On December 3, 2025, the React Team publicly disclosed a critical security vulnerability affecting React Server Components (RSC) and related packages. The vulnerability allows for unauthenticated remote code execution (RCE) via maliciously crafted HTTP requests. It is recommended to update all affected component packages and any frameworks that integrate them.

On October 23, 2025, Microsoft released an out-of-band update to address a critical vulnerability in Windows Server Update Service (WSUS). This vulnerability could allow a remote unauthenticated attacker to execute code on the targeted systems. A proof-of-concept is publicly available for this vulnerability. It is recommended to update as soon as possible.

On October 14, 2025, Fortinet released a security advisory addressing a high severity vulnerability in its FortiOS product. It is recommended updating affected products.

On October 14, 2025, Veeam released a security advisory addressing multiple vulnerabilities including 2 critical in its Veeam Backup product. CERT-EU recommends updating affected software as soon as possible and following Veeam implementation best practices.

On October 15, 2025, F5 disclosed that a sophisticated nation-state actor breached its systems and maintained long-term persistent access into F5’s infrastructure. This included access to BIG-IP product development source code and to information related to security vulnerabilities that had not yet been disclosed nor patched. F5 released patches on the same day to address the vulnerabilities. There is currently no known exploitation of these vulnerabilities. CERT-EU strongly recommends to patch affected F5 products as soon as possible.

On September 25, 2025, Cisco released several security advisories addressing 3 vulnerabilities, 2 of which are critical. Cisco warns that some of those vulnerabilities are exploited in the wild and assesses with high confidence that this new activity is related to the same threat actor as the ArcaneDoor attack campaign that Cisco reported in early 2024. It is recommended running compromise assessment on Internet facing vulnerable devices, and update as soon as possible.

On September 24, 2025, Cisco released a security advisory regarding a high severity vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software. The vulnerability is being exploited in the wild. It is recommended updating as soon as possible and conduct a compromise assessment on devices that are exposing SNMP on the Internet. It is also recommended not allowing access to SNMP over untrusted network (i.e. on the Internet).

On September 17, 2025, SolarWinds released a security advisory addressing a critical vulnerability in its Web Help Desk product. The fix provided as part of this advisory is a patch bypass of CVE-24-28988, which in turn is a patch bypass of CVE-2024-28986. It is recommended updating affected assets as soon as possible.

On 26 August 2025, Citrix released a security advisory addressing one critical and two high severity vulnerabilities in NetScaler ADC and NetScaler Gateway. Citrix warns that exploits of the critical vulnerability, CVE-2025-7775, have been observed on unmitigated appliances. It is recommended to update affected assets as soon as possible.

On August 13, 2025, Microsoft released its August 2025 Patch Tuesday advisory addressing 111 security flows in various products among which 16 are rated as critical. It is recommended updating as soon as possible, prioritising public facing and critical assets.