Major Cybersecurity Vulnerabilities Uncovered This Week

In a week already overshadowed by some big cybersecurity announcements, several flaws in commonly-used software and hardware have been discovered. These findings indicate a zero-day vulnerability in WinRAR. Plus, a number of serious vulnerabilities have been discovered in products from the biggest manufacturers, like Lenovo and Dell. With innovation comes an increase in cybercrime from…

Tina Reynolds Avatar

By

Major Cybersecurity Vulnerabilities Uncovered This Week

In a week already overshadowed by some big cybersecurity announcements, several flaws in commonly-used software and hardware have been discovered. These findings indicate a zero-day vulnerability in WinRAR. Plus, a number of serious vulnerabilities have been discovered in products from the biggest manufacturers, like Lenovo and Dell. With innovation comes an increase in cybercrime from malicious actors seeking to exploit weaknesses within online systems.

WinRAR and 7-Zip Vulnerabilities

With many in the cybersecurity community still reeling from CVE-2025-8088, a zero-day vulnerability in WinRAR that’s already been targeted in the wild, the dust has hardly settled. This design flaw creates an enormous risk to their users. An attacker would only need to exploit it in order to run arbitrary code on a victim’s system, after convincing the target to open a specially crafted file.

CVE-2025-55188 was discovered in 7-Zip, another widely used file compression tool. Currently, information about the exploitation of this new vulnerability is limited. This ongoing circumstance underscores the severe importance of maintaining software, like updating security measures to mitigate safety threats.

Hardware Vulnerabilities Affecting Major Brands

We have flagged CVE-2025-4371, a serious vulnerability found in Lenovo’s 510 FHD and Performance FHD web cameras. This vulnerability may enable unauthorized actors to view your video streams. Owners of these devices are urged to take action right now to protect their systems until a patch becomes available.

Dell’s ControlVault3, a critical security feature in its laptops and tablets, has multiple vulnerabilities: CVE-2025-25050, CVE-2025-25215, CVE-2025-24922, CVE-2025-24311, and CVE-2025-24919. These vulnerabilities in the most vulnerable case would grant attackers elevated privileges on impacted devices. Dell has not released a full statement on what it plans to do to remediate its users.

CyberArk Secrets Manager reported vulnerabilities: CVE-2025-49827 and CVE-2025-49831. This software acts as a linchpin in ensuring highly sensitive information is properly handled. Organizations that rely on it to provide them with cybersecurity should be particularly alarmed by these weaknesses.

Broader Impact Across Software Solutions

The impact reaches beyond affected companies. Half a dozen widely used applications and frameworks are in the crosshairs. In practice, this means that HashiCorp Vault has a vulnerability cataloged as CVE-2025-6000 that would fail the integrity of secrets management in all of these applications.

Microsoft Exchange Server is still catching some heat following the earlier announcement of CVE-2025-53786. An attacker exploiting this vulnerability would be able to gain unauthorized access, potentially resulting in data leakage. This speaks to the continued difficulty that many organizations are up against in protecting sensitive, secure email communications.

Further, Rockwell Automation Arena Simulation has been discovered as vulnerable, though specific information is limited. The stakes from the possibility of this software being vulnerable would be high, especially for industries that seek to use simulation to plan their operations.

Adobe Experience Manager Forms also suffered from two additional new vulnerabilities, CVE-2025-54253 and CVE-2025-54254. These concerns would affect the millions of affected organizations that rely on these forms to interact with their customers and collect information.

Another one of Ubiquiti’s products—the UniFi Connect EV Station—has been similarly tagged with CVE-2025-24285, and the Linux Kernel is under attack via CVE-2025-38236. Either vulnerability would allow an attacker to gain unauthorized access to or control over devices using these technologies.

Attention Required for Routers and Video Platforms

BEC Technologies routers are not the most secure, with CVE-2025-2771 and CVE-2025-2773 security flaws discovered. With routers being the formal gateways to networks, these bugs require immediate concern from IT professionals.

WWBN AVideo has security issues listed under CVE-2025-25214 and CVE-2025-48732. These defects allow full control of the video hosting environment to unauthorized users and can lead to data exposure.

These challenges threaten healthcare programs that rely on this software to provide healthcare imaging services.

Axis Communications has announced the vulnerability CVE-2025-30023. This serves as a critical reminder of the need for ongoing vigilance in protecting IoT devices that are rapidly becoming more embedded into the enterprise.