About Us

Serial number:AV25-826
Date:December 10, 2025

On December 10, 2025, Jenkins published a security advisory to address vulnerabilities in the following products:

• BlazeMeter – version 4.27
• Coverage – version 2.3054.ve1ff7b_a_a_123b_ and prior
• Git client – version 6.4.0 and prior
• HashiCorp Vault – version 371.v884a_4dd60fb_6 and prior
• Redpen - Pipeline Reporter for Jira – version 1.054.v7b_9517b_6b_202 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Jenkins Security Advisory 2025-12-10
• Jenkins Security Advisories

Serial number:AV25-825
Date:December 10, 2025

On December 9, 2025, Schneider Electric published advisories to address vulnerabilities in the following products:

• EcoStruxure™ Foxboro DCS – version EcoStruxure™ Foxboro DCS and prior
• V91 DCS Virtualization Server and H92 DCS Standard Workstation – version Intel Xeon W-2123 and prior
• EcoStruxure™ Foxboro DCS Advisor services with Windows Server Update Services application running on MS Server 2016 – version Microsoft updates KB5066836
• EcoStruxure™ Foxboro DCS Advisor services with Windows Server Update Services application running on MS Server 2022 – version Microsoft updates KB5066782

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

• EcoStruxure™ Foxboro DCS (PDF)
• EcoStruxure™ Foxboro DCS Advisor (PDF)
• Schneider Electric Security Notifications

Serial number:AV25-824
Date:December 10, 2025

On December 9, 2025, Ivanti published a security advisory to address vulnerabilities in the following product. Included was a critical update for the following:

• Ivanti Endpoint Manager – version 2024 SU4 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security Advisory EPM December 2025 for EPM 2024
• Ivanti Security Advisories

Serial number:AV25-823
Date:December 10, 2025

On December 9, 2025, Adobe published security advisories to address vulnerabilities in the following products:

• ColdFusion 2025 – version Update 4 and prior
• ColdFusion 2023 – version Update 16 and prior
• ColdFusion 2021 – version Update 22 and prior
• Adobe Experience Manager (AEM) – version AEM Cloud Service (CS)
• Adobe Experience Manager (AEM) – version 6.5 LTS, version 6.5.23 and prior
• Adobe DNG Software Development Kit (SDK) – version DNG SDK 1.7.0 and prior
• Acrobat DC – version 25.001.20982 and prior
• Acrobat Reader DC – version 25.001.20982 and prior
• Acrobat 2024 (Windows) – version 24.001.30264 and prior
• Acrobat 2024 (Mac) – version 24.001.30273 and prior
• Acrobat 2020 (Windows) – version 20.005.30793 and prior
• Acrobat 2020 (Mac) – version 20.005.30803 and prior
• Acrobat Reader 2020 (Windows) – version 20.005.30793 and prior
• Acrobat Reader 2020 (Mac) – version 20.005.30803 and prior
• Creative Cloud Desktop Application – version 6.4.0.361 and prior

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Adobe Security Advisories

Serial number:AV25-822
Date:December 9, 2025

On December 9, 2025, Microsoft published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• Azure App Gateway
• Azure Bastion Developer
• Azure Monitor
• Azure Monitor Control Service
• Dynamics 365 Field Service (online)
• Dynamics OmniChannel SDK Storage Containers
• Microsoft 365 Apps for Enterprise
• Microsoft 365 Defender Portal
• Microsoft Configuration Manager 2403
• Microsoft Configuration Manager 2409
• Microsoft Configuration Manager 2503
• Microsoft Dynamics 365
• Microsoft Excel 2016
• Microsoft Office 2016
• Microsoft Office 2019
• Microsoft Office LTSC 2021
• Microsoft Office LTSC 2024
• Microsoft Office LTSC for Mac 2021
• Microsoft Office LTSC for Mac 2024
• Microsoft Office for Android
• Microsoft SQL Server 2016
• Microsoft SQL Server 2017
• Microsoft SQL Server 2019
• Microsoft SQL Server 2022
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Online
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server Subscription Edition
• Microsoft Visual Studio 2022 version 17.14
• Microsoft Visual Studio Code CoPilot Chat Extension
• Nuance PowerScribe 360
• Nuance PowerScribe One
• Office Online Server
• OneDrive for Android
• PowerScribe One version 2023.1 SP2 Patch 7
• Visual Studio Code
• Windows 10
• Windows 10 Version 1607
• Windows 10 Version 1809
• Windows 10 Version 21H2
• Windows 10 Version 22H2
• Windows 11 Version 22H2
• Windows 11 Version 23H2
• Windows 11 Version 24H2
• Windows 11 Version 25H2
• Windows Server 2008
• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2016
• Windows Server 2019
• Windows Server 2022
• Windows Server 2025
• Windows Server 2025 (Server Core installation)
• Windows Subsystem for Linux GUI

Microsoft has received reports that CVE-2025-62221 is being exploited.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• December 2025 Security Updates
• Security Update Guide

Serial number:AV25-821
Date:December 9, 2025

On December 9, 2025, Fortinet published security advisories to address vulnerabilities in multiple products including one critical vulnerability.

• FortiCloud SSO Login Authentication Bypass affecting the following products: FortiOS, FortiWeb, FortiProxy and FortiSwitchManager.
  (CVE-2025-59718, CVE-2025-59719)

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Critical vulnerability: FortiCloud SSO Authentication Bypass
• Fortinet PSIRT Advisories