Pentesting Weekly Digest - September 27 - October 3, 2025

This week brought critical zero-days in GoAnywhere, a CISA emergency directive on Cisco, ransomware extortion tied to Oracle systems, and urgent VMware patches.

Oct 05, 2025

Representational image of a cybercriminal

🔹 GoAnywhere MFT Critical Zero-Day (CVE-2025-10035)
A deserialization flaw in the License Servlet is actively exploited; CVSS 10.0.
Patch versions: 7.8.4 or Sustain 7.6.3. Watch for logs containing SignedObject.getObject.
🔗 TechRadar: Experts Warn GoAnywhere Zero-Day

🔹 VMware / Broadcom Patches -Local Privilege Escalation (CVE-2025-41244)
A high-severity vulnerability in VMware Aria / Tools was patched after observed exploitation (by UNC5174).
🔗 TechRadar: VMware Patches Exploited Zero-Day

🔹 Oracle / Cl0p Extortion Campaign
Extortion emails to executives claiming data theft from Oracle E-Business Suite. Google / Mandiant are investigating.
🔗 Reuters: Oracle Says Hackers Are Trying to Extort Its Customers

CISA's Known Exploited Vulnerabilities Catalog: A Crucial Tool for Cybersecurity Defense

🔹 CISA KEV Catalog Updates
On September 29, CISA added five CVEs to its Known Exploited Vulnerabilities list to push higher prioritization of patching.
🔗 CISA: Adds Five Known Exploited Vulnerabilities to Catalog

Discussion about this post

Ready for more?