15 Aug 2025
Week in review
Greetings,
Over the weekend of August 10–11, the University of Western Australia (UWA) was forced to lock thousands of staff and students out of its systems after detecting unauthorised access to password information. The breach prompted an immediate and large-scale security response, with all users required to reset their credentials before regaining access. The university’s critical incident management team worked through the weekend to contain the threat and has confirmed there is currently no evidence that any data beyond password details was compromised.
UWA notified authorities immediately, and a full investigation is underway alongside a review of existing security measures to strengthen defences. UWA has issued an apology to those affected, stressing its commitment to swift action and transparency.
This incident comes amid heightened scrutiny of data protection in Australia, following recent legal proceedings against Optus over its 2022 breach. Whilst this incident did not involve personal or sensitive information, it highlights the growing urgency for educational institutions to protect such data against evolving cyber threats.
Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws
Date: 2025-08-13
Author: The Hacker News
[See AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2025.5516/]
Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution.
The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025-49457 (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation.
Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code
Date: 2025-08-13
Author: The Hacker News
[See AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2025.5593.2/]
Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild.
The vulnerability, tracked as CVE-2025-25256, carries a CVSS score of 9.8 out of a maximum of 10.0.
“An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests,” the company said in a Tuesday advisory.
Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws
Date: 2025-08-12
Author: Bleeping Computer
[AUSCERT has published security bulletins for these Microsoft updates]
The monthly Microsoft Patch Tuesday for August contains 107 flaws, including 13 critical vulnerabilities and one publicly disclosed zero-day vulnerability in Window Kerberos. Of the 13 critical vulnerabilities, 9 are remote code execution (RCE) vulnerabilities, 3 are information disclosure, and 1 is elevation of privileges. The zero-day is a flaw in Microsoft SQL Server.
Trend Micro reports two critical CVEs under active exploit
Date: 2025-08-10
Author: The Register
A critical vulnerability in the on-prem version of Trend Micro’s Apex One endpoint security platform is under active exploitation, the company admitted last week, and there’s no patch available.
Trend Micro last week warned Apex One 2019 customers about CVE-2025-54948 and CVE-2025-54987, both with a CVSS score of 9.4 and both present in the platform’s web-based managed console.
Australian Regulator Sues Optus Over 2022 Data Breach
Date: 2025-08-08
Author: Infosecurity Magazine
The Australian Information Commissioner (AIC) has launched civil action against Optus for a 2022 data breach that exposed the personal details of 9.5 million Australians.
The lawsuit alleges that telecommunications firm Optus failed to take reasonable steps to protect victims’ personal information from unauthorized access and disclosure, in breach of Australia’s Privacy Act 1988.
ESB-2025.5593.2 – Fortinet FortiSIEM
An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.
ESB-2025.5622 – Cortex XDR Broker VM
A credential management flaw in Palo Alto Networks Cortex XDR Broker VM causes different Broker VM images to share identical default credentials for internal
services.
ASB-2025.0155 – Microsoft Windows
Microsoft has released its monthly security patch update for the month of August 2025. This update resolves 67 vulnerabilities.
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
