Threat and Security Update – August, 2025

Share This Article

Stay Ahead of Threats with the Latest Vulnerability Updates for August

---

Stay up to date on critical cyber risks, Microsoft’s August Patch Tuesday, and other notable third-party vulnerabilities. Timely patching is key to maintaining a strong security posture and protect your business from threats.

The following resources are grouped by threat type / category.

Recent in Threat Intelligence News

Ransomware and AI-Enhanced Attacks

• Arctic Wolf Observes July 2025 Uptick in Akira Ransomware Activity Targeting SonicWall SSL VPN
• Ransomware Group Uses AI Chatbot to Intensify Pressure on Victims
• #StopRansomware: Interlock | CISA

Vulnerabilities / Exploits

• Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities
• Malcure Vulnerability (CVE-2025-6043) Risks 10,000+ Sites
• Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments
• UPDATE: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerabilities
• SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers
• 1-Click Oracle Cloud Code Editor RCE Flaw Allows Malicious File Upload to Shell

Phishing and Social Engineering

• Scanception: A QRiosity-Driven Phishing Campaign
• The Cost of a Call: From Voice Phishing to Data Extortion
• Iranian Threat Actors Use AI-Generated Emails to Target Cybersecurity Researchers and Academics

DDoS / Network Attacks

• Hackers Breaking Internet with 7.3 Tbps and 4.8 Billion Packets Per Second DDoS Attack

Malware / RATs

• KongTuke FileFix Leads to New Interlock RAT Variant

Data Breaches / Trends

• US Data Breaches Head for Another Record Year After 11% Surge

Patch Tuesday

Microsoft August 2025 Patch Tuesday
108 vulnerabilities disclosed, including 13 critical and 1 zero-day. By category:

• 44 Elevation of Privilege
• 35 Remote Code Execution
• 18 Information Disclosure
• 9 Spoofing
• 4 Denial of Service

Critical Common Vulnerabilities and Exposures (CVEs)

Windows Zero-Day

• CVE-2025-33053 – Windows Kerberos Elevation of Privilege Vulnerability
  – Windows Kerberos vulnerability allows an authenticated attacker to gain domain administrator privileges through relative path traversal. Microsoft states an attacker would need elevated access to msds-groupMSAMembership and mdsd-ManagedAccountPrecededByLink attributes to exploit the flaw.
  – Vulnerability is publicly disclosed but is not actively being exploited in the wild.

Other Critical CVE’s Worth Mentioning

• CVE-2025-53793 – Azure Stack Hub Information Disclosure Vulnerability
• CVE-2025-49707 – Azure Virtual Machines Spoofing Vulnerability
• CVE-2025-53781 – Azure Virtual Machines Information Disclosure Vulnerability
• CVE-2025-50176 – DirectX Graphics Kernel Remote Code Execution Vulnerability
• CVE-2025-50165 – Windows Graphics Component Remote Code Execution Vulnerability
• CVE-2025-53740 / 53731 – Microsoft Office Remote Code Execution Vulnerability
• CVE-2025-53784 / 53733 – Microsoft Word Remote Code Execution Vulnerability
• CVE-2025-48807 – Windows Hyper-V Remote Code Execution Vulnerability
• CVE-2025-53766 – GDI+ Remote Code Execution Vulnerability
• CVE-2025-50177 – Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

3rd Party Critical CVE’s Worth Mentioning

Adobe Products *

Adobe released emergency updates for two zero-day flaws in Adobe Experiece Manager (AEM) Forms on JEE after a proof-of-concept exploit chain was disclosed that can be used for unauthenticated, remote code execution on vulnerable instances. These zero-day vulnerabilities are described below.

• CVE-2025-54253 – Misconfiguration allowing arbitrary code execution. Rated “Critical” with a CVSS score of 8.6.
• CVE-2025-54254 – Improper Restriction of XML External Entity Reference (XXE) allowing arbitrary file system read. Rated “Critical” with a maximum-severity 10.0 CVSS score.

Adobe also released 13 patches covering a total of 85 vulnerabilities. Of these, 38 of the flaws are rated as critical. The flaws could lead to application Denial-of-Service, arbitrary code execution, arbitrary file system read, memory leak, privilege escalation, and security feature bypass within varying Adobe products, listed below.

• Animate
• Commerce
• Dimension
• FrameMaker
• Illustrator
• InDesign
• InCopy
• Photoshop
• Substance 3D Modler
• Substance 3D Painter
• Substance 3D Sampler
• Substance 3D Stager
• Substance 3D Viewer

Android

Google has released security patches for six vulnerabilities in Android’s August 2025 security update, including two Qualcomm flaws exploited in targeted attacks.

Cisco *

• CVE-2025-20281 / 20282 / 20337 – Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user.
• CVE-2025-20274 – A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device.
• CVE-2017-6736 / 6737 / 6738 – The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.

Fortinet *

• CVE-2024-26009 – [HIGH] Weak Authentication FGFM Protocol in FortiOS, FortiProxy & FortiPAM
• CVE-2025-25248 – [MEDIUM] Integer Overflow in FortiOS, FortiPAM and FortiProxy SSL-VPN RDP and VNC bookmarks
• CVE-2025-53744 – [MEDIUM] Incorrect Privilege Assignment in FortiOS Security Fabric
• CVE-2023-45584 – [MEDIUM] A double free vulnerability in FortiOS, FortiProxy & FortiPAM administrative interfaces
• CVE-2024-52964 – [MEDIUM] An Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in FortiManager & FortiManager Cloud

Google Chrome

• Updated Version – 139.0.7258.127/.128 for Windows, Mac and 139.0.7258.127 for Linux.
• Chrome Release: August 12th, 2025

Ivanti *

• Ivanti has released updates for Ivanti Avalanche, Ivanti Virtual Application Delivery Control (vADC), and Ivanti Connect Secure, Policy Secure, ZTA Gateways and Neurons for Secure Access, which address 3 medium severity vulnerabilities, and 4 high severity vulnerabilities.
• August 2025 Security Update | Ivanti

SAP *

In August 2025, SAP Security Patch Day saw the release of 15 new Security Notes and 4 updates to previously released Security Notes.

TrendMicro *

TrendMicro released a mitigation tool to protect against recently discovered command injection remote code execution (RCE) vulnerabilities on Apex One Management Console (on-premise).

WinRAR

WinRAR released a security update for an actively exploited path traversal bug that could lead to remote code execution.

7-Zip

7-Zip released a security update for a path traversal flaw that could lead to RCE.

* Not handled by Fortress SRM.

---

About Fortress SRM’s Vigilant Managed Cyber Hygiene Offering

Why Patching Matters

Unpatched software is a leading cause of breaches—nearly 1 in 3 attacks exploit known vulnerabilities.

Vigilant Managed Cyber Hygiene

 Fortress SRM’s Vigilant Managed Cyber Hygiene simplifies patch management.

• Automated updates with 97%+ success rate for Microsoft & 100+ third-party applications
• Critical patches, OS upgrades, and configuration updates for all devices, on/off network
• 24/7/365 U.S.-based monitoring and real-time reporting for full visibility

Stay Protected. Stay Proactive.

Learn how Fortress SRM can enhance your cybersecurity strategy →