(TLP:CLEAR) Weekly Vulnerabilities to Prioritize – November 13, 2025
Created: Thursday, November 13, 2025 - 15:15
Categories: Cybersecurity, Security Preparedness
The below vulnerabilities have been identified by WaterISAC analysts as important for water and wastewater utilities to prioritize in their vulnerability management efforts. WaterISAC shares critical vulnerabilities that affect widely used products and may be under active exploitation. WaterISAC draws additional awareness in alerts and advisories when vulnerabilities are confirmed to be impacting, or have a high likelihood of impacting, water and wastewater utilities. Members are encouraged to regularly review these vulnerabilities, many of which are often included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
Microsoft Windows Race Condition Vulnerability
CVE: CVE-2025-62215
Description: Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally.
Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215
WatchGuard Firebox Out-of-Bounds Write Vulnerability
CVE: CVE-2025-9242
Description: An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and 2025.1.
Source: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015
Gladinet Triofox Improper Access Control Vulnerability
CVE: CVE-2025-12480
Description: Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
Source: https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480
Samsung Mobile Devices Out-of-Bounds Write Vulnerability
CVE: CVE-2025-21042
Description: Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.
Source: https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04