The security advisory, published on April 22, 2025, details the patches for CVE-2025-1731 and CVE-2025-1732, which impact multiple firmware versions of the company’s enterprise-grade security appliances. The discovery underscores the critical importance of regular security updates for network security appliances, which often serve as the first line of defense against external threats. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Security experts recommend immediate patching, as privilege escalation vulnerabilities are frequently exploited in targeted attacks against enterprise environments. Despite their sophisticated architecture, these devices remain susceptible to software vulnerabilities requiring regular security updates. This vulnerability could enable an authenticated local attacker with administrator privileges to upload a specially crafted configuration file and further escalate privileges on vulnerable devices. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. This critical flaw received a CVSS base score of 7.8, indicating its significant security impact. The vulnerability potentially allows an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges to the administrator level. The vulnerabilities were discovered by security researchers Alessandro Sgreccia from HackerHood and Marco Ivaldi from HN Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications. The second vulnerability, CVE-2025-1732, involves improper privilege management in the recovery function of the identical firmware versions.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 23 Apr 2025 08:10:22 +0000