This week highlights a critical vendor-specific vulnerability: a deserialization flaw in the License Servlet of Fortra’s GoAnywhere MFT. By forging a license response signature, an attacker can trigger deserialization of arbitrary objects, potentially leading to command injection.
Key Findings
- Cisco (CVE-2025-20333, CVE-2025-20362, CVE-2025-20363): Multiple vulnerabilities that could allow attackers to exploit unsafe deserialization and input validation flaws. Successful exploitation may result in arbitrary code execution, privilege escalation, or command injection on affected systems.
Impact
Cisco (CVE-2025-20333, CVE-2025-20362, CVE-2025-20363): Exploitation enables attackers to escalate privileges or achieve remote code execution via command injection.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | a1bef4ada0b146d2862cad439ee0ab84 | 100788 | Cisco Secure Firewall Adaptive Security Appliance – Remote Code Execution – CVE:CVE-2025-20333, CVE:CVE-2025-20362, CVE:CVE-2025-20363 | N/A | Disabled | This is a New Detection |
| Cloudflare Managed Ruleset | 51de6ce6596a40eb8200452ad30f768e | 100788A | Cisco Secure Firewall Adaptive Security Appliance – Remote Code Execution – CVE:CVE-2025-20333, CVE:CVE-2025-20362, CVE:CVE-2025-20363 | N/A | Disabled | This is a New Detection |
Source: Cloudflare
Latest Posts
- Amazon SageMaker HyperPod now supports data capture for inference workloads
- Microsoft Teams: Front-of-room view control for Webinars and structured meetings in Teams Rooms on Android [MC1316231]
- New flexibility and choice for sharing organizational data across Microsoft 365 and Viva apps [MC1316232]
- Amazon Managed Grafana now supports dual-stack connectivity (IPv6 and IPv4)
