Patch/Configuration Management

Maximum severity React Server Components and Next.js vulnerability React2Shell, tracked as CVE-2025-55182, has been leveraged by the RondoDox botnet as part of an attack campaign that has been underway since March, reports The Hacker News.

CVE-2020-12812 can let attackers bypass MFA without being prompted for a second factor.

More than 87,000 internet-exposed MongoDB instances could be compromised in ongoing intrusions exploiting the critical MongoBleed flaw, tracked as CVE-2025-14847, which originates from MongoDB Server's management of zlib library-processed network packets for lossless data compression and could be harnessed to facilitate secret exposure, reports BleepingComputer.

Popular Simple Network Management Protocol implementation Net-SNMP has been impacted by a critical vulnerability, tracked as CVE-2025-68615, which could be leveraged to facilitate critical service crashes and system hijacking, reports The Cyber Express.

Ongoing attacks involving the high-severity missing authorization bug impacting Digiever DS-2105 Pro network video recorders, tracked as CVE-2025-52163, have prompted the issue's inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal civilian executive branch agencies urged to mitigate the weakness or retire impacted instances by Jan. 12, reports The Hacker News.

BleepingComputer reports that MongoDB has advised the urgent patching of the high-severity flaw, tracked as CVE-2025-14847, which could be abused to allow remote code execution and server takeovers.

Threat actors have launched attacks exploiting the half-decade-old medium-severity improper authentication vulnerability in Fortinet's FortiOS SSL VPN, tracked as CVE-2020-12812, according to Security Affairs.