NVD disclosure day
CVE-2025-43529
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A use-after-free vulnerability affects Apple's WebKit, impacting Safari, iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. Malicious web content can lead to arbitrary code execution, potentially exposing data and disrupting operations. This vulnerability has reportedly been exploited in sophisticated, targeted attacks.
CVE-2025-20393
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A vulnerability in Cisco's Spam Quarantine feature allows remote attackers to execute arbitrary commands with root privileges on affected email security devices, posing a significant business risk. The flaw stems from insufficient validation of HTTP requests.
CVE-2025-59374
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
Supply chain compromise affected ASUS Live Update client versions with unauthorized modifications. Devices meeting specific conditions and using compromised versions could perform unintended actions. The client is end-of-support, so no current products are impacted, limiting business risk.