SANS Stormcast Monday, October 13th, 2025: More Oracle Patches; Sonicwall Compromisses; Unpatched Gladinet; 7-Zip Patches
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 12 October 2025
⏱️ 6 minutes
🧾️ Download transcript
Summary
New Oracle E-Business Suite Patches
Oracle released one more patch for the e-business suite. Oracle does not state if it is already exploited, but the timing of the patch suggests that it should be expedited.
https://www.oracle.com/security-alerts/alert-cve-2025-61884.html
Widespread Sonicwall SSLVPN Compromise
Huntress Labs observed the widespread compromise of the Sonicwall SSLVPN appliance.
https://www.huntress.com/blog/sonicwall-sslvpn-compromise
Active Exploitation of Gladinet CentreStack and Triofox Local File Inclusion Flaw (CVE-2025-11371)
An unpatched vulnerability in the secure file sharing solutions Gladinet CentreStack and TrioFox is being exploited.
https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw
Two 7-Zip Vulnerabilities CVE-2025-11002, CVE-2025-11001
7-Zip patched two vulnerabilities that may lead to arbitrary code execution
https://www.zerodayinitiative.com/advisories/ZDI-25-949/
https://www.zerodayinitiative.com/advisories/ZDI-25-950/
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Monday, October 13th, 2025 edition of the Sands International |
| 0:10.4 | Center's Stormcast. My name is Johannes Ulrich, recording today from Jacksonville, Florida. |
| 0:17.6 | And this episode is brought you by the Sands.edu, graduate certificate program in cloud security. |
| 0:24.5 | Oracle e-business suites users be aware there is yet another update for you to apply. |
| 0:30.5 | This update was released on Sunday and it doesn't state in Oracle's notice whether or not this particular vulnerability is already being exploited. |
| 0:42.2 | It's only an information leakage vulnerability, so an unauthenticated user may have access to information that they're not supposed to have access to. |
| 0:53.3 | However, given that there's really no |
| 0:55.9 | statement whether or not it's being exploited, it's released on a Sunday, it's released just a |
| 1:01.4 | week after we had that major already exploited vulnerability, and it's about a week before |
| 1:07.2 | the normal Oracle Critical Patch update, the quarterly update they're releasing |
| 1:12.1 | for all of their products. I would assume that this vulnerability is already being exploited, |
| 1:19.5 | maybe a follow-on to the initial attack that vulnerability was patched last weekend, or maybe |
| 1:26.2 | just part of that attack that wasn't really patched |
| 1:30.5 | in Sunday's update. Not much here from Oracle to go by other than conjecture, and I would |
| 1:38.0 | err on the side of caution in the sense that you probably want to apply this patch as soon as possible before the critical patch update |
| 1:48.0 | for the quarter comes out in a week, just so you got it off your plate and then can focus on |
| 1:54.0 | whatever that critical patch update fixes. But yeah, really not a lot to go by here from Oracle's site. So really just |
| 2:04.1 | making some assumptions here. And Hunter's Lab is reporting in the blog post that they're seeing |
| 2:10.4 | the widespread exploitation of Sonic Wall VPN devices. What they're noting here is that the attacker is rapidly logging in to a number |
| 2:22.3 | of different accounts. This, of course, comes a couple days after Sonic Wall. Let it be known that |
| 2:28.4 | all configurations uploaded to its My Sonic Wall cloud storage had been compromised. |
| 2:37.2 | Best guess is that whatever actor got a hold of these configurations is now as quickly as possible, |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.