new: [news] Vulnerability Report - July 2025

cedricbonhomme · cedricbonhomme · commit fff56503478e · 2025-08-23T00:27:07.000+02:00
diff --git a/content/news/2025-08-23-vulnerability-report-july-2025.md b/content/news/2025-08-23-vulnerability-report-july-2025.md
@@ -0,0 +1,134 @@
+---
+title: "Vulnerability Report - July 2025"
+slug: vulnerability-report-july-2025
+author: CIRCL team
+layout: news
+date: 2025-08-23
+publishDate: 2025-08-22
+tags:
+    - VulnerabilityReport
+    - Report
+---
+
+{{< card link="/tags/vulnerabilityreport/" title="All vulnerability reports" icon="document-report" >}}
+
+
+## Introduction
+
+This vulnerability report has been generated using data aggregated on
+[Vulnerability-Lookup](https://vulnerability.circl.lu),
+with contributions from the platform’s community.
+
+It highlights the most frequently mentioned vulnerability for July 2025, based on sightings collected from various sources, including [MISP](https://www.misp-project.org), Exploit-DB, Bluesky, [Mastodon](https://joinmastodon.org), GitHub Gists, [The Shadowserver Foundation](https://www.shadowserver.org/), [Nuclei](https://github.com/projectdiscovery/nuclei), and more. For further details, please visit [this page](https://www.vulnerability-lookup.org/user-manual/sightings/).
+
+The final section focuses on exploitations observed through [The Shadowserver Foundation](https://www.shadowserver.org)'s honeypot network.
+
+
+## The Month at a Glance
+
+The most reported vulnerability this month is [CVE-2025-53770](https://vulnerability.circl.lu/vuln/CVE-2025-53770),
+a critical flaw in [Microsoft SharePoint Enterprise Server 2016](https://vulnerability.circl.lu/search?vendor=Microsoft&product=Microsoft%20SharePoint%20Enterprise%20Server%202016),
+with over 400 sightings. Other high-impact vulnerabilities include [CVE-2025-5777](https://vulnerability.circl.lu/vuln/CVE-2025-5777)
+affecting NetScaler ADC, and [CVE-2025-25257](https://vulnerability.circl.lu/vuln/CVE-2025-25257)
+in Fortinet FortiWeb, both widely discussed across communities and security feeds.
+
+Well-known products such as [Google Chrome](https://vulnerability.circl.lu/search?vendor=Google&product=Chrome) and[ Wing FTP Server](https://vulnerability.circl.lu/search?vendor=wftpserver&product=Wing%20FTP%20Server) also appear in the top 10,
+along with GitHub advisories like [GHSA-269G-PWP5-87PP](https://vulnerability.circl.lu/vuln/GHSA-269G-PWP5-87PP) (JUnit4)
+and [GHSA-78WR-2P64-HPWJ](https://vulnerability.circl.lu/vuln/GHSA-78WR-2P64-HPWJ) (Apache Commons IO).
+This mix shows how both enterprise-grade platforms and widely used open-source projects continue to be targeted.
+
+The most common weaknesses remain familiar:
+
+- [CWE-79](https://vulnerability.circl.lu/cwes/CWE-79) (Cross-site Scripting) with 747 cases.
+- [CWE-89](https://vulnerability.circl.lu/cwes/CWE-99) (SQL Injection) with 710 cases.
+- [CWE-122](https://vulnerability.circl.lu/cwes/CWE-122) (Heap-based Buffer Overflow) with 593 cases.
+
+
+## Top 10 vulnerabilities of the Month
+
+
+|         Vulnerability          | Sighting Count |     Vendor      |     Product     | [VLAI Severity](https://arxiv.org/abs/2507.03607) |
+| ------------------------------ | -------------- | --------------- | --------------- | --------------------------------------------------------------------- |
+| [CVE-2025-53770](https://vulnerability.circl.lu/vuln/CVE-2025-53770) | 416 | [Microsoft](https://vulnerability.circl.lu/search?vendor=Microsoft) | [Microsoft SharePoint Enterprise Server 2016](https://vulnerability.circl.lu/search?vendor=Microsoft&product=Microsoft%20SharePoint%20Enterprise%20Server%202016) | Critical (confidence: 0.8952) |
+| [CVE-2025-5777](https://vulnerability.circl.lu/vuln/CVE-2025-5777) | 267 | [NetScaler](https://vulnerability.circl.lu/search?vendor=NetScaler) | [ADC](https://vulnerability.circl.lu/search?vendor=NetScaler&product=ADC) | Critical (confidence: 0.9621) |
+| [CVE-2025-25257](https://vulnerability.circl.lu/vuln/CVE-2025-25257) | 145 | [Fortinet](https://vulnerability.circl.lu/search?vendor=Fortinet) | [FortiWeb](https://vulnerability.circl.lu/search?vendor=Fortinet&product=FortiWeb) | Critical (confidence: 0.9819) |
+| [CVE-2025-6554](https://vulnerability.circl.lu/vuln/CVE-2025-6554) | 130 | [Google](https://vulnerability.circl.lu/search?vendor=Google) | [Chrome](https://vulnerability.circl.lu/search?vendor=Google&product=Chrome) | High (confidence: 0.9928) |
+| [CVE-2025-47812](https://vulnerability.circl.lu/vuln/CVE-2025-47812) | 129 | [wftpserver](https://vulnerability.circl.lu/search?vendor=wftpserver) | [Wing FTP Server](https://vulnerability.circl.lu/search?vendor=wftpserver&product=Wing%20FTP%20Server) | Critical (confidence: 0.9724) |
+| [GHSA-269G-PWP5-87PP](https://vulnerability.circl.lu/vuln/GHSA-269G-PWP5-87PP) | 120 | [junit-team](https://vulnerability.circl.lu/search?vendor=junit-team) | [junit4](https://vulnerability.circl.lu/search?vendor=junit-team&product=junit4) | Medium (confidence: 0.5366) |
+| [CVE-2025-53771](https://vulnerability.circl.lu/vuln/CVE-2025-53771) | 104 | [Microsoft](https://vulnerability.circl.lu/search?vendor=Microsoft) | [Microsoft SharePoint Enterprise Server 2016](https://vulnerability.circl.lu/search?vendor=Microsoft&product=Microsoft%20SharePoint%20Enterprise%20Server%202016) | Medium (confidence: 0.9689) |
+| [CVE-2025-49706](https://vulnerability.circl.lu/vuln/CVE-2025-49706) | 96 | [Microsoft](https://vulnerability.circl.lu/search?vendor=Microsoft) | [Microsoft SharePoint Enterprise Server 2016](https://vulnerability.circl.lu/search?vendor=Microsoft&product=Microsoft%20SharePoint%20Enterprise%20Server%202016) | Medium (confidence: 0.9689) |
+| [GHSA-78WR-2P64-HPWJ](https://vulnerability.circl.lu/vuln/GHSA-78WR-2P64-HPWJ) | 85 | [Apache Software Foundation](https://vulnerability.circl.lu/search?vendor=Apache%20Software%20Foundation) | [Apache Commons IO](https://vulnerability.circl.lu/search?vendor=Apache%20Software%20Foundation&product=Apache%20Commons%20IO) | Medium (confidence: 0.9078) |
+| [GHSA-5MG8-W23W-74H3](https://vulnerability.circl.lu/vuln/GHSA-5MG8-W23W-74H3) | 84 | [Google LLC](https://vulnerability.circl.lu/search?vendor=Google%20LLC) | [Guava](https://vulnerability.circl.lu/search?vendor=Google%20LLC&product=Guava) | Low (confidence: 0.877) |
+
+
+
+## Most wanted vulnerabilities
+
+The following vulnerabilities were **only** detected through our sighting tools, which aggregate data from diverse sources such as social networks, MISP, Nuclei templates, Shadowserver, GitHub Gists, and others:
+
+- [CVE-2023-42344](https://vulnerability.circl.lu/vuln/CVE-2023-42344#sightings), source: The Shadowserver (honeypot/common-vulnerabilities)
+- [CVE-2025-48932](https://vulnerability.circl.lu/vuln/CVE-2025-48932#sightings), source: Bluesky
+
+These vulnerabilities have not yet been officially published.
+
+
+## Top 10 Weaknesses of the Month
+
+| CWE | Number of vulnerabilities |
+| --- | ----- |
+| [CWE-79](https://vulnerability.circl.lu/cwes/CWE-79)   | 747 |
+| [CWE-89](https://vulnerability.circl.lu/cwes/CWE-89)   | 710 |
+| [CWE-122](https://vulnerability.circl.lu/cwes/CWE-122) | 593 |
+| [CWE-74](https://vulnerability.circl.lu/cwes/CWE-74)   | 526 |
+| [CWE-416](https://vulnerability.circl.lu/cwes/CWE-416) | 492 |
+| [CWE-119](https://vulnerability.circl.lu/cwes/CWE-119) | 397 |
+| [CWE-125](https://vulnerability.circl.lu/cwes/CWE-125) | 353 |
+| [CWE-94](https://vulnerability.circl.lu/cwes/CWE-94)   | 313 |
+| [CWE-434](https://vulnerability.circl.lu/cwes/CWE-434) | 216 |
+| [CWE-121](https://vulnerability.circl.lu/cwes/CWE-121) | 213 |
+
+
+## Insights from Contributors
+
+### Ruckus network management solutions riddled with unpatched vulnerabilities - Help Net Security
+
+Claroty researcher Noam Moshe has discovered serious vulnerabilities in two Ruckus Networks (formerly Ruckus Wireless) products that may allow attackers to compromise the environments managed by the affected software, Carnegie Mellon University’s CERT Coordination Center (CERT/CC) has warned.  
+[More information](https://vulnerability.circl.lu/bundle/e6381844-1d85-477e-83f0-f85545c99c27)
+
+
+### Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257)
+
+An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb.  
+[More information](https://vulnerability.circl.lu/comment/94b37950-f479-444b-bff8-5571bd15eac5)
+
+
+### VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities
+
+Multiple vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools were privately reported to Broadcom. Updates are available to remediate these vulnerabilities in affected Broadcom products.  
+[More information](https://vulnerability.circl.lu/bundle/419fd7d2-3c77-4032-b717-747015a7b289)
+
+
+## Continuous Exploitation
+
+- [CVE-2018-13379](https://vulnerability.circl.lu/vuln/cve-2018-13379) -
+  [Fortinet](https://vulnerability.circl.lu/search?vendor=Fortinet) /
+  [Fortinet FortiOS, FortiProxy](https://vulnerability.circl.lu/search?vendor=Fortinet&product=Fortinet+FortiOS,+FortiProxy)
+- [CVE-2017-17215](https://vulnerability.circl.lu/vuln/CVE-2017-17215) -
+  [Huawei Technologies Co., Ltd.](https://vulnerability.circl.lu/search?vendor=Huawei+Technologies+Co.,+Ltd.) /
+  [HG532](https://vulnerability.circl.lu/search?vendor=Huawei+Technologies+Co.,+Ltd.&product=HG532)
+- [CVE-2025-5777](https://vulnerability.circl.lu/vuln/CVE-2025-5777) -
+  [NetScaler](https://vulnerability.circl.lu/search?vendor=NetScaler) /
+  [ADC](https://vulnerability.circl.lu/search?vendor=NetScaler&product=ADC)
+
+
+## Thank you
+
+Thank you to all the contributors and our diverse sources!
+
+If you want to contribute to the next report, you can [create your account](https://vulnerability.circl.lu/user/signup).
+
+
+## Feedback and Support
+
+If you have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us!  
+https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
