You are here

Home

(TLP CLEAR) Weekly Vulnerabilities to Prioritize – August 21, 2025

(TLP CLEAR) Weekly Vulnerabilities to Prioritize – August 21, 2025

TLP:CLEAR
Created: Thursday, August 21, 2025 - 13:53
Categories:
Cybersecurity, Security Preparedness

The below vulnerabilities have been identified by WaterISAC analysts as important for water and wastewater utilities to prioritize in their vulnerability management efforts. WaterISAC shares critical vulnerabilities that affect widely used products and may be under active exploitation. WaterISAC draws additional awareness in alerts and advisories when vulnerabilities are confirmed to be impacting, or have a high likelihood of impacting, water and wastewater utilities. Members are encouraged to regularly review these vulnerabilities, many of which are often included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

Trend Micro Apex One OS Command Injection Vulnerability
CVSS Score: 9.4
CVEs: CVE-2025-54948
Description: A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. CISA has added this vulnerability to its KEV catalog.
Source: https://success.trendmicro.com/en-US/solution/KA-0020652

SAP NetWeaver Vulnerabilities
CVSS: 10.0, 9.1
CVEs: CVE-2013-31324, CVE-2025-42999
Description: Exploit code has been released for two critical SAP NetWeaver vulnerabilities, CVE-2025-31324 and CVE-2025-42999, that have been previously exploited in the wild.
Source: https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html
Additional Reading:

CISCO Vulnerability in Firewall Management Platform
CVSS Score: 8.8
CVEs: CVE-2025-20265
Description: A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This vulnerability is due to a lack of proper handling of user input during the authentication phase.
Source:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79
Additional Reading: