigations to prevent attacks.

via The Hacker News|

#active-exploitation #cve-2025-59287 #microsoft-wsus-vulnerability

technology5 months ago•1 min saved

Microsoft Releases Urgent Patch for Actively Exploited WSUS Vulnerability

Microsoft released a critical out-of-band update for Windows Server Update Services (WSUS) to fix a severe vulnerability (CVE-2025-59287) that allows remote code execution, affecting servers with the WSUS role enabled. The update is urgent, especially as WSUS is deprecated, prompting Microsoft to recommend switching to cloud-based solutions like Intune. A reboot is required, and administrators are advised to disable the role or block specific ports if immediate patching isn't possible.

via theregister.com|

#cve-2025-59287 #remote-code-execution #security-patch

technology5 months ago•1 min saved

TARmageddon: Major Security Flaw in Popular Rust Library

A critical security vulnerability named TARmageddon (CVE-2025-62518) has been disclosed in the popular Rust async-tar library and its forks, allowing remote code execution through file overwriting, despite Rust's usual safety guarantees. The vulnerability affects downstream projects like uv Python package manager, and patching efforts are underway due to the lack of upstream maintenance for some forks.

via Phoronix|

#async-tar #remote-code-execution #rust

technology5 months ago•2 min saved

PoC Exploit Unveiled for Windows Server Update Services RCE Flaw

A PoC exploit has been released for a critical vulnerability in Windows Server Update Services (CVE-2025-59287), allowing unauthenticated attackers to execute remote code with SYSTEM privileges by exploiting unsafe deserialization in the AuthorizationCookie handling. The flaw affects all supported Windows Server versions and poses a severe risk of widespread compromise, prompting Microsoft to urge immediate patching and mitigation measures.

via CyberSecurityNews|

#cve-2025-59287 #cybersecurity #poc-exploit

technology7 months ago•2 min saved

Google Releases September Android Security Update to Fix 120 Flaws and Zero-Days

Google has released a critical security update for Android to patch actively exploited 0-day vulnerabilities, including a zero-interaction remote code execution flaw and a kernel privilege escalation bug, urging users and manufacturers to update immediately to protect devices.

via CyberSecurityNews|

#0-day-vulnerabilities #android #kernel-privilege-escalation

technology7 months ago•2 min saved

WhatsApp Addresses Zero-Click iPhone Vulnerability Exploited in Targeted Attacks

CISA warns of a critical zero-day vulnerability in WhatsApp (CVE-2025-55177) that allows attackers to manipulate device synchronization messages, potentially leading to remote code execution and content spoofing. Users and organizations are urged to apply the September 2 patch or suspend WhatsApp use until secure updates are implemented.

via CybersecurityNews|

#cisa #cve-2025-55177 #remote-code-execution

security8 months ago•1 min saved

Zoom and Xerox Launch Security Updates to Fix Critical Flaws

Zoom and Xerox have released critical security updates to fix vulnerabilities that could allow privilege escalation and remote code execution, affecting Zoom Windows clients and Xerox FreeFlow Core, with the latter's issues being highly severe and exploitable for arbitrary command execution.

via The Hacker News|

#privilege-escalation #remote-code-execution #security

security8 months ago•2 min saved

Thousands of Axis Surveillance Devices Exposed to Critical Security Flaws

Cybersecurity researchers have identified critical vulnerabilities in Axis Communications' surveillance products, exposing over 6,500 servers globally, including nearly 4,000 in the U.S., which could allow attackers to take control of cameras and compromise internal networks. These flaws involve remote code execution and authentication bypass issues, though no exploits have been observed in the wild.

via The Hacker News|

#axis-communications #cybersecurity #remote-code-execution