RadioCSIRT - Your Daily Cyber Security Brief

Your Cybersecurity Update for Wednesday, December 10th, 2025 (Ep.46)

Play Episode Pause Episode

Mute/Unmute Episode Rewind 10 Seconds 1x Fast Forward 30 seconds

00:00 /

RSS Feed

Share

Link

Embed

Welcome to your daily cybersecurity podcast.

Microsoft refuses to fix a critical RCE vulnerability in the .NET framework affecting the SoapHttpClientProtocol class. Revealed at Black Hat Europe by researcher Piotr Bazydło from WatchTowr, the flaw enables arbitrary file writes through SOAP URL manipulation. Exploitation relies on unexpected support for FILE and FTP protocols by a class designed to handle HTTP only. Confirmed vulnerable products include Ivanti Endpoint Manager, Umbraco 8 CMS, and Barracuda Service Center, but the actual number of affected applications is likely massive.

CERT-FR publishes advisory CERTFR-2025-AVI-1088 concerning four critical vulnerabilities in Ivanti Endpoint Manager 2024. CVE-2025-10573, CVE-2025-13659, CVE-2025-13661, and CVE-2025-13662 enable remote arbitrary code execution, security policy bypass, and XSS injection. Only versions prior to 2024 SU4 SR1 are affected. The patch has been available since December 9th, 2025.

CERT-FR also issues advisory CERTFR-2025-AVI-1084 concerning 17 Fortinet security bulletins covering 18 CVEs. The entire Fortinet portfolio is affected: FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiWeb, FortiSandbox, FortiExtender, FortiAuthenticator, FortiVoice, FortiSOAR, FortiPAM, FortiSRA, FortiSASE, FortiSwitchManager, and FortiPortal. Critical vulnerabilities include remote code execution, privilege escalation, and SQL injection.

Finally, Spanish National Police arrests a 19-year-old individual in Igualada for theft and sale of 64 million personal data records from nine companies. Exfiltrated data includes DNI numbers, addresses, phone numbers, emails, and IBAN codes. The suspect used six online accounts and five pseudonyms to sell databases on underground forums. Authorities seized electronic equipment and froze a crypto wallet.

We don’t think, we patch!

Sources:

• The Register: https://www.theregister.com/2025/12/10/microsoft_wont_fix_net_rce/
• CERT-FR: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1088/
• CERT-FR: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1084/
• The Record: https://therecord.media/spain-arrests-teen-suspect-data-theft-and-sale

Your feedback is welcome.
Phone: 07 68 72 20 09
Email: radiocsirt@gmail.com
Website: www.radiocsirt.org
Weekly Newsletter: https://radiocsirt.substack.com