There may be one attention-grabbing already exploited vulnerability, he stated: CVE-2025-30397. This vulnerability (detailed above by Walters) is just exploitable if Microsoft Edge is working in “Web Explorer” mode. By default, Edge is just not operating in Web Explorer mode, however there could also be instances, particularly on workstations utilized by system directors and builders, the place it’s acceptable to allow this mode, Ullrich stated. Configuration administration must be used to stop this from taking place except it’s particularly required for a selected use case, he stated.
“Fortunately,” Ullrich added, “the vulnerability that, for my part, has essentially the most ‘potential’ for attackers, CVE-2025-29831, is just exploitable whereas the RDP service is restarted. Until the attacker is ready to set off a restart, this vulnerability will doubtless not be exploitable. However it but once more highlights the significance of RDP servers.”
SAP, Zoom patches
Individually, SAP launched 18 Safety Notes starting from crucial authorization points to distant code execution, info disclosure, and cross-site scripting.
