#ssl

SonicWall is urging customers to reset credentials after their firewall configuration backup files were exposed in a security breach impacting MySonicWall accounts. The company said it recently detected suspicious activity targeting the cloud backup service for firewalls, and that unknown threat actors accessed backup firewall preference files stored in the cloud for less than 5% of its

Palo Alto, California, 18th September 2025, CyberNewsWire

### Impact A peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not validate if the requested IP addresses “belong to” the peer requesting the certificate—that is, if the peer connects from the same IP address as the one provided in the certificate request. ```golang if addr, ok := p.Addr.(*net.TCPAddr); ok { ip = addr.IP.String() } else { ip, _, err = net.SplitHostPort(p.Addr.String()) if err != nil { return nil, err } } // Parse csr. [skipped] // Check csr signature. // TODO check csr common name and so on. if err = csr.CheckSignature(); err != nil { return nil, err } [skipped] // TODO only valid for peer ip // BTW we need support both of ipv4 and ipv6. ips := csr.IPAddresses if len(ips) == 0 { // Add default connected ip. ips = []net.IP{net.ParseIP(ip)} } ``` ### Patches - Dragonfy v2.1.0...

### Summary jinjava’s current sandbox restrictions prevent direct access to dangerous methods such as `getClass()`, and block instantiation of Class objects. However, these protections can be bypassed. By using mapper.getTypeFactory().constructFromCanonical(), it is possible to instruct the underlying ObjectMapper to deserialize attacker-controlled input into arbitrary classes. This enables the creation of semi-arbitrary class instances without directly invoking restricted methods or class literals. As a result, an attacker can escape the sandbox and instantiate classes such as java.net.URL, opening up the ability to access local files and URLs(e.g., file:///etc/passwd). With further chaining, this primitive can potentially lead to remote code execution (RCE). ### Details jinjava templates expose a built-in variable `____int3rpr3t3r____`, which provides direct access to the jinjavaInterpreter instance. This variable was previously abused (see [Add interpreter to blacklist](https:/...

### Impact The Manager disables TLS certificate verification in two HTTP clients (figures 3.1 and 3.2). The clients are not configurable, so users have no way to re-enable the verification. ```golang func getAuthToken(ctx context.Context, header http.Header) (string, error) { [skipped] client := &http.Client{ Timeout: defaultHTTPRequesttimeout, Transport: &http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, }, } [skipped] } ``` A Manager processes dozens of preheat jobs. An adversary performs a network-level Man-in-the-Middle attack, providing invalid data to the Manager. The Manager preheats with the wrong data, which later causes a denial of service and file integrity problems. ### Patches - Dragonfy v2.1.0 and above. ### Workarounds There are no effective workarounds, beyond upgrading. ### References A third party security audit was performed by Trail of Bits, you can see the [full report]...

Secure document editing protects sensitive data with encryption and compliance tools, while reducing costly breaches and building trust,…

Newark, New Jersey, United States, 16th September 2025, CyberNewsWire

Las Vegas, United States, 16th September 2025, CyberNewsWire

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: INDUSTRIAL EDGE, OpenPCS, RUGGEDCOM, SCALANCE, SIMATIC, SIMOTION, SINAUT, SINEC, SIPLUS, TIA Vulnerability: Loop with Unreachable Exit Condition ('Infinite Loop') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Industrial Edge - OPC UA Connector: All versions prior to V1.7 Siemens RUGGEDCOM ROX MX5000RE: All versions prior to V2.15.1 Siemens SCALANCE W788-2 RJ45 (6GK5...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: INDUSTRIAL EDGE, RUGGEDCOM, SCALANCE, SIMATIC, SINEC, SINEMA, SINUMERIK, SIPLUS, TIA Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Industrial Edge - Machine Insight App: All versions Siemens RUGGEDCOM ROX RX1510: All versions prior to V2.15.0 Siemens SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6): All ...