Weekly Intelligence Brief on Security Alerts and Vulnerabilities - Week of October 6, 2025

Key Takeaways

• CISA added multiple vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog in October 2025.
• New vulnerabilities pose risks across various industry products and systems.
• Akamai expanded its partnership with Apiiro for enhanced application security.
• Trend Micro recognized as a leader in the Extended detection and response (XDR) software market.
• National Instruments and Festo reported vulnerabilities in their products.

CISA has recently expanded its KEV Catalog by adding multiple vulnerabilities, including notable entries like CVE-2025-10547 in Vigor routers, which allow for remote code execution via crafted Hypertext Transfer Protocol (HTTP) requests. Additionally, five vulnerabilities were included that affect services from GNU Bash, Juniper, and Samsung, highlighting urgent remediation needs across federal enterprises.

Akamai Technologies announced an expansion of its partnership with Apiiro, aiming to bolster its Application Programming Interface (API) security offerings through a unified application security platform. This integration seeks to enhance enterprise security through better visibility and management of application risks, reflecting the increased need for robust software development security solutions amid evolving cyber threats.

In product-specific updates, CISA acknowledged vulnerabilities in National Instruments’ Circuit Design Suite and various Festo hardware components, marking significant security risks in manufacturing systems. Festo indicated critical vulnerabilities, prompting advisories for users to implement immediate security measures. These warnings reflect the continuous exposure of infrastructure to cybersecurity threats, necessitating proactive response strategies.

Furthermore, Trend Micro has been named a leader in the IDC MarketScape's assessment of XDR software for 2025, showcasing its comprehensive security capabilities in addressing complex IT environments. The latest evaluation underscores Trend's commitment to protecting Security Operations (SecOps) amidst emerging attack vectors and operational challenges.

1. CISA adds seven KEV to catalog.
   CISA adds seven new vulnerabilities to its KEV Catalog amid active exploitation concerns.
2. CVE-2025-10547: Vigor routers face Reinforcement Coordination Engine (RCE) risk via EasyVPN
   An attacker can leverage a vulnerability in Vigor routers to gain control by sending crafted HTTP requests through the Local Area Network (LAN) interface.
3. CISA Includes Five New Vulnerabilities in KEV Catalog
   CISA adds five vulnerabilities to its KEV Catalog, citing evidence of active exploitation.
4. CISA issues advisories on Industrial Control Systems (ICS) vulnerabilities
   CISA published advisories on October 2, 2025, highlighting vulnerabilities in Raise3D Pro2 printers and Hitachi Energy Managed Service Mesh (MSM) products.
5. Akamai Technologies expands partnership with Apiiro
   Akamai Technologies expanded its partnership with Apiiro to enhance application security throughout the software development lifecycle.
6. CISA Releases Ten ICS Advisories
   CISA issued ten ICS advisories on Schema Evolution Policy (SEP) 30, 2025, which highlight vulnerabilities in ICS, including products from MegaSys and Festo.
7. National Instruments discloses vulnerabilities in Circuit Design Suite
   A Common Vulnerability Scoring System (CVSS) v4 score of 8.4 indicates a serious vulnerability in National Instruments' Circuit Design Suite affecting earlier versions.
8. Authentication Bypass Found in LG Cameras
   CISA advises users of LG Innotek cameras to implement defensive measures due to an authentication bypass vulnerability, CVE-2025-10538.
9. SEVERE Vulnerability in MegaSys Enterprises' Telenium Application
   A flaw in MegaSys Enterprises' Telenium app enables remote command execution for unauthenticated users via HTTP. CVSS v4 score: 9.3.
10. OpenPLC_V3 vulnerability leads to service denial risk
    CISA warns of a vulnerability in OpenPLC_V3 that risks service denial; mitigation steps include updating the software.
11. Festo CPX-CEC-C1 and CPX-CMXX vulnerability
    CISA reports a vulnerability affecting Festo's hardware blocks. Users should limit access while considering product upgrades.
12. Festo identifies vulnerabilities in equipment
    Festo acknowledges vulnerabilities in SBRD-Q/SBOC-Q/SBOI-Q equipment, with a CVSS score of 8.2, urging users to secure systems.
13. Trend Micro recognized as a leader in XDR by IDC MarketScape.
    Rachel Jin emphasized Trend's commitment to support SecOps Center (SOC) teams against sophisticated attacks and operational complexities.