Daily Intelligence Brief: Kiwire vulnerabilities, CISA advisories, Arelion connections, and more - October 10, 2025

The Kiwire Captive Portal, provided by SynchroWeb, faced vulnerabilities identified as CVE-2025-11188, CVE-2025-11189, and CVE-2025-11190. These vulnerabilities allowed for Structured Query Language (SQL) injection, open redirection, and Cross-Site Scripting (XSS). The vendor addressed these vulnerabilities, advising customers to update to the latest version to mitigate risks.

The identified CVEs include a blind SQL injection that could compromise the database (CVE-2025-11188), an open redirection issue allowing redirection to malicious domains (CVE-2025-11190), and a reflected XSS vulnerability that enabled script execution (CVE-2025-11189). Users are encouraged to assess their systems for exposure and implement available patches.

On October 9, 2025, CISA released four advisories related to vulnerabilities in Industrial Control Systems (ICS). The advisories focus on Hitachi Energy, Rockwell Automation, and Mitsubishi Electric products. Organizations using these systems should review the advisories for technical details and recommendations to enhance their security posture.

Arelion reported the deployment of a new Point-of-Presence (Points of Presence (PoP)) at OpenColo’s Santa Clara data center, connecting customers to Arelion's Internet Protocol (IP) backbone. This enhancement aims to meet demand for improved connectivity in sectors relying on Artificial Intelligence (AI) and cloud infrastructure.

Harmonic showcased advancements in fiber broadband technology at Network X 2025, presenting its cOS broadband platform and SeaStar node. These solutions are aimed at optimizing fiber deployment, supporting growing demands across the EMEA region.

Advantech introduced the AOM-5721 SMARC module featuring Qualcomm's QCS6490 System-on-a-chip (SoC), targeting edge applications in industrial and medical sectors. This module supports various operating systems and connectivity options essential for modern deployments.

Cohesity achieved recognition as a Leader in the IDC MarketScape: Worldwide Cyber Recovery Vendor Assessment for 2025. This designation acknowledges the company’s effective strategies for addressing cyber threats and enhancing recovery capabilities, focusing on customer resilience.

1. Kiwire Captive Portal faces three vulnerabilities
   Kiwire Captive Portal vulnerabilities, identified as CVE-2025-11188, 11189, and 11190, necessitate user action to mitigate risks.
2. CISA announces four advisories on ICS vulnerabilities
   Advisories from CISA, released on Optical Coherence Tomography (OCT). 9, 2025, focus on security risks in ICS including Hitachi Energy and Mitsubishi Electric.
3. Arelion connects OpenColo's Santa Clara data center to its North American AI superhighway
   Arelion deployed a Points of Presence (PoP) at OpenColo's Santa Clara site, enhancing connectivity for enterprises and wholesale operators.
4. Harmonic showcases fiber broadband solutions at Network X 2025
   At Network X 2025, Harmonic highlights its cOS broadband platform and SeaStar node aimed at improving fiber deployment processes.
5. Advantech AOM-5721 SMARC module features Qualcomm's QCS6490 SoC
   Advantech launched the AOM-5721 SMARC module with Qualcomm's QCS6490 SoC, targeting industrial and medical edge applications.
6. Cohesity recognized as a Leader in the IDC MarketScape for Worldwide Cyber Recovery 2025
   Cohesity has received its second consecutive Leader designation in the IDC MarketScape for Cyber Recovery, evaluated on key strengths.