Sales

Serial number:AV25-650
Date:October 8, 2025

On October 8, 2025, GitLab published a security advisory to address vulnerabilities in the following products:

• GitLab Community Edition (CE) – versions prior to 18.4.2, 18.3.4 and 18.2.8
• GitLab Enterprise Edition (EE) – versions prior to 18.4.2, 18.3.4 and 18.2.8

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• GitLab Patch Release: 18.4.2, 18.3.4, 18.2.8
• GitLab Releases

Serial number:AV25-649
Date:October 8, 2025

On October 7, 2025, Google published a security advisory to address vulnerabilities in the following product:

• Stable Channel Chrome for Desktop – versions prior to 141.0.7390.65/.66 (Windows and Mac) and 141.0.7390.65 (Linux)

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.

• Google Chrome Security Advisory

Serial number:AV25-648
Date:October 7, 2025

On October 7, 2025, ABB published a security advisory to address a vulnerability in the following products:

• EIBPORT V3 KNX – versions prior to 3.9.2
• EIBPORT V3 KNX GSM – versions prior to 3.9.2

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

• EIBPORT Reflected XSS - CVE ID: CVE-2021-22291
• ABB Cyber security alerts and notifications

Serial number:AV25-647
Date:October 6, 2025

On October 6, 2025, Android published a security bulletin to address vulnerabilities affecting Android devices.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Android Security Bulletin

Number: AL25-013
Date: October 7, 2025

Audience

This Alert is intended for IT professionals and managers.

Purpose

An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.

Details

On October 4, 2025, Oracle released a security alert advisory for Oracle E-Business Suite addressing a critical vulnerability that allows attackers to perform an unauthenticated remote code execution (CVE-2025-61882) affecting the following product^Footnote1:

• Oracle E-Business Suite – versions 12.2.3 to 12.2.14

The vulnerability is within the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration) and has been assigned a CVSS severity rating of 9.8 out of 10^Footnote2.

In response to this vulnerability, the Cyber Centre released AV25-640 on October 6, 2025^Footnote3. CISA has added CVE-2025-61882 to their Known Exploited Vulnerabilities (KEV) catalog^Footnote4 on October 6, 2025.

Suggested actions

The Cyber Centre strongly recommends that organizations patch the affected Oracle instances to the vendor recommended versions^Footnote1.

You should also review and implement our Top 10 IT Security Actions^Footnote5 with an emphasis on the following topics:

• Patching operating systems and applications.
• Isolating Web-facing applications.

Should activity matching the content of this alert be discovered, recipients are encouraged to report via the My Cyber Portal, or email contact@cyber.gc.ca.

References

Information provided by organizations not subject to the Official Languages Act is in the language(s) provided.

Serial number:AV25-646
Date:October 6, 2025

On October 3, 2025, Redis published a security advisory to address a critical vulnerability in the following products:

• Redis Software – multiple versions
• Redis OSS/CE/Stack releases with Lua scripting – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Redis Security Advisory: CVE-2025-49844
• Redis - Releases
• Redis Security Advisories