Virus Removal

Serial number: AV25-848
Date: December 17, 2025
Updated: December 17, 2025

On December 17, 2025, Cisco published a security advisory to address a critical vulnerability in the following products:

• Cisco Secure Email Gateway – all versions of AsyncOS with Spam Quarantine feature enabled and exposed on the internet
• Cisco Secure Email and Web Manager – all versions of AsyncOS with Spam Quarantine feature enabled and exposed on the internet

Update 1

On December 17, 2025, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-20393 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested recommendations and apply the necessary updates when available.

• Reports About Cyberattacks Against Cisco Secure Email Gateway And Cisco Secure Email and Web Manager
• Cisco Security Advisories
• CISA KEV : CVE-2025-20393

Serial number:AV25-847
Date:December 17, 2025

On December 17, 2025, Drupal published a security advisory to address a vulnerability in the following product:

• HTTP Client Manager – version 9.3.13
• HTTP Client Manager – versions 10.0.x prior to 10.0.2
• HTTP Client Manager – version 11.0.x prior to 11.0.1

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.

• HTTP Client Manager - Less critical - Information disclosure - SA-CONTRIB-2025-126
• Drupal Security Advisories

Serial number:AV25-846
Date:December 17, 2025

On December 15, 2025, Mozilla published a security advisory to address a vulnerability in the following product:

• Firefox for iOS – versions prior to 144.0

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Mozilla Foundation Security Advisory 2025-97
• Mozilla Security Advisories

Serial number:AV25-845
Date:December 17, 2025
Updated: December 17, 2025

On December 17, 2025, SonicWall published a security advisory to address a vulnerability in the following product:

• SMA 100 – versions 12.4.3-03093 (platform-hotfix) and prior
• SMA 100 – versions 12.5.0-02002 (platform-hotfix) and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Update 1

On December 17, 2025, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-40602 to their Known Exploited Vulnerabilities (KEV) Database.

Open-source reporting indicates that CVE-2025-40602 is being exploited.

• SonicWall SMA1000 appliance local privilege escalation vulnerability
• SonicWall Security Advisories
• CISA KEV : CVE-2025-40602

Serial number:AV25-844
Date:December 17, 2025

On December 16, 2025, HPE published security advisories to address vulnerabilities in the following products. Included was a critical update for the following :

• HPE OneView – versions prior to v11.00
• HPE Telco Service Activator – version 10.3.2 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HPESBGN04985 rev.1 - Hewlett Packard Enterprise OneView Software, Remote Code Execution - Critical
• HPESBNW04986 rev.1 - HPE Telco Service Activator, Multiple Vulnerabilities
• HPE Security Bulletin Library

Serial number:AV25-843
Date:December 17, 2025

On December 16, 2025, Google published a security advisory to address vulnerabilities in the following product:

• Stable Channel Chrome for Desktop – versions prior to 143.0.7499.146/.147 (Windows/Mac) and 143.0.7499.146 (Linux)

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.

• Google Chrome Security Advisory