(TLP CLEAR) Weekly Vulnerabilities to Prioritize – September 18, 2025

The below vulnerabilities have been identified by WaterISAC analysts as important for water and wastewater utilities to prioritize in their vulnerability management efforts. WaterISAC shares critical vulnerabilities that affect widely used products and may be under active exploitation. WaterISAC draws additional awareness in alerts and advisories when vulnerabilities are confirmed to be impacting, or have a high likelihood of impacting, water and wastewater utilities. Members are encouraged to regularly review these vulnerabilities, many of which are often included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

Zero-Day Vulnerability in Google Chrome
CVSS Score: 8.8
CVE: CVE-2025-10585
Description: Google has released security updates for the Chrome web browser to address four vulnerabilities, including this Zero-Day that Google said has been exploited in the wild. This is described as a type confusion issue in the v8 JavaScript and WebAssembly engine and has the potential to trigger unexpected software behavior, possibly resulting in sever consequences such as the execution of arbitrary code and program crashes.
Source: https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html
Additional Reading:

• Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions

Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability
CVSS: 9.0
CVE: CVE-2025-5086
Description: A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3. CISA has added this vulnerability to its KEV catalog.
Source: https://www.3ds.com/trust-center/security/security-advisories

Firebox Firewall Vulnerability
CVSS Score: 9.3
CVE: CVE-2025-9242
Description: An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and 2025.1.
Source: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015
Additional Reading:

• WatchGuard warns of critical vulnerability in Firebox firewalls

Westermo Network Technologies WeOS 5 Vulnerability
CVSS Score: 8.7
CVE: CVE-2025-46418
Description: Westermo has identified a vulnerability in WeOS 5 that could potentially be used to inject OS commands due to unsafe handling of media definitions. This vulnerability was added to CISA’s ICS Advisory on September 18 and is a product used by Water and Wastewater Systems.
Source: https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-01

Westermo Network Technologies WeOS 5 Vulnerability
CVSS Score: 8.2
CVE: CVE-2025-46419
Description: Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet. This vulnerability was added to CISA’s ICS Advisory on September 18 and is a product used by Water and Wastewater Systems.
Source: https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-02