August 2025 saw multiple severe vulnerabilities disclosed across core enterprise products and widely used consumer platforms. The list includes remote code execution flaws in Cisco Secure FMC, Microsoft Windows GDI+, and Trend Micro Apex One, a server-side request forgery in Azure OpenAI services, and a memory corruption issue in Apple ImageIO. Several of these received CVSS scores of 9.8 or 10, making them immediate priorities for security teams.
These weaknesses span infrastructure, endpoint protection, cloud services, operating systems, and common utilities like WinRAR. Exploitation could allow full system compromise, credential theft, and lateral movement within enterprise networks.
What We'll Cover
CVE-2025-20265: Remote Code Execution in Cisco Secure FMC
Severity: Critical
CVSS Score: 10.0
Vulnerability Type: RADIUS Authentication Command Injection
Impact: Full System Compromise on Firewall Management
Affected Systems: Cisco Secure Firewall Management Center versions 7.0.7 and 7.7.0 with RADIUS authentication enabled
A critical flaw in Cisco Secure FMC allows attackers to execute arbitrary shell commands during the RADIUS authentication process. The vulnerability arises from improper validation of user-supplied data, giving unauthenticated attackers a way to gain privileged access. Exploitation could allow an attacker to take complete control of the FMC appliance, alter firewall rules, and launch further attacks within the enterprise environment.
Mitigation Strategies:
- Upgrade Cisco Secure FMC to the fixed release as per Cisco’s advisory.
- Disable RADIUS authentication if not strictly required.
- Restrict network access to FMC using segmentation and firewalls.
- Monitor authentication logs for abnormal RADIUS login attempts.
CVE-2025-53767: SSRF Privilege Escalation in Azure OpenAI
Severity: Critical
CVSS Score: 10.0
Vulnerability Type: Server-Side Request Forgery
Impact: Privilege Escalation and Access to Internal Azure Resources
Affected Systems: Microsoft Azure OpenAI services prior to August 2025 patching
This vulnerability allows attackers to craft malicious requests that force Azure OpenAI services to interact with internal resources. Successful exploitation could lead to theft of metadata tokens and service credentials, enabling unauthorised access to tenant data. The flaw is particularly serious because it allows privilege escalation without direct compromise of user accounts.
Mitigation Strategies:
- Apply Microsoft’s August 2025 updates immediately.
- Use Azure firewall policies and NSGs to restrict outbound traffic.
- Rotate credentials and tokens after applying patches.
- Audit Azure logs for suspicious internal API calls.
CVE-2025-53766: Remote Code Execution in Windows GDI+
Severity: Critical
CVSS Score: 9.8
Vulnerability Type: Heap-Based Buffer Overflow
Impact: Remote Code Execution with SYSTEM Privileges
Affected Systems: All supported versions of Microsoft Windows
A flaw in Windows GDI+ image parsing permits attackers to craft malicious image files that trigger heap overflows. Once processed, these files allow execution of arbitrary code at system level. Attackers can deliver the exploit through email attachments or compromised websites, and no further user interaction is required after the image is viewed.
Mitigation Strategies:
- Install Microsoft’s August 2025 security update.
- Block high-risk metafile formats like WMF and EMF at gateways.
- Enforce application whitelisting to prevent unauthorised programs from executing.
- Monitor for suspicious processes linked to image parsing.
CVE-2025-54948: OS Command Injection in Trend Micro Apex One
Severity: Critical
CVSS Score: 9.8
Vulnerability Type: Pre-Authentication Command Injection
Impact: Remote Code Execution on Endpoint Management Console
Affected Systems: Trend Micro Apex One Management Console versions 14.x and earlier
An input validation flaw in Apex One allows unauthenticated attackers to inject system commands into the management server. Exploiting this flaw gives full administrative control over the server, which could then be used to distribute malware across enterprise endpoints. Reports indicate exploitation attempts are already taking place.
Mitigation Strategies:
- Apply Trend Micro’s emergency FixTool and permanent patches.
- Restrict network access to the Apex One console.
- Audit logs for abnormal uploads or command execution.
- Perform forensic analysis and credential resets if compromise is suspected.
CVE-2025-43300: Code Execution in Apple ImageIO
Severity: High
CVSS Score: 8.8
Vulnerability Type: Out-of-Bounds Write
Impact: Code Execution via Malicious Images
Affected Systems: iOS 18.6.2, iPadOS 18.6.2, macOS Sonoma 14.7.8, Ventura 13.7.8, Sequoia 15.6.1
Apple’s ImageIO library contains an out-of-bounds write flaw triggered by malicious image files. Successful exploitation enables attackers to run arbitrary code when a target device processes the file. Apple confirmed that this bug has been exploited in the wild in targeted campaigns.
Mitigation Strategies:
- Update iOS, iPadOS, and macOS devices with Apple’s August 2025 patches.
- Avoid opening images from unknown sources until updated.
- Enforce patch deployment using mobile device management tools.
- Monitor for abnormal behaviour in image-handling apps.
CVE-2025-8088: Directory Traversal in WinRAR
Severity: High
CVSS Score: 8.8
Vulnerability Type: Path Traversal during Archive Extraction
Impact: Remote Code Execution via Dropped Files
Affected Systems: WinRAR for Windows prior to version 7.13
WinRAR’s archive extraction fails to properly handle crafted paths, allowing attackers to drop files into arbitrary system locations. This vulnerability was exploited in real-world campaigns to install backdoors.
Mitigation Strategies:
- Upgrade to WinRAR version 7.13 or later.
- Restrict execution of files from user or temporary folders.
- Use antivirus scanning for untrusted archives.
- Audit system directories for unauthorised files.
CVE-2025-49712: Remote Code Execution in Microsoft SharePoint
Severity: High
CVSS Score: 8.8
Vulnerability Type: Insecure Deserialization
Impact: Code Execution by Authenticated Users
Affected Systems: Microsoft SharePoint Server 2016 and 2019
Improper handling of untrusted data in SharePoint allows authenticated Site Owners to exploit deserialization flaws and execute code on the server. An attacker could use this to compromise sensitive data or move laterally across the organisation’s environment.
Mitigation Strategies:
- Apply Microsoft’s August 2025 SharePoint updates.
- Limit Site Owner permissions to trusted administrators.
- Enable auditing to detect suspicious activity.
- Isolate SharePoint servers using segmentation.
CVE-2025-9482: Buffer Overflow in Linksys Extenders
Severity: High
CVSS Score: 8.8
Vulnerability Type: Stack-Based Buffer Overflow
Impact: Remote Code Execution on Network Devices
Affected Systems: Linksys RE6250, RE6300, RE6350, RE6500, RE7000, RE9000 with firmware 1.1.05.003 and below
Certain Linksys extenders contain a flaw in their HTTP management interface that allows unauthenticated attackers to trigger a buffer overflow. Exploitation gives full control of the device and a foothold into the connected network.
Mitigation Strategies:
- Disconnect or isolate affected devices until patched firmware is released.
- Restrict access to the management interface.
- Monitor network traffic for abnormal requests.
- Apply vendor firmware updates when available.
The vulnerabilities disclosed in August 2025 highlight how critical flaws continue to appear across every layer of enterprise and consumer technology. From firewall management systems and endpoint security consoles to Windows components, cloud services, and widely used utilities, attackers have multiple entry points if patches are not applied quickly.
Security teams should prioritise updates released this month, restrict exposure of management interfaces, and strengthen monitoring for exploitation attempts. Timely patching combined with layered defences remains the most effective way to reduce the risk from these high-severity CVEs.
Learn how our tailored cybersecurity services help you manage vulnerabilities and protect your assets.
