This week highlights a critical vendor-specific vulnerability: a deserialization flaw in the License Servlet of Fortra’s GoAnywhere MFT. By forging a license response signature, an attacker can trigger deserialization of arbitrary objects, potentially leading to command injection.
Key Findings
- Cisco (CVE-2025-20333, CVE-2025-20362, CVE-2025-20363): Multiple vulnerabilities that could allow attackers to exploit unsafe deserialization and input validation flaws. Successful exploitation may result in arbitrary code execution, privilege escalation, or command injection on affected systems.
Impact
Cisco (CVE-2025-20333, CVE-2025-20362, CVE-2025-20363): Exploitation enables attackers to escalate privileges or achieve remote code execution via command injection.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | a1bef4ada0b146d2862cad439ee0ab84 | 100788 | Cisco Secure Firewall Adaptive Security Appliance – Remote Code Execution – CVE:CVE-2025-20333, CVE:CVE-2025-20362, CVE:CVE-2025-20363 | N/A | Disabled | This is a New Detection |
| Cloudflare Managed Ruleset | 51de6ce6596a40eb8200452ad30f768e | 100788A | Cisco Secure Firewall Adaptive Security Appliance – Remote Code Execution – CVE:CVE-2025-20333, CVE:CVE-2025-20362, CVE:CVE-2025-20363 | N/A | Disabled | This is a New Detection |
Source: Cloudflare
Latest Posts
- Minimax M2.5 and GLM 5 models now available on Amazon Bedrock
- (Updated) Microsoft Entra passkeys on Windows now support phishing-resistant sign-in [MC1247893]
- (Updated) Microsoft Teams: Improvements to “Activity in other accounts and orgs panel” [MC1184992]
- Updates available for Microsoft 365 Apps for Current Channel [MC1255412]
