Cyber Daily 3/27: Next.js Middleware Vulnerability, Active SAP Exploitation, DrayTek Router Issues, Chrome's CVE-2025-2783 Patch, Ghostscript Threats

Cyber Daily 3/27: Next.js Middleware Vulnerability, Active SAP Exploitation, DrayTek Router Issues, Chrome's CVE-2025-2783 Patch, Ghostscript Threats

Welcome to your daily dose of ONSEC Cyber Daily, where we bring you the most critical cybersecurity updates. Today, we're unraveling a web of vulnerabilities and patches that have been making waves in the cybersecurity world. First up, we have a middleware vulnerability in Next.js (CVE-2025-29227) that has triggered a security alert from Stormshield. In another corner of the cyber world, Onapsis Research Labs has discovered an alarming active exploitation of a dangerous SAP vulnerability (CVE-2017-12637). Meanwhile, DrayTek routers are experiencing a global reboot issue linked to a vulnerability being exploited in the wild. Google's Chrome Stable Channel Update has come to the rescue, fixing a critical vulnerability (CVE-2025-2783) and issuing a warning for potential cyberattacks during Hari Raya. In the realm of security patches, Ghostscript is under threat from nine vulnerabilities that attackers can exploit. Google's Chrome has also been under the spotlight with the release of a patch for its first zero-day of 2025 (CVE-2025-2783), which Kaspersky has found to be actively exploited. The cybersecurity community is also buzzing about the exploitation of a Windows zero-day (CVE-2025-26633) by a Russian ransomware gang before a patch was released. On a similar note, critical vulnerabilities have been found in VMware Tools and CrushFTP, with no workaround available, highlighting the importance of timely patching. Finally, we're tuning into the latest cybersecurity podcasts, where experts discuss the future of cybersecurity, AI, and tech innovation, and the increasing costs of cyber fraud. Stay tuned for more updates and remember, a secure cyber world starts with you.

Exploits Alert

  1. Middleware Vulnerability in Next.js | CVE-2025-29227 - Stormshield: A security alert has been issued for a vulnerability in Next.js middleware. The goal is to contribute to the cybersecurity community's efforts to address cyber threats. Source: Stormshield.
  2. Active Exploitation of Dangerous SAP Security Vulnerability: Onapsis Research Labs has discovered that the SAP vulnerability CVE-2017-12637 is currently being actively exploited by cybercriminals. Source: It-daily.net.
  3. DrayTek Router Vulnerability Exploited in the Wild: The cybersecurity world is reporting widespread reboots affecting DrayTek routers across the globe, linked to a vulnerability being exploited in the wild. Source: GBHackers.
  4. Fixing CVE-2025-2783 with Chrome Stable Channel Update: A vulnerability, CVE-2025-2783, affecting the Windows version of Chrome has been addressed with a stable channel update. This comes as Malaysia braces for cyberattacks during Hari Raya. Source: The Cyber Express.

Vulnerabilities & Patches

  1. Security patch: Attackers can exploit nine vulnerabilities in Ghostscript: Developers have released a security patch for Ghostscript, addressing nine vulnerabilities that could be exploited by attackers. The CVE number for these vulnerabilities is yet to be assigned. Source: heise online
  2. Update Chrome immediately to patch Google's first first zero-day of 2025: Google has released a patch for CVE-2025-2783, its first zero-day vulnerability of 2025. Updating Chrome will neutralize this vulnerability and a related exploit used in the same attack chain. Source: BGR
  3. Exploited! Kentico Xperience Staging Service Authentication Bypass Vulnerabilities: Kentico has released patches for CVE-2025-2746 and CVE-2025-2747, vulnerabilities in the Kentico Xperience Staging Service that could allow for authentication bypass. Mitigation involves both applying patches and adjusting configurations. Source: Security Boulevard
  4. Russian Ransomware Gang Exploited Windows Zero-Day Before Patch: A Russian ransomware gang known as EncryptHub exploited a Windows zero-day vulnerability, CVE-2025-26633, before a patch was released on Patch Tuesday. Source: SecurityWeek
  5. New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround: A new security flaw, CVE-2025-22230, has been found in VMware Tools and CrushFTP. The flaw allows for high-privilege actions on Windows VMs and currently has no workaround. A patch is available in version 12.5.1. Source: The Hacker News

Podcasts

  1. Out of the Dark | Guarding the Future: Cybersecurity, AI, and Tech Innovation: This episode of Out of the Dark, hosted by Niles Benghauser, discusses the future of cybersecurity, AI, and tech innovation. The conversation focuses on how to protect the digital economy from increasingly sophisticated cyber threats. Source: Signals AZ
  2. Digital India Podcast Episode 3: Insights on Cyber Fraud: This episode of the Digital India Podcast provides insights into the cost of cyber fraud in India, which amounted to ₹11,333 crore in 2024. The experts urge for data resilience on World Backup Day. Source: Tech Observer
  3. GeTtin' SALTy Podcast Episode 49: Conformity, Policy or Politics: This episode explores tax conformity and is a must-listen for anyone navigating the intricacies of cybersecurity media and FCC. Source: The National Law Review
  4. The Security Podcasts: Prioritizing Security While Adopting AI Agents: In this episode featuring Michael Bargury, Co-Founder & CTO at Zenity, the discussion revolves around best practices for securely adopting AI agents. Source: Security Magazine
  5. Ahead of the Threat Podcast: Episode Eight - Scott Aaronson: This episode of Ahead of the Threat features Scott Aaronson discussing the FBI's approach to cybersecurity. Source: YouTube

Final Words

And that's a wrap for today's edition of 'ONSEC Cyber Daily'. We hope you found this information valuable and it helps you stay one step ahead of the cyber threats lurking in the digital shadows. Remember, knowledge is power, and sharing this power can make a world of difference. So, don't keep this to yourself. Share this newsletter with your friends, colleagues, and anyone else who could benefit from being in the know about the latest cybersecurity updates. Because when it comes to cybersecurity, we're all in this together. Stay safe, stay informed, and let's continue to build a more secure digital world, one newsletter at a time. See you tomorrow for another round of updates. Until then, keep your data secure and your systems patched.

x.com
ONSEC.io | LinkedIn
ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.