Overview 

Cyble Research and Intelligence Labs (CRIL) analyzed significant IT vulnerabilities disclosed between September 10–16, 2025. 

Cyble’s Vulnerability Intelligence module tracked 1,045 IT vulnerabilities, of which over 135 already have publicly available Proof-of-Concepts (PoCs). As the time-to-exploit window continues to shrink, this accelerates the risk of real-world exploitation. 

High-profile IT vulnerabilities were identified in Apple operating systems, Zimbra Collaboration Suite (ZCS), Samsung Android devices, and Adobe Commerce platforms. CISA also added a critical DELMIA Apriso vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. 

CRIL further observed active discussions across underground forums, including weaponized exploits and even a claimed zero-day affecting Google domains. 

Key IT vulnerabilities And Flaws

Apple Operating Systems 

• CVE-2025-43359: A logic flaw affecting Apple’s operating systems. 

• CVE-2025-43362: A vulnerability in the LaunchServices component that allows applications to monitor keystrokes without user consent. 

Impact: These flaws enable stealthy system compromise, including keystroke monitoring and data exfiltration, which lowers the barrier for advanced threat campaigns. 

Mitigation: Apply the latest Apple security updates across macOS and iOS platforms immediately. 

Zimbra Collaboration Suite (ZCS) 

• CVE-2025-54391: A flaw in the EnableTwoFactorAuthRequest SOAP endpoint. Attackers with valid credentials can bypass existing Two-Factor Authentication (2FA) by configuring an additional 2FA method without requiring a valid token. 

Impact: This vulnerability enables account takeover and undermines authentication integrity across enterprise messaging systems. 

Mitigation: Apply vendor-released patches and enforce monitoring of authentication logs for unusual 2FA registration attempts. 

Samsung Android Devices 

• CVE-2025-21043: A critical out-of-bounds write vulnerability in the libimagecodec.quram.so library used in Samsung Android devices. It allows remote attackers to execute arbitrary code with elevated privileges. 

Impact: Exploitation may result in remote code execution, enabling attackers to compromise device security and gain persistent control. 

Mitigation: Samsung has issued patches; users and organizations should update all affected Android devices. 

Adobe Commerce / Magento Open Source 

• CVE-2025-54236 (“SessionReaper”): A critical improper input validation flaw in the Commerce REST API. Unauthenticated attackers can hijack customer accounts and, under certain conditions, achieve remote code execution. 

Impact: This vulnerability threatens e-commerce platforms, exposing both customer accounts and backend systems to compromise. 

Mitigation: Update to the latest patched release of Adobe Commerce / Magento Open Source and monitor API traffic for anomalous account actions. 

CISA’s Known Exploited Vulnerabilities (KEV) Catalog 

From September 10–16, 2025, CISA added one vulnerability to its KEV catalog: 

Impact: Actively exploited via crafted HTTP requests, enabling remote code execution. The flaw poses severe risks to manufacturing environments, potentially leading to full system compromise and operational disruptions. 

Vulnerabilities and Exploits on Underground Forums 

CRIL observed multiple weaponized exploits discussed across underground forums and Telegram channels: 

• CVE-2025-4275 (“Hydroph0bia”): Critical UEFI firmware flaw in Insyde H2O enabling attackers to bypass Secure Boot protections by injecting rogue certificates. Facilitates persistent bootkit malware and rootkit deployment. 

• CVE-2025-21692: Linux kernel bug in the Enhanced Transmission Selection (ETS) module allowing local privilege escalation. 

• CVE-2025-24813: Apache Tomcat path-equivalence flaw enabling remote code execution through crafted JSESSIONID values under specific configurations. 

• Zero-Day Claim: A threat actor known as BIGBROTHER advertised a redirection vulnerability allegedly affecting Google.com domains, capable of serving malicious APK or EXE files while bypassing filters. The claim remains unverified, priced at $75,000 for full disclosure or $10,000 per malicious link. 

Recommendations 

To mitigate risks associated with this week’s vulnerabilities: 

• Apply Patches Promptly: Install vendor updates for Apple, Samsung, Zimbra, Adobe, and others without delay. 

• Implement Network Segmentation: Isolate critical assets and limit administrative access through firewalls and VLANs. 

• Monitor for Indicators of Compromise (IoCs): Review logs for abnormal 2FA registrations, unusual API calls, or privilege escalation attempts. 

• Strengthen Incident Response Plans: Test and update playbooks for credential theft, malware persistence, and RCE scenarios. 

• Enhance Asset Visibility: Maintain an accurate inventory and conduct continuous vulnerability assessments. 

• Adopt MFA and Strong Password Policies: Enforce MFA across all accounts and replace default credentials immediately. 

• Stay Updated on Threat Intelligence: Monitor advisories from CISA, vendors, and CERTs, while tracking underground forum chatter.