433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cisco Integrated Management Controller Virtual Keyboard Video Monitor Stored Cross-Site Scripting Vulnerability

A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid user credentials with privileges that allow for vKVM access on the affected device. Note: The affected vKVM client is also included in Cisco UCS Manager. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-kvmsxss-6h7AnUyk Security Impact Rating: Medium CVE: CVE-2025-20342
http://news.poseidon-us.com/TMk1QQ

Cisco Nexus 3000 and 9000 Series Switches Protocol Independent Multicast Version 6 Denial of Service Vulnerability

A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of PIM6 ephemeral data queries. An attacker could exploit this vulnerability by sending a crafted ephemeral query to an affected device through one of the following methods: NX-API REST, NETCONF, RESTConf, gRPC, or Model Driven Telemetry. A successful exploit could allow the attacker to cause the PIM6 process to crash and restart, causing potential adjacency flaps and resulting in a DoS of the PIM6 and ephemeral query processes. For an example of an ephemeral query, see the About Ephemeral Data in gRPC section of the Cisco Nexus 9000 Series NX-OS Programmability Guide, Release 9.3(x). Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxospc-pim6-vG4jFPh This advisory is part of the August 2025 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: August 2025 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. Security Impact Rating: Medium CVE: CVE-2025-20262
http://news.poseidon-us.com/TMk1PX

Cisco NX-OS Software Sensitive Log Information Disclosure Vulnerability

A vulnerability in the logging feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches in standalone NX-OS mode, Cisco UCS 6400 Fabric Interconnects, Cisco UCS 6500 Series Fabric Interconnects, and Cisco UCS 9108 100G Fabric Interconnects could allow an authenticated, local attacker access to sensitive information. This vulnerability is due to improper logging of sensitive information. An attacker could exploit this vulnerability by accessing log files on the file system where they are stored. A successful exploit could allow the attacker to access sensitive information, such as stored credentials. Note: To access the log files on Cisco Nexus devices that are affected by this vulnerability, an attacker must have access to the file system of the underlying operating system. For more information about access requirements, see the Cisco Nexus 9000 Series Switches Programming Guides. To access the log files on Cisco UCS Fabric Interconnect devices, an administrator of UCS Manager must generate and download a tech support file, which includes the system log files. The system log files are not directly accessible from the CLI or the Cisco UCS Manager UI. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-infodis-TEcTYSFG This advisory is part of the August 2025 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: August 2025 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. Security Impact Rating: Medium CVE: CVE-2025-20290
http://news.poseidon-us.com/TMk1PH

Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute a command injection attack on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by entering crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to read and write files on the underlying operating system with the privileges of a non-root user account. File system access is limited to the permissions that are granted to that non-root user account. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmdinj-qhNze5Ss This advisory is part of the August 2025 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: August 2025 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. Security Impact Rating: Medium CVE: CVE-2025-20292
http://news.poseidon-us.com/TMk1P1

Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities

Multiple vulnerabilities in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. These vulnerabilities exist because of missing authorization controls on some REST API endpoints. An attacker could exploit these vulnerabilities by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions, such as accessing sensitive information regarding HTTP Proxy and NTP configurations, uploading images, and damaging image files on an affected device. Note: These vulnerabilities affect only a subset of REST API endpoints and do not affect the web-based management interface. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nshs-urapi-gJuBVFpu Security Impact Rating: Medium CVE: CVE-2025-20347,CVE-2025-20348
http://news.poseidon-us.com/TMk1Nt

Cisco Nexus Dashboard Path Traversal Vulnerability

A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. This vulnerability is due to insufficient validation of the contents of a backup file. An attacker with valid Administrator credentials could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to gain root privileges on the underlying shell on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-ptrs-XU2Fm2Wb Security Impact Rating: Medium CVE: CVE-2025-20344
http://news.poseidon-us.com/TMk1K3

How Threat Actors Are Rizzing Up Your AI for Profit

Cybercriminals are hijacking generative AI using SEO-poisoned content and advanced Traffic Distribution Systems (TDS). Discover how LLMs are being weaponized for malware, slopsquatting, and prompt injection—and what defenders must do now.
http://news.poseidon-us.com/TMjyFF

AI is becoming a core tool in cybercrime, Anthropic warns

A new report from Anthropic shows how criminals are using AI to actively run parts of their operations. The findings suggest that AI is now embedded across the full attack cycle, from reconnaissance and malware development to fraud and extortion. The report is based on real cases where Anthropic’s models were misused. It provides an unusual view into how attackers are adapting and building AI into every stage of their operations. While the focus is … More → The post AI is becoming a core tool in cybercrime, Anthropic warns appeared first on Help Net Security.
http://news.poseidon-us.com/TMjx9B

Unit21 BYOA automates fraud and AML tasks

Unit21 has launched its Build Your Own Agent (BYOA) for banks, credit unions, and fintechs. The product enables risk and compliance teams to automate fraud and AML tasks, turning hours of manual data gathering, sorting and sifting into just minutes of analysis and action. Unit21’s no-code BYOA integrates custom AI agents into your most common fraud and AML workflows, such as sanctions, transaction monitoring, and check fraud, while delivering structured, explainable insights directly into alert … More → The post Unit21 BYOA automates fraud and AML tasks appeared first on Help Net Security.
http://news.poseidon-us.com/TMjx7R

Qwiet AI empowers developers in shipping secure software faster

Qwiet AI has unveiled updates to its application security platform. These updates, which include expanded integrations across Azure DevOps, Azure Boards, and GitHub, and the introduction of new AI-powered AutoFix capabilities and an enhanced user experience, are set to revolutionize how development and security teams release secure applications. By empowering teams to release secure applications at the speed of innovation without disrupting developer workflows, these updates promise a more comfortable and user-friendly experience. The latest … More → The post Qwiet AI empowers developers in shipping secure software faster appeared first on Help Net Security.
http://news.poseidon-us.com/TMjx76