FREE DIAGNOSTIC

GitLab security advisory (AV25-650)
Serial number:AV25-650
Date:October 8, 2025

On October 8, 2025, GitLab published a security advisory to address vulnerabilities in the following products:

GitLab Community Edition (CE) – versions prior to 18.4.2, 18.3.4 and 18.2.8

GitLab Enterprise Edition (EE) – versions prior to 18.4.2, 18.3.4 and 18.2.8

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

GitLab Patch Release: 18.4.2, 18.3.4, 18.2.8

GitLab Releases
Google Chrome security advisory (AV25-649)
Serial number:AV25-649
Date:October 8, 2025

On October 7, 2025, Google published a security advisory to address vulnerabilities in the following product:

Stable Channel Chrome for Desktop – versions prior to 141.0.7390.65/.66 (Windows and Mac) and 141.0.7390.65 (Linux)

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.

Google Chrome Security Advisory
[Control systems] ABB security advisory (AV25-648)
Serial number:AV25-648
Date:October 7, 2025

On October 7, 2025, ABB published a security advisory to address a vulnerability in the following products:

EIBPORT V3 KNX – versions prior to 3.9.2

EIBPORT V3 KNX GSM – versions prior to 3.9.2

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

EIBPORT Reflected XSS - CVE ID: CVE-2021-22291

ABB Cyber security alerts and notifications
Android security advisory – October 2025 monthly rollup (AV25-647)
Serial number:AV25-647
Date:October 6, 2025

On October 6, 2025, Android published a security bulletin to address vulnerabilities affecting Android devices.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

Android Security Bulletin
AL25-013 – Vulnerability impacting Oracle E-Business Suite - CVE-2025-61882
Number: AL25-013
Date: October 7, 2025

Audience

This Alert is intended for IT professionals and managers.

Purpose

An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.

Details

On October 4, 2025, Oracle released a security alert advisory for Oracle E-Business Suite addressing a critical vulnerability that allows attackers to perform an unauthenticated remote code execution (CVE-2025-61882) affecting the following product^Footnote1:

Oracle E-Business Suite – versions 12.2.3 to 12.2.14

The vulnerability is within the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration) and has been assigned a CVSS severity rating of 9.8 out of 10^Footnote2.

In response to this vulnerability, the Cyber Centre released AV25-640 on October 6, 2025^Footnote3. CISA has added CVE-2025-61882 to their Known Exploited Vulnerabilities (KEV) catalog^Footnote4 on October 6, 2025.

Suggested actions

The Cyber Centre strongly recommends that organizations patch the affected Oracle instances to the vendor recommended versions^Footnote1.

You should also review and implement our Top 10 IT Security Actions^Footnote5 with an emphasis on the following topics:

Patching operating systems and applications.

Isolating Web-facing applications.

Should activity matching the content of this alert be discovered, recipients are encouraged to report via the My Cyber Portal, or email contact@cyber.gc.ca.

References

Information provided by organizations not subject to the Official Languages Act is in the language(s) provided.

Footnote 1

Oracle Security Alert Advisory - CVE-2025-61882

Return to footnote1 referrer

Footnote 2

CVE-2025-61882

Return to footnote2 referrer

Footnote 3

AV25-640 – Oracle security advisory

Return to footnote3 referrer

Footnote 4

Known Exploited Vulnerabilities Catalog | CISA

Return to footnote4 referrer

Footnote 5

Top 10 IT security actions to protect Internet connected networks and information (ITSM.10.089)

Return to footnote5 referrer
Redis security advisory (AV25-646)
Serial number:AV25-646
Date:October 6, 2025

On October 3, 2025, Redis published a security advisory to address a critical vulnerability in the following products:

Redis Software – multiple versions

Redis OSS/CE/Stack releases with Lua scripting – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Redis Security Advisory: CVE-2025-49844

Redis - Releases

Redis Security Advisories

PC Desktops	PC Laptops	iMacs	Macbooks
	Home of the FREE Diagnostic (That's right. It's FREE) In 24 hours you will know the exact issues and cost of repair No work is done unless you approve it! It's not an estimate, it's a set price! All repairs are guaranteed! No appointment necessary (There is a Diagnostic charge for custom builds for component testing)

FREE DIAGNOSTIC

Threats/Scams

Audience

Purpose

Details

Suggested actions

References