InfoSecBulletin Cybersecurity for mankind
CISA has urgent warnings for organizations regarding three security flaws in Mitel and Oracle systems that are currently being exploited. These vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities catalog and pose major risks to federal agencies and businesses.
Two vulnerabilities impact Mitel MiCollab, a widely used unified communications platform for businesses.
CVSS 10.0 Flaw
Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE
Microsoft Patch Tuesday May 2025: 72 flaws, 5 Actively Exploited Zero-Day
OTP glitch disrupted NID services across the country
Google to pay Texas $1.4 billion for location tracking practices
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2024-41713 (CVSS 9.1): This vulnerability in critical path traversal lets attackers access MiCollab servers without authentication, risking sensitive information and possible administrative control.
CVE-2024-55550 (CVSS 4.4): This vulnerability requires admin privileges but lets attackers read local files on the MiCollab server. When combined with CVE-2024-41713, it increases the risk, allowing access to arbitrary files and system compromise.
Mitel urges users to upgrade to MiCollab 9.8 SP2 (9.8.2.12) or later to address vulnerabilities with released updates and patches.
The third vulnerability, CVE-2020-2883 (CVSS 9.8), affects Oracle WebLogic Server. This critical flaw enables unauthenticated attackers to take control of the server remotely, risking data breaches, service disruptions, and malware infections.
CISA has required all Federal Civilian Executive Branch agencies to fix this vulnerability by January 28, 2025, highlighting its urgency.
