Mission Statement

Serial number:AV25-789
Date:November 28, 2025
Updated:December 12, 2025

On November 25, 2025, GeoServer published a security advisory to address vulnerabilities in the following products:

• GeoServer – versions prior to 2.28.1
• GeoTools – versions prior to 34.1
• GeoWebCache – versions prior to 1.28

Open-source reporting indicates that an exploit for CVE-2025-58360 exists in the wild.

Update 1

On December 11, 2025, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-58360 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• GeoServer 2.28.1 Release
• GeoServer
• CISA Adds One Known Exploited Vulnerability to Catalog

Serial number:AV25-830
Date:December 12, 2025

On December 11, 2025, Atlassian published a security advisory to address vulnerabilities in the following products:

• Bamboo Data Center and Server – multiple versions
• Bitbucket Data Center and Server – multiple versions
• Confluence Data Center and Server – multiple versions
• Crowd Data Center and Server – multiple versions
• Fisheye/Crucible – versions 4.9.0 to 4.9.5, versions 4.8.14 to 4.8.16
• Jira Data Center and Server – multiple versions
• Jira Service Management Data Center and Server – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security Bulletin - December 11 2025
• Atlassian Security Advisories and Bulletins

Serial number:AV25-829
Date:December 11, 2025

On December 10, 2025, Google published a security advisory to address vulnerabilities in the following product:

• Stable Channel Chrome for Desktop – versions prior to 143.0.7499.109/.110 (Windows/Mac) and 143.0.7499.109 (Linux)

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.

• Google Chrome Security Advisory

Serial number:AV25-828
Date:December 11, 2025

On December 10, 2025, Drupal published security advisory to address a vulnerability in the following product:

• Acquia Content Hub – versions 3.6.x prior to 3.6.4
• Acquia Content Hub – versions 3.7.x prior to 3.7.3

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.

• Acquia Content Hub - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-125
• Drupal Security Advisories

Serial number:AV25-827
Date:December 11, 2025

On December 10, 2025, GitLab published a security advisory to address vulnerabilities in the following products:

• GitLab Community Edition (CE) – versions prior to 18.6.2, 18.5.4 and 18.4.6
• GitLab Enterprise Edition (EE) – versions prior to 18.6.2, 18.5.4 and 18.4.6

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• GitLab Patch Release: 18.6.2, 18.5.4, 18.4.6
• GitLab Releases

Serial number:AV25-826
Date:December 10, 2025

On December 10, 2025, Jenkins published a security advisory to address vulnerabilities in the following products:

• BlazeMeter – version 4.27
• Coverage – version 2.3054.ve1ff7b_a_a_123b_ and prior
• Git client – version 6.4.0 and prior
• HashiCorp Vault – version 371.v884a_4dd60fb_6 and prior
• Redpen - Pipeline Reporter for Jira – version 1.054.v7b_9517b_6b_202 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Jenkins Security Advisory 2025-12-10
• Jenkins Security Advisories