Cyble vulnerability intelligence researchers investigated nearly 100 IT and industrial control system (ICS) vulnerabilities this week and flagged eight as meriting high-priority attention by security teams – including two targeted by Russian threat actors.

In all, Cyble investigated 21 IT vulnerabilities this week, 68 ICS vulnerabilities, and eight vulnerabilities under discussion by threat actors on dark web forums.

The U.S. Cybersecurity and Infrastructure Security Agency added eight vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog last week, including the Ivanti Endpoint Manager Mobile (EPMM) and SAP NetWeaver vulnerabilities addressed in last week’s Cyble vulnerability blog.

IT Vulnerabilities

Here are four IT vulnerabilities highlighted by Cyble this week – and an additional six under discussion by threat actors on dark web forums.

The Mozilla Foundation patched two Firefox vulnerabilities discovered by researchers during the Pwn2Own Berlin 2025 contest. Firefox 138.0.4 fixes the critical vulnerabilities.

CVE-2025-4918 is an out-of-bounds memory access vulnerability in Firefox. The flaw occurs when resolving JavaScript Promise objects, allowing an attacker to perform unauthorized out-of-bounds read or write in memory.

CVE-2025-4919 is another critical out-of-bounds access vulnerability in Mozilla Firefox. This flaw arises during optimizing linear sums in JavaScript, specifically due to array index miscalculations. An attacker could potentially exploit this bug to perform out-of-bound reading or writing, leading to memory corruption, potential code execution, or unauthorized access to sensitive data.

CVE-2023-43770 and CVE-2020-35730 are cross-site scripting (XSS) vulnerabilities in Roundcube Webmail, an open-source, browser-based email client. The flaws could allow attackers to inject malicious JavaScript via specially crafted links in plain text email messages, exploiting improper input neutralization in the rcube_string_replacer.php component.

Researchers recently revealed that the vulnerabilities have been actively exploited in the wild, notably by the Russian state-sponsored threat group APT28 (also known as Fancy Bear) in spearphishing and espionage campaigns targeting public sector organizations and critical infrastructure in Europe, Cameroon, and Ecuador.

Among vulnerabilities under discussion on dark web forums, flaws in SysAid On-Premises (CVE-2025-2775 and CVE-2025-2776) and GNU Screen (CVE-2025-46802, CVE-2025-46803, CVE-2025-46804, and CVE-2025-46805) figured prominently in threat actor discussions of potential exploits.

Also this week, Cyble honeypot sensors detected attack attempts on CVE-2025-3248, a 9.8-severity Missing Authentication for Critical Function vulnerability in versions of the Langflow low-code AI builder before 1.3.0.

ICS Vulnerabilities

Of the 68 ICS vulnerabilities evaluated by Cyble researchers this week, four stood out as meriting high-priority attention by security teams.

CVE-2025-4364 is an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability affecting Assured Telematics Inc.’s Fleet Management System. If successfully exploited, this vulnerability could allow an attacker to collect sensitive file system details or gain access to administrative credentials, posing a serious threat to operational security.

CVE-2025-46412 (Authentication Bypass) and CVE-2025-41426 (Stack-based Buffer Overflow) are vulnerabilities affecting Vertiv’s Liebert RDU101 and IS-UNITY modules, which are widely used for remote monitoring and integration of critical infrastructure like UPS and cooling systems in data centers, energy, and communication sectors.

These modules enable communication with SCADA, DCS, and BMS systems, making them high-value targets. Successful exploitation could allow unauthorized access or remote code execution, posing serious operational and security risks. Immediate mitigation is essential to protect critical infrastructure.

CVE-2025-41450 is an Improper Authentication vulnerability in Danfoss AK-SM 8xxA Series (versions prior to R4.2), which are widely used in commercial facility control systems such as SCADA, DCS, and BMS. The flaw could allow unauthorized users to bypass login mechanisms and gain access to sensitive system functions. Given the role of these systems in managing key infrastructure like refrigeration and building automation, the vulnerability poses a significant operational risk.

Conclusion

The high number of vulnerabilities this week underscores the constant threats facing IT and ICS environments. Studies have shown that organizations only patch around 15% of vulnerabilities on average, making a risk-based vulnerability management program critically crucial for all organizations.

Other cybersecurity best practices that can help guard against a wide range of threats include segmentation of critical assets, removing or protecting web-facing assets, Zero-Trust access principles, ransomware-resistant backups, hardened endpoints, infrastructure, and configurations, network, endpoint, and cloud monitoring, and well-rehearsed incident response plans.

Cyble’s comprehensive attack surface management solutions can help by scanning network and cloud assets for exposures and prioritizing fixes, in addition to monitoring for leaked credentials and other early warning signs of major cyberattacks. Get a free external threat profile for your organization today.

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.