cybersecurity

Introduction

This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community.

It highlights the most frequently mentioned vulnerability for August 2025, based on sightings collected from various sources, including MISP, Exploit-DB, Bluesky, Mastodon, GitHub Gists, The Shadowserver Foundation, Nuclei, and more. For further details, please visit this page.

The Month at a Glance

August 2025 saw continued activity across a range of products and vendors, with WinRAR, Microsoft Exchange (the previous month highlighted Microsoft SharePoint), and NetScaler ADC leading the sightings. Notably, several critical vulnerabilities were actively exploited, including NetScaler ADC (CVE-2025-6543 and CVE-2025-5777) and FortiSIEM (CVE-2025-25256).

Web applications remain a frequent target, with cross-site scripting (CWE-79) and SQL injection (CWE-89) dominating the weakness landscape. The report also highlights unpublished vulnerabilities that attracted attention, suggesting ongoing targeted exploitation and zero-day activity.

Overall, the month emphasizes the importance of timely patching, monitoring for continuous exploitation, and vigilance against both well-known and emerging threats.

Top 10 vulnerabilities of the Month

Vulnerability	Sighting Count	Vendor	Product	VLAI Severity
CVE-2025-8088	193	win.rar GmbH	WinRAR	High (confidence: 0.9824)
CVE-2025-53786	175	Microsoft	Microsoft Exchange Server Subscription Edition RTM	High (confidence: 0.8193)
CVE-2025-43300	128	Apple	macOS	Medium (confidence: 0.4233)
CVE-2025-6543	111	NetScaler	ADC	Critical (confidence: 0.9614)
CVE-2025-25256	79	Fortinet	FortiSIEM	Critical (confidence: 0.6508)
CVE-2025-9074	65	Docker	Docker Desktop	Critical (confidence: 0.8172)
CVE-2015-2051	62	dlink	dir-645	Critical (confidence: 0.54)
CVE-2017-18368	61	zyxel	p660hn-t1a_v2	Critical (confidence: 0.9298)
CVE-2025-31324	59	SAP_SE	SAP NetWeaver (Visual Composer development server)	Critical (confidence: 0.9607)
CVE-2025-5777	52	NetScaler	ADC	Critical (confidence: 0.964)

Top 10 Weaknesses of the Month

| CWE | Count | |

| ----- |

| CWE-79 | 639 | | CWE-89 | 374 | | CWE-74 | 282 | | CWE-94 | 236 | | CWE-121 | 206 | | CWE-78 | 165 | | CWE-416 | 157 | | CWE-122 | 157 | | CWE-119 | 150 | | CWE-22 | 140 |

Most wanted vulnerabilities

Sightings detected between 2025-08-01 and 2025-08-31 that are associated with unpublished vulnerabilities.

Vulnerability ID	Occurrences	Comment
CVE-2023-42344	8	OpenCMS
CVE-2024-28080	4	Gitblit
GHSA-42m8-jxr4-976p	2	Wildermyth
CVE-2025-9040	2	Workhorse - bundle
CVE-2025-9037	2	Workhorse - bundle

Unpublished vulnerabilities with limited sightings:

Vulnerability ID	Occurrences
CVE-2023-34918	1
CVE-2025-55117	1
CVE-2025-14553	1
CVE-2024-55177	1
GHSA-5pm9-r2m8-rcmj	1
GHSA-m42g-xg4c-5f3h	1
GHSA-64qc-9x89-rx5j	1
CVE-2025-7719	1
GHSA-c2gv-xgf5-5cc2	1
CVE-2025-55616	1
CVE-2025-57497	1
CVE-2025-25964	1
CVE-2024-545078	1
CVE-2025-25987	1
CVE-2025-1272	1
CVE-2025-21589	1
CVE-2025-26517	1
CVE-2025-9141	1
GHSA-wrh9-463x-7wvv	1
CVE-2024-46507	1
CVE-2025-54321	1
CVE-2025-31143	1
CVE-2025-31646	1
CVE-2025-27564	1
GHSA-r4mf-mr9h-f27m	1

Continuous Exploitation

• CVE-2023-42344 - OpenCMS (also in the "Most wanted vulnerabilities" section)
• CVE-2015-2051 - D-Link DIR-645 - Sightings from MISP and Shadowserver
• CVE-2025-5777 - NetScaler ADC - Sightings from Shadowserver and many more.

Insights from Contributors

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424.
Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Refer below for further details.

More information

Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 2025

Back in late June, Citrix posted a patch for CVE-2025–6543, which they described as “Memory overflow vulnerability leading to unintended control flow and Denial of Service”. Denial of service? Piff the magic dragon, who cares.

No technical details were ever published about the vulnerability. That changes today.

What they forgot to tell you: it allows remote code execution, it was used to widespread compromise Netscaler remote access systems and maintain network access even after patching, webshells have been deployed, and Citrix knew this and just didn’t mention it.

More information

Cache Me If You Can (Sitecore Experience Platform Cache Poisoning to RCE)

The vulnerability affects Sitecore Experience Platform, a widely used Content Management System (CMS). The issue is a cache poisoning attack, which means an attacker can trick the system into storing malicious data in its cache. Later, when the system serves cached content, it unknowingly executes this malicious content.

In this specific case, the cache poisoning can escalate to remote code execution (RCE), meaning the attacker could run arbitrary code on the server, potentially taking full control of the website and the underlying system.

More information

Thank you

Thank you to all the contributors and our diverse sources!

If you want to contribute to the next report, you can create your account.

Feedback and Support

If you have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us!
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/

cross-posted from: https://scribe.disroot.org/post/4501921

China has exported its village surveillance model to the Solomon Islands in the Pacific, where Chinese police are piloting fingerprint and data collection to curb social unrest, officials and locals confirmed.

...

China's "Fengqiao" monitoring model -- started under Mao Zedong in the 1960s to help communities mobilise against reactionary "class enemies" -- has been reinvigorated by Chinese President Xi Jinping to ensure stability in local communities.

In the Solomon Islands, a security partner of Beijing, Chinese police have visited several villages this year promoting the Fengqiao concept, familiarising children with surveillance drones by playing games, pictures posted to social media by Solomon Islands police show.

...

A community leader in the Solomon Islands, Andrew Nihopara, confirmed to Reuters that the village of Fighter 1 on the fringe of the capital Honiara had begun working with the Chinese police on a Fengqiao pilot, but declined to comment further.

The Royal Solomon Islands Police Force said in a statement this month the Fengqiao model of "grassroots governance" in Fighter 1 would collect population data to improve security.

Chinese police had introduced residents to population management, household registration, community mapping, and the collection of fingerprints and palm prints, the statement said.

“The Fighter One community is the first attempt, and it will be expanded to a larger area across the country in the future,” the statement quoted Chinese police inspector Lin Jiamu as saying, explaining the initiative would enhance safety.

The move has stirred human rights concerns.

...

cross-posted from: https://lemmy.sdf.org/post/42077068

• Nokia CEO urges Europe to consider banning Huawei and ZTE amid over security reasons and a shrinking China market share for European vendors
• Nokia, along with Ericsson, has faced significant barriers in China, where authorities have reportedly told Nordic vendors that they will be excluded on national security grounds
• European operators still rely heavily on Huawei, raising geopolitical and security concerns
• Huawei has already been banned or restricted from supplying 5G equipment to 10 European Union (EU) countries, as well as the U.K.
• Most recently, both Huawei and ZTE components were barred from 5G networks in Germany

Archived

“Why do we [Europeans] allow high-risk vendors in Europe when we have less than 3% of the market share in China?” Hotard questioned. “European operators should provide European vendors with the same opportunities that Chinese companies receive at home," Nokia CEO Justin Hotard.

[...]

The CEO’s remarks come amid mounting geopolitical tensions and growing scrutiny of Chinese telecom equipment in Europe, where several countries have already imposed partial or full bans on Huawei and ZTE products.

[...]

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

We have recently experienced a security incident that may potentially involve your Plex account information. We believe the actual impact of this incident is limited; however, action is required from you to ensure your account remains secure.

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could quickly lead to a disruptive malware outbreak that is far more difficult to detect and restrain.

⁨https://krebsonsecurity.com/2025/09/18-popular-code-packages-hacked-rigged-to-steal-crypto/

The story includes perspectives from ⁨@GossiTheDog⁩ who has been following this saga all day today w/ updates here:

⁨https://cyberplace.social/@GossiTheDog/115169881407789957

Also comment and information from Josh Junon, who quickly replied that he was aware of having just been phished:

https://news.ycombinator.com/item?id=45169794

For an impact assessment, consider that 2 billion downloads per week translates to 24 million downloads in two hours.

cross-posted from: https://lemmy.sdf.org/post/41893545

Archived

The Czech Republic’s National Cyber and Information Security Agency (NUKIB) warns of growing risks from Chinese-linked technologies in critical sectors like energy, healthcare, transport, and government. The agency warns of risks from Chinese-made devices (phones, cars, cameras, LLMs).

“The penetration of these technologies and devices into critical industries (such as transport, energy, healthcare, public administration and others) is growing and will continue to grow in the future. Current critical infrastructure systems are increasingly dependent on storing and processing data in cloud storage and on network connectivity that allows remote operation and updates.” reads the statement published by NUKIB. “In practice, this means that suppliers of technological solutions have the ability to fundamentally influence the operation of critical infrastructure and/or access important data, and trust in the reliability of the supplier is therefore absolutely crucial. “

Czech agency warns of data transfers and remote asset control from China-linked threat actors. The entities under the Cyber Security Act must address the threat.

Many devices and cloud services transmit data to or are managed from China, giving suppliers deep influence over operations and access to sensitive data. Risky products include IP cameras, PV inverters, smart meters, healthcare tech, phones, cars, and AI models.

“Another risk factor is the increasing number of devices that are connected to the Internet, also transmit data and are remotely managed by their suppliers.” continues the statement. “Examples of risky products and services that may transmit data to or are managed from the PRC include IP cameras, PV inverters, so-called “smart meters”, healthcare, cloud storage, highly complex personal devices (phones, watches), connected vehicles (electric cars), large language models and others;”

[...]

cross-posted from: https://lemmy.ca/post/51072576

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

cross-posted from: https://lemmy.sdf.org/post/41271046

Archived

Dutch intelligence agencies have revealed that the Chinese hacking group Salt Typhoon targeted organizations in the Netherlands.

In a joint statement published August 28 on the Dutch Ministry of Defence’s website, the Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) said they have now “independently confirmed parts of the US findings with their own intelligence.”

[...]

While Dutch organizations “most likely were not as heavily targeted as those in the US,” the MIVD and AIVD have identified victims in the Netherlands.

They stated that they observed evidence indicating Salt Typhoon gained access to the routers of Dutch targets, primarily small internet service providers (ISPs) and hosting providers.

However, their probe concluded that there is no evidence that the hackers penetrated deeper into those companies’ internal networks.

[...]

“Chinese cyber operations […] have become so advanced that constant vigilance and proactive measures are required to detect and mitigate threats against Dutch interests,” the statement on the Dutch Ministry of Defence website said.

In this paper, we present a method to identify compromised SSH servers at scale. For this, we use SSH's behavior to only send a challenge during public key authentication, to check if the key is present on the system. Our technique neither allows us to access compromised systems (unlike, e.g., testing known attacker passwords), nor does it require access for auditing.