Vulnerability Summary for the Week of December 1, 2025

2025-12-08 20:12

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source Info	Patch Info
10web–10Web Booster Website speed optimization, Cache & Page Speed optimizer	The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the get_cache_dir_for_page_from_url() function in all versions up to, and including, 2.32.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary folders on the server, which can easily lead to a loss of data or a denial of service condition.	2025-12-06	9.6	CVE-2025-13377	https://www.wordfence.com/threat-intel/vulnerabilities/id/f8bcf51a-36ee-4d4d-b9d6-d9db0dafd791?source=cve https://plugins.trac.wordpress.org/changeset/3402434/tenweb-speed-optimizer
Advantech–iView	Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.	2025-12-04	7.5	CVE-2025-13373	https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183 https://www.cisa.gov […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of December 1, 2025 Share this: Facebook X LinkedIn Like this: Like Loading... Related Tags: Bulletins EN Post navigation ← Stronger together: New Beazley collaboration enhances cyber resilience New JS#SMUGGLER Campaign Drops NetSupport RAT Through Infected Sites → Search for: Pages Advertising Contact Legal and Contact information Opt-out preferences Privacy Policy Social Media Apps Telegram Channel Recent Posts Initial access brokers involved in more attacks, including on critical infrastructure December 8, 2025 IT Security News Hourly Summary 2025-12-08 21h : 4 posts December 8, 2025 AI Pulse: The First Agentic Cyber Week December 8, 2025 Guide to using digital twins for cybersecurity testing December 8, 2025 CISA Adds Two Known Exploited Vulnerabilities to Catalog December 8, 2025 Petco’s security lapse affected customers’ SSNs, driver’s licenses, and more December 8, 2025 FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms December 8, 2025 Architecting Security for Agentic Capabilities in Chrome December 8, 2025 193 cybercrims arrested, accused of plotting ‘violence-as-a-service’ December 8, 2025 How AI-Enabled Adversaries Are Breaking the Threat Intel Playbook December 8, 2025 Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT December 8, 2025 AWS launches AI-enhanced security innovations at re:Invent 2025 December 8, 2025 New JS#SMUGGLER Campaign Drops NetSupport RAT Through Infected Sites December 8, 2025 Vulnerability Summary for the Week of December 1, 2025 December 8, 2025 Stronger together: New Beazley collaboration enhances cyber resilience December 8, 2025 Hackers Exploit AWS IAM Eventual Consistency to Establish Persistence December 8, 2025 Malicious Document Reader App in Google Play With 50K Downloads Installs Anatsa Malware December 8, 2025 Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks December 8, 2025 End to End-to-end Encryption? Google Update Allows Firms to Read Employee Texts December 8, 2025 Meta Begins Removing Under-16 Users Ahead of Australia’s New Social Media Ban December 8, 2025 Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com. Manage Consent To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Functional Functional Always active The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. Preferences Preferences The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. Statistics Statistics The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Marketing Marketing The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Manage options Manage services Manage {vendor_count} vendors Read more about these purposes View preferences {title} {title} {title}