Threat Advisories

Citrix NetScaler has had a difficult summer, with the vulnerability “CitrixBleed 2” being disclosed in July 2025 (a critical vulnerability causing memory exposure leaking sensitive information). However, this is not the end, as another critical vulnerability (CVE-2025-7775) was disclosed yesterday on the 26th of August. Because Citrix devices are normally public facing, the likelihood of exploitation in the wild increases significantly. In fact, both vulnerabilities have been actively exploited, according to Citrix. 

A newly disclosed critical security flaw (CVE-2025-20265) has been identified in multiple versions of Cisco Secure Firewall Management Centre (FMC). It could allow an unauthenticated, remote threat actor to execute arbitrary shell commands on the underlying system. The vulnerability resides when RADIUS authentication is enabled and affects FMC versions 7.0.7 and 7.7.0.  

A newly disclosed critical security flaw (CVE-2025-25256) has been identified in multiple versions of Fortinet FortiSIEM. Due to the availability of a public Proof of Concept (PoC), the risk of exploitation is significantly heightened, making immediate attention and remediation imperative. 

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. The flaw stems from the way WinRAR processes alternate data streams (ADSes) within specially crafted archive files. 

SonicWall has warned customers to disable SSL VPN services due to ransomware gangs actively exploiting an unknown security vulnerability in SonicWall Generation 7 firewalls to breach networks over the past few weeks. 

Over the weekend, Integrity360 has been asked by multiple customers about a recent critical vulnerability (CVE-2025-53770) targeting on-premise instances of Microsoft Sharepoint using a deserialisation flaw. This zero-day has been reportedly widely exploited since mid-July, posing serious risk to any unpatched on-premise Sharepoint environment (Subscription, Server 2016 and Server 2019). Integrity360 wants to reassure customers that the vulnerability does not affect any cloud instances of SharePoint Online of which the majority of organisations are using. On-premise Sharepoint is likely to be converted to (or in the process of) Microsoft 365 across lots of organisations due to the extended end date of Microsoft support running out in the near future.

Cisco has addressed a critical vulnerability, tracked as CVE-2025-20337 ( with a CVSS score of 10), in Identity Services Engine (ISE) and Cisco Identity Services Engine Passive Identity Connector (ISE-PIC). An unauthenticated attacker could trigger the vulnerability to execute arbitrary code on the underlying operating system with root privileges. 

On July 8, 2025, Microsoft released its monthly Patch Tuesday update, addressing 130+ vulnerabilities across its product portfolio. This cycle includes 10 critical-rated bugs, with one publicly disclosed zero-day vulnerability affecting Microsoft SQL Server.  

Researchers at Watchtowr have released technical details on an exploit for the “CitrixBleed 2” (CVE-2025-5777) vulnerability released on 2025-06-17, leading to the development of a Proof of Concept (PoC) exploit.

Date Issued: 23 June 2025
Severity: Critical (CVSS v4 Score: 9.3)
Affected Product: Citrix NetScaler ADC / Gateway
Vulnerability ID: CVE-2025-5777
Exploitation Status: No confirmed active exploitation (as of advisory release)