Business

Cybersecurity landscape erupts with critical vulnerabilities and escalating supply chain risks

Sunday, 23 November 2025 4:17PM UTC

Recent cyber incidents highlight the fragility of digital infrastructure, with widespread vulnerabilities in core security products, supply chain breaches, and record-breaking DDoS attacks prompting urgent calls for enhanced resilience and proactive security measures.

This week’s cybersecurity landscape has underscored the precariousness of digital infrastructure, marked by a sharp collision between systemic availability failures and critical security vulnerabilities. The massive outage experienced by Cloudflare illustrated a significant vulnerability in the centralised internet architecture, disrupting the operations of major platforms such as X, ChatGPT, and Spotify. This incident serves as a vivid reminder for organisations to rethink their resilience strategies, particularly regarding single points of failure in the cloud ecosystem.

Alongside network disruptions, the urgency around vulnerability management has intensified, with threat actors aggressively exploiting weaknesses in widely used software. One of the critical vulnerabilities commanding immediate attention is in Fortinet’s FortiWeb web application firewall. Identified as a high-severity command injection flaw, this issue allows authenticated attackers to execute arbitrary operating system commands and elevate privileges within the network. Multiple FortiWeb versions have been affected, and exploitation attempts have been actively detected since early October. Fortinet has responded with patches and advises users to update their systems promptly, restrict exposure of management interfaces, and audit administrative accounts for unauthorised activity. Industry data confirms that tens of thousands of FortiWeb customers operate vulnerable versions, elevating the urgency of these mitigations.

Compounding the threat landscape, a critical remote code execution vulnerability in XWiki’s SolrSearch endpoint (CVE-2025-24893) has been heavily exploited in the wild, with botnets, cryptocurrency miners, and persistent backdoors being deployed by multiple independent threat actors. This flaw allows unauthenticated attackers to execute arbitrary commands via Groovy scripting. The vulnerability remained unpatched for months, only recently acknowledged on the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities catalog, which has urged immediate remedial action. Security researchers and organisations are advised to patch immediately, monitor suspicious network activity related to SolrSearch requests, restrict external exposure, and implement network segmentation to reduce attack surfaces.

Further demonstrating the relentless targeting of software weaknesses, Google addressed two critical type confusion zero-day vulnerabilities in its Chrome V8 JavaScript engine. One of these flaws (CVE-2025-13223) has been actively exploited in the wild and carries risks ranging from remote code execution to sandbox escape and data theft. Given Chrome's dominance, running on over 65% of global browsers, this vulnerability presents a widespread risk. Google's Threat Analysis Group (TAG) involvement suggests that advanced persistent threat (APT) groups may be exploiting these flaws. Users are urged to enable auto-updates and exercise caution with untrusted links to mitigate exposure.

Also notable this week is a severe vulnerability found in the AI-Bolit component of Imunify security products, which allowed arbitrary PHP code execution with root privileges via crafted inputs. Although no exploitation in the wild has been reported, Imunify has addressed the flaw with a silent patch and recommends keeping automatic updates enabled. Similarly, SolarWinds patched a chain of high-severity vulnerabilities in their Serv-U product that permit administrative escalation to arbitrary code execution; organisations running legacy versions face heightened risk and should upgrade to the latest build to benefit from improved security controls.

Moreover, two critical Twonky Server vulnerabilities disclosed by Rapid7 grant unauthenticated attackers full administrative access by exploiting design flaws, including hardcoded cryptographic keys. With no patches forthcoming, affected organisations are advised to isolate Twonky Server access, rotate credentials, and use detection tools to identify compromised instances.

In the wider cyber threat arena, Iran-linked APT42 has launched “SpearSpecter,” an espionage campaign targeting senior government and defence officials using social engineering through fake conference invites and WhatsApp trust-building to deliver sophisticated malware. Meanwhile, Microsoft Azure recently mitigated a record-breaking Distributed Denial of Service (DDoS) attack exceeding 15 terabits per second, targeting an Australian customer with massive botnet-driven UDP floods, a reminder of the escalating scale of cyberattacks.

Supply chain security woes were highlighted by the Salesforce–Gainsight breach, where attackers abused compromised OAuth tokens to exfiltrate customer data through trusted third-party integrations. This incident epitomises the rising threat of SaaS supply chain compromises, underscoring the need for heightened scrutiny over third-party application access and robust token management.

Adding to data breach concerns, Princeton University confirmed unauthorized access to its donor database, exposing personal information though not financial or social security data. Other breaches impacted Eurofiber France’s ticketing platform and DoorDash via social engineering, illustrating the varied vectors threat actors continue to exploit.

The cumulative picture painted this week reveals an environment where the integrity and availability of both infrastructure and software are simultaneously under siege. The multi-faceted nature of these threats, from zero-day exploits and botnets to large-scale outages and supply chain compromises, calls for comprehensive, proactive security postures. Defenders must prioritise rapid patching, rigorous access controls, network segmentation, and continuous monitoring, while also expanding threat intelligence integration to anticipate evolving attack vectors. The vulnerability disclosures and active exploits observed serve both as a wake-up call and a guide for security teams aiming to bolster digital resilience in a volatile cyber threat landscape.

📌 Reference Map:

^[1] (Cybersecurity News Weekly Newsletter) - Paragraphs 1, 2, 3, 4, 5, 6, 7
^[2] (TechRadar) - Paragraph 3
^[3] (TechRadar) - Paragraph 3
^[4] (Security Affairs) - Paragraph 4
^[5] (Cyberpress) - Paragraph 4
^[6] (Rapid7) - Paragraph 4
^[7] (YouTube) - Paragraph 4

Source: Noah Wire Services

More on this

https://cybersecuritynews.com/cybersecurity-news-weekly-newsletter-nov-2025/ - Please view link - unable to able to access data
https://www.techradar.com/pro/security/fortinet-customers-told-to-update-immediately-following-major-security-issue-heres-what-we-know - Fortinet has issued a critical security update for its FortiWeb web application firewall (WAF) to address a severe vulnerability, CVE-2025-64446, which allows unauthenticated attackers to execute administrative commands on the system. This flaw affects multiple FortiWeb versions and has been actively exploited in the wild. Fortinet recommends immediate patching and advises users to disable HTTP/HTTPS on internet-facing interfaces if they cannot apply the fix promptly. ([techradar.com](https://www.techradar.com/pro/security/fortinet-customers-told-to-update-immediately-following-major-security-issue-heres-what-we-know?utm_source=openai))
https://www.techradar.com/pro/security/fortinet-admits-it-found-another-worrying-zero-day-being-exploited-in-attacks - Fortinet has released an urgent security patch for a high-severity zero-day vulnerability, CVE-2025-58034, found in its FortiWeb WAF. Discovered by Trend Micro's Jason McFadyen, this OS command injection flaw allows unauthenticated attackers to execute arbitrary system commands through crafted HTTP or CLI inputs. The vulnerability affects several FortiWeb versions and has been actively exploited, with Fortinet detecting approximately 2,000 attack attempts. ([techradar.com](https://www.techradar.com/pro/security/fortinet-admits-it-found-another-worrying-zero-day-being-exploited-in-attacks?utm_source=openai))
https://securityaffairs.com/184702/malware/rondodox-expands-botnet-by-exploiting-xwiki-rce-bug-left-unpatched-since-february-2025.html - The RondoDox botnet has been observed exploiting the CVE-2025-24893 vulnerability in XWiki's SolrSearch endpoint, which has been unpatched since February 2025. This critical remote code execution flaw allows attackers to deploy botnets, coin miners, and establish persistent access. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities catalog, urging immediate patching. ([securityaffairs.com](https://securityaffairs.com/184702/malware/rondodox-expands-botnet-by-exploiting-xwiki-rce-bug-left-unpatched-since-february-2025.html?utm_source=openai))
https://cyberpress.org/cisa-warns-of-xwiki-injection-flaw/ - The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-24893 to its Known Exploited Vulnerabilities catalog, highlighting a critical eval injection flaw in XWiki's SolrSearch component. This vulnerability permits unauthenticated users to execute arbitrary remote code, posing significant security risks to organizations using the XWiki Platform. ([cyberpress.org](https://cyberpress.org/cisa-warns-of-xwiki-injection-flaw/?utm_source=openai))
https://www.rapid7.com/db/vulnerabilities/exploit/multi/http/xwiki_unauth_rce_cve_2025_24893/ - Rapid7 has released a Metasploit module to exploit the CVE-2025-24893 vulnerability in XWiki's SolrSearch endpoint. This remote code execution flaw allows unauthenticated attackers to execute arbitrary system commands, potentially leading to data breaches and system compromise. The module targets XWiki Platform versions from 5.3-milestone-2 up to but not including 15.10.11, and from 16.0.0-rc-1 up to but not including 16.4.1. ([rapid7.com](https://www.rapid7.com/db/modules/exploit/multi/http/xwiki_unauth_rce_cve_2025_24893/?utm_source=openai))
https://www.youtube.com/watch?v=blA7hkyaWOw - A YouTube video demonstrating the exploitation of CVE-2025-24893 in XWiki, showcasing how unauthenticated remote code execution can be achieved through the SolrSearch endpoint. The video provides a practical example of the vulnerability's impact and is intended for educational purposes. ([youtube.com](https://www.youtube.com/watch?v=blA7hkyaWOw&utm_source=openai))

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 8

Notes: The narrative includes recent incidents, such as the Fortinet FortiWeb vulnerability (CVE-2025-64446) disclosed on November 17, 2025, and the XWiki SolrSearch vulnerability (CVE-2025-24893) reported on October 28, 2025. ([techradar.com](https://www.techradar.com/pro/security/fortinet-customers-told-to-update-immediately-following-major-security-issue-heres-what-we-know?utm_source=openai)) However, some information appears to be recycled from earlier reports, with no new developments or updates provided. For instance, the XWiki vulnerability was initially reported in February 2025, and the FortiWeb vulnerability was disclosed in October 2025. ([github.com](https://github.com/advisories/GHSA-rr6p-3pfg-562j?utm_source=openai)) The inclusion of these older incidents without new insights or updates may indicate a lack of freshness. Additionally, the narrative references a press release from Cybersecurity News Weekly Newsletter, which typically warrants a high freshness score. However, the lack of new information or analysis suggests that the freshness score should be moderated. The overall freshness score is 8, considering the inclusion of recent incidents but noting the recycling of older content.

Quotes check

Score: 7

Notes: The narrative includes direct quotes from various sources, such as Fortinet's security advisory and CISA's Known Exploited Vulnerabilities catalog. However, these quotes appear to be reused from earlier reports without any new context or analysis. The lack of original quotes or exclusive content suggests that the narrative may be recycling information from previous publications. The overall quotes score is 7, reflecting the reuse of existing quotes without new contributions.

Source reliability

Score: 6

Notes: The narrative references reputable sources, including Fortinet's security advisory and CISA's Known Exploited Vulnerabilities catalog. However, the reliance on a single outlet, Cybersecurity News Weekly Newsletter, raises concerns about the diversity and verification of the information presented. The lack of corroboration from multiple independent sources suggests potential issues with source reliability. The overall source reliability score is 6, indicating moderate trustworthiness.

Plausability check

Score: 7

Notes: The narrative discusses plausible cybersecurity incidents, such as the exploitation of vulnerabilities in FortiWeb and XWiki platforms. However, the lack of supporting details from other reputable outlets and the recycling of older content without new insights raise questions about the originality and depth of the reporting. The overall plausibility score is 7, reflecting the plausibility of the incidents but noting the concerns about originality and depth.

Overall assessment

Verdict (FAIL, OPEN, PASS): FAIL

Confidence (LOW, MEDIUM, HIGH): MEDIUM

Summary: The narrative includes recent cybersecurity incidents but appears to recycle older content without providing new insights or updates. The reliance on a single source and the lack of corroboration from multiple independent outlets raise concerns about the reliability and originality of the information presented. The overall assessment is a 'FAIL' with medium confidence, indicating significant issues with freshness, originality, and source reliability.

Cybersecurity
Vulnerabilities
Supply chain security