The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has listed two critical vulnerabilities in its Known Exploited Vulnerabilities catalog: a critical function flaw in Erlang/OTP SSH allowing remote code execution, and a cross-site scripting vulnerability in Roundcube Webmail that could lead to email theft. ESET recently noted exploitation of similar XSS flaws by a Russia-linked group targeting Eastern European entities, raising concerns about these particular vulnerabilities. Federal agencies must address these flaws by June 30, 2025, to ensure security against potential threats.
CISA has added two critical vulnerabilities impacting Erlang/Open Telecom Platform SSH and Roundcube to its Known Exploited Vulnerabilities catalog, emphasizing the need for emergency fixes.
The Erlang/OTP SSH vulnerability could enable unauthenticated remote code execution, while Roundcube's XSS flaw could allow attackers to steal emails via crafted messages.
Collection
[
|
...
]