Patch-Management

A critical security vulnerability has been revealed in the n8n workflow automation platform. The flaw, if successfully exploited, could result in arbitrary code execution under certain circumstances. The vulnerability, tracked as CVE-2025-68613, has a CVSS score of 9.9 out of 10.0, underscoring its severity. According to npm statistics, the n8n package records approximately 57,000 weekly downloads. Vulnerability and Impact Details The maintainers of the npm package stated that “under certain conditions, expressions provided by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime.” ...

WatchGuard has issued a security alert and released patches to address a critical vulnerability in its Fireware operating system that the company has confirmed has been actively exploited in real-world attacks. The vulnerability, identified as CVE-2025-14733, affects IKEv2 VPN configurations and has a CVSS score of 9.3 (Critical), allowing remote code execution by unauthenticated attackers. Vulnerability Details (CVE-2025-14733) The security flaw is a case of out-of-bounds write that resides in the Fireware OS iked process. This vulnerability could be exploited by a remote attacker without requiring authentication, allowing them to execute arbitrary code on the system. ...

Google released a security update for Chrome on December 10, patching three new vulnerabilities, including a high-severity one that is being actively exploited in the wild. This vulnerability represents the eighth Chrome zero-day exploited in 2025. The High Severity Zero-Day Vulnerability Google has issued a security advisory to address a high severity zero-day vulnerability. At the time of publication, Google has not assigned a CVE (Common Vulnerabilities and Exposures) to this flaw. Instead, it is referenced by Google’s internal tracking ID, 466192044. ...

Microsoft has quietly fixed a security vulnerability that has been exploited by multiple threat actors since 2017. The fix was included in the November 2025 Patch Tuesday updates. The vulnerability, tracked as CVE-2025-9491 (CVSS score: 7.8/7.0), is a “misinterpretation of the Windows shortcut file (LNK) user interface” flaw that could lead to remote code execution. Vulnerability Details (CVE-2025-9491) The vulnerability lies in how Windows handles .LNK files. The main problem is that a shortcut file can be manipulated to hide malicious commands from the user who inspects the file through the user interface. ...