Cyble vulnerability intelligence researchers examined over 100 IT and industrial control system (ICS) vulnerabilities in reports to clients last week, flagging six in particular that merit high-priority attention from security teams.

Two of the vulnerabilities are in products with more than 800,000 internet-facing exposures, while others affect critical backup, developer, and industrial control environments.

Here are some highlights from the reports.

The Week’s Top IT Vulnerabilities

The IT vulnerabilities flagged by Cyble researchers include:

CVE-2025-5309 is an 8.6-rated Server-Side Template Injection (SSTI) vulnerability affecting the chat feature in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products. The vulnerability could allow attackers to execute arbitrary code on the server, potentially leading to full remote code execution (RCE) without authentication in some cases.

CVE-2025-4123 is a 7.6-severity cross-site scripting (XSS) vulnerability affecting the Grafana analytics platform, stemming from a combination of client path traversal and open redirect issues in the platform’s custom frontend plugin handling system. An attacker could potentially craft a URL that redirects users to a malicious website hosting a custom frontend plugin to execute arbitrary JavaScript code in the victim’s browser.

Cyble noted that more than 583,000 exposed Grafana assets and more than 236,000 BeyondTrust instances are potentially vulnerable (image below).

CVE-2025-23121 is a 9.9-severity remote code execution (RCE) vulnerability affecting Veeam Backup & Replication software, specifically when the backup server is joined to a Windows domain.

CVE-2025-3464 is an 8.4-severity vulnerability affecting ASUS Armoury Crate software. The vulnerability arises from a race condition—specifically a Time-of-check Time-of-use (TOCTOU) issue—that can potentially lead to authentication bypass and privilege escalation on Windows systems. Successful exploitation could allow attackers to gain administrator privileges, leading to full system compromise under Windows.

CVE-2025-4278 is an 8.7-rated HTML injection vulnerability affecting GitLab Community Edition (CE) and Enterprise Edition (EE), specifically all versions starting with 18.0 up to but not including 18.0.2. The flaw resides in the new search page, where improper neutralization of user input could potentially allow attackers to inject malicious HTML or JavaScript code. An attacker could craft a malicious payload that, when rendered in the search page, executes arbitrary JavaScript in the context of the victim’s session.

ICS Vulnerabilities

Cyble also examined 87 ICS vulnerabilities identified in 14 advisories from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Seven of the 87 vulnerabilities are rated critical.

One that stands out is CVE-2025-5310, a 9.8-rated vulnerability in ProGauge MagLink LX, a product of Dover Fueling Solutions, that poses significant security risks due to a Missing Authentication for Critical Functionality vulnerability. The MagLink LX is a fuel management and tank gauging system widely used in the transportation and fueling sector to monitor fuel levels, detect leaks, and manage fuel operations across gas stations and depots.

Cyble researchers identified several instances of exposed MagLink LX devices accessible over the internet, increasing the risk of remote exploitation. The vulnerability could potentially allow attackers to gain unauthorized control of the monitoring system, manipulate fueling operations, erase system configurations, or even deploy malware. Given the potential impact on critical transportation infrastructure, organizations relying on this technology should prioritize patching to prevent operational disruption and security breaches.

Other critical ICS vulnerabilities include:

• CVE-2023-28531 and CVE-2024-45490 in multiple versions of the Siemens SIMATIC S7-1500 CPU family
• CVE-2025-40585 in all versions of Siemens Energy Services
• CVE-2024-8956, CVE-2025-35451 and CVE-2025-35452 in PTZOptics and other Pan-Tilt-Zoom Cameras

Conclusion

The high number of internet-facing exposures this week underscores the importance of proper configuration and protection of web-facing assets, whether in IT or ICS environments.

A risk-based vulnerability management program should be at the heart of defensive efforts. Other cybersecurity best practices that can help guard against a wide range of threats include segmentation of critical assets; Zero-Trust access principles; ransomware-resistant backups; hardened endpoints, infrastructure, and configurations; network, endpoint, and cloud monitoring; and well-rehearsed incident response plans.

Cyble’s comprehensive attack surface management solutions can help by scanning network and cloud assets for exposures and prioritizing fixes, in addition to monitoring for leaked credentials and other early warning signs of major cyberattacks. Get a free external threat profile for your organization today.

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.