Weekly Intelligence Brief on Security Alerts and Vulnerabilities - Week of October 20, 2025

Key Takeaways

• CISA added five vulnerabilities affecting major products.
• Vulnerabilities in password managers pose data exposure risks.
• Remote exploitation threats reported in various control systems.
• Federal agencies directed to mitigate risks from F5 devices.
• Rockwell Automation identified security flaws in its Industrial Control Systems (ICS) products.

CISA has identified five new vulnerabilities in its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities affect products from Apple, Kentico, Microsoft, and Oracle. These updates followed evidence of active exploitation, emphasizing the need for remediation to protect federal networks.

Browser extension password managers, which automatically fill sensitive data, face risks from clickjacking attacks that could enable unauthorized actions. Studies show users could be tricked into revealing credentials through manipulated web interfaces, necessitating urgent update implementations by vendors.

Rockwell Automation disclosed vulnerabilities in its FactoryTalk software, with critical network management systems also being exposed. The risks allow for unauthorized access to systems, urging users to apply patches promptly. CISA has issued directives for federal agencies regarding vulnerabilities in F5 devices, requiring thorough inventories and updates.

The nature of these vulnerabilities underscores the importance of proactive strategies in the cybersecurity landscape. The engagements, particularly in ICS, require continuous monitoring and updates to ensure resilience against exploitation. Organizations should focus on immediate mitigation actions as outlined in related advisories.

Moreover, CISA ceased updates on several Siemens' advisories, reflecting a shift in focus toward in-depth vulnerability analysis across other platforms. This pivot unveils heightened scrutiny on security practices and the importance of robust vulnerability management.

1. CISA adds five KEV to catalog
   CISA has identified five new vulnerabilities in its KEV Catalog, affecting products from Apple, Kentico, Microsoft, and Oracle.
2. VU#516608: Multiple Password Managers Vulnerable to Clickjacking Attacks
   Browser-extension password managers face risks from clickjacking attacks, which can expose user credentials through the DOM.
3. CVE-2025-8036: Domain Name System (DNS) Rebinding and CORS Exploits
   A flaw in CORS headers across major browsers allows attackers to leverage DNS rebinds for unrestricted requests, posing risks.
4. CISA ends updates on Siemens ICS vulnerabilities
   CISA will no longer issue updates on Siemens ICS vulnerabilities, focusing instead on vulnerabilities in Solid Edge software.
5. Hitachi Energy reports vulnerabilities in MACH GWS
   Hitachi Energy identified vulnerabilities in MACH GWS, urging users to update to Version 3.5 for improved security measures.
6. CISA halts updates on Siemens ICS vulnerabilities
   CISA ceases updates on Siemens ICS security advisories, citing remote code execution vulnerabilities in HyperLynx and Edge App Publisher.
7. CISA stops updating Siemens ICS security advisories
   CISA will no longer update ICS security advisories for Siemens products from January 10, 2023, due to a critical vulnerability.
8. Rockwell Automation identifies vulnerabilities in FactoryTalk View and PanelView Plus 7
   CISA recommends risk mitigations for vulnerabilities in Rockwell Automation's products, urging users to apply updates promptly.
9. CISA halts Siemens ICS advisories; Structured Query Language (SQL) vulnerability identified
   CISA ceases updates on Siemens ICS advisories. A flaw in SINEC Network Management System (NMS) could allow SQL injection attacks by low-privileged users.
10. Rockwell Automation identifies security flaw
    FactoryTalk ViewPoint has a vulnerability affecting PanelView Plus terminals, allowing unauthenticated XML injections.
11. CISA Issues Thirteen ICS Advisories on Vulnerabilities
    CISA issued 13 ICS advisories Optical Coherence Tomography (OCT). 16, 2025, addressing vulnerabilities across products from major industry players.
12. Rockwell Automation discloses ArmorStart Agent Orchestration Platform (AOP) vulnerability
    CISA advises users of ArmorStart AOP to enhance security measures due to a reported Denial of Service (DoS) vulnerability.
13. CISA halts security updates for Siemens' SiPass integrated
    CISA confirms it will halt advisory updates for Siemens' SiPass integrated vulnerabilities effective Jan. 10.
14. CISA ceases updates on Siemens ICS vulnerabilities
    CISA advises on a Siemens vulnerability allowing unauthenticated access to TeleControl Server Basic, urging immediate mitigations.
15. Rockwell Automation issues factory security alert
    Rockwell Automation revealed vulnerabilities in FactoryTalk Linx, affecting versions 6.40 and earlier, with Common Vulnerability Scoring System (CVSS) v4 scores of 8.5.
16. CISA issues directive for federal agencies on F5 vulnerabilities
    CISA's Emergency Directive ED 26-01 mandates federal agencies to report on F5 device vulnerabilities by OCT. 29, 2025.
17. Snyk and Cognition integrate security measures for Artificial Intelligence (AI) development
    Developers can now access Snyk's capabilities within Devin and Windsurf, enhancing security while maintaining fast-paced development cycles.
18. CISA issues advisory on Rockwell Automation ICS
    CISA advises users to consult the latest ICS advisory for insights on vulnerabilities and mitigation strategies.